-
Notifications
You must be signed in to change notification settings - Fork 8
Project timeline
For more information on this timeline, please reference the 10x process.
Government System Security Plans (SSPs) are completed manually, amounting to hundreds of thousands of pages of manually-completed documentation each year. Current resource limitations make exploring automated approaches to this critical security process difficult. By leveraging Artificial Intelligence and newly-developed NIST standardized machine language to analyze System Security Plans, TTS will explore increasing FedRAMP's capacity to meet government-wide demand for secure cloud services, and how the same approach might be applied to any agency completing an SSP independent of FedRAMP.
Zach Baldwin, "RPA for SSPs" Author
The idea submission was validated and recommended for further investment.
Closeout, April 2020
A prototype method of creating validation rules was created using Schematron.
Closeout, February 2021
The development phase produced SSP validation rules, extensive automated tests, a web-based documentation and validation tool, and guidance for integrating validation rules into third-party applications.
Closeout, August 2021
Validation rule development continued, producing additional SSP, SAP, SAR, and POA&M validation rules. In partnership with CMS, assistance was provided on internal OSCAL adoption, and a user-centered methodology was undertaken to assist, and learn from, CMS-sponsored FedRAMP applicants.
Closeout, March 2023