Process automation

GSA Seeks to Automate, Streamline FedRAMP Cloud Security Program

The General Services Administration is working to automate and streamline a program designed to vet the security of cloud-based products and services offered to federal agencies.

The Federal Risk and Authorization Management Program has granted full authorization to 276 offerings since it was launched more than 10 years ago.

FedRAMP has matured over the years with the assistance of agencies like the National Institute of Standards and Technology, FCW reported Wednesday.

One of FedRAMP’s key elements is the facilitation of governmentwide reuse of security packages. Brian Conrad, acting director of GSA’s FedRAMP team, said the program’s authorizations have been reused more than 4,1000 times.

“We want to make sure that cloud providers are continually protecting federal information,” Conrad said during a summit hosted by FCW.

In early 2021, Conrad said FedRAMP had already automated some processes, an announcement that coincided with NIST’s release of Open Security Controls Assessment Language Version 1.

OSCAL is a programming language NIST said is ideal for early adopters of security automation.

During the summit, Conrad said his team is also in talks to add cloud security data to the Cybersecurity and Infrastructure Security’s Continuous Diagnostics Mitigation dashboard.

CDM aggregates and displays information from government networks and allows CISA to better protect its partner agencies.