Streamlining Security Authorization Through OSCAL Automation

This event qualifies for 1 CPEs

Federal agencies must undergo the complex and laborious process of security authorization to operate (ATO) for each information system (IS) in accordance with the Federal Information Security Modernization Act (FISMA). Currently, most agencies rely on manual documentation processes. These include popular productivity tools to capture the applicable security controls and the status/plans of implementation of the controls for each IS as well as an enterprise Governance, Risk and Compliance (GRC) tool for documentation repository and ATO tracking purposes. The manual documentation processes are tedious, time consuming, costly and error prone.

The National Institute of Standards and Technology (NIST) is developing the Open Security Controls Assessment Language (OSCAL) as a standardized framework for documenting, assessing and communicating security controls for information systems. With the full release of OSCAL 1.0 in June 2021, several vendor tools are now available to leverage OSCAL to streamline and partially automate ATO processes.

This webinar will focus on the opportunities and current challenges in leveraging OSCAL and integratingOSCAL-based ATO processes gradually into agency FISMA processes.

Speaker and Presenter Information

Dr. Michaela Iorga

Senior Security Technical Lead for Cloud Computing, OSCAL Strategic Director, National Institute of Standards and Technology, U.S. Department of Commerce

CAPT Kenneth Hockycko

Director, Navy Analytics, OPNAV N721 Branch Head, Office of Chief of Naval Operations, U.S. Department of the Navy

Shawnte Garrett Singletary

Acting Director, Division of Security & Privacy Compliance, Centers for Medicare and Medicaid Services, U.S. Health and Human Services

Shane Barney

Chief Information Security Officer, Office of Information Technology, U.S. Citizenship and Immigration Services, U.S. Department of Homeland Security

Frederick Carlson

Chief Information Systems Security Officer, Bureau of Economic Analysis, U.S. Department of Commerce

Relevant Government Agencies

Air Force, Army, Navy & Marine Corps, Intelligence Agencies, DOD & Military, Office of the President (includes OMB), Dept of Agriculture, Dept of Commerce, Dept of Education, Dept of Energy, Dept of Health & Human Services, Dept of Homeland Security, Dept of Housing & Urban Development, Dept of the Interior, Dept of Justice, Dept of Labor, Dept of State, Dept of Transportation, Dept of Treasury, Dept of Veterans Affairs, EPA, GSA, USPS, SSA, NASA, Other Federal Agencies, Legislative Agencies (GAO, GPO, LOC, etc.), Judicial Branch Agencies, State Government, County Government, City Government, Municipal Government, CIA, FEMA, Office of Personnel Management, Coast Guard, National Institutes of Health, FAA, Census Bureau, USAID, National Guard Association, EEOC, Federal Government, State & Local Government, FDA, Foreign Governments/Agencies, NSA, FCC