Web-based tool for DoD STIG checklists, SCAP and Nessus scans, and NIST RMF reporting
- Stars160
- Forks37
- Open Issues17
GPL-3.0
- FreeMarker
- JavaScript
- Shell
About OpenRMF
OpenRMF OSS is an open source web application for managing, viewing, and reporting on DoD STIG checklists, SCAP scans, and Nessus patch scans in one browser interface. It generates a NIST 800-53 compliance listing across all checklists in a system, aimed at teams running the Risk Management Framework process.
It imports SCAP and Nessus ACAS scans, supports custom checklist templates, full-text search, live POAM, journal entries, bulk editing, and locking of vulnerabilities and checklists. It exports CKL files, color-coded MS Excel files, PNG charts, and RMF documents including the SSP, SAR, RAR, and CCRI, positioned as an alternative to the DISA STIG Viewer and spreadsheets.
OpenRMF OSS is built on .NET Core APIs, MongoDB, and NATS messaging, and runs locally with a single Docker Compose file. It includes air-gapped and HTTPS setup instructions plus AWS EKS and Kubernetes deployment guidance, suiting DoD groups and programs managing system accreditation.
Key features
- Import SCAP and Nessus ACAS scans into checklists
- Generate NIST 800-53 compliance listings across a system
- Export CKL, color-coded MS Excel, and PNG charts
- Generate SSP, SAR, RAR, and CCRI RMF documents
- Live POAM, journal entries, bulk edits, and full-text search
Details
- First released
- 2019
- Standards
- RMF, STIG, SCAP, NIST 800-53
- License
- GPL-3.0
- Stack
- .NET Core, MongoDB, NATS
- Self-hosted
- Docker Compose, Kubernetes
- Air-gapped
- Supported