June 12th, 2026
OpenRMF® Professional v2.14.01 Released!
Soteria Software released a patch update to their flagship product OpenRMF® Professional v2.14.01 today. Please log into the Software & Documentation portal under the Resources link on the website and download the upgrade as soon as you can.
This is a patch for adding a few features, fixing user permission performance issues, adding 5 reports, fixing some software bugs and updating the DISA checklist templates up to June 10, 2026.
- Updated the Air Force, Space Force, and Army eMASS POAM xlsx output columns
- Internal performance improvements and code refactoring for easier management and feature updates
- Added a report for showing all controls and percentage complete by control for a generated system package compliance
- Added User Permissions management in the main OpenRMF Professional application versus Keycloak for improved performance and scalability
- Added a report to list all checklist vulnerabilities, then list all hostname devices for each
- Added a report to list all patch vulnerabilities, then list all hostname devices for each
- Added a POAM report to list all controls, then list POAM items for each control
- Added a POAM report to list all security checks (vulnerability, statement CCI, etc.), then list POAM items for each of those
- Added the ability to upload an eMASS formatted POAM .xlsx file to update the internal information for an OpenRMF Professional POAM when data is edited directly in eMASS or the .xlsx file itself
- Added several new APIs to the External API including the following:
- listing all controls for compliance percentage
- showing the total compliance records in the parent system package compliance record
- uploading a tailored list of controls
- uploading an eMASS formatted POAM to update the POAM records in your system package
- showing all controls required for a system package
- retrieving a control family record and showing all control family sections for a particular control family
- Improved manual installation script for easier setup when you cannot use Ansible or the pre-built OVA setup
- Improved message when a CIS Audit Compliance scan upload does not match a proper checklist template
- Updated the Report Listing page to group by content area easier
- Bug fix on showing patch scan history when uploaded out of date order
- Bug fix on showing proper severity in a CKLB file exported when using STIG Viewer 3.x
- Bug fix on uploading 2 of the same checklist files, different filenames, and having a duplicate listing from the upload
- Bug fix on deleting hardware in a system package and it not being removed from a list in the Team Subpackage pointing to the hostname
- Bug fix on the inheritance tree report not showing proper inheritance after moving to the newer v2.13 Framework structures
- Bug fix removing older FedRAMP and StateRAMP External API calls no longer in use
- Bug fix on the POAM Raw Severity Dashboard to show the correct total Ongoing items
- Bug fix on the Ansible setup and configuration to set the proper DNS and IP for Keycloak and local .env settings
- DISA Template updates as of June 10, 2026 from DISA public.cyber.mil
- Updated the base image for our software components with the latest Alpine Linux curated image from RapidFort and DoD certificate authorities
- Updated the base MongoDB image to 7.0.34 from RapidFort to fix a known CVE
More information on the software release and its availability as well as training can be found at their website www.soteriasoft.com.