OpenFISMA 2.4 is being released today. This is a HUGE release which includes a lot of new features as well as under-the-hood improvements.

New features include:

• Automated FISMA Reporting: OpenFISMA can create OMB FISMA reports in both the quarterly and annual template styles. OpenFISMA automatically populates all information about your system inventory, privacy, and POA&M!
• New System Inventory: OpenFISMA can keep track of all data about your information system inventory, including documentation. When you store system artifacts -- such as the SSP, CMP, etc. -- in OpenFISMA, you always know where they are, and you can rest comfortably knowing that they are version controlled and access controlled along with the rest of your security data.
• Information System Organization: With OpenFISMA, you can now group together related information systems and create hierarchies that reflect your enterprise's own management structure. POA&M data is automatically rolled up at all levels to help you find insight into your security posture in all corners of the enterprise.
• Improved Graphical Interface: OpenFISMA now uses best-in-class web technologies for all of the graphical interfaces in the application. These interfaces are more accessible (compliant with Section 508) and provide lots of rich functionality. Context-sensitive help is sprinkled throughout the application to make complex tasks easier to learn.

Under the hood improvements: 

• Improved Security: Security is baked into the design of OpenFISMA, and security checks are performed at the lowest level of the data layer. This provides the most robust and re-assuring security model possible. OpenFISMA has been updated to build defenses against common web-vector attacks (such as cross-site scripting) into the foundation of the application.
• Doctrine ORM Integration: Doctrine ORM is a piece of middleware that handles lots of the complexity associated with data modeling and persistence. By integrating Doctrine ORM into OpenFISMA, we have put all of our strategic building blocks into place. Doctrine provides us with a number of advantages, from database portability (the ability to run on MySQL, Oracle, or DB2 without modification) to improved security and consistency (being able to inspect each data modification before it happens system-wide, and block it if the user's permissions are not high enough).