NIST, FedRAMP Developing Programming Language to Help Automate Cloud Security Assessments

NIST, FedRAMP Developing Programming Language to Help Automate Cloud Security Assessments
Cloud Security

The Federal Risk Authorization Management Program (FedRAMP) is working with the National Institute of Standards and Technology (NIST) to implement a universal programming language that can help accelerate cloud certification and drive automation in government operations.

NIST and FedRAMP are developing the machine-readable Open Security Controls Assessment Language (OSCAL) in an effort to speed up cloud security vetting procedures and free up employees’ time spent on manual tasks, Federal News Network reported Thursday.

OSCAL collates security control data and assessment results using seven models. The language then formats information across different programming languages to provide standardized assessment information.

David Waltermire, technical lead for OSCAL at NIST, told the publication that OSCAL will help reduce time to get companies certified for FedRAMP compliance. Waltermire noted that NIST is looking to pilot the language and eventually release Version 1.0 of OSCAL.

“What normally would take an assessor weeks to do, an OSCAL tool can perform in seconds,” he noted.

You may also be interested in...


DOD Opens Cloud Database on Radiation-Hardened Microelectronics; Rich Ryan Quoted

Rich Ryan, director for international programs, nuclear forensics, resiliency and survivability in the office of the deputy assistant secretary of defense for nuclear matters, said the U.S. military has opened a cloud-based library to support the protection of microelectronics used in nuclear systems. The Department of Defense handles strategic deterrence through its nuclear triad and space systems, whose electronic components can be vulnerable to ionized radiation, electromagnetic pulse and other threatening types of stimulus.