What’s New in OpenRMF Professional v2.4? A LOT!!
The latest version of OpenRMF Professional is v2.4 released in early July 2021. We have added several things to help you and your team manage your RMF and FedRAMP data easier, faster, and with less stress! The Custom Checklist Creator. Improved vulnerability bulk. Bulk lock on vulnerabilities. Add tags to checklists and devices. Export/import overlays. And improved navigation to the UI with linked breadcrumbs and keyboard shortcuts.
If you have not checked out OpenRMF Professional yet, now is the time!
Custom Checklist Creator
The Custom Checklist Creator allows you to make custom checklists on software, hardware, as well as processes and procedures that link to NIST 800.53 controls. If you ever wanted to make a checklist to match to the manual controls such as Program Management, Awareness and Training, Incident Response and the like this is for you!
Create a custom checklist template, set the version and release, specify the technology or asset type, and then add 1 or more vulnerabilities to create your custom checklist template. Call it a questionnaire. Call it a survey. Call it a checklist. Whatever you do, use it to help automate documentation and compliance and generate a full compliance level look across your whole system package. Including the manual pieces!
The checklists made from this template can be used in OpenRMF Professional, OpenRMF OSS, or even viewed in the DISA STIGViewer 2.14 or higher. And you can use our template engine to make Organizational templates or System Package templates off custom templates and tailor them for your needs as well.
Bulk Lock / Unlock Vulnerabilities
Another new feature is the bulk lock and unlock feature. You can specify your checklist type, enter a vulnerability number to search and then select the ones you want to lock or unlock. Click the button and done! The lock icon shows on the checklist listing and all reports when run from OpenRMF Professional.
This helps block false positive SCAP scan results from updating checklists. It stops editing manually through OpenRMF Professional. And stops uploading checklist CKL files from changing them as well.
Bulk Edit Vulnerabilities
You also can edit vulnerability status, details, comments and severity override information now from the bulk edit page. Search for the vulnerability across all your system package checklists, select the ones to edit, and fill in the form. Click the Save button to update those checklists, the reports, and the POA&M where applicable.
Of course, you cannot do a bulk edit when the vulnerability is locked (see previous section information).
We had a “do this edit across all checklists” in previous versions. This lets you focus on a bulk edit and select the actual checklists to edit. Not an “all or nothing” scenario.
Better UI Navigation
Thanks to input from several current and future customers, we updated our navigation throughout the application. Linked breadcrumbs show where you are, how you got to where you are, and how to go back with a single click.
Add in keyboard shortcuts to the System Package Dashboard and you can quickly navigate to where you need to be, even without lifting your hand off the keyboard to move the mouse.
Kubernetes Installation
We also have a Kubernetes helm chart now available in beta. This can be used for a local Kubernetes installation (even Minikube) as well as AWS EKS in Amazon Web Services. We are currently testing AKS and GCP as well as others (OpenShift 4.x, Tanzu) and will come out with updates as they are tested and approved.
Tag Checklists and Hardware Devices
Add tags to your checklists and/or hardware devices in OpenRMF Professional to quickly find and filter your information. On larger system packages and teams, it is nice to say “list all the Windows Team checklists” or “give me all web server checklists” and quickly find them. This lets you do that.
You can enter the tags in the table listings to quickly filter data. Or enter tags into the System Package Dashboard filter for checklists and only list the ones you need.
OpenRMF Professional to the Rescue
OpenRMF Professional automates much of the RMF and FedRAMP process, helping decrease the time to an ATO or approval by 40–50%. OpenRMF’s collaborative environment eliminates much of the manual labor and isolated work involved in aligning the NIST controls and sub-controls, checklists, patch scans, POA&Ms, and compliance generation and then manages all information in a secure central database structure. This allows automatic generation and updating of the POA&M, Test Plan Summary, and various other security and RMF or FedRAMP reports.
Having a web-based central repository for all cybersecurity compliance data that has role-based security for each system package, eases the RMF and FedRAMP processes using a single source of truth and eliminates errors, manually intensive individual tracking, and rework. It also provides leadership with direct insight into the status of all system package security and risk information thus eliminating the mystery around implementing the RMF and FedRAMP processes.
Once an ATO or approval level is achieved, OpenRMF provides continuous monitoring and tracking of POA&M items, overall risk of systems and applications, and tracking updated scans and checklists throughout the life of the system package.
Check it out here. Ask for a 30-day no obligation evaluation to try it yourself!
