FedRAMP Issues Updated Guides for Developing Machine-Readable Authorization Packages

FedRAMP Issues Updated Guides for Developing Machine-Readable Authorization Packages
FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) has released updated resources and conversion tools meant to help vendors and other stakeholders advance the digitization of FedRAMP authorization packages for commercial cloud services using a common machine-readable language. 

The move came a month after FedRAMP and the National Institute of Standards and Technology released Version 1.0.0 of the Open Security Controls Assessment Language (OSCAL) that seeks to expedite the preparation, authorization and reuse of cloud offerings for the government sector, according to a blog post published Tuesday.

The revised resources are available on the FedRAMP Automation GitHub Repository and include updated guides to OSCAL-based system security plans, security assessment reports and plans, and plan of action and milestones.

“OSCAL is not currently a requirement, but we expect the benefits to spur adoption and FedRAMP is ready to start receiving information in OSCAL as a pilot,” the post reads.

FedRAMP is also requesting comments on the machine-readable formats and guidance.

You may also be interested in...

Cybersecurity

DHS, NIST List Goals for Cyber Best Practices

The Department of Homeland Security (DHS) and the National Institutes of Standards and Technology (NIST) have jointly classified cybersecurity practices into nine categories as bases for cyber performance goals. The nine categories each have specific objectives with regard to how secure control systems are operated and deployed, NIST said Thursday.