Uploading Checklists
You can upload a new (i.e. add) or updated checklist, or compliance scan result file(s) into OpenRMF® Professional to generate or update checklist records. To add (not update) checklists to a System Package you need the “Checklist Creator” group permission for that system package. You can go into the system package and then click the “Upload” button just above the table listing all checklists.
On this screen you can add a .ckl or .cklb checklist file you have or one of the below listed formats for SCAP and Audit Compliance scans that automatically turn into checklists. You can upload up to 20 files (checklist and/or scan results) at one time. The maximum file size is 100 MB.
Note that Checklist (*.ckl or *.cklb) files can be one-to-one matching a checklist type, a hostname (hostname is optional but recommended), as well as the web or database information on site and instance (if used). Or it can be a combined checklist containing a single host with multiple STIG or checklist types. Those 5 items (hostname, checklist type, web or database, site, instance) within a System Package determine the uniqueness on checklists, SCAP, Audit Compliance uploads and if your upload creates a new checklist entry or updates an existing one.
CKL / CKLB files that have combined checklist types or STIG types in a single file are uploaded and then separated into separate checklist records, one for each STIG or checklist type.
SCAP *.xml results matched to a DISA benchmark already contain only one matching host and checklist type. Tanium SCAP *.csv as well as Nessus/ACAS Audit Compliance scans (*.nessus) can contain multiple hosts and checklist types in their results you upload. Checklists generated will be one-to-one in the System Package Checklist Listing from the results upload.
Available formats we ingest:
- Checklist (CKL) file from STIGViewer v2 or v3, or EvaluateSTIG
- Checklist (CKLB) file from STIGViewer v3 or EvaluateSTIG
- DISA SCAP XCCDF using a DISA Benchmark
- Tenable Nessus SCAP
- OpenSCAP v1.2 or v1.3 using a DISA Benchmark
- Rapid7 Nexpose SCAP using a DISA Benchmark
- HBSS SCAP using a DISA Benchmark
- Tanium SCAP CSV results using a DISA Benchmark
- Tenable Nessus Audit Compliance with DISA Benchmark
- Tenable Nessus Audit Compliance with CIS Benchmark
- Rapid7 Nexpose scan with CIS Benchmark (1 profile per result currently)
Once the checklist is uploaded and processed, there are a few things that happen behind the scenes.
- A record is made matching this checklist to the system package
- The checklist score is calculated and saved for this checklist
- The system package checklist score across all checklists is updated and saved with this system
- The reporting system parses the checklist and saves off each vulnerability into a reporting structure for later use with reports and searching
- If you have a live POAM, any open or not reviewed vulnerabilities are added to the POAM linking back to the checklist
If this is a “update” of an existing checklist in this system, it also does a few more things
- It creates a checklist history record
- It creates a checklist score history record
- It creates a system package score history record
Upload Scan Results
When you upload a scan result the application matches the benchmark used for the scan up to the matching template in the system. More information on this detailed process is in the SCAP Scan Help Area and Audit Compliance Scan Help Area for checklists. Once the checklist is made from the scan the rest of the process listed above happens and the application returns to allow more uploads. Or you can go back to the system package page.
Upload a Checklist (CKL or CKLB) file
When you upload a regular checklist *.ckl or *.cklb file, the system parses and makes sure the checklist is valid. Then it saves the data and follows the process outlined above. The system returns to allow more uploads or you can go back to the main system page.