The Federal Risk Authorization Management Program (FedRAMP) is working with the National Institute of Standards and Technology (NIST) to implement a universal programming language that can help accelerate cloud certification and drive automation in government operations.
NIST and FedRAMP are developing the machine-readable Open Security Controls Assessment Language (OSCAL) in an effort to speed up cloud security vetting procedures and free up employees’ time spent on manual tasks, Federal News Network reported Thursday.
OSCAL collates security control data and assessment results using seven models. The language then formats information across different programming languages to provide standardized assessment information.
David Waltermire, technical lead for OSCAL at NIST, told the publication that OSCAL will help reduce time to get companies certified for FedRAMP compliance. Waltermire noted that NIST is looking to pilot the language and eventually release Version 1.0 of OSCAL.
“What normally would take an assessor weeks to do, an OSCAL tool can perform in seconds,” he noted.