OpenRMF Professional v2.10.03 patch released

4 min readSep 9, 2024

See what you have waiting for you in the newest OpenRMF Professional patch release from early September 2024. We included new dashboards, newer reports, bulk editing of software items, and the updated July 2024 DISA checklists for NIST 800–53 revision 5. See the breakdown and screenshots below.

See a video of the changes below. We noted the updates directly requested by customers below as well.

Checklist Dashboard View

The new Checklist Dashboard View is available on your system package dashboard within the Checklist menu. It is also available in the reports area. The dashboard shows visually the number of open items, other items by status as well as a breakdown of vulnerabilities by status and percentage. It also shows POAM numbers as well as a breakdown of all checklist types you use.

Host Scan Dashboard

The new Host Scan Dashboard is available on the Host Scan menu within your system package dashboard. It is also available within the reports area. It shows your open vulnerabilities, number of devices and software items, running ports/protocols/services as well as POAM numbers and device score.

Patch vulnerabilities, score, POAM items, and open item charts show patch data visually

POAM Raw Data Dashboard

There are 2 POAM dashboards. The first is the Raw Data Dashboard showing POAM data by the raw severity as well as status, type, overdue items and the number of items per type of POAM entry.

This was a direct customer request during a demo a few months ago.

POAM dashboard showing data by raw severity

POAM Residual Risk Dashboard

The second new POAM dashboard is based on the Residual Risk data for your items. It shows the scores and number of items by the actual residual risk based on your analysis.

This was also a direct request from a Navy customer they needed. Other customers also liked the idea as we talked the feature out with them, looking at your ATO from a residual risk point of view (the “R” in RMF).

POAM dashboard showing data from a Residual Risk point of view

Bulk Edit Software Items

You can now edit software items in bulk to update the hostname, software name, version, type and approval information.

This was yet another direct request from customers over the last few months.

Fields to allow bulk editing of software items

History Listing Shows what was Changed

The history listings showing changes on checklists, POAM, PPS, patch vulnerability and other areas now shows the reason for the update or change made in the listing. It was there before you just had to click the green “+” icon. Now it is front and center.

This was again a request from a Navy customer that just made sense!

New Reports around Your Data

There are several new reports and ways to view your new dashboards across multiple ATOs and system packages. Several of these came from direct customer requests over the last few months and are noted below.

Checklist Vulnerability Charts shows the number and grouping of open checklist vulnerabilities across your system package as well as by hostname or by hostname and checklist type (customer request)
Checklist by Type shows a breakdown of all checklist types (a.k.a. STIG types) within your system package — great for assessors to know what to test! (customer request)
Checklist by Type and Hostname is the checklist by type, but also shows the version and release as well as all hostnames using that checklist type — again great for assessors as well as making sure you do not have different versions of your checklists (customer request)
Checklist Dashboard is the new dashboard view shown above
Devices by Team Subpackage shows all devices/hostnames and the Team Subpackage they below to, if any (customer request)
POAM Raw Data Dashboard is the POAM dashboard mentioned above
POAM Residual Risk Dashboard is the POAM dashboard mentioned above

See All Updates on the Press Release

The full press release can be found on our website at https://www.soteriasoft.com/resources/pressrelease.html.