Track Multiple Tenants in your ATO Through an Organized View of your Data
When you have a larger Authority to Operate (ATO) with multiple tenants running under you, you have to manage a lot more than just your infrastructure. You have to manage all theirs as well!
Using OpenRMF Professional and its unique Team Subpackages feature, you can have those groups track and update just their own compliance scans, patch scans, and POAM items. While you track the impact to your entire ATO. All from the same solution.
Setup Team Subpackages for Organized Access
Think of a Team Subpackage as a subset of checklists and devices that those tenants are responsible for tracking and maintaining. And the POAM items that go with them.
So first things being first: create Team Subpackages to represent the tenants in your ATO. Create as many as you need that is manageable.
Then add the appropriate checklists and/or devices into each Team Subpackage.
Alternatively, you could create the Team Subpackages and leave them empty. Then allow the teams themselves to upload scans and results to create the checklists records through uploads. You can do the same for devices from patch scans, which also update patch vulnerabilities, software listing, hardware listing, and ports/protocols/services listing as well. (see the permissions listed in the next section)
Give Access to Team Subpackages
Now that the Team Subpackages are setup, you can add the right people into the Team Subpackage and give them the least-privileged access they require from the list below:
- just a read-only view
- manage existing checklists
- create / upload new checklists or compliance scans
- manage existing devices (patch vulnerabilities, software, PPSM, etc.)
- create / upload new patch vulnerability scans to create devices
- manage POAM items
From there they login, see the Team Subpackages they have access to on their dashboard, and use the subset of features in the subpackage to manage their part of the larger ATO or accreditation boundary.
Track from Your Main System Package View
As the owner or group accessing the main System Package, you can still see the same checklists, devices, and watch the impact from the Team Subpackage updates.
- Track the patch history and trends
- Track the checklist / vulnerability trends
- Track updates to POAM items
- Generate Compliance based on all Team Subpackage updates across checklists and their appropriate status and CCIs
- Run reports and data calls across all data
The Team Subpackage is to carve out a section of the accreditation and give people ONLY that access required for the subset of data. You in the System Package can still see all data and have access to all features required at the main package level.
The difference is with Team Subpackages, you can manage it appropriately with a divide-and-conquer strategy.
You can even run reports to see what information is old, stale, and not updated. So you know who is putting the work in … and who has to be kicked out of your ATO! (or at least make the threat)
Try It For Yourself
This is a glimpse into one of the many use cases people are tracking with OpenRMF Professional to make their lives easier.
Evaluate OpenRMF Professional for yourself and see how it helps you and your team perform better, structured RMF processes. And track the where, who, why, how, and history behinds your RMF package evolution.
You can achieve a faster ATO through automation. With consistent, repeatable results. Using the same team. With a LOT LESS stress on them! And letting your cyber engineers be engineers, not cyber administrators and documentation specialists.
You can download a prebuilt OVA to quickly stand up a virtual machine on your computer or network. Or you can download the installation and set it up yourself on your own equipment.
We give you a 30-day license that fully unlocks the power of OpenRMF Professional. Check out our documentation, blogs, YT videos or even schedule a demo or quick conversation on your use cases and questions.
You have nothing to lose and everything to gain! Time is one of our most valuable resources. As are the people on your team. Get them the solution they need.
Get them OpenRMF Professional.
