Order from Chaos: Manage Multiple System ATO Packages with OpenRMF

Chaos Incarnate — normal look of an RMF tracking package. This needs OpenRMF Professional!

The Current Situation is a Mess

If you do any kind of work around cyber security or information assurance in the US DoD or Federal Agency space you probably recognize the picture above. The DISA STIGViewer application and a bunch of MS Excel spreadsheets for your POA&M and Test Plan Summary. Tracking open items in your applications and devices/hosts separately and manually. And juggling all that information in a group of different silos and shared folders, possibly with backup ZIP files in case something gets messed up and you need to pull historical data.

OpenRMF Professional — Order from Chaos

OpenRMF Professional is a web-based secure application to manage your System Packages and RMF data
  • Manage multiple System Packages, with security specified at the system package level
  • Upload Checklists, SCAP Scans (automatically turned into Checklists), and Nessus ACAS scans to track open items and compliance
  • Generate a compliance listing against NIST controls, including tailoring
  • Track historical changes on STIG Checklists automatically
  • Track patch scans for continuous monitoring (ConMon) easily
  • Integrated live POA&M linked to STIG Checklists and Patch Scans automation
  • Auditing on all create, read, update, delete, and list functions throughout
  • Reporting across all STIG Checklists in your package for data calls
  • Team notifications for updated checklists, scans, POA&M information
  • Currently in Beta: generating a hardware and software asset listing from scans; automatically generating a MS PowerPoint on your System Package summary for meetings and presentations to management; automating your ports, protocols and services management (PPSM) tracking.

OpenRMF Professional — Cyber Compliance Automation

Companies, agencies, and organizations use OpenRMF Professional software as a way to automate much of the RMF process, decreasing the time to an ATO by 40–50%. OpenRMF’s collaborative environment eliminates much of the manual labor and isolated work involved in aligning the DISA controls, checklists and patch scans, and then manages all information in a secure central database structure. This allows automatic generation and updating of the POA&M, Test Plan Summary, and various other security and RMF reports.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dale Bingham

Dale Bingham

CEO of Soteria Software. Developer on OpenRMF. Software Geek by trade. Father of three daughters. Husband. Love new tech where it fits. Follow at @soteriasoft