FedRAMP, NIST Release 1st Version of Open Security Controls Assessment Language

FedRAMP, NIST Release 1st Version of Open Security Controls Assessment Language
Virtual Cloud Computing

The Federal Risk and Authorization Management Program (FedRAMP) office and the National Institute of Standards and Technology (NIST) have introduced a machine-readable standard that works to automate the preparation, authorization and reuse of commercial cloud offerings for the government sector. 

Version 1.0.0 of the Open Security Controls Assessment Language offers (OSCAL) a common programming format for agencies, cloud service providers and third-party assessors that participate in FedRAMP, according to a blog post published Tuesday.

The FedRAMP office expects OSCAL to help vendors prepare and review system security plans faster before they submit content to the government.

OSCAL is designed to also reduce the time it takes for agencies to evaluate security authorization packages and for third-party assessment organizations to report audit work on cloud offerings.

The language features updated stable versions of different models including the catalog and profile, system security plan, component definition, and assessment plans and results for monitoring activities.

OSCAL 1.0.0 also has modernized tools for the conversion of OSCAL, XML and JSON formats. The FedRAMP office first unveiled its project to automate the cloud authorization process in December 2019.

You may also be interested in...

Gen. Mark Milley

Gen. Mark Milley: AI, Other Emerging Tech Needed to Deter Aggressors, Win Future Wars

Gen. Mark Milley, chairman of the Joint Chiefs of Staff and a four-time Wash100 Award winner, said artificial intelligence, hypersonics, 3D printing, unmanned systems, long-range precision fires and other emerging technologies could transform the conduct of warfare and are needed to win future wars in the event of deterrence failure.