GSA Seeks to Automate Validation of FedRAMP Security Authorization Packages

GSA Seeks to Automate Validation of FedRAMP Security Authorization Packages

The General Services Administration (GSA) will soon issue XML-automated validations to enable cloud services providers seeking an authority to operate to check whether all the required data is included in their security authorization packages prior to submission to the Federal Risk and Authorization Management Program (FedRAMP), FedScoop reported Tuesday.

“I think it’s a great step in automated validation,” Zach Baldwin, automation lead within the FedRAMP program management office, said during an event Tuesday. “I want cleaner documentation before I have my review team lay eyes on it."

FedRAMP automated the process of checking authorization packages using the rule-based Schematron validation language for making assertions against XML documents.

The move came two months after FedRAMP and the National Institute of Standards and Technology (NIST) released Version 1.0.0 of the Open Security Controls Assessment Language (OSCAL), which seeks to expedite the preparation, authorization and reuse of cloud offerings for the government sector.

You may also be interested in...


DHS, NIST List Goals for Cyber Best Practices

The Department of Homeland Security (DHS) and the National Institutes of Standards and Technology (NIST) have jointly classified cybersecurity practices into nine categories as bases for cyber performance goals. The nine categories each have specific objectives with regard to how secure control systems are operated and deployed, NIST said Thursday.