The Federal Risk and Authorization Management Program (FedRAMP) is looking to make the move from manual processes to automated ones, focusing on two strategic initiatives that will make cloud security even easier for agencies.
The General Services Administration’s (GSA) FedRAMP program provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud services and products.
According to FedRAMP Director Ashley Mahan, the first strategic initiative is the continued development of a standardized machine-readable language known as Open Security Controls Assessment Language (OSCAL).
“We believe that if we could develop a standardized machine-readable language to convert the control catalog into the security deliverables, then we could start developing tools and adding technology to this process to create efficiencies when it comes to time as well as the resources it takes,” Mahan said during a GovForward webinar.
The other initiative is a Web Services API, to aid in continuous monitoring and create automated uploads and downloads for agencies.
“By developing a Web Services API and the associated schema, we can have more of a seamless flow of information between cloud providers as well as the agencies, when they’re reviewing these materials,” Mahan said.
As FedRAMP looks ahead, Mahan said its “number one priority” will be listening to its customers and taking their feedback to develop new initiatives to target the program’s pressure points.
Mahan also said there are now about 40 FedRAMP liaisons across government agencies that are there to help train the workforce on FedRAMP and cybersecurity.
To learn more about the FedRAMP program, Mahan encouraged agencies to look at marketplace.fedramp.gov, for a full list of authorized cloud providers, product descriptions, listings of agencies using those products, and more.
