April 15 is a date that many dread, marking the deadline for federal income tax payments. Big corporations employ numerous tax accountants and lawyers to navigate tax planning around these federal requirements. However, there are instances where such deadlines could be more clearly communicated.

Are you aware of the OMB’s M-24-15 memo? This directive mandates that companies submit compliance information in a machine-readable format.

In a recent discussion, John Gilroy, host of the Federal Tech Podcast, interviewed Valinder Mangat, the CIO of DRTConfidence. During their conversation, Valinder elaborated on the OSCAL technology, the deadlines set by the OMB M-24-15 memo, and various strategies that organizations can adopt to ensure compliance.

Here are some key questions discussed during the interview:

1. What does the OMB M-24-15 memo entail, and how does it influence cloud service providers and U.S. federal agencies?
2. What are the advantages of OSCAL, making it the preferred standard for compliance?
3. Following the release of the memo, what has been the industry and federal response? Any thoughts to share with our audience?
4. Can you discuss your involvement with FedRAMP and their progress in aligning with this directive? I’ve heard they’re running a pilot program.
5. For federal agencies that are unfamiliar with OMB M-24-15, how should they begin their journey?
6. Will the government utilize OSCAL for other compliance standards, such as SOC2, HIPAA, and HITRUST?
7. What does the future hold for OSCAL? If the government commits to this standard, does it have lasting potential?
8. How is DRTConfidence leading the OSCAL automation initiative, and what plans does the company have to assist federal agencies in complying with OMB M-24-15?

This podcast serves as a critical reminder for those involved with federal contracts and cloud service providers about an impending deadline.

“And so that is what the standard brings to the table, is the interoperability between a lot of different organizations to be able to conduct this process fast, automated, in an efficient manner. “
– Valinder Mangat, DRTConfidence

Recognizing that manual compliance was labor-intensive and prone to errors, NIST proposed OSCAL in 2016 as a means to simplify compliance activities. OSCAL not only accelerates the process but also allows for the reuse of assessments, reducing redundancy.

By the close of 2025, all federal contractors will be required to provide compliance information in the OSCAL format, which stands for Open Security Controls Assessment Language. Conversely, agencies involved in cloud compliance will need to be equipped to accept compliance data presented in the OSCAL format.