Home / GSA / GSA, NIST Working to Automate FedRAMP Assessments

GSA, NIST Working to Automate FedRAMP Assessments

The General Services Administration and National Institute of Standards and Technology are working to implement automation in review procedures for the Federal Risk Authorization and Management Program, the Federal News Network reported Tuesday.

The two agencies aim to establish a common Open Security Controls Assessment Language to support the integration of automated technologies in vetting operations. GSA is currently seeking input on its OSCAL baseline requirements for FedRAMP compliance and is slated to release a draft of its system security plan guidance by the year’s end.

“We strongly believe this will open doors for industry to develop tooling for agencies to expedite their review and approval of the security materials, as well as fine-tune their risk management practices at their agency,” said Ashley Mahan, FedRAMP director at GSA.

According to Mahan, there has been a 30 percent increase in FedRAMP authorizations for fiscal 2019, with 45 cloud offerings achieving certification under the program.

Her comments come after the Department of Defense began issuing general provisional authorizations for the FedRAMP moderate impact level to speed up authorizations.

Check Also

USAF, Northrop Conclude Critical Design Review of Polar Satcom Program

The U.S. Air Force and Northrop Grumman have completed a critical design review under a program that aims to deploy satellite communications payloads in the North Polar Region. The Enhanced Polar System Recapitalization program would deliver eXtended Data Rate payloads that would operate in the region until USAF gets access to polar variants of protected and evolved satcom technology in the 2030s, Los Angeles AF Base said Monday.