Features
OpenRMF® OSS is the first web-based open source tool allowing you to collaborate on your DoD STIG checklists, DISA / OpenSCAP / Nessus SCAP scans, and Nessus / ACAS patch data, then generate NIST compliance in minutes (or less). All with one tool!
AuthN/AuthZ/RBAC
Authentication and authorization via Keycloak (OpenID), featuring role based access control (RBAC) on UI features and API calls. Allows different levels of viewing and editing data.
Edit/Upgrade Checklists Live through a Browser
You can edit your checklist live via the browser! You also can upgrade them to the newest versions from DISA! Set status, comments, details, security override as well as host name, role, domain name and more. Auditing keeps track of who edited the checklist. Allows Bulk Editing of vulnerabilities. And you can add tags to checklists!
Enable Web-based Viewing of Checklists
Use this system for controlled access to all your system checklists, easily viewable with any modern web browser. No more Java client JAR file to download and run to view information!
Instant Risk Status from your Dashboard
Use the Dashboard for instant risk information on the number of Open Items per system as well as the Critical and High patch information from your latest Nessus ACAS scan.
List Checklists by System Package
Keep track of your STIG checklists by your System Package. Show your Not a Finding, Open, N/A, and Not Reviewed numbers at a quick glance. Export checklists to MS Excel for sharing. Export the .CKL file by using OpenRMF® as your Configuration Management tool for checklist files. No more emailing, shared folders, and questions.
Generate RMF System Artifacts
Generate a Plan of Action and Milestones (POAM) as well as a Test Plan Summary in seconds automatically! Nothing to manually copy/paste and miss data. Download all CKLs to a ZIP.
Interactive Reports
Generate reports for Nessus patching across servers, System Checklist items, RMF Controls, Vulnerabilities by Host, as well as charts showing your System status.
Run via Docker or Kubernetes
Run locally via Docker Compose file or via Kubernetes (Helm chart available). Easily setup AuthN/AuthZ via Keycloak using the documented OpenID configuration in minutes.
Filter Vulnerabilities per Checklist
List all Vulnerabilities per Checklist and filter by Open, N/A, Not Reviewed or Not a Finding to quickly answer questions. Turn them on and off and export to MS Excel.
Generate Compliance
Generate a Compliance listing in seconds, linking in the sections of each checklist to the corresponding NIST control. Color coded links to checklists to show status for that control. Filter vulnerabilities to pinpoint the work left to be done.
Benefits
Manage all data in one web-based tool. Quickly Generate Compliance Reports. Manage Open Items Easily. Status at the click of a button.
Relate DISA STIGs to NIST Controls
Automatically relate the DISA STIGs and checklist entries to their corresponding NIST control(s) for generating compliance with the click of a button. Across your whole System Package!
Save Massive Time and Money
Generating compliance for a system with just 20 servers and 5 checklists per server can easily take a couple of weeks to generate. This system does it in seconds with a click of a button!
All Checklists in one Place
Maintain a system of record for all of your DoD STIG checklists in a central database-housed location that is web based and easily accessible. Run locally or across a network.
Easy Collaboration
Allow your team to collaborate by editing and viewing Checklists, Charts, and System status in a single location without passing files around and using out-of-date information.
Report Progress Easily
Allow managers read-only access. Generate results and export into MS Excel for system checklists and item status. See where you are at a quick glance in the process. Run reports on Nessus scans and Open Items. Find vulnerabilities affecting you in seconds.
Upload Checklists & Scans
Easily upload checklists and SCAP scans. Upgrade your checklists to the latest version with 1 click. OpenRMF® reads the hosts, type, and release of the checklist to autogenerate the title. Group your checklists by systems to organize your information.
Generate & Export Charts
Generate Charts per checklist or by system to show status, types of items, types of checklists, and more! Export charts and graphs to PNG for use in presentations and documents.
Audit Your Actions
Generate Audits on any update, create, edit, or delete actions across your System Packages. Track who is doing what with your systems, your checklists, and your scan data.
Team
This is a collaboration between the innovate teams at Cingulara and Tutela Security. Want to join the team? Contact us. Find us on Twitter. Dive in on GitHub!
Dale Bingham
CTO, CingularaDavid Gould
CEO, TutelaTestimonials
Gov't Cloud Admin
AF Cloud Cybersecurity Administrator
Talking to his group after using OpenRMF® compared to their
manual processes - “Hey guys look. You have been doing RMF all wrong!”
Gov't User
NIWC Navy (former SPAWAR)
“I'm super happy that OpenRMF® handles the upgrade of those
STIGs and the copy/paste doesn't have to happen!”
Gerald H.
NIWC Navy (former SPAWAR)
“The work you all have put into this project is phenomenal! I can't
say enough great things about the team and the amazing accomplishments you all have achieved in a very, very short period of time. Now that's
what I call CodeHustle!”
former employee
MSG
“Using the OpenRMF® tool, we reduced the three weeks to generate our compliance report down to 5 minutes. And OpenRMF® found an error in our compliance that we missed when we did it manually.”
Dave
Neany
“With the OpenRMF® Tool, we quickly found 2 servers with the exact same hostname we did not see by looking at each checklist individually.”
David Gould
CEO, Tutela
“Using the list of checklists per system, we were able to update management on our number of open items across all checklists within our system in seconds.”
Contact Us