John Gilroy, the moderator of the Federal Tech Podcast, recently had a conversation with Susan Kidd, CEO of DRTConfidence, and Valinder Mangat, CIO of DRTConfidence, focusing on FedRAMP.

Some might liken FedRAMP to a challenging teenager. While it has successfully authorized over three hundred cloud service providers for public entities, there still remains significant work ahead.

Valinder Mangat kicked off the discussion by highlighting that there are around five hundred applications currently in the pipeline. This influx means that manually ensuring compliance will prove too cumbersome.

In response, FedRAMP is implementing changes, including a shift towards automation. This evolution is bringing attention to a new term that companies need to learn: Open Security Controls Assessment Language, or OSCAL.

“And so, we really need to automate and kind of become a lot sharper on our, you know, compliance assessments or security scans. And unfortunately, automation does not happen without a standardized language.” – Valinder Mangat, DRTConfidence

In the interview, Susan Kidd shared her insights on the importance of understanding OSCAL in the modern landscape. She emphasized that while hard work is valuable, achieving the best outcomes often requires working smart and embracing automation. To support this philosophy, she initiated Idea Labs, a program designed to help federal agencies modernize their automation processes through OSCAL.

Valinder Mangat also contributed to the discussion by highlighting the evolving nature of software development. Gone are the days when code was released like a static snapshot. Today, we operate under a continuous improvement model that includes ongoing testing. To navigate the rapidly changing landscape of threats and best practices for managing vast amounts of data, leveraging technologies like OSCAL is essential.

Valinder Mangat has a nice summary of this consideration:  champions of innovation instead of captives of compliance. In other words, technology can be leveraged so a company does not take six months to get approved. OSCAL puts tools into the hands of federal leaders faster.