FedRAMP
RegScale FedRAMP CLI
The FedRAMP (Federal Risk and Authorization Management Program) CLI command is used to bulk-process and load OSCAL formatted JSON files into RegScale. It serves the following purposes:
- Performs bulk loading of data via the command line
- Allows for scripting the loading of many files in batch
- Avoids the need to custom code FedRAMP file loading into RegScale via APIs
FedRAMP rev4 Commands
Load an MS Word Formatted Security Plan
Usage: regscale fedramp load-fedramp-docx --file_name './path/to/yourSSP.docx'
A list of parameters available:
file_name
- a path to the file for the SSP you are creating. # Requiredbase_fedramp_profile
- the name of the RegScale profile to use. Defaults toFedRAMP - High
add_missing
- True|False Will add controls that are in the security plan but not in the profile. Defaults to Falsesave_data
- True|False Will save the data as a json file. Defaults to False
FedRAMP rev5 Commands
Load an OSCAL formatted Security Plan
Usage: regscale fedramp load-fedramp-oscal --file_name ./very_important_fedramp_ssp.json
A list of parameters available:
file_name
- a path to the file for the SSP you are creating. # Requiredsubmission_date
- a submission date for the SSP, defaulted to today. [YYYY-MM-DD] formatexpiration_date
- an expiration date for the SSP, defaulted to 3 years from now. [YYYY-MM-DD] format
Load an MS Word Formatted SSP and Appendix A
Import a rev 5 FedRAMP Security Plan and associated Appendix A (control implementations)
Usage: regscale fedramp load-fedramp-docx-v5 --file_name './path/to/yourSSP.docx'
A list of parameters available:
file_name
- a path to the file for the SSP you are creating. # Requiredappendix_a_file_name
- a path to the file for the Appendix A of the SSP you are creating. # Requiredbase_fedramp_profile_id
- the name of the RegScale profile id to use.add_missing
- True|False Will add controls that are in the security plan but not in the profile. Defaults to Falsesave_data
- True|False Will save the data as a json file. Defaults to False
Load an MS Word Formatted Appendix A
Import a rev 5 FedRAMP Appendix A (control implementations) into an existing RegScale Security Plan record
Usage: regscale fedramp load-fedramp-docx-v5 --appendix_a_file_name './path/to/yourAppendixA.docx'
A list of parameters available:
appendix_a_file_name
- a path to the file for the Appendix A of the SSP you are creating. # Requiredbase_fedramp_profile_id
- the name of the RegScale profile id to use.add_missing
- True|False Will add controls that are in the security plan but not in the profile. Defaults to Falseregscale_id
- id of the RegScale security plan to which to associate the Appendix A information # Required
Load an MS Excel Formatted CIS/CRM
Usage: regscale fedramp import-cis-crm --file_name './path/to/yourCISCRM.xlsx'
A list of all parameters available:
file_name
- path to the file for the cis\crm #Requiredcrm_sheet_name
- name of the sheet within the excel workbook containing the crm information #Requiredcis_sheet_name
- name of the sheet within the excel workbook containing the cis information #Requiredregscale_ssp_id
- id of the RegScale security plan to which to associate the cis/crm information #Requiredleveraged_auth_id
- id of existing leveraged authorization to which to associate the cis/crm information
Load an MS Excel Formatted POA&M
Usage: regscale fedramp import-poam --file_name './path/to/yourPOA&M.xlxs'
A list of all parameters available:
file_name
- path to the file for the POA&M #Requiredregscale_id
- id of the securityplan to which to import the POA&M information #Requiredregscale_module
- use "securityplans" #Required
Load an MS Excel Formatted Inventory
Usage: `regscale fedramp import_fedramp_inventory --path './path/to/yourPOA&M.xlxs'
A list of all parameters available:
path
- path to the file for the POA&M #Requiredsheet_name
- name of the sheet within the excel workbook containing the FedRAMP inventory # Requiredregscale_id
- id of the securityplan to which to import the POA&M information #Requiredregscale_module
- use "securityplans" #Required
Example FedRAMP Documents
The FedRAMP Program Management Office (PMO) maintains a github repository with a wealth of OSCAL templates, document templates, and guides:
Updated 17 days ago