The OpenFISMA project is an open source application designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). While many security managers are eager to demonstrate their best practices for incident response, patch management, and configuration management, they are overwhelmed with the reporting and documentation requirements of FISMA. You can download our released software right away or peruse the current documentation.

OpenFISMA is built on the Zend Framework which is an open source, object oriented, web application framework with a flexible architecture. ZF is often referred to as a ‘component library’ because it has many loosely coupled components that you can use more or less independently. However, Zend Framework also provides a core model-view-controller (MVC) implementation that you can use to provide basic ‘best practices’ structure to web applications.