OpenRMF Professional v2.7 Released!

Dale Bingham
5 min readJan 13, 2022


It’s the same great RMF and FedRAMP cyber compliance and collaboration application. Now it includes Tracking Inheritance and Common Controls. More powerful bulk editing and locking. Massively expanded API. Tracking Cyber Compliance History. Bulk tagging. More charts and reports. And smoother setup and installation/upgrade. Major highlights are below!

OpenRMF Professional v2.7 enhanced System Compliance features

More Streamlined System Compliance Listing

One big improvement in OpenRMF Professional v2.7: the compliance listing can now be saved. Prior to version 2.7, it was generated on the fly each time you requested it. Now there is a saved snapshot in time of the compliance at that point, with a title, description, and date/time saved.

We also show percentage complete of all vulnerabilities (Not a Finding or N/A) versus those that are Open or Not Reviewed for a more accurate depiction. And you can update and save a new snapshot to updated compliance, while opening the older historical snapshots to see where you were versus where you are now.

The other information we show quickly is all vulnerabilities for that control or subcontrol, on that checklist, all in the one main table. You can click the green plus icon to expand and show what vulnerabilities caused that control for that checklist to have that status.

Much more detailed compliance listing with vulnerabilities attached in version 2.7

Greatly Enhanced API Calls and Sample Application

Version 2.6 added the external API for OpenRMF Professional with 12 calls for initial integration efforts. Now you can externally call and send data to / get information from OpenRMF as a data source. No more just another silo of information!

Version 2.7 brings with it an additional 17 API calls for a total of 29. Additional APIs in creating system packages, searching templates, pulling notifications, and generating JSON for the patch data are among the newer APIs worth mentioning.

We also added a role for “System Package Administrator” so you can externally create a new System Package. And then assign that user to the System Owner role. The role and additional call allow better integration with other applications such as a platform wizard to create your system package, a CI/CD process for creating and updating information, or use in an integrated suite of tools for your customers.

The v2.7 Developer’s Guide also includes some sample scenario walkthroughs such as a Grafana dashboard with vulnerability data, automated scans to update your system package for true continuous monitoring, as well as a template wizard to grab information and start a system package with specific checklists based on a technology stack.

And the GitHub Repo with code examples using the API now has a NodeJS sample application with several of these APIs put together for an external application.

Enhanced Bulk Edit, Locking, Tagging Features

Based on feedback in version 2.5 and 2.6, we updated these features to allow a more general way to bulk edit and lock vulnerabilities. OpenRMF Professional v2.7 improves the way you can search across all vulnerabilities in all checklists for bulk editing or bulk locking individual vulnerabilities.

Bulk editing is pretty self-explanatory. Edit multiple vulnerabilities and set the status, comments, etc. all the same way. Got it.

The bulk locking individual vulnerabilities usually comes into play to keep a false positive from being moved from Not a Finding to Open based on SCAP scans. If you lock the vulnerability after you have it correct, it will get skipped over and will not be updated from SCAP, bulk edit or individual edit through the web interface.

Enhanced search for bulk edit and locking/unlocking of vulnerabilities

You also can bulk lock and unlock whole checklists from the System Package Dashboard now. You may want to do this so no one edits what you have currently, while you go through assessment or a check across the packages for checklists.

And you can bulk tag checklists as well from here. Tagging allows you to quickly group and sort checklists for people, teams, technologies, etc.

Improved bulk features for checklists in OpenRMF Professional v2.7

Try the Evaluation on Your Own Network

You can register and download your own copy of this software. Pull down an OVA to quickly spin up a Red Hat 7.9 or Ubuntu 20.04 virtual machine with the software already installed. Set a few IP parameters and get going in minutes. Or perform an installation on your own machine (server, VM, laptop, cloud machine) and have it use your own data.

Ask for a 30-day or 60-day full featured evaluation license to test everything we have been talking about here. And so you and your team can test drive the functionality and see why we think this is causing an automation revolution!

FYI: it does NOT reach back to us for anything. You install this on your own on-premise or cloud VPC and run it with full security, auditing, and autonomy. Even on a disconnected network.

Get a Demo

You can also request a live demonstration of OpenRMF Professional to see for yourself. See how easy it is to add SCAP and CKL checklists, .nessus patch information, and in minutes have a full view of your entire system package. We are happy to show the tool and chat on its use, scenarios, and how it may help you automate as much of this process as possible.

OpenRMF Professional — Cyber Compliance Automation

Check out OpenRMF Professional for yourself. See how it can help you automate tracking of vulnerabilities and compliance for your RMF or FedRAMP packages. See how you can reduce your stress level and increase your ability to make informed decisions based on data. And let it quicken your time to market for your ATO/IATT/ATC and help you maintain continuous monitoring and reporting. Without the painstaking manual processes that are long past their expiration date.

Your Automation Tool for RMF and FedRAMP workload is here. And its name is OpenRMF Professional!



Dale Bingham

CEO of Soteria Software. Developer on OpenRMF. Software Geek by trade. Father of three daughters. Husband. Love new tech where it fits. Follow at @soteriasoft