Tag Archives: open security controls assessment language

FedRAMP Seeks to Expedite Security Package Reviews With OSCAL Validation Rules

FedRAMP

The Federal Risk and Management Program (FedRAMP) has issued Open Security Controls Assessment Language (OSCAL) validation rules to help automate reviews of security packages and speed up authorizations. The OSCAL validation rules will enable cloud service providers and third-party assessment organizations to perform self-testing to see whether all the required data is included in their security packages prior to submission to FedRAMP.

Read More »

FedRAMP Issues Updated Guides for Developing Machine-Readable Authorization Packages

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) has released updated resources and conversion tools meant to help vendors and other stakeholders advance the digitization of FedRAMP authorization packages for commercial cloud services using a common machine-readable language. FedRAMP is also requesting comments on the machine-readable formats and further guidance.

Read More »

FedRAMP, NIST Release 1st Version of Open Security Controls Assessment Language

Virtual Cloud Computing

The Federal Risk and Authorization Management Program (FedRAMP) office and the National Institute of Standards and Technology (NIST) have introduced a machine-readable standard that works to automate the preparation, authorization and reuse of commercial cloud offerings for the government sector. The FedRAMP office expects OSCAL to help vendors prepare and review system security plans faster

Read More »

Dave Zvenyach: GSA Plans to Invest in FedRAMP Process Automation

Dave Zvenyac

Dave Zvenyach, director of the General Services Administration's (GSA) Technology Transformation Services (TTS) organization, said the agency is looking to modernize Federal Risk and Authorization Management Program (FedRAMP) processes with automation technology. Zvenyach noted that FedRAMP, which set a standardized assessment and certification approach for cloud offerings, generates nonlinear costs as the agency onboards more providers into the program.

Read More »

FedRAMP’s Ashley Mahan on Increase in Cloud Services Reuse

Ashley Mahan

Ashley Mahan, director of the General Services Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP), said that FedRAMP saw a 50 percent rise in government agencies reusing certified cloud services in fiscal year 2020 as those organizations continue to work to meet the telework requirements during the COVID-19 pandemic.

Read More »

NIST, FedRAMP Developing Programming Language to Help Automate Cloud Security Assessments

Cloud Security

The Federal Risk Authorization Management Program (FedRAMP) is working with the National Institute of Standards and Technology (NIST) to implement a universal programming language that can help accelerate cloud certification and drive automation in government operations. “What normally would take an assessor weeks to do, an OSCAL tool can perform in seconds,” said David Waltermire

Read More »