-
Notifications
You must be signed in to change notification settings - Fork 8
Partnerships
The 10x ASAP team completed its work in partnership with federal and private-sector organizations. Additional, informal support was provided to other private-sector end-users of the validation framework.
FedRAMP provides system security authorization for Cloud Service Providers (CSPs). The project team produced Open Security Controls Assessment Language (OSCAL) validation rules, and associated tooling, for the FedRAMP program. FedRAMP will own and maintain these validation rules as part of its OSCAL automation strategy.
CMS administers Medicare, Medicaid, and other federal health care programs. The project team assisted CMS-sponsored CSPs with their OSCAL-based FedRAMP submissions, tailoring validation rules and associated tooling to their needs. Additionally, the project team provided guidance to CMS on OSCAL usage with its Acceptable Risk Safeguards (ARS).
NIST funds the OSCAL project, which provides machine-readable representations of control catalogs, control baselines, system security plans, and assessment plans and results. The project team provided usage feedback to the OSCAL project.
The project team helped a CSP produce a valid OSCAL SSP. The CSP manually crafted the OSCAL document using a schema-aware XML editor, and validated the document with the ASAP web-based interface.
The project team provided guidance to a CSP in production of their OSCAL documentation. The CSP initiated the SSP drafting process, using the ASAP web-based interface for validation.
The project team provided assistance to, and solicited feedback from, additional end-users of its validation framework. These organizations included Governance, Risk, and Compliance (GRC) tool vendors and Third Party Assessment Organizations (3PAOs).