FedRAMP
RegScale FedRAMP CLI
The FedRAMP (Federal Risk and Authorization Management Program) CLI command is used to bulk-process and load OSCAL formatted JSON files into RegScale. It serves the following purposes:
- Performs bulk loading of data via the command line
- Allows for scripting the loading of many files in batch
- Avoids the need to custom code FedRAMP file loading into RegScale via APIs
FedRAMP rev4 Commands
Load an MS Word Formatted Security Plan
Usage: regscale fedramp load-fedramp-docx --file_name './path/to/yourSSP.docx'
A list of parameters available:
file_name
- a path to the file for the SSP you are creating. # Requiredbase_fedramp_profile
- the name of the RegScale profile to use. Defaults toFedRAMP - High
add_missing
- True|False Will add controls that are in the security plan but not in the profile. Defaults to Falsesave_data
- True|False Will save the data as a json file. Defaults to False
FedRAMP rev5 Commands
Load an OSCAL (XML) formatted Security Plan
Usage: regscale fedramp import-fedramp-ssp-xml --file_path ./very_important_fedramp_ssp.xml --catalogue_id 5
NOTE: This command works for both rev4 and rev5 versions of OSCAL system security plans.
A list of parameters available:
file_path
- a path to the file for the OSCAL SSP you are creating. # Requiredcatalogue_id
- the id of the RegScale catalog corresponding to the Security Plan to be imported
Load an MS Word Formatted SSP and Appendix A
Import a rev 5 FedRAMP Security Plan and associated Appendix A (control implementations)
Usage: regscale fedramp load-fedramp-docx-v5 --file_name './path/to/yourSSP.docx'
A list of parameters available:
file_name
- a path to the file for the SSP you are creating. # Requiredappendix_a_file_name
- a path to the file for the Appendix A of the SSP you are creating. # Requiredbase_fedramp_profile_id
- the name of the RegScale profile id to use.add_missing
- True|False Will add controls that are in the security plan but not in the profile. Defaults to Falsesave_data
- True|False Will save the data as a json file. Defaults to False
Load an MS Word Formatted Appendix A
Import a rev 5 FedRAMP Appendix A (control implementations) into an existing RegScale Security Plan record
Usage: regscale fedramp load-fedramp-appendix-a --appendix_a_file_name './path/to/yourAppendixA.docx'
A list of parameters available:
appendix_a_file_name
- a path to the file for the Appendix A of the SSP you are creating. # Requiredbase_fedramp_profile_id
- the name of the RegScale profile id to use.add_missing
- True|False Will add controls that are in the security plan but not in the profile. Defaults to Falseregscale_id
- id of the RegScale security plan to which to associate the Appendix A information # Required
Load an MS Excel Formatted CIS/CRM
Usage: regscale fedramp import-cis-crm --file_path './path/to/yourCISCRM.xlsx'
A list of all parameters available:
file_path
- path to the file for the cis\crm #Requiredcrm_sheet_name
- name of the sheet within the excel workbook containing the crm information #Requiredcis_sheet_name
- name of the sheet within the excel workbook containing the cis information #Requiredregscale_ssp_id
- id of the RegScale security plan to which to associate the cis/crm information #Requiredleveraged_auth_id
- id of existing leveraged authorization to which to associate the cis/crm information
Load an MS Excel Formatted POA&M
Usage: regscale fedramp import-poam --file_path './path/to/yourPOA&M.xlsx'
A list of all parameters available:
file_path
- path to the file for the POA&M #Requiredregscale_id
- id of the securityplan to which to import the POA&M information #Requiredregscale_module
- use "securityplans" #Required
Load an MS Excel Formatted Deviation Request Form
Usage regscale fedramp import-drf --file_path './path/to/yourDRF.xlsx'
A list of all parameters available:
file_path
- path to the file for the Deviation Request Form file #Requiredregscale_id
- id of the securityplan to which to import the POA&M information #Requiredregscale_module
- use "securityplans" #Required
Load an MS Excel Formatted Inventory
Usage: `regscale fedramp import_fedramp_inventory --path './path/to/yourPOA&M.xlxs'
A list of all parameters available:
path
- path to the file for the Integrated Inventory file #Requiredsheet_name
- name of the sheet within the excel workbook containing the FedRAMP inventory # Requiredregscale_id
- id of the securityplan to which to import the POA&M information #Requiredregscale_module
- use "securityplans" #Required
Example FedRAMP Documents
The FedRAMP Program Management Office (PMO) maintains a github repository with a wealth of OSCAL templates, document templates, and guides:
Updated 7 days ago