Link Search Menu Expand Document
OpenRMF Professional Help

Version 2.10 Major Release

For this major release, we are listing the updates, additions, and fixes by area so they are easier to read and digest.

If you have additional tweaks or features you wish to see or talk to us on, please email support@soteriasoft.com and we can schedule time to discuss.

System Package Updates, New Features and Fixes

  • Updated the main dashboard to have interactive listing showing checklist and patch vulnerabilities easier
  • Updated the System Packages –> List page to show the checklist vulnerability and patch vulnerability charts together
  • Updated the System Package listing to order by vulnerability counts
  • Updated the management of Team Subpackages to allow listing items faster and moving items between subpackages
  • Added a New System Package wizard
  • Added the number of Team Subpackages on the PPTX summary export
  • Fixed the system package level Mitigation Statement editing to use the standard popup window design throughout the rest of the application
  • Fixed the system package level Overlays editing to use the standard popup window design throughout the rest of the application
  • Fixes a case sensitivity issue on hostname between Checklist and Patch Scan for matching to a host already in the hardware listing

Team Subpackages Updates and Fixes

  • Improved performance of several data screens
  • Fixed a bug where 1,000+ checklists and devices in a Team Subpackage would timeout and not load all data on the Team Subpackage Dashboard
  • Fixed a bug where a ChecklistCreator could not create, edit, or bulk edit any checklists without the Editor group permission as well
  • Fixed a bug where a PatchAdministrator could not upload a new Patch Scan result without the Editor role, not just Creator role
  • Fixed a bug where a PatchAdministrator uploads a new Patch Scan and the total System Package Patch Vulnerability Score is not update immediately
  • Fixed a bug where a PatchAdministrator uploads a Patch scan with devices already in the Team Subpackage and it incorrectly states they are not credentialed scanned devices or not allowed to update
  • Fixed a bug on uploading multiple Compliance Scans or Checklists on the Team Subpackage upload page that only shows the first one successfully uploaded
  • Fixes a case sensitivity issue on hostname between Checklist and Patch Scan for matching to a host already in the hardware listing

Checklist Updates, New Features and Fixes

  • Added a Checklist Applicability Wizard for choosing relevant checklists and templates
  • Added a paperclip icon on the checklist page for a checklist vulnerability when it has evidence
  • Added a listing of any Team Subpackages relevant on the checklist page
  • Added the Markings field on all checklists as well as the exported CKL file for classification and handling restrictions
  • Added a Checklist Applicability Wizard to enter a hostname and choose checklists from templates to create easily
  • Added a “Missing Checklists” scan wizard against hardware devices based on OS as well as software listed
  • Added a note for types of checklists that can be uploaded on all checklist upload pages
  • Improved performance on bulk upgrade checklists for system packages with very large lists of checklists > 500
  • Streamlined the checklist template matching to SCAP and Audit Compliance raw results
  • Added a comment field when deleting checklists to put into any POAM item currently linked to the checklist
  • For bulk upgrades, have a filter on the type and number to check for upgrades on larger system packages with 1,000’s of checklists
  • Fixed matching of Nessus Audit Compliance DISA benchmark scans to proper IIS DISA Checklist Templates

Host and Patch Information Updates, New Features and Fixes

  • Allow the Hardware, Software, and PPSM general exports in XLSX from OpenRMF Professional to be reuploaded directly with additions and updated information without removing the top header information
  • Added a comment field when deleting hardware to put into any POAM item currently linked to the hardware
  • Added a comment field when deleting device patch scores to put into any POAM item currently linked to the device patch score
  • Added a way to bulk add tags to Hardware devices
  • Added Device Profiles to attach to hardware/devices to show approved ports, protocols, and services for that device
  • Allow tracking an Approved Ports/Protocols/Services listing at the system package level
  • Added a way to specify (and bulk add) a device profile to a hardware device to show approved ports/protocols/services for that type of device
  • Added an eMASS specific Hardware and Software export list XLSX
  • Added an eMASS specific PPSM Boundary export list XLSX
  • Fixed a bug that was not adding the tags to the generic hardware export

Other Technology Updates and New Features

  • Allow native Trivy JSON output for reading container vulnerabilities from file uploads
  • Allow native Burp software scan results for reading container vulnerabilities from file uploads
  • Improved performance on adding and updating other technology vulnerabilities from file uploads, imports, and API POSTs

POAM Updates and Features

  • Additional POAM reports for tracking scheduled completion dates and lowered severity
  • Updated the eMASS POAM export
  • Updated the POAM filter to show Manual or Deleted Items as a filter option
  • Added a MCCAST POAM export
  • Added an All Rows POAM export to show all data one-for-one with the specific records
  • Added a filter to show POAM items with mitigations
  • Added a filter to show POAM items or by completion dates

Templates Updates and Features

  • Updated DISA Templates as of March 13, 2024
  • Sped up the listing of Templates on the template listing pages
  • Added a spinner when bulk deleting templates to show work is being performed

Notification Updates and Features

  • Filter notifications by date ending or beginning

Reports Updates and New Features

  • Added a Hardware report to show all checklists, POAM, ports/protocols/services, software, and cyber readiness for a device on one page
  • Added a POAM report to show items still with Ongoing status past the Scheduled Completion Date
  • Added a POAM report to show items whose Raw Severity was lowered in the severity or risk compared to the raw data
  • Added more filters to the Hardware report for searching larger sets of data
  • Added a report to show Compliance based on a specific hostname or device
  • Added a report to show how a hardware device matches its device profile (if it has one) on approved ports/protocols/services for that device
  • Improve performance of the System Package Vulnerability search for larger system packages
  • Improved performance on the Checklist Vulnerabilities report for system packages with very large lists of checklists > 500

Administrative Updates, New Features and Fixes

  • Allow tracking an Approved Ports/Protocols/Services listing at the installation level
  • Added Device Profiles at the installation level allow adding into the system packages for attaching to hardware/devices
  • Fixed the Mitigation Statement editing to use the standard popup window design throughout the rest of the application
  • Fixed the Overlays editing to use the standard popup window design throughout the rest of the application

General Updates

  • Standardize date pickers to have 4-digit years
  • Updated the CCI List based on the DISA public.cyber.mil release
  • Standardize a success popup green status when downloading files throughout the application
  • Fixed the “Select All” checkbox not resetting on certain screens when you apply changes and the data returns (e.g. Bulk Edit Vulnerabilities, Bulk Lock, Tag Checklists)

API Updates and New Features

  • Added a way to delete hardware, passing in a comment optionally
  • Added a way to delete a checklists, passing in a comment optionally
  • Added a MCCAST POAM download in XLSX
  • Added an All Rows POAM to include device name to download in XLSX
  • Allow uploading trivy .json files for other technology scans
  • Allow uploading Burp .xml files for other technology scans
  • Upload and download an approved ports/protocols/services file for use on system packages
  • Added a hostname filter for hardware, software, PPSM listing and checklists
  • Added a hostname filter for POAM listing
  • Added a way to list Team Subpackages without all devices and checklists
  • Added a way to list Team Subpackage devices and checklists with pagination for larger lists
  • Updated the Checklist Vulnerability call to use pagination for larger lists

Infrastructure Updates

  • Updated the Soteria Software components to the latest base image
  • Configured web components to allow HTTPS 443 over the standard port
  • Updated Infrastructure Components around Grafana, Prometheus, MongoDB, Keycloak, and Vault
  • Updated the Settings API runtime
  • Updated various components used to create the MSG and API images
  • Mongo Express is in its own YML file to start up / shut down separately from the entire software stack when troubleshooting

Copyright © 2021 - 2025 Soteria Software LLC.
Do The Work. Automate the Paperwork!SM