Link Search Menu Expand Document
OpenRMF Professional Help

General Template Information

Templates are checklists without data filled in for your specific server or device. Templates can have asset and vulnerability information filled in, but it is done “in general” and not for your specific device or server. You can use templates as a starter “boilerplate” for your system’s checklists required.

You can also use templates to match SCAP Scans or Audit Compliance Scans specifically as those scans can only look for things in an automated way on servers or devices. There are many parts of checklists that are documentation or process related that a scan cannot answer.

Those items that cannot be checked in an automated way but are known can be put into a Template and matched to the SCAP benchmark type so the two merge and form your checklist to use in your system.

Template Listing

How Templates Work

Templates are in essence checklist files. The DISA templates are the same checklist files generated by importing the *manual.xccdf files into the old STIGViewer Java tool and then using “Create Checklist” to make a new checklist. We just did all that for you and put it into an easy-to-use application interface.

These templates match up to checklist files 1 to 1 for their STIG type, release, and version. You can use templates to make creating, editing, and managing large groups of checklists easier by pre-filling out certain vulnerabilities with known information.

Template Score

The Template Score is basically the same as a checklist score just for that template. It is the number of open items by severity/category as well as the number of vulnerabilities marked not a finding, not reviewed, and not applicable. The score is a quick view into the overall status of your checklist. The open items are further counted by their severity or category of CAT 1 (high), CAT 2 (medium) and CAT 3 (low) for additional information.

Types of Templates

In OpenRMF® Professional there are currently five types of Templates:

  • DISA Templates are blank checklists from the cyber.mil website and are created by DISA for use
  • Organizational Templates are DISA templates that have some information filled in by application administrators
  • CIS Templates are checklist templates created to match CIS benchmark .audit files from Tenable Nessus / ACAS software
  • System Templates are filled out from a DISA or Company template baseline and are used specifically within a system only
  • Custom Templates are created by you and have custom titles, vulnerabilities, and are used to create a checklist to match to a particular piece of software, hardware, process, procedure, or documentation.

The DISA, Organizational, CIS and Custom templates are available to anyone in the system to use. System Package templates are only for those that have access to that system package.

Copyright © 2021 - 2025 Soteria Software LLC.
Do The Work. Automate the Paperwork!SM