OpenRMF Professional v2.9 Released!

Dale Bingham
5 min readAug 18, 2023

A better UI Dashboard to find key information fast. Evidence Management. Bulk Upgrades. StateRAMP and Custom Compliance setup. Bulk Editing the POAM. More reports. And a few customer-requested features are packed into the latest update of our flagship product — OpenRMF Professional!

OpenRMF Professional ATO System Package Dashboard in v2.9

Updated System Package Dashboard

The main dashboard for your system package (ATO, accreditation boundary, ATC) now quickly lists key information for you to consume and use. Note the scores, the cyber readiness data, latest status, and top checklists and assets with open high vulnerabilities quickly.

From here, you can jump to any area of your system package with a click of a button. And you can quickly gain a sense of your overall status visually.

Evidence Management

One big feature in v2.9 is adding of evidence. PDF, DOCX, TXT, XLSX, JPG, PNG and other file types are uploaded against the main system package. Or you can tie them to specific POAM entries, compliance statements, or checklist vulnerability records for evidence as required.

This has been a user request for several months and has made it into our latest v2.9 release. There are API calls for evidence as well now, to mirror the UI features just the same.

List Evidence against the system package in general, or specific POAM, vulnerability, or compliance statement

Bulk Upgrade Checklists

The other big request from our users: “Can we please upgrade checklists to the latest release in bulk?

Now, we can say YES YOU CAN!

You can still upgrade one at a time if you need to do so. Or with this latest upgrade, you can do bulk upgrades and have the backend of OpenRMF Professional do the upgrade process for you. The solution keeps track of POAM entries, new vulnerabilities, and locked status. And it sends notifications when the upgrade process starts, when it upgrades each checklist, and when the process is completed so you know.

You also can do checklist upgrades individually or in bulk in your Team Subpackage now with proper permissions applied!

Bulk Edit Checklists

One of our original key customers (you know who you are!) asked for a bulk edit on checklist details. Things like the IP, Hostname, type, role, and tags can not be done in bulk for those checklists you wish to edit. Prior to v2.9 you had to do this on each checklist page.

Now you can do it from the checklist listing page. And all the built in configuration management and history tracking still takes shape.

Bulk Edit POAM Entries

Also included in OpenRMF Professional v2.9 is the new bulk edit POAM entry feature. This is available in the system package as well as the team subpackage area now. Search for specific POAM entries, select the POAM entry line and then fill out the specific fields you can edit via the bulk edit.

The POAM edit history still takes shape and the application tracks all history of edits. This will save time, money, and “fat-finger” mistakes by automating the updates easily and simply.

Bulk Edit POAM entries to specify impact, threat, milestones, scheduled completion date and more

StateRAMP and Custom Cyber Compliance

Now you can specify StateRAMP or build your own custom cyber compliance framework based on NIST 800–53 rev5 controls. Combine this with RMF and FedRAMP revision 4 and 5 and you have a powerful way to streamline and automate tracking against multiple cyber frameworks.

All in one application.

Team Subpackage Dashboard, POAM and More

As mentioned earlier the Team Subpackage area was updated. The dashboard was improved, similar to the system package, for quick information. Additionally, some new features were added per customer requests.

The POAM for those items in the team subpackage are not listed. And if you have edit rights, you can edit the POAM data as well. You also can add new chdecklists and new patch vulnerability scans at this level with proper permissions. And it will add that data correctly at the system package as well for new checklists and new hosts/devices.

New Team Subpackage dashboard, with Bulk Editing and POAM entries added

Additional Reports

We have added several reports based on user feedback and from our original roadmap. We have a new POAM milestone report, patch vulnerability device comparison report, StateRAMP control report, as well as reports listing what system packages or team subpackages you have access to and their main score information.

Free Evaluation — See For Yourself

As you can see from all this above, OpenRMF Professional v2.9 allows you to do so much more with the information you already have in your cyber compliance processes. And it does it automatically, giving you back precious time, money and resources.

This enables better cyber hygiene to reduce security risks and costs, as well as improve security posture. And it allows you and your team to track all projects, programs, and system level cyber compliance in your portfolio in one place.

Evaluate OpenRMF Professional for yourself and see how it helps you and your team achieve a faster ATO through automation. With consistent, repeatable results. Using the same team. With a LOT LESS stress on them! And letting your cyber engineers be engineers, not cyber administrators.

You can download a prebuilt OVA to quickly stand up a virtual machine on your computer or network. Or you can download the installation and set it up yourself on your own equipment.

We give you a 30-day license that fully unlocks the power of OpenRMF Professional. Check out our documentation, blogs, YT videos or even schedule a demo or quick conversation on your use cases and questions.

You have nothing to lose and everything to gain! Time is one of our most valuable resources. As are the people on your team. Get them the solution they need.

Get them OpenRMF Professional.



Dale Bingham

CEO of Soteria Software. Developer on OpenRMF. Software Geek by trade. Father of three daughters. Husband. Love new tech where it fits. Follow at @soteriasoft