Skip to main content

Automation Community Working Group

This Community Working Group will launch on:

Wednesday, April 2, 2025.

Details on how to participate will be posted shortly.

What You’ll Work On

FedRAMP 20x is focused on building a cloud-native, automated security assessment process that enables continuous innovation. This means that instead of evidence consisting of screenshots, we want evidence provided continuously based on actual configurations.

Your focus in this working group will be on the development of industry standards and tools to automate assessment, reporting, and/or the enforcement of technical controls. You will also focus on collaborating on the underlying control translations to make this easy, and sharing guidance on implementation. Start small, go big.

This group will be very outcome-driven, with multiple objectives. In order of priority, our goals are to:

  1. Develop the FedRAMP 20x Key Security Indicators (KSIs).

    • Key Security Indicators are straightforward, measurable and comparable translations of traditional controls.
    • This task will also include determining KSI implementation guidance, types of evidence, frequency of reporting, etc.

  2. Build out an open-source, machine-readable data format for communicating the Key Security Indicators (KSIs).

    • This will serve as the foundation for future automation

  3. Build out an open-source, machine readable data format for communicating validations, or responses to the KSIs.

    • Preliminary ideas include generating software libraries from this data model to make integration with existing systems seamless and developer-driven.

Target Audience

  • Developers
  • Security professionals

Come ready to build something transformational.

GSA logo

FedRAMP.gov

official website of the GSA’s Technology Transformation Services

Looking for U.S. government information and services?
Visit USA.gov