Use Bulk Edits, Locks, and Checklist Templates for a Faster ATO

Dale Bingham
3 min readJun 13, 2022


Did you know you can use the checklist template engine in OpenRMF Professional to have checklists already pre-filled with your manual checks and known good automated check results? And you can use the Bulk Edit feature for your checklist vulnerabilities to have consistent standard answers across your checklist vulnerability entries? Even use the Bulk Lock feature to cut down on false positives across your checklist updates.

Do the work and automate the paperwork with OpenRMF Professional! Read on for more information.

OpenRMF Professional v2.8 for automating your ATO

Using Checklist Templates and Bulk Features

With OpenRMF Professional you can have pre-filled DISA, CIS or Custom checklists for your scans and system packages to get a jump start quickly. Fill in known status, details, and comments across checklists and vulnerabilities in a template. Then use that template over and over across your devices. Have a consistent set of information for your checks from the start.

You can even lock certain false positive vulnerabilities in checklists so they stay as-is. That way your checklists and compliance status are correct and truthful to the latest real scan every single time.

You can also use the bulk edit feature across multiple vulnerabilities and multiple checklists, so your answers are the same consistently throughout your ATO system package. And each edit is tracked for history, status change, POAM impact, and keeps all your other generated documentation up-to-date easily.

All this saves time, money, reduces frustration and workload, and automates much of the manual process eating up your valuable time.

Where You Would Use a Checklist Template

You can use a checklist template if you have a lot of scans that create similar checklists across your devices. And you want consistency.

As an example, maybe you have a lot of Windows servers or workstations. Or you have a lot of Linux machines configured the same type of way. Or you want all your manual checklist vulnerability findings pre-filled because of your processes and procedures the keep everything proper.

Save time and money by filling out a template and then using THAT template to create your checklist from your scan. Then update that as you go with scans and other edits. Now you know you are starting from a good baseline of results at the very beginning.

Where You Would Use Bulk Edit and Lock Features

Have you ever had a bunch of Windows server or Linux server checklists and wanted to fill out vulnerabilities across them all the same way? All at one time versus a “copy and paste” extravaganza? Now you can! With the bulk edit vulnerability feature in OpenRMF Professional, it is easily done and tracked for you.

The change in status, checklist score, system package score, documentation and even the POAM are kept up-to-date with your bulk edit as well.

If you ever have had to go back and keep fixing false positives in scans and checklists (i.e. for the warning banner or consent text) then you understand why you would want to lock a vulnerability as well. Make it correct, and keep it that way with a “lock vulnerability” feature on your checklists. Run a report on locked vulnerabilities to review them over time as well so you know they are correct.

And keep your team moving forward.

Evaluate OpenRMF Professional For Yourself

Soteria Software’s OpenRMF Professional is revolutionizing the way you track RMF, FedRAMP and Cyber Compliance through automation! Whether you are tracking RMF and FedRAMP right now by itself, automating in a DevSecOps process, need a cyber compliance engine for your Software Factory or are even migrating on premise to cloud infrastructure — OpenRMF Professional can help ease the workload and get you there faster.

You also will have a standardized, structured way to track your cyber compliance across all your teams and customers.

You are in essence building your own Cyber Compliance Factory!

Have all team members manage and import/update their specific data. Generate compliance with a click of a button. Then export your Checklist (CKL) files, System Security Plan (SSP), Security Assessment Report (SAR), Risk Assessment Report (RAR) as well as your POAM for your approved government or corporate system of record.

See for yourself by downloading a copy with an evaluation license!



Dale Bingham

CEO of Soteria Software. Developer on OpenRMF. Software Geek by trade. Father of three daughters. Husband. Love new tech where it fits. Follow at @soteriasoft