OpenRMF Professional v2.8.3 Feature Release with Compliance Statements and Rapid7 Support!

Compliance Statement feature to add detailed Control — CCI status and statements for full compliance

Adding Compliance Statements to your System Package / ATO

In this feature release we added a way to include compliance statements down to the CCI level. So those statements and status you track per Control — CCI combination can now be added to your system package. Click the “Generate Compliance” button and have all CCIs from all checklist vulnerabilities from scans, custom checklists, and now compliance statements processed to give you compliance down to the NIST control and subcontrol level. This is tracked and listed based on RMF or FedRAMP level, tailoring, and overlays (if any).

Compliance Reporting to the CCI Level

There are 2 reports added for this level of compliance tracking. One is to show all CCIs required for your system package based on RMF or FedRAMP level, tailoring, and overlays (if any). It is just a listing of all you must answer to at some level.

Generate Compliance in your System Package down to the CCI level, with filtering and export

Rapid7 Nexpose Support

We had a few requests for Rapid7 support so now you have it! We can take in the Rapid7 Nexpose SCAP XCCDF XML export from a device scan and match it to the checklist just like we do with DISA SCC, OpenSCAP and Tenable Nessus SCAP scans. All the other goodness and automation baked into OpenRMF Professional takes over from there!

Use Rapid7 Nexpose SCAP scan and Full Audit scan to generate data for import into your System Packages

Added Graphs and Charts for Tracking Vulnerabilities

Along with the detailed compliance reports, we added 4 new charts for showing vulnerability and system package data visually. Sometimes, a picture IS worth 1,000 words! And it is easier to digest than just reading text on a page.

  • Show Devices with CAT 1 Open or Not Reviewed checklist vulnerabilities
  • Show Devices with any Open CAT 1, 2, or 3 Open checklist vulnerabilities
  • Show Devices with Critical or High Patch Vulnerabilities
  • Show Devices by Operating System
Charts to show checklist or patch vulnerability data per device across all scans

Free Evaluation — See For Yourself

Evaluate OpenRMF Professional for yourself and see how it will help you and your team achieve a faster ATO and compliance audit. With consistent, repeatable results. Using the same team. With a LOT LESS stress on them!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dale Bingham

Dale Bingham

CEO of Soteria Software. Developer on OpenRMF. Software Geek by trade. Father of three daughters. Husband. Love new tech where it fits. Follow at @soteriasoft