Link Search Menu Expand Document
OpenRMF Professional Help

Version 2.11.00

This is a version update release to add features as well as fix bugs and update any DISA templates.

  • Reworked pages loading tables of data to perform faster
  • Added the CKLB JSON format checklist upload and download in a system package or team subpackage
  • Added a limit field entry on Fortify API calls for importing issues in Other Technology area of a system package (defaulted to 200)
  • Added a filter for locked and unlocked vulnerabilities on checklist screen for filtering in a system package or team subpackage
  • Added a patch score filter on patch score summary
  • Added Elasticsearch data source integration for full text searching of checklist vulnerabilities and details (when configured)
  • Added several new reports requested by users
  • Added the Target Comments field when editing or bulk editing checklist details in a system package or team subpackage
  • Added Memorandum for the Record (MFTR) as a possible ATO Status for a System Package
  • Added counters on the Team Subpackage dashboard when users only have access to the subpackages
  • Added links on the System Package Dashboard to key areas for one-click access to information
  • Added System Package Preferences to allow uncredentialed patch scan uploads, disable severity override checklist editing, and limit items per Team Subpackage
  • Added an option for CKL or CKLB when downloading the checklist via API call
  • Added a lot of control and CCI API calls (See Developer’s Guide for v2.11)
  • Added “Policy Value” and “Actual Value” from .audit CIS results into the details in checklists from uploaded scan results
  • Added parsing of .audit file vulnerability severity when creating CIS based checklists
  • Added Target Comments field to checklists
  • Added a Journal for system packages to track all actions and impact to data and structures in the system package
  • Added a Journal for installation to track all other actions and impact to non-System Package information such as overall settings and templates
  • Added all DISA checklist templates up to January 30, 2025
  • Added Grafana dashboards for Keycloak health and Vault health, if enabled
  • Added links from the System Package Dashboard to key areas for one-click access
  • Added a title to show what checklists is being tracked for bulk upgrade when viewing what checklists have available upgrades
  • Added web or database fields to create checklist from template wizard
  • Added target comments field to create checklist from template wizard
  • Allow deleting Checklists at the Team Subpackage level for checklist creators and editors
  • Allow deleting hardware at the Team Subpackage level for Patch Administrators
  • Allow deleting (hard delete) POAM entries as a SystemOwner when entries are incorrect or need to be removed
  • Allow whitelabel entries for custom logo, footer, support email, title and version of your OpenRMF Professional installation
  • Allow custom themes and setting a default theme for your OpenRMF Professional installation
  • Added additional API calls for controls and CCIs
  • Updated the Created By and Updated By to “FirstName Last Name (login)” format for CAC and PIV users
  • Updated the Test Plan Summary table to show vulnerability separately for sorting and color coding
  • Update to use Host IP when a Nessus patch vulnerability scan has a blank hostname (no reverse DNS)
  • Updated Navy eMASS POAM to include Milestone Id and Mitigations columns that were missing
  • Updated patch score page to allow filtering on patch score by device
  • Updated the Team Subpackage POAM filter to add additional fields to mimic System Package POAM filter
  • Updated the CCI listing from 27 Jan 2025 from public.cyber.mil
  • Updated the Add POAM item to require status and source information at a minimum
  • Bug fix on showing the checklist type if using web/database/application fields for bulk editing vulnerabilities
  • Bug fix on checklist version upgrade available if the uploaded checklist is a higher version than the current DISA template
  • Bug fix showing duplicate CCIs for revision 4 and revision 5 of RMF
  • Bug fix on large software, hardware, and PPSM lists uploaded to save correctly
  • Bug fix on suppport drivers edit on uploading files to set to Support and Drivers application type
  • Bug fix on hostname not being used correctly in create checklist from templates
  • Bug fix on showing an updated date and name when adding evidence to a checklist vulnerability
  • Bug fix for POAM report to properly connect and use data and verify authentication
  • Bug fix for checklist report to update the web or database information correctly when switching between checklists
  • Bug fix for bulk edit vulnerabilities to show the web or database information for checklists properly
  • Bug fix for Add button on Administration Manage System Packages to go to the New System Package Wizard page
  • Bug fix for Patch Administrators to show checkboxes on the hardware page for bulk editing
  • Bug fix for updating current checklists when the type has a (, ), or / in the type of checklists for matching properly
  • Bug fix for showing evidence on checklist vulnerabilities at the Team Subpackage level
  • Bug fix for showing mitigations on the POAM at the Team Subpackage level
  • Bug fix to show scanner and scanner version for software and PPSM data correctly when from an automated scan upload
  • Fixed Keycloak registration template for the OpenRMF Professional theme
  • Updated the ELK stack 3rd party images to 8.17
  • Updated Grafana image to version 10.4
  • Upgrade Postgres to v16.2
  • Upgrade Keycloak to v26.1.0
  • Updated codebase to use .NET 8 for performance
  • Updated the base image for code builds for better vulnerability scanning

Copyright © 2021 - 2025 Soteria Software LLC.
Do The Work. Automate the Paperwork!SM