Learn more 
NEW! DRTConfidence is the OSCAL-ready solution that enables Cloud Service Providers (CSPs) and the Third-Party Assessment Organization (3PAO) to document and automatically generate FedRAMP compliant OSCAL based ATO packages today.
See What’s Possible.
DRT’s CIO, Valinder Mangat, demos DRTConfidence in his talk, “TURBO TAX Style Authoring of OSCAL files,” at the National Institute of Standards and Technology’s (NIST) annual OSCAL Workshop.
{ Benefits of OSCAL }
FedRAMP Authority to Operate (ATO) process innovations have finally arrived.
Security assessments and authorizations are extremely time consuming. FedRAMP’s (Federal Risk and Authorization Management Program) goal is to reduce end-to-end authorization and review timelines through automation.
The FedRAMP Program Management Office (PMO) in collaboration with the National Institute of Standards and Technology (NIST), has released FedRAMP-specific Open Security Controls Assessment Language (OSCAL) based Security Authorization Package guidelines.
OSCAL Version 1 has been finalized
OSCAL provides control-based security compliance information in machine-readable formats. These formats include control catalogs, control baselines, system security plans, and assessment plans and results.
Related, the new OSCAL standard allows FedRAMP to automate security package review and empowers CSPs and the 3PAO to conduct self-validation prior to package submission.
FedRAMP is accepting OSCAL based ATO packages today.
- Reduce overall assessment costs and time to prepare ATO Packages
- Automatically generates FedRAMP compliant OSCAL files
- Conduct FedRAMP validations prior to submission
- Digitize and Standardize A&A artifacts
- Improve collaboration among all stakeholders (CSP, 3PAO, and FedRAMP)
We are helping CSPs convert their existing SSP and POAM artifacts over to OSCAL.
