Presents

Streamlining Security Authorization Through OSCAL Automation

In partnership with

June 01, 2023, 1:30 – 2:30 PM ET

1 CPE Credit Available for this Event*** 

Streamlining Security Authorization Through OSCAL Automation

Federal agencies must undergo the complex and laborious process of security authorization to operate (ATO) for each information system (IS) in accordance with the Federal Information Security Modernization Act (FISMA). Currently, most agencies rely on manual documentation processes. These include popular productivity tools to capture the applicable security controls and the status/plans of implementation of the controls for each IS as well as an enterprise Governance, Risk and Compliance (GRC) tool for documentation repository and ATO tracking purposes. The manual documentation processes are tedious, time consuming, costly and error prone.

The National Institute of Standards and Technology (NIST) is developing the Open Security Controls Assessment Language (OSCAL) as a standardized framework for documenting, assessing and communicating security controls for information systems. With the full release of OSCAL 1.0 in June 2021, several vendor tools are now available to leverage OSCAL to streamline and partially automate ATO processes.

This webinar will focus on the opportunities and current challenges in leveraging OSCAL and integrating OSCAL-based ATO processes gradually into agency FISMA processes.

Dr. Michaela Iorga

Dr. Michaela Iorga

Senior Security Technical Lead for Cloud Computing, OSCAL Strategic Director, National Institute of Standards and Technology, U.S. Department of Commerce

CAPT Kenneth Hockycko

CAPT Kenneth Hockycko

Director, Navy Analytics, OPNAV N721 Branch Head, Office of Chief of Naval Operations, U.S. Department of the Navy

Shawnte Garrett Singletary

Shawnte Garrett Singletary

Acting Director, Division of Security & Privacy Compliance, Centers for Medicare and Medicaid Services, U.S. Health and Human Services

Shane Barney

Shane Barney

Chief Information Security Officer, Office of Information Technology, U.S. Citizenship and Immigration Services, U.S. Department of Homeland Security

Frederick Carlson

Frederick Carlson

Chief Information Systems Security Officer, Bureau of Economic Analysis, U.S. Department of Commerce

Dr. Sarbari Gupta

Dr. Sarbari Gupta

Founder and Chief Executive Officer, Electrosoft Services, Inc.

Moderator: Kiersten Patton

Moderator: Kiersten Patton

Consultant, ATARC

Watch On Demand:

Zoom for Government enables ATARC remote collaboration opportunities through its cloud platform for video and audio conferencing, chats and webinars across all devices. Allowing for individuals from all areas of government, industry and academia to communicate directly. 

*** ATARC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org. Program Level: Overview, no prerequisites required. Advance preparation: none. Delivery Method: Group Internet Based. Field of Study: Information Technology. Registration #140762. In accordance with the standards of the National Registry of CPE Sponsors, CPE credits have been granted based on a 50-minute hour. Refund, cancellation and complaint resolution policy.