November 25th, 2025
OpenRMF® Professional v2.13.01 Released!
Soteria Software released a patch update to their flagship product OpenRMF® Professional v2.13 today. Please log into the Software & Documentation portal under the Resources link on the website and download the upgrade as soon as you can.
OpenRMF® Professional version v2.13.01 was released today. This is a bug, security and feature. The major update is reduction if CVEs almost 80% from our vulnerability scans using RapidFort curated images. Additional features include updated framework reports, simplified Tailoring and Overlay screens for compliance, and a few small bug fixes.(read more)
- Reduced the total CVEs in images and image scans using RapidFort curated images -- see scan results for total numbers in the software repository for this release
- Added a new Framework Administrator role for managing frameworks and for use via the external API calls
- Added a report for showing all frameworks that share a control or CCI with the reporting framework
- Added an XLSX export on the system package checklist history listing
- Added a report to compare a system package's required CCIs to other framework default CCI listings
- Added a new API call for system package compliance percent by family
- Added the Linked POAM Id to the POAM details listing to show any linked Id to eMASS, XACTA, or other program of record Id
- Allow RapidFort image scan JSON files to be imported to track vulnerabilities on images / containers natively
- Updated the CCIs across Frameworks report to show the actual controls in the frameworks sharing a CCI
- Updated the Template listing to show vulnerabilities similar to the system package checklist listing
- Updated the framework control CCI listing to update the table to show what level you are showing (if any)
- Updated the patch vulnerability file uploads to allow updating the Operating System field on the hardware record
- Updated the Other Technology data views to disable showing Info status by default to lessen data clutter
- Reworked the Tailoring and Overlays screens to make it simpler to use across frameworks
- Reorganized the Overlay screen to remove confusing buttons and simplify the process of uploading and downloading lists of controls
- Fixed spelling mistakes in the online help
- Fixed a bug in the POAM bulk edit of not clearing the Tag field and resetting it after use
- Fixed an error in the XLSX file for exporting cyber readiness when you are including Other Technology Vulnerabilities
- Fixed a bug on the Application Settings page that would not show the current consent text
- Fixed a bug on CKLB files not always recognizing the version of the file based on the scanner that created it
- Fixed a bug on uploading CKL or CKLB files to the Organization Template for boilerplate checklist templates so it recognizes the base level checklist being used
- Fixed a bug on POAM individual edit that did not list the proper controls for the given framework of the POAM
- Fixed a bug when marking all notifications as "Read" that was missing system-wide notifications
- Fixed showing create buttons on default framework listings that cannot have added controls and CCIs
- Fixed spelling of INFORMATION on three NIST 800-53 control titles
- Fixed the timeout on the web screens for uploading templates
- Fixed a bug on uploading compliance statements listing to use the formatted control number regardless of framework being used
- Fixed a parsing error on the CKLB files that the DISA SCC tool creates that have slightly different format than Evaluate-STIG CKLB
- Fixed the export of compliance statements to XML to use the new framework format of controls and CCIs
- Fixed a problem mapping checklists and SCAP XML files when going back-and-forth uploading the types to keep checklist data updated
- Fixed a bug on the popup window when adding a large number of checklists or devices on Team Subpackages where you had to press the Tab key to find the Close button
- Fixed a bug on the Host Scan Dashboard to stop the patch by percentage loader if no patch data is present to display
- Updated the online help for Tailoring, Overlays, and Team Subpackages to show updates to those features
- Updated the CCI listing as of September 22, 2025 from DISA public.cyber.mil
- DISA Template updates as of November 4, 2025 from DISA public.cyber.mil
More information on the software release and its availability as well as training can be found at their website www.soteriasoft.com.