HomeGuidesAPI ReferenceChangelog
Log In
Guides
Start typing to search…

## RegScale FedRAMP CLI

The FedRAMP (Federal Risk and Authorization Management Program) CLI command is used to bulk-process and load OSCAL formatted JSON files into RegScale. It serves the following purposes:

  • Performs bulk loading of data via the command line

  • Allows for scripting the loading of many files in batch

  • Avoids the need to custom code FedRAMP file loading into RegScale via APIs

NOTE: The SSP word importer uses [pandoc](πŸ”—ο»Ώ) See link for installing prior to running the import.

### **Load an OSCAL (XML) formatted Security Plan**

Usage: `regscale fedramp import_ssp_xml --file-path ./very_important_fedramp_ssp.xml --catalogue_id 5`

NOTE: This command works for both rev4 and rev5 versions of OSCAL system security plans.

A list of parameters available:

  • `--file-path` or `-f` - a path to the file for the OSCAL SSP you are creating. # Required

  • `--catalogue_id` or `-c` - the id of the RegScale catalog corresponding to the Security Plan to be imported

### **Load an MS Word Formatted SSP and Appendix A**

Import a FedRAMP Security Plan and associated Appendix A (control implementations)

Usage: `regscale fedramp import_docx --file_path './path/to/yourSSP.docx'` A list of parameters available:

  • `--file_path` or `-f` - a path to the file for the SSP you are creating. # Required

  • `--appendix_a_file_path` or `-a` - a path to the file for the Appendix A of the SSP you are creating. # Required

  • `--base_fedramp_profile` or `-pn` - the name of the RegScale profile to use.

  • `--base_fedramp_profile_id` or `-p` - the id of the RegScale profile to use.

  • `--add_missing` - True|False Will add controls that are in the security plan but not in the profile. Defaults to False

  • `--save_data` - True|False Will save the data as a json file. Defaults to False

  • `--version` or `-rev` - the version of the fedramp template: [4 | 5 | rev4 | rev5]

### **Load an MS Word Formatted Appendix A**

Import a rev 5 FedRAMP Appendix A (control implementations) into an existing RegScale Security Plan record

Usage: `regscale fedramp import_appendix_a --appendix_a_file_path './path/to/yourAppendixA.docx'` A list of parameters available:

  • `--appendix_a_file_path` or `-a` - a path to the file for the Appendix A of the SSP you are creating. # Required

  • `--base_fedramp_profile_id` or `-p` - the ID of the RegScale profile to use.

  • `--add_missing` - True|False Will add controls that are in the security plan but not in the profile. Defaults to False

  • `--regscale_id` or `-i` - id of the RegScale security plan to which to associate the Appendix A information # Required

### **Load an MS Excel Formatted CIS/CRM**

Usage: `regscale fedramp import_cis_crm --file_path './path/to/yourCISCRM.xlsx'`

A list of all parameters available:

  • `--file_path` or `-f` - path to the file for the cis\\crm #Required

  • `--crm_sheet_name` or `-crm`- name of the sheet within the excel workbook containing the crm information #Required

  • `--cis_sheet_name` or `-cis`- name of the sheet within the excel workbook containing the cis information #Required

  • `--regscale_ssp_id` or `-i` - id of the RegScale security plan to which to associate the cis/crm information #Required

  • `--leveraged_auth_id` or `-l` - id of existing leveraged authorization to which to associate the cis/crm information

  • `--version` or `-rev` - the version of the fedramp template: [4 | 5 | rev4 | rev5]

### **Load an MS Excel Formatted POA&M**

Usage: `regscale fedramp import_poam --file_path './path/to/yourPOA&M.xlsx'`

A list of all parameters available:

  • `--file_path` - path to the file for the POA&M #Required

  • `--regscale_id` or `-id` - id of the securityplan to which to import the POA&M information #Required

  • `--regscale_module` or `-m` - use "securityplans" #Required

  • `--poam_id_column` or `-pc` - The header containing the POAM ID, defaults to "POAM ID"

### **Load an MS Excel Formatted Deviation Request Form**

Usage `regscale fedramp import_drf --file_path './path/to/yourDRF.xlsx'`

A list of all parameters available:

  • `--file_path` - path to the file for the Deviation Request Form file #Required

  • `--regscale_id` or `-id` - id of the securityplan to which to import the POA&M information #Required

  • `--regscale_module` or `-m` - use "securityplans" #Required

### **Load an MS Excel Formatted Inventory**

Usage: `regscale fedramp import_inventory --file_path './path/to/yourPOA&M.xlxs`

A list of all parameters available:

  • `--file_path` or `-f` - path to the file for the Integrated Inventory file #Required

  • `--sheet_name` or `-s` - name of the sheet within the excel workbook containing the FedRAMP inventory # Required

  • `--regscale_id` or `-id` - id of the securityplan to which to import the POA&M information #Required

  • `--regscale_module` or `-m` - use "securityplans" #Required

  • `--version` or `-rev` - the version of the fedramp template: [4 | 5 | rev4 | rev5]

### Example FedRAMP Documents

The FedRAMP Program Management Office (PMO) maintains a github repository with a wealth of OSCAL templates, document templates, and guides:

  • ο»Ώ[FedRAMP OSCAL Content](πŸ”—ο»Ώ)ο»Ώ

  • ο»Ώ[FedRAMP Documents and Templates](πŸ”—ο»Ώ)ο»Ώ

###