NIST, FedRAMP Developing Programming Language to Help Automate Cloud Security Assessments

NIST, FedRAMP Developing Programming Language to Help Automate Cloud Security Assessments
Cloud Security

The Federal Risk Authorization Management Program (FedRAMP) is working with the National Institute of Standards and Technology (NIST) to implement a universal programming language that can help accelerate cloud certification and drive automation in government operations.

NIST and FedRAMP are developing the machine-readable Open Security Controls Assessment Language (OSCAL) in an effort to speed up cloud security vetting procedures and free up employees’ time spent on manual tasks, Federal News Network reported Thursday.

OSCAL collates security control data and assessment results using seven models. The language then formats information across different programming languages to provide standardized assessment information.

David Waltermire, technical lead for OSCAL at NIST, told the publication that OSCAL will help reduce time to get companies certified for FedRAMP compliance. Waltermire noted that NIST is looking to pilot the language and eventually release Version 1.0 of OSCAL.

“What normally would take an assessor weeks to do, an OSCAL tool can perform in seconds,” he noted.

You may also be interested in...

Supply Chain Mgmt

DLA, GSA Officials Talk Supply Chain Mgmt Priorities

The Defense Logistics Agency (DLA) has employed additive manufacturing and other techniques in its supply chain operations to support missions including the delivery of 10,000 face shields to health workers in New York City. Sly Ahn noted that the agency also used a “reverse logistics approach” to its missions beyond COVID-19 response.