OpenRMF Professional v2.8 Released!

Dale Bingham
3 min readMay 10, 2022


The latest version 2.8 automates SAR, SSP, and RAR documentation. Allows creating CIS based checklist from CIS benchmark scans automatically. Tracks other vulnerabilities from software, container, and other scans along with checklist and host patch OS vulnerabilities. And it integrates with program management software (Jira, GitLab, GitHub, ServiceNow) for tracking tasks and issues linked back to the screen in OpenRMF Professional. Add in the ability to pull data straight from Nessus and your cyber compliance automation path just got a lot simpler!

Cyber Compliance Automation with OpenRMF Professional v2.8

New Features Requested by You in this Release

There are some great new features that have been requested by users, potential customers, and those currently evaluating our software that made it into our latest release.

Generate your System Security Plan, Security Assessment Report, and Risk Assessment Report Full or Summary automatically now from your compliance and POAM data already in OpenRMF Professional. Use your single source of truth for this data, and generate these .xlsx files on demand using the latest updates to your checklist, patch, vulnerability, and POAM information.

Track project management and tasks using our integration with Atlassian Jira, GitLab, GitHub, and ServiceNow. Create issues and incidents from pages in your system package. Automatically link back to the page you were on. And track the list of linked issues all through OpenRMF Professional. Sync up your single issue or all issues to keep information up-to-date.

Import SonarQube or MicroFocus Fortify software scan vulnerabilities directly into your system package. Upload other scan vulnerabilities in our published format (software, container, log, custom) using the GUI or API and you can now track all vulnerabilities across automated and manual checklists, patches, software, containers, and other applications within your system package. Track trends, charts, reporting, and link into your POAM live automatically.

Our updated API allows you to view all this new vulnerability data listed above and use it in reports, dashboards, or even call the API in a gated release from your fully automated Software Factory or DevSecOps setup to control what is delivered and deployed.

Automatically pull in Audit Compliance Scans or Patch Vulnerability Scans from Nessus directly with our integration using their scanner API. Now you can upload .nessus files using the GUI. The API. Or the integration directly.

See OpenRMF Professional for Yourself!

Soteria Software’s OpenRMF Professional is revolutionizing the way you track RMF, FedRAMP and Cyber Compliance through automation! Whether you are tracking RMF and FedRAMP right now by itself, automating in a DevSecOps process, need a cyber compliance engine for your Software Factory or are even migrating on premise to cloud infrastructure — OpenRMF Professional can help ease the workload and get you there faster.

You also can have a standardized, structured way to track your cyber compliance across all your teams and customers. You are in essence building your own Cyber Compliance Factory!

Have all team members manage and import/update their specific data. Generate your compliance with a click of a button. Then export your Checklist (CKL) files, System Security Plan (SSP), Security Assessment Report (SAR), Risk Assessment Report (RAR) as well as your POAM for your approved government or corporate system of record.

See for yourself by downloading a copy with an evaluation license!



Dale Bingham

CEO of Soteria Software. Developer on OpenRMF. Software Geek by trade. Father of three daughters. Husband. Love new tech where it fits. Follow at @soteriasoft