David Waltermire
FedRAMP Experience Branch Chief
David Waltermire joined the Federal Risk and Authorization Management Program (FedRAMP) team in April 2023, bringing over two decades of technical knowledge and leadership experience to the forefront of GSA’s cybersecurity endeavors. His prior work at the National Institute of Standards and Technology (NIST) solidified his reputation as a trusted authority in data-centric approaches to security automation, cybersecurity research, standards development, and leadership. His technical and strategic abilities have positioned him as a trusted authority in the field.
At NIST, David has been instrumental in the development and advancement of various cybersecurity standards, frameworks, and initiatives, including the Security Content Automation Protocol, the Risk Management Framework (RMF), and the National Vulnerability Database. Notably, he has been a driving force behind the establishment and adoption of the Open Security Controls Assessment Language (OSCAL), a standardized format for expressing security controls, assessments, and related information. David’s contributions to OSCAL have played a significant role in enhancing the efficiency, interoperability, and automation of security assessment processes.
At GSA, David continues to be an advocate for innovation and collaboration in cybersecurity as the Lead for Data Strategy and Standards. He continues to be actively engaged with stakeholders from government, industry, academia, and international organizations to promote the adoption and integration of OSCAL into cybersecurity practices. David’s collaborative approach and diplomatic leadership style will continue to foster consensus-building and driven progress in addressing complex cybersecurity challenges, paving the way for enhanced security posture and resilience in organizations worldwide.
A cornerstone of David’s approach at GSA is the integration and promotion of OSCAL into FedRAMPs processes. His advocacy for OSCAL underscores his dedication to streamlining security assessment processes and fostering interoperability and automation in cybersecurity practices. Through strategic collaborations and partnerships, David is working to position GSA at the forefront of cybersecurity innovation and resilience, ensuring that it remains a leader in safeguarding federal cloud services and information.