NIST Releases Update for Draft FedRAMP Controls Baseline Guide

NIST Releases Update for Draft FedRAMP Controls Baseline Guide

The National Institute of Standards and Technology (NIST) has issued an updated version of its Open Security Controls Assessment Language (OSCAL) milestone that includes guidelines for control baselines and system security plans (SSP) for various hardware and software.

NIST said Tuesday the OSCAL Milestone 3 serves as an official prerelease of the full OSCAL v1 and includes additional draft models for machine-readable formats such as XML, JSON and YAML.

OSCAL serves as a collaborative effort between NIST and Federal Risk and Authorization Management Program (FedRAMP) intended to help speed up the latter's authorization process.

According to NIST, the OSCAL team will continue collecting feedback on Milestone 3 to inform the development of more tutorials, layers and models. The agency added that it also seeks developers and offerors to support OSCAL implementation for commercial as well as open-source applications.

OSCAL Milestone 3’s release comes after FedRAMP issued its OSCAL SSP Template and Guidance.

You may also be interested in...

Lt. Gen. Shaun Morris

Lt. Gen. Shaun Morris on AFLCMC’s Push for 5G, Digital Engineering Efforts

 Lt. Gen. Shaun Morris, commander of the Air Force Life Cycle Management Center (AFLCMC), said in a recent address that the center has invested significantly in technologies like 5G to help promote efficiency across military bases. “As an Air Force, I think it is important to capitalize off what we’ve done and not lose sight of these investments,” said Morris.