Just Released August 2021: OpenRMF® Professional v 2.6!

OpenRMF Dashboard

Over 1,500 downloads! NAVY DADMS Approved!

Automate. Collaborate. Innovate.

Cyber Compliance Automation is achievable with OpenRMF® v1.6!
Features Benefits Product PDF


OpenRMF® is the only web-based open source tool allowing you to collaborate on your DoD STIG checklists, DISA, OpenSCAP and Nessus SCAP scans, Nessus ACAS patch data, and generate NIST compliance in minutes (or less). All with one tool!


Authentication and authorization via Keycloak (OpenID), featuring role based access control (RBAC) on UI features and API calls. Allows different levels of viewing and editing data.

Edit/Upgrade Checklists Live through a Browser

You can edit your checklist live via the browser! You also can upgrade them to the newest versions from DISA! Set status, comments, details, security override as well as host name, role, domain name and more. Auditing keeps track of who edited the checklist. OpenRMF® 1.1+ includes Bulk Editing!

Enable Web-based Viewing of Checklists

Use this system for controlled access to all your system checklists, easily viewable with any modern web browser. No more Java client JAR file to download and run to view information!

Instant Risk Status from your Dashboard

Use the Dashboard for instant risk information on the number of Open Items per system as well as the Critical and High patch information from your latest Nessus ACAS scan.

List Checklists by System Package

Keep track of your STIG checklists by your System Package. Show your Not a Finding, Open, N/A, and Not Reviewed numbers at a quick glance. Export checklists to MS Excel for sharing. Export the .CKL file by using OpenRMF® as your Configuration Management tool for checklist files. No more emailing, shared folders, and questions.

Generate RMF System Artifacts

Generate a Plan of Action and Milestones (POA&M) as well as a Test Plan Summary in seconds automatically! Nothing to manually copy/paste and miss data. Download all CKLs to a ZIP.

Interactive Reports

Generate reports for Nessus patching across servers, System Checklist items, RMF Controls, Vulnerabilities by Host, as well as charts showing your System status.

Run via Docker or Kubernetes

Run locally via Docker Compose file or via Kubernetes (Helm chart available). Easily setup AuthN/AuthZ via Keycloak using the documented OpenID configuration in minutes.

Filter Vulnerabilities per Checklist

List all Vulnerabilities per Checklist and filter by Open, N/A, Not Reviewed or Not a Finding to quickly answer questions. Turn them on and off and export to MS Excel.

Generate Compliance

Generate a Compliance listing in seconds, linking in the sections of each checklist to the corresponding NIST control. Color coded links to checklists to show status for that control. Filter vulnerabilities to pinpoint the work left to be done.


Manage all data in one web-based tool. Quickly Generate Compliance Reports. Manage Open Items Easily. Status at the click of a button.

Relate DISA STIGs to NIST Controls

Automatically relate the DISA STIGs and checklist entries to their corresponding NIST control(s) for generating compliance with the click of a button. Across your whole System Package!

Save Massive Time and Money

Generating compliance for a system with just 20 servers and 5 checklists per server can easily take a couple of weeks to generate. This system does it in seconds with a click of a button!

All Checklists in one Place

Maintain a system of record for all of your DoD STIG checklists in a central database-housed location that is web based and easily accessible. Run locally or across a network.

Easy Collaboration

Allow your team to collaborate by editing and viewing Checklists, Charts, and System status in a single location without passing files around and using out-of-date information.

Report Progress Easily

Allow managers read-only access. Generate results and export into MS Excel for system checklists and item status. See where you are at a quick glance in the process. Run reports on Nessus scans and Open Items. Find vulnerabilities affecting you in seconds.

Upload Checklists & Scans

Easily upload checklists and SCAP scans. Upgrade your checklists to the latest version with 1 click. OpenRMF® reads the hosts, type, and release of the checklist to autogenerate the title. Group your checklists by systems to organize your information.

Generate & Export Charts

Generate Charts per checklist or by system to show status, types of items, types of checklists, and more! Export charts and graphs to PNG for use in presentations and documents.

Audit Your Actions

Generate Audits on any update, create, edit, or delete actions across your System Packages. Track who is doing what with your systems, your checklists, and your scan data.


This is a collaboration between the innovate teams at Cingulara and Tutela Security. Want to join the team? Contact us. Find us on Twitter. Dive in on GitHub!


Dale Bingham

CTO, Cingulara
Tutela Security

David Gould

CEO, Tutela


Contact Us



open an issue in GitHub on the tool.

Join us on Slack

CodeShip automation status