Authentication and authorization via Keycloak (OpenID), featuring role based access control (RBAC) on UI features and API calls. Allows different levels of viewing and editing data.
You can edit your checklist live via the browser! You also can upgrade them to the newest versions from DISA! Set status, comments, details, security override as well as host name, role, domain name and more. Auditing keeps track of who edited the checklist. OpenRMF 1.1+ includes Bulk Editing!
Use this system for controlled access to all your system checklists, easily viewable with any modern web browser. No more Java client JAR file to download and run to view information!
Use the Dashboard for instant risk information on the number of Open Items per system as well as the Critical and High patch information from your latest Nessus ACAS scan.
Keep track of your STIG checklists by your System Package. Show your Not a Finding, Open, N/A, and Not Reviewed numbers at a quick glance. Export checklists to MS Excel for sharing. Export the .CKL file by using OpenRMF as your Configuration Management tool for checklist files. No more emailing, shared folders, and questions.
Generate a Plan of Action and Milestones (POA&M) as well as a Test Plan Summary in seconds automatically! Nothing to manually copy/paste and miss data. Download all CKLs to a ZIP.
Generate reports for Nessus patching across servers, System Checklist items, RMF Controls, Vulnerabilities by Host, as well as charts showing your System status.
List all Vulnerabilities per Checklist and filter by Open, N/A, Not Reviewed or Not a Finding to quickly answer questions. Turn them on and off and export to MS Excel.
Generate a Compliance listing in seconds, linking in the sections of each checklist to the corresponding NIST control. Color coded links to checklists to show status for that control. Filter vulnerabilities to pinpoint the work left to be done.
Automatically relate the DISA STIGs and checklist entries to their corresponding NIST control(s) for generating compliance with the click of a button. Across your whole System Package!
Generating compliance for a system with just 20 servers and 5 checklists per server can easily take a couple of weeks to generate. This system does it in seconds with a click of a button!
Maintain a system of record for all of your DoD STIG checklists in a central database-housed location that is web based and easily accessible. Run locally or across a network.
Allow your team to collaborate by editing and viewing Checklists, Charts, and System status in a single location without passing files around and using out-of-date information.
Allow managers read-only access. Generate results and export into MS Excel for system checklists and item status. See where you are at a quick glance in the process. Run reports on Nessus scans and Open Items. Find vulnerabilities affecting you in seconds.
Easily upload checklists and SCAP scans. Upgrade your checklists to the latest version with 1 click. OpenRMF reads the hosts, type, and release of the checklist to autogenerate the title. Group your checklists by systems to organize your information.
Generate Charts per checklist or by system to show status, types of items, types of checklists, and more! Export charts and graphs to PNG for use in presentations and documents.
Generate Audits on any update, create, edit, or delete actions across your System Packages. Track who is doing what with your systems, your checklists, and your scan data.
This is a collaboration between the innovate teams at Cingulara and Tutela Security. Want to join the team? Contact us. Find us on Twitter. Dive in on GitHub!
Dale BinghamCTO, Cingulara
David GouldCEO, Tutela
Gov't Cloud Admin
AF Cloud Cybersecurity Administrator
Talking to his group after using OpenRMF compared to their
manual processes - “Hey guys look. You have been doing RMF all wrong!”
NIWC Navy (former SPAWAR)
“I'm super happy that OpenRMF handles the upgrade of those
STIGs and the copy/paste doesn't have to happen!”
NIWC Navy (former SPAWAR)
“The work you all have put into this project is phenomenal! I can't
say enough great things about the team and the amazing accomplishments you all have achieved in a very, very short period of time. Now that's what I call CodeHustle!”
“Using the OpenRMF tool, we reduced the three weeks to generate our compliance report down to 5 minutes. And OpenRMF found an error in our compliance that we missed when we did it manually.”
“With the OpenRMF Tool, we quickly found 2 servers with the exact same hostname we did not see by looking at each checklist individually.”
“Using the list of checklists per system, we were able to update management on our number of open items across all checklists within our system in seconds.”