Title Pages

All FedRAMP artifacts include a title page. The content found on the title page is represented using core OSCAL content in metadata.

• title the artifact title as FedRAMP requires it to appear
• published the formal publication date of the artifact (using OSCAL date-time-with-timezone format)
• version the formal version number of the artifact
• a prop entry with:
  • name set to marking
  • value set to Controlled Unclassified Information
• an additional prop entry with:
  • name set to fedramp-version
  • ns set to http://fedramp.gov/ns/oscal
  • value set to the the tag representing the version of FedRAMP being used

The CSP name is represented using thecloud-service-provider role in SSP Roles.

The CSO name is addressed using the SSP System Information, CSO Name

For assessment artifacts, the assessor name is represented using the assessor role in the SAP Roles.

Additional document markings may be added using additional prop entries with name set to marking and value set to the required marking.

All documents in a digital authorization package for FedRAMP should specify the version that identifies which FedRAMP policies, guidance, and technical specifications its authors used during the creation and maintenance of the package.

Representation

system-security-plan:
  metadata:
    title: \[EXAMPLE\] FedRAMP \[Baseline Name\] System Security Plan (SSP)
    published: '2024-12-31T23:59:59Z'
    last-modified: '2025-01-08T04:18:29Z'
    version: fedramp-3.0.0rc1-oscal-1.1.2
    oscal-version: 1.1.3

    props:
    - name: marking
      value: cui
      class: fedramp.gov