Build a More Automated FedRAMP Risk Management Process
Helping you to develop OSCAL-based tools to streamline and automate risk management for cloud services used by the federal government
Learn MoreHelping Developers Modernize Security Assessments, System Authorizations, and Continuous Monitoring
The FedRAMP developer hub is an active, open source community for engineers focused on creating the tooling used to create, maintain, and use digital authorization packages and continuous monitoring data. Contributors to this community are working to use and enhance the Open Security Controls Assessment Language (OSCAL) to reduce friction through all stages of the FedRAMP authorization and continuous monitoring processes.
OSCAL offers a number of benefits for streamlining and automating aspects of the information system authorization process.
Our goal is to enable you to develop tools that will seamlessly ensure FedRAMP OSCAL requirements are met so your security practitioners can focus on authorization package content and accuracy, rather than formatting and presentation.
Below are just a few examples of how FedRAMP OSCAL-based authorization packages will benefit your organization:
- Cloud Service Providers (CSPs) are able to create their FedRAMP authorization packages more rapidly and accurately, validating much of the package content before submission to agencies and FedRAMP for review.
- Third Party Assessment Organizations (3PAOs) are able to use OSCAL-based authorization package data to automate the planning, execution, and reporting of cloud assessment activities.
- Agencies are able to expedite their reviews of authorization packages.
FedRAMP expects to be able to collaboratively build tooling to further reduce the cost and improve the quality of package reviews based on OSCAL data.
Get started with FedRAMP OSCAL-based authorization packages today.