FedRAMP Announces Milestone in Authorization Process Automation


The Federal Risk and Authorization Management Program has worked with industry and the National Institute of Standards and Technology to develop the Open Security Controls Assessment Language to help automate the authorization process.

FedRAMP said Tuesday it is seeking public comments on OSCAL Milestone 2 that offers a number of features, including a system security plan model meant to help organizations automate the documentation of privacy and security control implementation using OSCAL.

OSCAL Milestone 2 also features published draft FedRAMP baselines in JSON and XML formats, tools to convert the OSCAL profile, catalog and SSP content between JSON and XML and guidance document to help tool developers come up with OSCAL-based FedRAMP SSP content.

OSCAL is a standard that can be used in the evaluation and implementation of security controls. It is expected to help cloud service providers speed up the creation of their SSPs and enable third party assessment organizations to automate the planning, reporting and execution of cloud evaluation activities.

You may also be interested in...

Dr. Stacey Dixon

NGA to Increase Opportunities for Neurodiverse Workforce; Dr. Stacey Dixon Quoted

The National Geospatial-Intelligence Agency (NGA) will strive to increase workforce opportunities for neurodiverse individuals. NGA launched its Neurodiverse Federal Workforce pilot program in Dec. 2020. The agency will foster partnerships with MITRE and Melwood to provide jobs for people with disabilities. "NGA mission success is contingent on a world-class workforce with a wide diversity of opinions and expertise,” NGA deputy director and 2020 Wash100 Award recipient Dr. Stacey Dixon