The Federal Risk and Management Program (FedRAMP) has issued Open Security Controls Assessment Language (OSCAL) validation rules to help automate reviews of security packages and speed up authorizations.
The OSCAL validation rules will enable cloud service providers and third-party assessment organizations to perform self-testing to see whether all the required data is included in their security packages prior to submission to FedRAMP, the program said in a blog post-Thursday.
FedRAMP said its review teams will also use the automated validation rules to assess initial packages from CSPs.
“When both FedRAMP and industry utilize automated validation rules, FedRAMP reviewers will spend less time on packages that do not pass initial criteria, and therefore, are not ready for review,” the post reads.
The FedRAMP program management office worked with the General Services Administration’s 10x program on the automated validation rules.