Dave Zvenyach, director of the General Services Administration’s (GSA) Technology Transformation Services (TTS) organization, said the agency is looking to modernize Federal Risk and Authorization Management Program (FedRAMP) processes with automation technology.
Zvenyach noted that FedRAMP, which set a standardized assessment and certification approach for cloud offerings, generates nonlinear costs as the agency onboards more providers into the program.
Zvenyach added that automating the cloud security authorization process will serve as one way to drive the reuse of authorized cloud products.
In Dec. 2019, the FedRAMP management office reached a milestone with the development of an Open Security Controls Assessment Language (OSCAL) in collaboration with the National Institute of Standards and Technology (NIST) and industry partners.
The OSCAL standard is designed to automatically publish, implement and assess security controls.