Using the FedRAMP OSCAL Resources and Templates
The FedRAMP PMO, in collaboration with NIST, is working to digitize the authorization package through the development of a common machine-readable language, also known as the Open Security Controls Assessment Language (OSCAL).
With OSCAL, activities associated with preparing, authorizing, and reusing cloud products and services will require less time and resources. As a result of a machine-readable authorization package, we anticipate several impacts, such as:
- Cloud Service Providers (CSPs) will be able to create their System Security Plans (SSPs) more rapidly and accurately, validating much of their content before submission to the government for review.
- Third Party Assessment Organizations (3PAOs) will be able to automate the planning, execution, and reporting of cloud assessment activities.
- Agencies will be able to expedite their reviews of the FedRAMP security authorization packages.
OSCAL Short Video
The FedRAMP PMO developed a short video that discusses high-level OSCAL goals, applications, and how to use the FedRAMP OSCAL SSP template and other resources.
To access the resources discussed in this video, please visit the FedRAMP Automation resources on GitHub.
We Want Your Feedback!
All development efforts have been performed in the open and we are seeking your feedback on our progress to date. Will these machine-readable formats and guidance aid your organization in going through the authorization process efficiently? Do you have any further ideas to enhance the work? Let us know!
If you have questions or feedback, please provide comments via email to firstname.lastname@example.org . You can also comment on an existing issue or create a new issue within the FedRAMP Automation repository. The FedRAMP PMO looks forward to receiving your comments and sharing additional progress.