HomeGuidesAPI ReferenceChangelog
Log In
Guides

FedRAMP

Suggest Edits

RegScale FedRAMP CLI

The FedRAMP (Federal Risk and Authorization Management Program) CLI command is used to bulk-process and load OSCAL formatted JSON files into RegScale. It serves the following purposes:

  • Performs bulk loading of data via the command line
  • Allows for scripting the loading of many files in batch
  • Avoids the need to custom code FedRAMP file loading into RegScale via APIs

📘

NOTE: The SSP word importer uses pandoc See link for installing prior to running the import.

Load an OSCAL (XML) formatted Security Plan

Usage: regscale fedramp import_ssp_xml --file-path ./very_important_fedramp_ssp.xml --catalogue_id 5

NOTE: This command works for both rev4 and rev5 versions of OSCAL system security plans.

A list of parameters available:

  • --file-path or -f - a path to the file for the OSCAL SSP you are creating. # Required
  • --catalogue_id or -c - the id of the RegScale catalog corresponding to the Security Plan to be imported

Load an MS Word Formatted SSP and Appendix A

Import a FedRAMP Security Plan and associated Appendix A (control implementations)

Usage: regscale fedramp import_docx --file_path './path/to/yourSSP.docx'
A list of parameters available:

  • --file_path or -f - a path to the file for the SSP you are creating. # Required
  • --appendix_a_file_path or -a - a path to the file for the Appendix A of the SSP you are creating. # Required
  • --base_fedramp_profile or -pn - the name of the RegScale profile to use.
  • --base_fedramp_profile_id or -p - the id of the RegScale profile to use.
  • --add_missing - True|False Will add controls that are in the security plan but not in the profile. Defaults to False
  • --save_data - True|False Will save the data as a json file. Defaults to False
  • --version or -rev - the version of the fedramp template: [4 | 5 | rev4 | rev5]

Load an MS Word Formatted Appendix A

Import a rev 5 FedRAMP Appendix A (control implementations) into an existing RegScale Security Plan record

Usage: regscale fedramp import_appendix_a --appendix_a_file_path './path/to/yourAppendixA.docx'
A list of parameters available:

  • --appendix_a_file_path or -a - a path to the file for the Appendix A of the SSP you are creating. # Required
  • --base_fedramp_profile_id or -p - the ID of the RegScale profile to use.
  • --add_missing - True|False Will add controls that are in the security plan but not in the profile. Defaults to False
  • --regscale_id or -i - id of the RegScale security plan to which to associate the Appendix A information # Required

Load an MS Excel Formatted CIS/CRM

Usage: regscale fedramp import_cis_crm --file_path './path/to/yourCISCRM.xlsx'

A list of all parameters available:

  • --file_path or -f - path to the file for the cis\crm #Required
  • --crm_sheet_name or -crm- name of the sheet within the excel workbook containing the crm information #Required
  • --cis_sheet_name or -cis- name of the sheet within the excel workbook containing the cis information #Required
  • --regscale_ssp_id or -i - id of the RegScale security plan to which to associate the cis/crm information #Required
  • --leveraged_auth_id or -l - id of existing leveraged authorization to which to associate the cis/crm information
  • --version or -rev - the version of the fedramp template: [4 | 5 | rev4 | rev5]

Load an MS Excel Formatted POA&M

Usage: regscale fedramp import_poam --file_path './path/to/yourPOA&M.xlsx'

A list of all parameters available:

  • --file_path - path to the file for the POA&M #Required
  • --regscale_id or -id - id of the securityplan to which to import the POA&M information #Required
  • --regscale_module or -m - use "securityplans" #Required
  • --poam_id_column or -pc - The header containing the POAM ID, defaults to "POAM ID"

Load an MS Excel Formatted Deviation Request Form

Usage regscale fedramp import_drf --file_path './path/to/yourDRF.xlsx'

A list of all parameters available:

  • --file_path - path to the file for the Deviation Request Form file #Required
  • --regscale_id or -id - id of the securityplan to which to import the POA&M information #Required
  • --regscale_module or -m - use "securityplans" #Required

Load an MS Excel Formatted Inventory

Usage: regscale fedramp import_inventory --file_path './path/to/yourPOA&M.xlxs

A list of all parameters available:

  • --file_path or -f - path to the file for the Integrated Inventory file #Required
  • --sheet_name or -s - name of the sheet within the excel workbook containing the FedRAMP inventory # Required
  • --regscale_id or -id - id of the securityplan to which to import the POA&M information #Required
  • --regscale_module or -m - use "securityplans" #Required
  • --version or -rev - the version of the fedramp template: [4 | 5 | rev4 | rev5]

Example FedRAMP Documents

The FedRAMP Program Management Office (PMO) maintains a github repository with a wealth of OSCAL templates, document templates, and guides:

Updated 5 days ago