“FedRAMP and the National Institute of Standards and Technology (NIST) announced the release of version 1.0.0 of the Open Security Controls Assessment Language (OSCAL) that aims to help cloud service providers (CSPs) speed the FedRAMP approval process.
OSCAL is a common machine-readable language that FedRAMP and NIST are using to provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud services and products. FedRAMP said OSCAL will help trim the time and resources required for preparing, authorizing, and reusing cloud services…”
“OSCAL 1.0.0 includes:
- Updated stable versions of catalog and profile models which provide a structured representation of control catalogs and baselines or overlays.
- Updated stable version of the System Security Plan model which provides a structured representation of a system’s control-based implementation.
- Updated stable version of the component definition model which provides a stand-alone structured representation of the controls that are supported in a given implementation of a hardware, software, service, policy, process, procedure, or compliance artifact.
- Updated stable versions of the assessment plan, assessment results, plan of action, and milestones models, which support the structured representation of information used for planning for and documenting the results of an information system assessment or continuous monitoring activity.
Source: FedRAMP, NIST Release OSCAL 1.0.0 to Streamline Cloud Approval Process – By Kate Polit, June 9, 2021. MeriTalk.