The Federal Risk and Authorization Management Program (FedRAMP) has released updated resources and conversion tools meant to help vendors and other stakeholders advance the digitization of FedRAMP authorization packages for commercial cloud services using a common machine-readable language.
The move came a month after FedRAMP and the National Institute of Standards and Technology released Version 1.0.0 of the Open Security Controls Assessment Language (OSCAL) that seeks to expedite the preparation, authorization and reuse of cloud offerings for the government sector, according to a blog post published Tuesday.
The revised resources are available on the FedRAMP Automation GitHub Repository and include updated guides to OSCAL-based system security plans, security assessment reports and plans, and plan of action and milestones.
“OSCAL is not currently a requirement, but we expect the benefits to spur adoption and FedRAMP is ready to start receiving information in OSCAL as a pilot,” the post reads.
FedRAMP is also requesting comments on the machine-readable formats and guidance.