Link Search Menu Expand Document
OpenRMF Professional Help

Checklist Help Information

Checklists are used to track vulnerabilities across software, operating systems, and device settings for hosts, servers, and devices (i.e. routers and firewalls). In OpenRMF® Professional they are grouped under a system and show the version, release, total checklist score as well as the last update. DISA periodically updates the version and release of the checklist to use as well. OpenRMF® Professional will alert you to an available upgrade and make the process a simple button click!

Checklists are made for each type of software that is on a device. When we use device we mean any server, host, virtual machine, device within your system boundary. You will probably have more than 1 checklist per device. As an example, a server in your system could be a Windows 2016 member server (1 checklist) that has Windows Firewall setup (1 checklist), Java installed (1 checklist), .NET installed (1 checklist), Google Chrome installed (1 checklist), Microsoft and Internet Explorer/Edge installed (1 checklist).

That is 6 checklists for just one machine. If you have 5 machines that number of checklists is multiplied now to 30. You can see for larger systems how much of a management headache this will be.

Examples of the types of checklist available are available by listing all DISA Templates in the template area or listed on the https://public.cyber.mil/ website.

General Information on Checklists

When you click on a checklist listing on the system page, compliance list, POAM item, or report area you are presented with the checklist page. It is separated into a few areas with the main data at the top, details on the checklist in the middle and a table of vulnerabilities at the bottom of the page. Depending on your group permissions, you will see buttons to return to listing system checklists, a download button, an export to MS Excel (*.XLSX) button as well as an upload button.

If there have been updates to this checklist you also will see a history button to view version control history.

Checklist Record

The detailed area shows created and updated date information as well as the host and fully qualified domain name (FQDN) information within the checklist. If you have the correct permissions it shows an Update button to update the checklist data through the web interface as well.

Checklist Details

Checklist Score

The Checklist Score is the total number of vulnerabilities grouped by status. For open items, OpenRMF® Professional also tracks the number of vulnerabilities by severity as an Open CAT 1/high item is more impactful than a CAT 3/low item. This score is updated as vulnerabilities are updated and the history of score changes is also tracked and available. More detailed information is available in the Checklist Score Help Area.

Checklist Vulnerabilities

The table at the bottom of the checklist page shows the list of all vulnerabilities for this checklist. This is the main area of any checklist as it tracks the security, risk, and compliance of your device against known benchmarks and good practices for security. We go into more information in the Vulnerability Help Area to cover the ways you use vulnerabilities. In OpenRMF® Professional you can edit the vulnerability data status, override the severity, and enter comments and details for the vulnerability. You also can attach files for evidence for a vulnerability.

In addition, you can do a “bulk edit” across similar checklist types in your system if you have to make a change across similar devices (i.e. 1 change is the same across 10 Windows servers with a GPO pushed out).

Checklist Vulnerabilities

Copyright © 2021 - 2025 Soteria Software LLC.
Do The Work. Automate the Paperwork!SM