Script to convert FedRAMP controls spreadsheet to opencontrols files

[rafael5]

Only a few (<20) controls are specified in the AWS opencontrols git:
https://github.com/opencontrol/aws-compliance

For FedRAMP-high we need all 421 controls implemented per the FedRAMP spreadsheet:
https://www.fedramp.gov/assets/resources/documents/FedRAMP_Security_Controls_Baseline.xlsx

Is it possible to write a script to auto-populate the AWS opencontrol files with the appropriate controls from the FedRAMP-high spreadsheet?

[afeld]

Hey, thanks for posting! First, a couple of clarifications:

• The FedRAMP baselines would be represented as an OpenControl Certification.
• The AWS implementations of those controls would be represented as a set of OpenControl Components, as seen in that repository.

There used to be a repository for the former, but it was recently deleted since it wasn't being maintained. I think it would be relatively straightforward to write a script to create OpenControl Certification YAML files from the spreadsheet you linked above. See also: using them from OSCAL.

• FedRAMP baselines in OSCAL
• Using OSCAL with Compliance Masonry

Re: AWS control implementations, see opencontrol/aws-compliance#5.

[its-a-lisa]

Suggest closing once opencontrol/website#46 gets merged