“The General Services Administration plans to release XML-automated validations next week allowing vendors to check their security authorization packages for completeness before submitting them to the Federal Risk and Authorization Management Program.
FedRAMP used Schematron’s rule-based validation for making assertions against XML to automate the process and wants vendors to self-test their packages to ensure all the required data is there, before the program reviews them and decides whether to issue a cloud product an authority to operate (ATO)…”
“’I think it’s a great step in automated validation,’ said Zach Baldwin, automation lead within the FedRAMP program management office (PMO), during an ACT-IAC event Tuesday. ‘I want cleaner documentation before I have my review team lay eyes on it.’
The PMO wants vendors to implement the validations that allows them to reinsert new files with more complex checks as FedRAMP improves them, Baldwin said.
FedRAMP is also considering an agile ATO, a critical set of controls vendors can implement quickly while saving lesser ones for later…” Read the full article here.
Source: FedRAMP just automated checking security authorization packages for completeness – By Dave Nyczepir, August 3, 2021. FedScoop.
