In June 2020, FedRAMP announced the release of OSCAL resources and templates on GitHub for CSPs, 3PAOs, and agencies to begin exploring for future use. In collaboration with NIST, FedRAMP updated OSCAL resources to include a comprehensive set of guides for additional deliverables, including the SAP, SAR, and POA&M.
FedRAMP has published resources to aid stakeholders and vendors in the digitization of FedRAMP authorization package content. Located on the FedRAMP Automation GitHub Repository, these include:
Together, these resources enable FedRAMP stakeholders and tool vendors to develop OSCAL-enabled FedRAMP authorization packages. OSCAL is not currently a requirement, but we expect the benefits to spur adoption and FedRAMP is ready to start receiving information in OSCAL as a pilot.
We Want Your Feedback!
All development efforts have been performed in the open and we are seeking your feedback on our progress to date before we finalize this guidance. Will these machine-readable formats and guidance aid your organization is going through the authorization process efficiently? Do you have any further ideas to enhance the work? Let us know!
If you have questions or feedback, please provide comments via email to [email protected] . You can also comment on an existing issue or create a new issue within the FedRAMP Automation repository.
The FedRAMP PMO looks forward to receiving your comments and sharing additional progress.