The Federal Risk and Authorization Management Program (FedRAMP) office and the National Institute of Standards and Technology (NIST) have introduced a machine-readable standard that works to automate the preparation, authorization and reuse of commercial cloud offerings for the government sector.
Version 1.0.0 of the Open Security Controls Assessment Language offers (OSCAL) a common programming format for agencies, cloud service providers and third-party assessors that participate in FedRAMP, according to a blog post published Tuesday.
The FedRAMP office expects OSCAL to help vendors prepare and review system security plans faster before they submit content to the government.
OSCAL is designed to also reduce the time it takes for agencies to evaluate security authorization packages and for third-party assessment organizations to report audit work on cloud offerings.
The language features updated stable versions of different models including the catalog and profile, system security plan, component definition, and assessment plans and results for monitoring activities.
OSCAL 1.0.0 also has modernized tools for the conversion of OSCAL, XML and JSON formats. The FedRAMP office first unveiled its project to automate the cloud authorization process in December 2019.