Platform IT, RMF, and Automation

Dale Bingham
3 min readDec 14, 2023

OpenRMF Professional has a lot of automation built-in for tracking cyber compliance. This is especially true for device, network and device scans for compliance and patch vulnerabilities. But what about Platform IT, that special purpose hardware and software? Can OpenRMF Professional help with Risk Management Framework (RMF) for that? In a word: YES!

OpenRMF Professional System Package Dashboard

RMF Automation with Platform IT

With Platform IT, such as aircraft, weapon systems, ships, guidance systems, etc. you more than likely will not perform a Nessus scan or SCAP scan result. You may have control software on servers or workstations that possibly could have something scanned. For the major hardware and software components for that Platform IT though, it is highly unlikely.

What you can do is have your compliance statements, inherited or common controls, and other “scannable” data aggregated together into your system package in OpenRMF Professional. That way all your control statement information and any scan data (if you can do that at all) is still in one spot. In a web-based, access controlled application that your team can collaborate around for the RMF package.

It still works well for you and your team and does a great job.

RMF Controls, Tailoring, Overlays

Just like any other RMF package, you can still set your C-I-A levels, add in or remove out controls based on tailoring, and add any overlays. That lets you set all controls and subcontrols you need to meet for the Platform IT.

You can even use our API and data formats to upload lists of compliance statements to use over and over again across multiple RMF packages, if that is what you need to do. That helps you save time, save money, provide consistency, get standard procedures, lower the task list, and reduce stress on your team all in one fell swoop.

Once those are set you can use those just like any other RMF package in OpenRMF Professional. Run reports, generate compliance, link into the POAM and milestones. You can even generate charts on compliance or see historical compliance over time to know your trends as well (see below).

Evidence Management

You also can add your PDF files, documents, Visio diagrams, PNG files, and other evidence as well to your RMF package to track all documentation in one spot.

You can even link evidence to your individual compliance statements or POAM items specifically. Or load evidence, then in your statement call out the evidence name / page / reference / citation as well to keep everyone up-to-date.

Generating Compliance and Tracking Updates

Once your statements are loaded, RMF CIA levels / tailoring / overlays set and any scan data uploaded now you can click a button to generate your compliance snapshot.

Then update your data, scans, statements, etc. and do it again in the future. And repeat that process so you can see your latest compliance. As well as track it historically. All from one web-based solution designed just for RMF packages like yours.

Generate and track compliance against your RMF Controls with OpenRMF Professional

See for Yourself

Evaluate OpenRMF Professional for yourself and see how it helps you and your team track the RMF process with Platform IT. And achieve a faster ATO through automation. With consistent, repeatable results. Using the same team. With a LOT LESS stress on them! And letting your cyber engineers be engineers, not cyber administrators and documentation specialists.

You can download a prebuilt OVA to quickly stand up a virtual machine on your computer or network. Or you can download the installation and set it up yourself on your own equipment.

We give you a 30-day license that fully unlocks the power of OpenRMF Professional. Check out our documentation, blogs, YT videos or even schedule a demo or quick conversation on your use cases and questions.

You have nothing to lose and everything to gain! Time is one of our most valuable resources. As are the people on your team. Get them the solution they need.

Get them OpenRMF Professional.



Dale Bingham

CEO of Soteria Software. Developer on OpenRMF. Software Geek by trade. Father of three daughters. Husband. Love new tech where it fits. Follow at @soteriasoft