Viewing Your System Package
To view a system package in OpenRMF® Professional you click the title in the System Packages Listing on the dashboard or main system packages list page. It opens to view the system package dashboard showing overall score information, main data such as the confidentiality, integrity, and availability (C-I-A) levels as well as the total number of open items and main patch issues.
System Package Dashboard Layout and Menu
At the top of the dashboard is the list of menu items for the entire system package. You have the Checklists menu with items to view the list of checklists, scores, do bulk operations, or add checklists and system package specific templates.
The Host Scan Data menu has items to view patch information, ports and protocols, hardware, software, as well as view the score and update scans and data files.
The Other Technologies menu has options to view the scores for this area as well as list individual vulnerabilities and import or update data.
The Compliance menu has items to view compliance, compliance statements, specify tailoring and add overlays. The POAM menu has links to view the POAM as well as mitigation statements and milestones. The Documentation has items to view test plan data, cyber compliance, evidence (documents) uploaded, as well as generate XLSX and PPTX files from your data for submission and review.
Finally the ... menu has links to view system package specific notifications as well as create and manage team subpackages, manage integrations, manage preferences, view the journal and the option to delete all data or the entire system package as well.
There are sections in the system package dashboard to show key indicators and data across your system package. You can quickly see the overall scores and click the blue clock icon to view history. You also see the cyber readiness (i.e. CCRI) scores displayed based on the latest scan data and your cyber readiness score settings as well. And the Latest Status area shows important dates for updates and upcoming milestones.
Just underneath that are 8 items to show specific data on checklists, devices, and POAM items. Click on each number to go to that specific area in your system package. Note the Checklists Open High, Assets Open Critical, and POAM Items links go to those pages and set your filter to only show that specific data.
The bottom half of your system package dashboard shows the details of the system package. And depending on your permissions, may allow you to update the details or make it read-only across all screens and data in the system package. You also may see an Audit button to view all auditing information for access to data within the system package for viewing and exporting.
Checklist Score, Patch Score, Other Technology Score
There are three main scores when it comes to system packages. The checklist score is the number of vulnerability items grouped by status and severity/category. The open items are further separated by category where other statuses are just shown as an entire number.
The patch score is the list of patch or plugin items that are marked open from the patch scans and results uploaded into the system package. Critical, high, medium, and low items are counted and shown as a score to identify the number of open items and their severity as well.
The technology score is the number of vulnerabilities for other scan data such as software scans, container scans, etc. that you load through the web interface or API. Critical, high, medium, and low items are counted and shown as a score to identify the number of open items and their severity as well.