Skip to main content

Title Pages

system security plan title page image

All FedRAMP artifacts include a title page. The content found on the title page is represented using core OSCAL content in metadata.

  • title the artifact title as FedRAMP requires it to appear
  • published the formal publication date of the artifact (using OSCAL date-time-with-timezone format)
  • version the formal version number of the artifact
  • a prop entry with:
    • name set to marking
    • value set to Controlled Unclassified Information

The CSP name is represented using thecloud-service-provider role in SSP ssp_00_title_page.pngRoles.

The CSO name is addressed using the SSP System Information, CSO Name

For assessment artifacts, the assessor name is represented using the assessor role in the SAP Roles.

Additional document markings may be added using additional prop entries with name set to marking and value set to the required marking.

Representation
  metadata:
    title: \[EXAMPLE\] FedRAMP \[Baseline Name\] System Security Plan (SSP)
    published: '2024-12-31T23:59:59Z'
    last-modified: '2025-01-08T04:18:29Z'
    version: fedramp-3.0.0rc1-oscal-1.1.2
    oscal-version: 1.1.3

    revisions:
    - published: '2023-06-30T00:00:00Z'
      version: '1.0'
      oscal-version: 1.0.4
      props:
      - name: party-uuid
        ns: http://fedramp.gov/ns/oscal
        value: 11111111-2222-4000-8000-004000000001
      remarks: Initial publication.
    - published: '2023-07-06T00:00:00Z'
      version: '1.1'
      oscal-version: 1.0.4
      props:
      - name: party-uuid
        ns: http://fedramp.gov/ns/oscal
        value: 11111111-2222-4000-8000-004000000001
      remarks: Minor `prop` updates.
    props:
    - name: marking
      value: cui
      class: fedramp.gov

roles:
    - id: fedramp-pmo
      title: FedRAMP Program Management Office
    - id: cloud-service-provider
      title: Cloud Service Provider
      short-name: CSP

    parties:
    - uuid: 11111111-2222-4000-8000-004000000001
      type: organization
      name: Cloud Service Provider (CSP) Name
      short-name: CSP Acronym/Short Name

    - uuid: 11111111-2222-4000-8000-004000000002
      type: organization
      name: 'Federal Risk and Authorization Management Program: Program Management Office'
      short-name: FedRAMP PMO

    responsible-parties:
    - role-id: cloud-service-provider
      party-uuids:
      - 11111111-2222-4000-8000-004000000001
    - role-id: fedramp-pmo
      party-uuids:
      - 11111111-2222-4000-8000-004000000002

FedRAMP Allowed Value Required Role IDs:

  • fedramp-pmo
  • cloud-service-provider
XPath Queries

  • Document Title: /*/metadata/title

  • Document Published Version #: /*/metadata/version

  • Document Published Date (will need to convert data for presentation): /*/metadata/published

  • Document Sensitivity Label (If more than one, tools should present all): /*/metadata/prop[@name="marking"]

NOTES:

  • There may be more than one Document Sensitivity Label (marking), if needed. The only required value is cui (Controlled Unclassified Information). Tools should display and/or notify the user of all sensitivity markings.
Back to top