The General Services Administration and National Institute of Standards and Technology are working to implement automation in review procedures for the Federal Risk Authorization and Management Program, the Federal News Network reported Tuesday.
The two agencies aim to establish a common Open Security Controls Assessment Language to support the integration of automated technologies in vetting operations. GSA is currently seeking input on its OSCAL baseline requirements for FedRAMP compliance and is slated to release a draft of its system security plan guidance by the year’s end.
“We strongly believe this will open doors for industry to develop tooling for agencies to expedite their review and approval of the security materials, as well as fine-tune their risk management practices at their agency,” said Ashley Mahan, FedRAMP director at GSA.
According to Mahan, there has been a 30 percent increase in FedRAMP authorizations for fiscal 2019, with 45 cloud offerings achieving certification under the program.
Her comments come after the Department of Defense began issuing general provisional authorizations for the FedRAMP moderate impact level to speed up authorizations.