MeriTalk: FedRAMP, NIST Release OSCAL 1.0.0 to Streamline Cloud Approval Process

“FedRAMP and the National Institute of Standards and Technology (NIST) announced the release of version 1.0.0 of the Open Security Controls Assessment Language (OSCAL) that aims to help cloud service providers (CSPs) speed the FedRAMP approval process.

OSCAL is a common machine-readable language that FedRAMP and NIST are using to provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud services and products. FedRAMP said OSCAL will help trim the time and resources required for preparing, authorizing, and reusing cloud services…”

“OSCAL 1.0.0 includes:

  • Updated stable versions of catalog and profile models which provide a structured representation of control catalogs and baselines or overlays.
  • Updated stable version of the System Security Plan model which provides a structured representation of a system’s control-based implementation.
  • Updated stable version of the component definition model which provides a stand-alone structured representation of the controls that are supported in a given implementation of a hardware, software, service, policy, process, procedure, or compliance artifact.
  • Updated stable versions of the assessment plan, assessment results, plan of action, and milestones models, which support the structured representation of information used for planning for and documenting the results of an information system assessment or continuous monitoring activity.
  • Updated tools to convert between OSCAL, Extensible Markup Language, and JavaScript Object Notation formats, and to upconvert content from previous releases to OSCAL Release Candidate 2 Syntax…” Read the full article here.

Source: FedRAMP, NIST Release OSCAL 1.0.0 to Streamline Cloud Approval Process – By Kate Polit, June 9, 2021. MeriTalk.


This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 3 days, 20 hours ago.

  • Author
  • #129433

    Replies viewable by members only


You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.


©2021 MileMarker10, LLC all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?