The General Services Administration’s 18F organization has developed a tool that aims to help federal information security personnel continuously update their system security plans with code in an effort to manage risks and protect data infrastructure from network intrusions.Mossadeq Zia, Gabriel Ramirez and Noah Kunin write in a blog post published Friday that the Compliance Masonry tool works to help executives and security operations personnel use searchable content to produce assurance reports.
Compliance Masonry functions as a content management framework designed to handle SSP documentation for 18F’s cloud.gov.
18F also noted that Compliance Masonry is built on open-source software in order to encourage agencies, service providers and developers to use as well as introduce updates to the tool.
Zia, Ramirez and Kunin added that 18F designed the tool based on system component models and OpenControl Schema, which is designed to store SSP documentation and data in machine readable format such as YAML and JSON.
