Below are several videos on concepts using OpenRMF® Professional. You can view the list of video categories to see other areas of videos as well.
See if any of this sounds familiar:
If any of this sounds familiar, then Yes You Can!
Are you doing cyber compliance like it is in the late 1900's or even early 2000's? If so take a look at where automation can help.
Use your scans and automate from the ground up. Get a baseline compliance without any manual data intervention. Let your team do cyber engineering, not paperwork.
If any of this hits home, then OpenRMF® Professional was made for you.
Here is what you need to get started in a nutshell:
This quick video is an introduction to Soteria Software and their flagship product, OpenRMF Professional.
It shows highlights of automation, benefits, how and why to do this across any framework, and examples of customers using the solution right now.
See what's new in the latest patch release of OpenRMF Professional v2.13.02:
Easily create your System Package / ATO in OpenRMF Professional by using the data, descriptions, controls, framework, and overlays already setup in your eMASS package.
See how you can upload CKL, CKLB, SCAP or Audit Compliance scans and make your life SOOOOOOO much easier!
OpenRMF Professional helps alleviate manually tracking PPS that is a PITA. It reads in your Nessus / ACAS patch scans and pulls your no-kidding truthful information on running ports, protocols, and services and tracks them by machine/hostname.
You can even compare against your list of approved PPS loaded and find issues and anomalies automatically as well.
See why we use the RapidFort Ubuntu based -jammy-rfcurated images for our base image builds in OpenRMF Professional.
From lower CVEs, to smaller SBOM and the ability to do a DISA scan of the image and create a DISA based checklist of your software image...there are some great benefits using RapidFort curated images.
Upload a filled out CKL / CKLB checklist file to create a boilerplate answer checklists to use as a starting point for any device or checklist in any system package.
This lets you setup those that are Not a Finding / Closed by default. N/A. Even locked vulnerabilities with pre-filled in answers.
You can use curated compliance statements in lists, matched to your frameworks control and CCI combinations, to quickly track to requirements in your cyber compliance framework.
See how to use the reports to review, compare, and contrast different frameworks across levels, controls, and CCIs.
Have to go to Risk Management Framework Revision 5? Want to know what changed?
Use OpenRMF Professional v2.13 reports to track what is changed between RMF Revision 4 to Revision 5 across controls and CCIs as well.
Use the checklist differences report to compare the same checklist across different devices, and note where the status or severity override is different in those checklists quickly and easily. This helps you perform cyber hygiene and verify your compliance and configurations are correct.
See how in less than 5 minutes you can get order and structure around your RMF packages from the current chaos and confusion using OpenRMF Professional and your current scans. Do in minutes what it takes WEEKS to do manually with a fully engaged and trained team.
See how you can manage multiple ATOs, IATTs, accreditations and system packages easily through a web-based interface with OpenRMF® Professional. Regardless of your cyber framework. Roles and group permissions help segment duties and data. And you can run the same report against all of your system packages to get the information you need quickly.
With your RMF, FedRAMP or StateRAMP™ data organized it is much easier to answer data calls quickly and truthfully using OpenRMF® Professional.
See how to use our open API to automate tracking your scans, compliance, and vulnerability status even more. Use the APIs to automate your continuous monitoring. Plug into a DevSecOps process for vulnerabilities and gated releases. Or use the APIs to retrieve information to display on custom dashboards for leadership, your team, or even a security operations center.
You can pre-fill checklist vulnerability answers with status, comments, details, and even lock those vulnerabilities with our checklist templating engine. Use them for deploying known workstation or server images with starting scan results, Application Security and Development STIG for software development and deploying to platforms, or even to answer all manual checks on your scans and then automate your scans and uploads to fill in the rest.
You can use RapidFort's software to do SCAP scans on images / containers, and load those results into checklists filled out with context around running as a container automatically. If it is a DISA benchmark then that goes automatically into a DISA checklist in OpeRMF Professional easily. Or create CIS or Custom checklists to match your image scans as well. Regardless of framework -- RMF, FedRAMP, CMMC, CSF, HITRUST, or your own custom framework.