Sunday, July 11, 2021

NIST Releases New Way to Automate Cloud Security

     There have been many companies who have decided to create or implement infrastructure that would enable them to automate most of the to do’s and processes they run into on a day to day basis. NIST has announced that they are releasing a new language that will automate their cloud security.

    “ OSCAL offers the ability to represent cloud compliance and security requirements in machine-readable formats, such as the widely used Extensible Markup Language (XML), JavaScript Object Notation (JSON), and Yet Another Markup Language (YAML). Compliance requirements represented in OSCAL could include control catalogs, control baselines, system security plans, and assessment plans and results, according to a blog post authored by Michaela Iorga, senior technical lead of the Computer Security Division (CSD) in the Information Technology Laboratory at NIST.

Because OSCAL provides formats that are “standardized, data-centric, and machine readable,” it will enable a greater degree of compliance and security automation in what are already highly automated cloud environments, enabling assessments to keep pace with software development and IT operations.

OSCAL will make it easier to more quickly assess cloud environment compliance and security against custom as well as established cybersecurity standards, such as NIST Special Publication 800-53.

“Security automation with OSCAL supports a more fastidious, faster, and repeatable assessment of cloud services’ security posture against multiple regulatory frameworks, and with less subjectivism coming from the human element,” Iorga wrote. “With OSCAL, about 60 percent of the assessment can be automated.” “

    When companies implement automated infrastructure like this they are better able to focus on other things and the security of their information is always taken care of. Both the software user and company can feel secure in that they will be safe at all times.


Resources:

https://breakingdefense.com/2021/06/nist-releases-new-language-for-cloud-security-automation/

No comments:

Post a Comment

U.S. Accuses China of Hacking Microsoft

 On Monday, the Biden administration chose to accuse the Chinese government of infiltrating Microsoft databases, which are email systems use...