Nichols Martin
The program management office of the Federal Risk and Authorization Management Program has automated parts of the process through which agencies may reuse FedRAMP-approved cloud products, Fedscoop reported Tuesday.
The program, which aims to standardize the security of cloud products used in the federal government, and the National Institute of Standards and Technology are using the Open Security Controls Assessment Language to automate the process where FedRAMP reuses are reviewed.
OSCAL-formatted files can deliver machine-readable assessment plans, system security plans and control baselines.
The move comes as the need for FedRAMP authorization reuse rises, with a 60 percent growth in demand for cloud products and an 85 percent growth in the reuse of security authorizations, compared to the demands during the first six months of fiscal 2020.
Cloud service providers may use machine-readable authorization packages to accelerate the development of system security plans. The FedRAMP PMO is creating tools designed to help organizations adopt OSCAL and speed up reviews.
