Continuous Monitoring with OpenRMF Professional
Use OpenRMF Professional to upload your patch scans, run reports, and track updated to STIG Checklists to make your ConMon reporting efforts a breeze! Automate the non-value-added work and spend time patching and securing your systems and infrastructure.
Track Patch Vulnerabilities for your System Package
Continuous Monitoring is the “last step” in the RMF process that we use for U.S. DoD, Federal Systems as well as corporate networks and infrastructure. Of course this “last step” does not really end. It involves making sure your software platforms and main servers, hosts, and devices all have the latest fixes and patches for operating systems. This last step is continuous and has to be maintained well for a good cyber strategy and to maintain good cyber hygiene.
Whether you are a “patch Tuesday and patch Thursday” group, a once-a-week organization or just a once-a-month type of team you need to track and show progress on maintaining your infrastructure. I think back (too far back!) to the “show your work” in my school days. Stop doing that manually. Let the application track that for you and show the good work you and your team are doing.
OpenRMF Professional helps you in multiple ways here in dealing with ConMon. Not only can you upload your Nessus ACAS (.nessus file) into the system and see all patch vulnerability information. It also breaks it down and tracks the number of critical, high, medium, and low open items. And it tracks the history of changes over time. You can list all data in a searchable web-based table for easy access, research, and data call responses. And you can upload scans of sections/groups of your servers you scan with multiple .nessus files. OpenRMF Professional combines all the data from the uploaded scans in the application for a holistic view of your patch status.
BONUS: The integration of an online live POA&M in OpenRMF Professional also lets you automate tracking open patch items in your POA&M. It automatically closes out items that come off the next scan. It adds new patch vulnerabilities from the latest scan in your POA&M for you. And it links the POA&M entry to the patch vulnerability responsible for making that POA&M row. All automatically based on the work you are doing with ConMon already.
View Patch Vulnerability Trends over Time
As stated earlier, Continuous Monitoring is just that…continuous! OpenRMF Professional tracks your scan reports you upload over time and shows that information in table and chart form. You can view report dates and the number of open items and trends over time easily in your system package with a couple of clicks. It does that work for you. No more opening multiple MS Excel files, charts, and a handful of PDF reports to show your assessor or management the work you and your team have performed. Log into the tool and show them via a collaborative web environment.
Even more, you can give them read-only access into the System Package you are managing and let them see for themselves! There are benefits to having this data in a secure web-based application outside of having a single source-of-truth system. You can allow particular access inside System Packages you are tracking to let people see this information quickly and easily.
What is up next?
So what else are we working on for ConMon and RMF automation? These are just a few coming up very shortly in OpenRMF Professional version 2.2:
- Automate a Software Asset listing based on scans, add more manually
- Automate a Hardware Asset listing based on scans, add more manually
- Ports, Protocols, Services Management (PPSM) automation based on scans
- More reports around this data for official reporting, data calls, etc.
- Automated Summary PowerPoint creation giving System Package status, open item numbers for meetings and
OpenRMF Professional = Cyber Compliance Automation
Companies, agencies, and organizations use OpenRMF Professional software as a way to automate much of the RMF process, decreasing the time to an ATO by 40–50%. OpenRMF’s collaborative environment eliminates much of the manual labor and isolated work involved in aligning the DISA controls, checklists and patch scans, and then manages all information in a secure central database structure. This allows automatic generation and updating of the POA&M, Test Plan Summary, and various other security and RMF reports.
Having a web-based central repository for all RMF data that has role-based security for each system, eases the RMF process using a single source of truth and eliminates errors, manually intensive individual tracking, and rework. It also provides leadership with direct insight into the status of all system security and risk information thus eliminating the mystery around implementing the RMF process.
Once an ATO is achieved, OpenRMF provides the ability to continuously monitor and track POA&M items, overall risk help of systems and applications, and track updated scans and checklists throughout the life of the system.
Want a demonstration or an evaluation copy to see for yourself? See how at the OpenRMF Professional website. We are looking forward to showing you how you can simplify your RMF life!
