Import Technology Vulnerabilities

If you have one of the integrations for technology vulnerabilities setup in OpenRMF^® Professional, you can import the data directly into your system package. You must have the System Owner or Vulnerability Administrator permission to use this feature. To do so, from the System Package dashboard click on the Other Technologies menu and choose the Import Vulnerability Scan Data option.

Import Technology Vulnerability Menu

Previewing Data

To preview the data, specify the source project and click the Preview button from the Import page. All data for that category, source, and project will show. The data will be listed, with the message linked to the server address directly for that vulnerability information. Previewing data will not import and save it. It is just a glimpse into the current status of all the data.

Preview Technology Vulnerability Data Import

Importing Data

To actually import and save the data for your system package, with the source project selected click the Import & Save button. This will pull in the latest data and save it for that source project in your system package. If this is brand new, it will add the data. If there is already data in your system package for the data imported, it will update the data in place. The vulnerability score is also generated for that category source project as well. Then the automation listed below is kicked off.

Automation from Importing Data

Once the technology vulnerability data is imported, there are several automated actions that are started.

The score generated is used to update the total technology vulnerability score for all projects for the specific category of data you imported. And then the total vulnerability score across all categories and source projects is updated as well. This data will be available in seconds on the scores page for this area.

If you have a live POAM created, any updates on vulnerability data is tracked in the POAM as well. Any items that are marked as Open or Won’t Fix are set as Open in the POAM. And any items already on the POAM that are now not Open or Won’t Fix are marked as Completed automatically with the date of the import as the completed date.