Below are several videos on the features & functions in OpenRMF® Professional. You can view the list of video categories to see other areas of videos as well.
See how easy it is to load OpenSCAP, DISA, Tenable Nessus or Rapid7 Nexpose SCAP scan results into OpenRMF® Professional to create checklists, update vulnerability data, track system package scores and enable compliance generation.
OpenRMF Professional v2.12 allows you to upload Grype, Trivy, JFrog CLI, Amazon ECR and generic format vulnerability scan results to track your open vulnerabilities and CVEs. It also takes in RapidFort SCAP scan of images based on DISA benchmarks to create compliance checklists for your images
Run the Missing Checklist Wizard against your list of software in your system package to see if there are some possible checklists missing. The software list comes from patch scan uploads, software list uploads, and manual entries.
See the journal feature in action for system packages / ATOs as well as the high-level journal feature for templates, settings, configuration, and other areas within OpenRMF® Professional. This is a new feature in v2.11 released early February 2025.
See how you can manage multiple ATOs, IATTs, accreditations and system packages easily through a web-based interface with OpenRMF® Professional. Roles and group permissions help segment duties and data. And you can run the same report against all of your system packages to get the information you need quickly.
See how to generate compliance from checklists, SCAP scans, CIS scans, and Compliance Statements for your system package with a click of a button. Track the history of compliance and run reports on progress as you update your information in OpenRMF® Professional.
One of the innovations around OpenRMF® Professional is our Live POAM feature. See how this automatically tracks your open items across your compliance scans, statements, common controls and patch vulnerabilities to keep you up-to-date!
See how to generate CIS based checklist templates automatically from a .audit file in OpenRMF® Professional. Use these to match CIS benchmark scans and create checklists for your system package to track vulnerabilities and cyber compliance automatically.
Upgrade your DISA, CIS, or Custom checklists in bulk to the latest version and release in the newest update to our flagship product! Select your checklists, click Upgrade, then keep on working.
Checklists are upgraded in the background, linked to the POAM, with the updated checklist score and overall system package score updated in seconds. From there you can generate your new compliance, view your cyber readiness score and more!
Generate your CCRI Scores and reports in seconds with the latest version of OpenRMF® Professional from Soteria Software. Instantly see your CCRI Scores by vulnerability area.
And they are automatically updated as your scans and vulnerability data are updated at the same time!
Edit multiple vulnerabilities across multiple checklists to keep your information structured, consistent and up-to-date. Set your status, comments, details, and even severity override (if your preferences allow) instantly with a few clicks.Track all checklist history, scores, POAM updates, and overall system package score automatically also!
To help manage false positives across your checklists, you can lock vulnerabilities to keep the status, comments, details, and other information safe. Combined with the bulk edit vulnerability feature, you can set all checklist vulnerabilities to the appropriate status, add comments, and then lock them in place to keep your information safe and correct. Run reports to see which items are locked to review every so often as well.
See how to upload patch vulnerability scans to show patch vulnerabilities, software listing, hardware listing, and ports / protocols / services listed all from uploading a single credentialed patch scan.
A unique feature in our solution, you can separate out groups of checklists and/or hardware devices for your project or team. Create groups just for those checklists and/or devices so they only see that data and no other information.
See how to use our open API to automate tracking your scans, compliance, and vulnerability status even more. Use the APIs to automate your continuous monitoring. Plug into a DevSecOps process for vulnerabilities and gated releases. Or use the APIs to retrieve information to display on custom dashboards for leadership, your team, or even a security operations center.
See how easy it is to setup integration with a Nessus scanner to pull in audit compliance scans (CIS and DISA benchmarks) as well as patch vulnerability scans with OpenRMF® Professional integrations.
You can integrate with Atlassian Jira, GitLab, GitHub or ServiceNow to track tasks and issues related to your RMF and FedRAMP packages. See how easy it is to integrate task management using our Jira example in this video. Now you can track your data AND your team workload on RMF and FedRAMP from one central point.
See shows how you can import/upload other vulnerabilities such as software scans, container scans, and other vulnerability scans within your system package. This can be used for DevSecOps, Software Factories, as well as individually to check your vulnerabilities across projects and platforms. You can see the totals by type, by project, and historically. Then have these link into your live POAM to help track all your vulnerability impact.