FedRAMP Seeks to Expedite Security Package Reviews With OSCAL Validation Rules

FedRAMP Seeks to Expedite Security Package Reviews With OSCAL Validation Rules
FedRAMP

The Federal Risk and Management Program (FedRAMP) has issued Open Security Controls Assessment Language (OSCAL) validation rules to help automate reviews of security packages and speed up authorizations.

The OSCAL validation rules will enable cloud service providers and third-party assessment organizations to perform self-testing to see whether all the required data is included in their security packages prior to submission to FedRAMP, the program said in a blog post-Thursday.

FedRAMP said its review teams will also use the automated validation rules to assess initial packages from CSPs.

“When both FedRAMP and industry utilize automated validation rules, FedRAMP reviewers will spend less time on packages that do not pass initial criteria, and therefore, are not ready for review,” the post reads.

The FedRAMP program management office worked with the General Services Administration’s 10x program on the automated validation rules.

You may also be interested in...

Leidos Algorithm for TSA Prohibited Item Detection Moves to Certification Phase

A new Automatic Prohibited Item Detection (APID) machine learning-based algorithm for identifying non-explosive weapons and other …