The General Services Administration (GSA) will soon issue XML-automated validations to enable cloud services providers seeking an authority to operate to check whether all the required data is included in their security authorization packages prior to submission to the Federal Risk and Authorization Management Program (FedRAMP), FedScoop reported Tuesday.
“I think it’s a great step in automated validation,” Zach Baldwin, automation lead within the FedRAMP program management office, said during an event Tuesday. “I want cleaner documentation before I have my review team lay eyes on it."
FedRAMP automated the process of checking authorization packages using the rule-based Schematron validation language for making assertions against XML documents.
The move came two months after FedRAMP and the National Institute of Standards and Technology (NIST) released Version 1.0.0 of the Open Security Controls Assessment Language (OSCAL), which seeks to expedite the preparation, authorization and reuse of cloud offerings for the government sector.