FedRAMP Issues Updated Guides for Developing Machine-Readable Authorization Packages

FedRAMP Issues Updated Guides for Developing Machine-Readable Authorization Packages
Security Authorization Package Validation

The Federal Risk and Authorization Management Program (FedRAMP) has released updated resources and conversion tools meant to help vendors and other stakeholders advance the digitization of FedRAMP authorization packages for commercial cloud services using a common machine-readable language. 

The move came a month after FedRAMP and the National Institute of Standards and Technology released Version 1.0.0 of the Open Security Controls Assessment Language (OSCAL) that seeks to expedite the preparation, authorization and reuse of cloud offerings for the government sector, according to a blog post published Tuesday.

The revised resources are available on the FedRAMP Automation GitHub Repository and include updated guides to OSCAL-based system security plans, security assessment reports and plans, and plan of action and milestones.

“OSCAL is not currently a requirement, but we expect the benefits to spur adoption and FedRAMP is ready to start receiving information in OSCAL as a pilot,” the post reads.

FedRAMP is also requesting comments on the machine-readable formats and guidance.

You may also be interested in...

Federal Cybersecurity

Senate Committee Releases Federal Cybersecurity Report

The Senate Homeland Security and Governmental Affairs Committee has issued a 47-page report outlining a list of recommendations to improve the cybersecurity posture of federal agencies. The Senate panel’s Federal Cybersecurity report recommends that the Office of Management and Budget (OMB) direct agencies to adopt a risk-based budgeting framework for information technology investments.