v2.9 OpenRMF Professional User Training
Updated for Version 2.9. Training for our flagship product OpenRMF Professional from a User's perspective. Learn how to log in, create accreditation packages, uploading scans and more. Track actions with our live POAM feature, generate your RMF and FedRAMP compliance and run reports to check vulnerabilities and compliance status. Advanced features such as the Team Subpackages, bulk edit and lock, live, active POAM and many others.
-
Overview of the Risk Management Framework
Learn what the Risk Management Framework is, how it is laid out, the pieces, and understand the basis for it along the lines of cyber compliance.
-
v2.9 Understanding Roles and Groups - User Training
See how roles, groups and permissions affect the screen, menu, and functions of OpenRMF Professional from a security standpoint.
-
v2.9 Login and Navigation Overview - User Training
View OpenRMF Professional in a general sense to see the screen layout, menus, areas of concentration, templates, reports, and other functions to become familiar with the look, feel, and navigation.
-
v2.9 Create a System (ATO) Package - User Training
See how you setup your system package to track your ATO, IATT, ATC, Type accreditation or your accreditation boundary as a package. This allows you to setup your RMF or FedRAMP level, add tailoring and overlays, setup POC information, and get ready to upload scans and generate your POAM and compl...
-
v2.9 Tailoring and Overlays - User Training
This video explains NIST control and subcontrols as it pertains to overlays, tailoring and your ATO package. This affects reporting and compliance for your entire package.
-
v2.9 Checklist Templates - User Training
See how OpenRMF Professional uses templates for checklists for your SCAP and Audit Compliance scans. Match templates to scan types. Create and use organizational templates for boilerplate answers. And create checklists from blank templates easily in your system package.
-
v2.9 Notifications - User Training
See how notifications are used with OpenRMF Professional to keep you informed of what is happening in your system packages.
-
v2.9 Uploading SCAP Scans, Compliance Scans and Checklists - User Training
This video explains how you can upload your checklist CKL files, raw SCAP scan results as well as raw Compliance Scan results to create the needed compliance checklists. Match the scans to templates automatically to fill in the vulnerability information and find where you stand from a compliance ...
-
v2.9 Upgrading Checklist Versions - User Training
Demonstration on how to upgrade and Bulk Upgrade checklists using OpenRMF Professional.
-
v2.9 Bulk Edit and Bulk Lock with Checklists - User Training
See how you can use the bulk features for editing and locking checklists and individual checklist vulnerabilities across your entire ATO package. Save time, have consistent results, and remove false positives with these great features.
-
v2.9 Tagging Checklists - User Training
This section demonstrates how to using the principle of tagging checklists using OpenRMF Professional
-
v2.9 Uploading Patch Vulnerability Scans - User Training
See how you can upload or import Nessus patch vulnerability scans and Rapid7 Nexpose full audit scans to track patch vulnerabilities over time. Also automatically load your ports, protocols, and services listing. Fill in your hardware listing. And generate your software listing all from those sam...
-
v2.9 Uploading Other Vulnerability Scans - User Training
This is a demonstration on how to or uploading Software, Container and Log scans results into OpenRMF Professional
-
V2.9 Using Compliance Statements - User Training
See how you can use, save, import, and share compliance statements in your system package to track all controls even when not matched in an automated scan. Download filtered lists to use in other system packages to share statements. And use these when generating your compliance.
-
v2.9 POAM, Mitigation Statements and Milestone Events - User Training
This goes over the Live Plan of Action and Milestone, (POAM), Mitigation Statements and Milestone Events and how each are used to manage your package.
-
v2.9 Generating Compliance - User training
Demonstration on how to generating compliance, saving and tracking compliance using OpenRMF Professional.
-
v2.9 CCRI-Readiness - User Training
Demonstration of how you can apply weights to your vulnerabilities and findings to automate Cyber Readiness scoring and documentation delivery.
-
v2.9 Evidence Management - User Training
Demonstration on how to upload and retrieve an image and documents to Vulnerability Items in Checklists, POAM Items and Compliance Statements
-
v2.9 Team Subpackage - User Training
This shows how to create Team Subpackages, apply assets to those packages to give your teams access to the checklists, patch information related to their function. This will allow your team to provide you with information for your system package without giving them access to the entire package.
-
v2.9 Reports - User Training
How to utilize OpenRMF Professional to pull reports on system package information easy and effectively.
-
v2.9 Documentation - User Training
Demonstration on how to export documentation and checklists from OpenRMF Professional.
-
A Day in the Life Series - #1 Setting up a System Package
This video shows how system owners, PMs, ISSOs and ISSEs can setup a new system package in OpenRMF Professional to track an ATO, accreditation boundary or type accreditation successfully. Upload and configure initial compliance and mitigation statements. Setup tailoring and overlays. And get the ...
-
A Day in the Life Series - #2 Loading Scan Data
This video shows how you can load CKL files, audit compliance scan results, patch scan results, SCAP results, and fill out the checklists and host data for your system package. We review history, tracking, trends, scores, as well as filtering checklists by their open category vulnerabilities.
-
A Day in the Life Series - #3 Create POAM and Generate Compliance
This video shows how you can create and start your live POAM from all your compliance data, as well as generating your compliance snapshot against all your checklist, compliance statement, and inherited controls informations.
-
A Day in the Life Series #4 - Editing Checklists
This video shows how you can edit checklists, show the changes, track history of checklist updates, as well as see the automation when updating the status in the checklist as it applies to the POAM.
-
A Day in the Life Series #5 - Managers, Directors, "C" Suite Users
This video shows how a corporate level, manager, director, branch head or other management user can have read-only access into your system package to track information. They can run reports, see CCRI, view trends and checklist vulnerabilities as well as see compliance generated and the live POAM.
-
A Day in the Life Series #6 - Assessors and Authorizing Officials
This video is from the viewpoint of showing an assessor or authorizing official (i.e. NAO) all data for the cyber compliance. Open vulnerabilities, patch data, hosts, compliance, POAM entries as well as run reports for the data they need for assessment.
-
A Day in the Life Series #7 - Curating Checklist Templates
This video shows how you can take DISA and other checklist templates, pre-fill out areas and status, lock vulnerabilities, and use as Organizational or System Package checklists for tracking compliance.
-
A Day in the Life Series #8 - Bulk Edit, Lock, and Viewing Updates
This video explains bulk editing vulnerabilities, bulk lock/unlock vulnerabilities, locking checklists, tracking checklist updates, and regenerating compliance over time to track trends and status of your system package.