,

RegScale Announces Day 1 Support for FedRAMP Revision 5 Baselines in OSCAL

June 16, 2023 | By Esty Peskowitz

On June 15, FedRAMP announced that they had updated their profiles and catalogs to support the National Institute of Standards and Technology (NIST) 800-53 Revision 5 in Open Security Control Assessment Language (OSCAL).  Within 24 hours of this release, RegScale delivers “Day 1” support for the revision 5 updates for all baselines (Low Impact Software as a Service, Low, Moderate, and High).  This represents a world-first and significant achievement for the RegScale engineering team and validates the tooling and architecture put in place to allow for top-tier support of the OSCAL standard. 

If you are unfamiliar with the transition of FedRAMP from Rev 4 to Rev 5, read this article that decodes the coming changes, explains what OSCAL is, and the impact on Cloud Service Providers (CSPs).    

The move to Revision 5 is both necessary and positive from a security perspective.  The team at NIST has added controls that improve security for an evolving threat landscape and will help reduce risks to cloud systems.  However, for many of the Cloud Service Providers (CSPs) impacted, it can be confusing and disruptive.  The most common concerns are:  

  • How do I go from my existing Rev 4 documentation to Rev 5 in the least disruptive manner? 
  • How does that change my plans if I was already preparing a package? 
  • How can OSCAL help reduce the pain of the transition? 

To help answer these questions and to improve the experience for CSPs, we have developed a robust set of tools in RegScale: 

  • Full OSCAL parsers (support) for all catalogs and profiles for both Rev 4 and Rev 5 
  • Automated importer (single command) of existing FedRAMP System Security Plans (SSPs) in Word into RegScale  
  • Automated exporter (single click) to generate OSCAL versions of catalogs, profiles, SSPs, Security Assessment Plans (SAPs), Security Assessment Reports (SARs), And Plans of Action and Milestones (POAMs) 
  • Automated (single click) generation of FedRAMP Word and Excel documents in the approved templates 

With these tools, the transition from Rev 4 to Rev 5 is as seamless as possible to help CSPs achieve and maintain their FedRAMP certification.  This experience now includes support for the FedRAMP Rev 5 templates in OSCAL.

 

 

However, our work doesn’t stop there. 

In the coming weeks, as FedRAMP publishes additional document templates, we will update our exporters to support the new documents and build Revision 4 to Revision 5 converters for existing customers who already have a current certification and need to update their packages for Revision 5.

If you are a CSP, contact us today if you:

  • Need help accelerating your FedRAMP certification and reducing the cost of building your package
  • Want to upgrade your existing certification from Revision 4 to Revision 5 quickly and with the least amount of effort
  • Want to leverage OSCAL to automate and integrate your continuous monitoring and asset inventory reporting requirements
Keep Up to Date

If you are ready to start discussing your particular FedRAMP use case, schedule a live demo today.

Ready to get started?

Choose the path that is right for you! 

Skip the line

My organization doesn’t have GRC tools yet and I am ready to start automating my compliance with continuous monitoring pipelines now. 

Supercharge

My organization already has legacy compliance software, but I want to automate many of the manual processes that feed it.