Gain access into all System ATO Packages, patch vulnerabilities and POAM updates directly in seconds, without distracting your managers
See status of POAM items, STIG Checklist vulnerabilities, Patch Vulnerabilities, and system package score trends with a couple clicks
Quickly see Vulnerability status, Residual Risk items, download STIG Checklists in a ZIP file, and pinpoint areas of concern within minutes
Gain access into your team's ATO's, patch vulnerabilities and POAM updates directly in seconds, without distracting your team
Report on your hosts, devices, and servers quickly; upload the latest SCAP scans; update manual STIG Checklist Vulnerabilities online
Easily find status updates on POA&M items, STIG Checklist and Patch Vulnerablity updates via Notifications, and run Reports quickly
OpenRMF® Professional is designed to help automate a lot of the manual tasks teams use for scanning, uploading, tracking, and reporting on STIG Vulnerabilities and Patch Vulnerabilities in their system packages and ATO's (Authority to Operate).
With the new OpenRMF Professional API in v2.6 you can automate the ingest of SCAP, Checklist, and Nessus data. And work toward a more automated continouous monitoring and more continous ATO process!
Save months off of the ATO process and drastically reduce your manual reporting and collection efforts across your whole team with a single source-of-truth for all your Vulnerability, POAM, and Continuous Monitoring needs. OpenRMF® Professional helps you in the RMF and FedRAMP Compliance process in the areas of Implementing Controls, Assessing those Controls, Documenting Results, as well as the Continuous Monitoring of those devices throughout the life of your ATO.
Welcome to the next revolution in cyber compliance automation and innovation!
Track all STIG Checklists, Patch Vulnerabilities, Software and Hardware, PPSM, Tailoring, Overlays, and more from a single web-based application.
OpenRMF® Professional gives you a single definitive source-of-truth for all STIG Checklists, Patch Vulnerabilities and NIST Controls Compliance across your entire system package.
Remove the manual, cumbersome, error-prone editing of your POAM status on vulnerabilities and let OpenRMF® automate that work for you!
The collaborative nature of this software allows teams to quickly track vulnerabilities, assess compliance, and work to lower risk of system packages who have an authority to operate (ATO), are working to obtain one or you are performing proper continuous monitoring of their entire system package.
OpenRMF® Professional allows you to generate compliance based on your STIG Checklists against your RMF levels, FedRAMP level, or your tailored list of controls. Add overlays on top of that list of controls to see a true compliance listing in seconds.
See a historical chart by Checklist or by System Package of Vulnerability numbers over time. Track Patch Vulnerabilities over time as well.
OpenRMF® Professional allows uploading of .nessus Patch Scan results and combines the results over time to show Patch Vulnerabilities and trends over time.
Even after obtaining an ATO or interim authority to test, OpenRMF® Professional allows updates on continuous monitoring and tracking for required quarterly or ad-hoc updates on the cyber compliance and risk of your system packages.
From the Patch Scans, you can pull information on all running ports, protocols, and services across all your devices. Automate storing and tracking this information for your whole system package. You can easily enhance this data by specifing any boundaries they cross for reporting, tracking, data calls, and identifying your security posture.
Each update of STIG Checklists or Patch Scans automatically tracks the device listing for hardware as well as the software listing found in patch scans. You can track the device by hostname, enrich with other information such as purpose or firmware, and quickly find if that device has a scan or checklist identified.
Receive notifications on updated checklists, uploaded patch scans, hardware and software listings, as well as changes in ports, protocols, and services automatically. Team notifications across the system package are automatically filtered by access to that package.
Use the DISA Checklists as-is for Templates to start your STIG Checklists, or create your own Company wide or System Package based Template with boilerplate entries on manual vulnerability checks.
User Theme settings, Robust Audit Filtering, Banner Settings and Consent/Splash page settings allow more control over the user interface.