OpenRMF® OSS

OpenRMF® Open Source Software (OSS)

Open Source Cyber Compliance Automation and Collaboration

OpenRMF® OSS is a great software suite for people or organizations/agencies that are looking to manage a single system ATO or project. It is web based, has authentication and authorization via Keycloak, and allows uploading of SCAP scans, checklists, and Nessus ACAS results files for tracking and dashboards.


The open source version highlights are below:

  • 100% Web Based
  • Import SCAP scans, STIG Checklists, and a Nessus ACAS Scan per system package (i.e. group of devices and applications in an ATO package)
  • Run Reports on STIG Vulnerabilities and NIST Controls
  • Generate NIST Compliance against your System Package
  • Free to use and get updates from GitHub.com
  • Note: AuthN/AuthZ is across the entire application (not per system package)


Please visit our OpenRMF® OSS Website for more information, links to the Slack community, as well as links for the GitHub project code and repositories to help shape and enhance the software. You could also visit our OpenRMF® OSS Demo to try it out yourself.

OpenRMF OSS Dashboard

OpenRMF OSS Compliance Generator