Press Releases

DRTConfidence First to Achieve Successful FedRAMP Annual Assessment Reporting Package Submission in OSCAL

DRTConfidence successfully submitted a FedRAMP Annual Assessment reporting package including System Security Plan (SSP), Security Assessment Plan (SAP), and Security Assessment Report (SAR) in OSCAL, meeting FedRAMP guidelines. With OSCAL emerging as FedRAMP’s new automation standard for receiving and reviewing authority to operate (ATO) Packages, DRTConfidence, IT compliance certification firm, Schellman, and bioinformatics cloud service provider, DNAnexus, are leading in the delivery of ATO artifacts in OSCAL.

Arlington, VA – August 2, 2022 – Award-winning technology innovator and federal IT transformation leader, DRT Strategies, Inc. (DRT) announced today that its automated authority to operate (ATO) solution, DRTConfidence, successfully submitted a System Security Plan (SSP), a Security Assessment Plan (SAP), and Security Assessment Report (SAR) in Open Security Controls Assessment Language (OSCAL) to the Federal Risk and Authorization Management Program (FedRAMP).  Of significant note, FedRAMP found no errors or exceptions in the submissions.

This achievement bears industry-changing meaning and import to FedRAMP’s IT security compliance for hundreds of cloud service providers.  Specifically, DRTConfidence:

  • Converted and submitted a Word-based SSP into OSCAL, passing FedRAMP submission validation rules.
  • Working with Schellman, developed and submitted the SAP in OSCAL, passing FedRAMP submission validation rules.
  • Working with Schellman, developed and submitted the SAR in OSCAL, passing FedRAMP submission validation rules.


“We are excited about the progress of OSCAL adoption and DRTConfidence’s now demonstrated capability to bring the benefits of OSCAL to the FedRAMP market,” stated Valinder Mangat, Chief Innovation Officer at DRT.

“The results from collaborating with Schellman and DNAnexus is a break-through moment on the path to preparing and automatically generating FedRAMP ATO packages in OSCAL.”

“DRTConfidence was easily able to convert our SSP in the OSCAL structured data format,” commented Loren Buhle, PhD, Vice President of Risk, Quality, and Compliance for DNAnexus.

“We congratulate the DRTConfidence team on this important milestone, and we look forward to the day we can offer this same functionality to our federal agency customers.”

Doug Barbin, Managing Principal and Chief Growth Officer at Schellman added, “Having to manage 300-400+ controls, vulnerability data and findings in spreadsheets and Word documents has been the persistent challenge of managing FedRAMP assessments and the multiple documents that are interlinked.  The benefits of OSCAL’s machine readable format starts with quality checks and gives all parties insight into the state of an organization’s risks and control implementations.”

“This is the future of cybersecurity assessments, and it was exciting to partner with both DNAnexus and DRTConfidence on this initiative.  I’m excited for what is next!”

About DRTConfidence™
DRTConfidence is the OSCAL-ready solution that enables Cloud Service Providers (CSPs) and Third-Party Assessment Organizations (3PAO) to document and generate FedRAMP compliant ATO packages in OSCAL today. Learn more about DRTConfidence and OSCAL at

About DRT Strategies®
DRT Strategies, Inc. (DRT) is an award-winning technology innovator and leading digital transformation partner to large federal agencies and commercial clients for nearly 20 years.  The company is a ServiceNow™ Partner – Specialist, Amazon Web Services (AWS) Consulting Partner, UiPath Partner, SAFe Bronze Partner, Esri Bronze Partner, and holds ISO 9001:2015, ISO/IEC 20000-1:2018, and ISO/IEC 27001:2013 certifications and has achieved CMMI-DEV Level 3.  DRT is headquartered in Arlington, Virginia, with offices in Atlanta, Georgia. More information on the company can be found at

About Schellman
Schellman is a leading provider of attestation and compliance services. We are a top 100 CPA firm, a globally licensed PCI QSA, an ISO Certification Body, HITRUST CSF Assessor, a FedRAMP 3PAO, and an APEC Accountability Agent working as an alternative practice structure. Renowned for expertise tempered by practical experience, Schellman’s professionals provide superior client service balanced by steadfast independence. This approach allows our clients to achieve multiple compliance objectives through a single assessor.  Learn more at

About DNAnexus
DNAnexus is the leading bioinformatics company that facilitates secure access and utilization of biomedical data while supporting collaboration. From providing an integrated diagnostic R&D and production bioinformatics platform to providing pharmaceutical companies with a multi-omics data science platform for new drug discovery, DNAnexus empowers the healthcare and life sciences industry to transform how it leverages biomedical data to accelerate scientific discoveries and deliver better patient care. For more information on DNAnexus, please visit