Agencies Ramp Up Cloud Adoption Amid FedRAMP Automation
The federal government has automated some processes of the Federal Risk and Authorization Management Program, a governmentwide program that standardizes the approach to security assessment authorization and continuous monitoring of cloud-based services.
The effort prompted agencies to reuse authorized cloud products at a much higher rate compared to levels before the coronavirus pandemic, FedScoop reported Tuesday.
Acting FedRAMP Director Brian Conrad said the increase in demand for cloud coincides with efforts to develop the Open Security Controls Assessment Language.
OSCAL is a set of program language formats designed to standardize representation for different categories of information pertaining to the publication, implementation and assessment of security controls.
The language’s development is being led by the FedRAMP program management office and the National Institute of Standards and Technology.
Conrad said NIST already released OSCAL Version 1, which the agency claims is stable enough for wide-scale implementation. NIST said the version is a major milestone benefitting earlier adopters and implementers of security automation.
FedScoop reported that the FedRAMP PMO is also developing machine-reading tools that can shorten review times and increase OSCAL adoption.
“We’re going to pilot some of these validation tools with users. We have cloud service providers and 3PAOs and agencies, for that matter, stepping up — willing to take part in those pilot programs,” Conrad said during a Carahsoft virtual event.
The FedRAMP PMO ramped up its automation of the cloud review process in accordance with President Joe Biden’s May 12 executive order, which outlined the federal government’s national cybersecurity journey.
Category: Digital Modernization
Tags: automation Brian Conrad Carahsoft cloud digital modernization Executive Order federal FedRAMP FedScoop NIST Open Security Controls Assessment Language OSCAL