Create Instant Documentation with OpenRMF Professional

Dale Bingham
4 min readSep 27, 2023

Tired of manually generating your cyber compliance documentation? You know the PPSM, Hardware list, Software list, latest Vulnerabilities, Summary in a PPTX file, Cyber Readiness scores and the like? Or even just tracking ALL OF THOSE CHECKLISTS and patch scan PDF files? Then let OpenRMF Professional do it for you!

Load your raw data and lists, click a few buttons and get all your documentation you need. From the GUI or even via an API call! Read below for the types of documentation you can easily track, export, and report on through our unique cyber compliance solution.

OpenRMF Professional system package dashboard with key indicators

List of Documentation that OpenRMF Professional Generates for You

Below is a list of documentation that OpenRMF Professional easily generates for you by tracking your data automatically. These are available using our user interface as well as our documented API.

  • A list of all checklists — list all checklists by host, type, and vulnerability numbers
  • Each individual checklist (*.ckl) file — track each checklist file, export to a color coded XLSX or CKL, and maintain configuration management and change history
  • Overall Compliance in XLSX — export your up-to-date generated compliance against your RMF, FedRAMP, StateRAMP or Custom control listing including tailoring and overlays
  • POAM — export your automated (a.k.a. live POAM kept up-to-date) plan of action and milestones to XLSX to easily report and send
  • System Security Plan — export an XLSX template filled in with key data from your system package as well as the controls, status, and relevant CCIs based on all your data
  • Security Assessment Report — export an XLSX file filled in with key data from your system package and the controls based on all your data
  • Risk Assessment Report — export an XLSX file with your POAM and risk data including likelihood, impact, and more color coded based on your data
  • PPTX Summary slide deck — instantly create a presentation based on your key system package data such as the title and description, latest vulnerability numbers, cyber compliance numbers, cyber readiness, even a place to put exported JPG charts from other areas of OpenRMF Professional
  • List of Evidence — a list of all files (PDF, MS Office, PNG, JPG, XML, etc.) you also are tracking toward your cyber compliance such as policy documents, screenshots, and more
  • Cyber Compliance Readiness — Your cyber readiness report (CCRI) exported to XLSX with multiple tabs showing your readiness scores for compliance checklists, patch data, and other vulnerability data such as software and container scans
  • All compliance statements — a list of all compliance statements with status, control, and CCI information
  • Change history of patch vulnerability numbers — export your patch vulnerability score history over time in a chart
  • Change history of compliance / checklist numbers — export your compliance checklist history over time in a chart
  • Open Vulnerability listing — generate a report on open patch and compliance vulnerabilities based on status, severity, and hostname
  • PPSM — export your known good list of ports, protocols, and services generated from your credentialed scan data automatically
  • Software List — export your list of software based on credentialed scans as well as added data or bulk uploaded lists of software you already curated
  • Hardware List — export the list of hardware based on all checklist and scan data throughout your system package
  • Milestone listing — export your milestones for your system package, even export the list of POAM items per milestone
  • Any number of other reports / charts you may need once all the data is loaded such as open vulnerabilities, devices with high open vulnerabilities, and vulnerability numbers by status and severity

Free Evaluation — See For Yourself

As you can see from all this above, OpenRMF Professional v2.9 allows you to do so much more with the information you already have in your cyber compliance processes. Whether through different scan results, documents, or even screenshots. And it does it automatically, giving you back precious time, money and resources.

This lets you map your processes and procedures around your chosen cyber framework to our solution. Or adjust those processes and procedures around the automation that OpenRMF Professional provides.

It enables better cyber hygiene to reduce security risks and costs, as well as improve security posture.

And it allows you and your team to track all projects, programs, and system level cyber compliance in your portfolio in one place.

Evaluate OpenRMF Professional for yourself and see how it helps you and your team achieve a faster ATO through automation. With consistent, repeatable results. Using the same team. With a LOT LESS stress on them! And letting your cyber engineers be engineers, not cyber administrators.

You can download a prebuilt OVA to quickly stand up a virtual machine on your computer or network. Or you can download the installation and set it up yourself on your own equipment.

We give you a 30-day license that fully unlocks the power of OpenRMF Professional. Check out our documentation, blogs, YT videos or even schedule a demo or quick conversation on your use cases and questions.

You have nothing to lose and everything to gain! Time is one of our most valuable resources. As are the people on your team. Get them the solution they need.

Get them OpenRMF Professional.



Dale Bingham

CEO of Soteria Software. Developer on OpenRMF. Software Geek by trade. Father of three daughters. Husband. Love new tech where it fits. Follow at @soteriasoft