Getting Started
Welcome to the OSCAL Foundation Patterns Library!
The goal of the OSCAL Patterns Library is to maximize interoperability across OSCAL tools. The library accomplishes this by defining the recommended OSCAL representation for specific use cases. Recommendations are based on the consenss of participating Foundation members.
Leave Comments
If you have feedback on any of the content, please leave a comment on the page. Commenting is enabled after you self-register using the the "Log in" button in the upper right.
Organization
-
Core OSCAL: Patterns, guidance, information and resources common to any OSCAL representation regardless of framework or control set.
-
FedRAMP: Patterns, guidance, information and resources for expressing FedRAMP Authorization Packages in OSCAL.
- FedRAMP System Security Plan (SSP): Represent FedRAMP SSP content in OSCAL (In Progress)
- FedRAMP Plan of Action and Milestones (POA&M): Represent FedRAMP POA&M content in OSCAL (Next Priority)
- FedRAMP Assessments: Represent FedRAMP SAP and SAR content in OSCAL (Future)
-
Additional Frameworks and Industries: Framework-specific and industry-specific patterns, guidance, information and resources. (Prioritized based on demand and available resources.)
Status and Next Steps
The OSCAL Foundation jumpstarted this library using prior content created by former FedRAMP PMO members. The initial deployment focuses on deployment and cleanup of that FedRAMP-specific content in response to new OSCAL requirements for FedRAMP-authorized systems.
See the Milestones, Approach and Status for completed work, current status and future steps.
Governance
Content in this library is drafted by Technical Focus Groups (TFG). Each TFG reports status at the weekly Technology Working Group (TWG) meeting, held each Tuesday at 11:00 AM Eastern Time.
All content must be approved by the Technical Advistory Group (TAG) for it to stand as . Steering Committee and/or Board approval is also required for more strategic or broad-reaching topics; and to resolve conflicts.
The organizational structure of the Foundation is as follows:
- Board of Directors
- Executive Steering Committee
- Technical Advisory Group (TAG)
- Technical Working Group (TWG) *
- Multiple Technical Working Groups (TFG)
- Technical Working Group (TWG) *
- Technical Advisory Group (TAG)
- Executive Steering Committee
* There are other OSCAL Foundation working groups, which are not currently involved in this effort.
Getting Involved
The OSCAL Foundation TWG and TFGs are open to the public. Join the appropriate OSCAL Foundation group lists to see meeting details and receive announcements.
Paid membership is required for approval or voting rights, and to ensure the Foundation's future viability. See the Get Involved page to enquire about membership.
No comments to display
No comments to display