Link Search Menu Expand Document
OpenRMF Professional Help

DISA Template Information

As stated elsewhere DISA templates are blank checklists from the public.cyber.mil website and are created and updated by DISA for use. These are the checklist files available from https://public.cyber.mil/ that you can pull down and generate checklists from using their STIGViewer Java tool. These templates can be used in OpenRMF® Professional to create checklists or to copy and create Organizational or System Package level templates.

You cannot edit the DISA Templates as those are from DISA and should be used as-is.

How DISA Templates are Loaded

The DISA templates are included in the software installation and are updated by us inside the installation. Any new template can be uploaded as a Organizational template for now. You also can upload DISA templates as well if your role includes Administrator or Template Administrator. As DISA updates their versions and releases of DISA checklists, we download, then test, then update the Template component in OpenRMF® Professional to put out a patch release containing the newer DISA checklist updates.

What you can do with DISA Templates

By default, they are used to match up to SCAP scan results or audit compliance scan results using DISA benchmarks.

Additionally, if you select one or more templates in the listing you can bulk download them all into a ZIP file locally. All the CKL files that you selected will be in that ZIP file. You also can copy them to Organization templates, System Package templates, or even create new checklists in your System Package based on that checklist (if you have the correct System Package permissions).

Copying them to other Templates

Your DISA Templates can also be copied into other templates for Organizational or even System Package templates. System Package templates require you to have a “Create Template” group permission in that system or you will not see the option to copy to a system template. Once copied they are independent and can be updated and edited unto themselves. You may want to do this to customize templates as has been discussed in other areas of the help sections.

Making new Checklists from DISA Templates

If you have any “Create Checklist in a System” permissions you can select a DISA template from the listing and choose the “Create Checklist” from the bulk menu item just above the table listing to the right. If you click the Apply button you can choose the system and then a checklist of that type is created in that system.

You will need to update any information such as hostname, FQDN, role, etc. for the checklist inside the system listing. You will want to do this if you are trying to match this template up to a brand new SCAP scan as they match on STIG type and hostname / device name.

Upload a new DISA Template

There may be some DISA Templates (*Manual-xccdf.xml) that are behind PKI or that are released you must have before they are incorporated into an OpenRMF® Professional update. You can download the ZIP files from DISA, expand, and find the xxxxxxx-Manual-xccdf.xml file located in the ZIP file to upload into OpenRMF® Professional.

You must be an application administrator of the application to do this. When you are, there is an Add DISA button on the Template main page you can use.

Click in the area to upload the file, find the file and add it to the listing. Then click the Send Files button to upload it and add it to the DISA template listing.

Upload DISA Template Checklist

Copyright © 2021 - 2025 Soteria Software LLC.
Do The Work. Automate the Paperwork!SM