May 16th, 2025
OpenRMF® Professional v2.12 Released!
Soteria Software today released a major update to its flagship product OpenRMF® Professional! Please log into the Software & Documentation portal under the Resources link on the website and download the upgrade as soon as you can.
OpenRMF® Professional version v2.12 was released today. This is a feature and bug fix release. Features include compliance statement history, bulk delete hardware, IP and MAC address tracking, additional SCAP format, additional container image scan tracking and native formats, consoliated download update to the UI, consolidated system package preferences, new reports as well as the updated DISA checklists up to May 8, 2025.
- New feature for compliance statement history and bulk editing, deleting, locking, unlocking
- Added a POAM icon when items are due within 30 days or past due but still Ongoing (open)
- Refactored and consolidated download feature on checklists, patch information for CKL, CKLB, XLSX, POAM
- Added a Multiple Delete Hardware items, and all corresponding data
- Adjusted other technology scan container uploads to track history based on the image full repo, tag tracked
- but not counted as unique repo URL
- Added a new journal entry to show closed and opened patch items per patch vulnerability scan upload
- Added journal entries on all uploads and deletes of other technology scan items
- Additional system package preference for how CCRI is calculated for checklists, based on number of hosts or number of checklists
- Allow uploading CKLB to create a new system package template or organizational template
- Allow bulk download CKLB format ZIP for checklists
- Added summary response of SCAP upload for combined files for web and API to show all checklists created/updated
- Allow SCAP upload of RapidFort container image SCAP scan results when used with a DISA benchmark
- Add parsing of the IP Address and MAC Address on patch vulnerability scans and Checklist uploads to update hardware records
- Added IP Address and MAC Address on download of Hardware Listing
- Added IP Address and MAC Address on bulk upload of XLSX, CSV, and JSON data for bulk add and edit
- Allow uploading Grype, Amazon ECR and Artifactory JFrog CLI container image scan JSON results to the Other Technology area for tracking and history
- Allow making a read-only system package active again, if the license allows
- Not allow a patch upload with an empty hostname and IP address
- Allow deleting a patch scan with an empty hostname (for older data)
- Added a way to reload Soteria Software created themes for the web user interface
- Added an upload in XLSX, CSV, or JSON for adding vulnerabilities in bulk to Custom Checklists
- Added a report to show POAM History edits based on a date range
- Added a report to show all possible CCIs based on NIST 800-53 revision 4 or 5
- Added additional notifications per hardware device when updating patch vulnerabilities, software, and PPS from patch scans
- Adjusted the CIS .audit file parser to allow CR/LF on Windows editing versus Linux editing
- Consolidated system package preferences into a single screen
- Updated MCCAST to put Name and Weakness column data in appropriately for manual, patch vulnerability and checklist vulnerability data
- Refactored internal HTTP calls for memory, code reuse, efficiency
- Bug fix on Template listing in the Create Checklist from Template screen to show the Checklist type if there is a custom template title
- Bug fix on checklist upgrade process with > 500 checklists for returning checklist list correctly
- Bug fix on updating the Team Subpackage record when uploading new checklist or patch data from within the Team Subpackage (where there are proper permissions)
- Bug fix on Keycloak Login for external providers to space and line up properly (CSS issue)
- Bug fix on POAM history record copying older impact into impact description; now copies impact description properly
- Removed reference to https://fonts.gstatic.com/ link
- Added all DISA public checklist templates released up to May 8, 2025
- Updated 3rd party internal components for vulnerabilities and new release fixes
More information on the software release and its availability as well as training can be found at their website www.soteriasoft.com.