The OpenFISMA project evolved from our FISMA reporting work on behalf of our federal clients. OpenFISMA is an open source application designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). While many security managers are eager to demonstrate their best practices for incident response, patch management, and configuration management, they are overwhelmed with FISMA’s reporting and documentation requirements. OpenFISMA is the answer.
More at http://www.openfisma.org/