NIST, FedRAMP Developing Programming Language to Help Automate Cloud Security Assessments

NIST, FedRAMP Developing Programming Language to Help Automate Cloud Security Assessments
Cloud Security

The Federal Risk Authorization Management Program (FedRAMP) is working with the National Institute of Standards and Technology (NIST) to implement a universal programming language that can help accelerate cloud certification and drive automation in government operations.

NIST and FedRAMP are developing the machine-readable Open Security Controls Assessment Language (OSCAL) in an effort to speed up cloud security vetting procedures and free up employees’ time spent on manual tasks, Federal News Network reported Thursday.

OSCAL collates security control data and assessment results using seven models. The language then formats information across different programming languages to provide standardized assessment information.

David Waltermire, technical lead for OSCAL at NIST, told the publication that OSCAL will help reduce time to get companies certified for FedRAMP compliance. Waltermire noted that NIST is looking to pilot the language and eventually release Version 1.0 of OSCAL.

“What normally would take an assessor weeks to do, an OSCAL tool can perform in seconds,” he noted.

You may also be interested in...

Lt. Gen. Shaun Morris

Lt. Gen. Shaun Morris on AFLCMC’s Push for 5G, Digital Engineering Efforts

 Lt. Gen. Shaun Morris, commander of the Air Force Life Cycle Management Center (AFLCMC), said in a recent address that the center has invested significantly in technologies like 5G to help promote efficiency across military bases. “As an Air Force, I think it is important to capitalize off what we’ve done and not lose sight of these investments,” said Morris.