Electrosoft CEO, Dr. Sarbari Gupta, joined other cybersecurity practitioners and thought leaders for a June 1 panel discussion on “Streamlining Security Authorization Through OSCAL Automation.”

Federal agencies are required to undergo a time-consuming and error-prone process of security authorization to operate (ATO) for each information system in accordance with FISMA. Most rely heavily on manual documentation processes. In the webinar, hosted by the Advanced Technology Academic Research Center (ATARC), expert panelists explored the opportunities and challenges of leveraging the Open Security Controls Assessment Language (OSCAL) and integrating OSCAL-based ATO processes gradually into agency FISMA processes.

“OSCAL is an important tool that can support federal CISOs and ISSOs in providing control-related information in machine-readable formats,” said Dr. Gupta. “This webinar is one more example of ATARC facilitating practical conversations about emerging and evolving technologies, such as OSCAL, that can help federal leaders to secure and optimize their systems and data.”

A recording of the webinar is now available online.

Webinar Description | Streamlining Security Authorization Through OSCAL Automation

Federal agencies must undergo the complex and laborious process of security authorization to operate (ATO) for each information system (IS) in accordance with the Federal Information Security Modernization Act (FISMA). Currently, most agencies rely on manual documentation processes. These include popular productivity tools to capture the applicable security controls and the status/plans of implementation of the controls for each IS as well as an enterprise Governance, Risk, and Compliance (GRC) tool for documentation repository and ATO tracking purposes. The manual documentation processes are tedious, time consuming, costly, and error prone.

The National Institute of Standards and Technology (NIST) is developing the Open Security Controls Assessment Language (OSCAL) as a standardized framework for documenting, assessing, and communicating security controls for information systems. With the full release of OSCAL 1.0 in June 2021, several vendor tools are now available to leverage OSCAL to streamline and partially automate ATO processes.

This webinar will focus on the opportunities and current challenges in leveraging OSCAL and integrating OSCAL-based ATO processes gradually into agency FISMA processes.

View the webinar recording now.

About Electrosoft

Electrosoft delivers comprehensive technology-based solutions and services that propel mission success for federal government customers. Specializing in cybersecurity, Electrosoft supports civilian and defense organizations in advancing cybersecurity postures, modernizing technology ecosystems and adopting agile approaches to improve operational efficiency and security. Recognized for deep domain knowledge and mature management practices, the company is rated at Maturity Level 3 for CMMI-DEV and CMMI-SVC and is certified under ISO 9001, ISO 20000-1 and ISO 27001. The rapidly growing 8(a), economically disadvantaged, women-owned small business (EDWOSB) and WOSB is headquartered in Reston, Virginia. Learn more at www.electrosoft-inc.com