Google Cloud has submitted its security package for Department of Defense Impact Level 5 in a machine-readable format, called Open Security Control Assessment Language, via the government’s web-based application eMass.
OSCAL represents security control assessments developed by the National Institute of Standards and Technology and is meant to automate security assessments and facilitate the sharing of information on security controls between systems and organizations, Valentine Mihai and Rachel Kim of Google Cloud wrote in a blog post published Saturday.
The company is also advancing the adoption of the OSCAL taxonomy within the organization to automate the process of evaluating its security posture and mitigate the risk of security breaches.
“We also developed an internal tool to automatically generate OSCAL files in JSON and XML by consuming internal control and control monitoring metrics data,” Kim and Mihai wrote.
Michai and Kim are continuous controls assurance engineering professionals at Google Cloud.