# Milestones, Approach and Status

The OSCAL Foundation's _FedRAMP Technical Focus Group (TFG)_ is enabling FedRAMP stakeholders to adopt OSCAL for FedRAMP package deliverables. The following is our plan of work:

### Milestones

- **Phase 0**: Form Team and Establish Resources [_Complete_]
- **Phase 1**: FedRAMP System Security Plans (SSP) [_In Progress_]
- **Phase 2**: FedRAMP Plan of Action and Milestones (POA&M) [_Re-evaluating priority in light [FedRAMP Notice 9](https://www.fedramp.gov/notices/0009/) Item #3_]
- **Phase 3**: FedRAMP Security Assessment Plans and Reports (SAP and SAR)
- **Phase 4**: Advanced and Refinement
- **Phase 5**: FedRAMP Adjacent Frameworks (GovRAMP, DoD/FedRAMP+, DoD Impact Levels, CMMC and Related Variants)
- **Future**:: Other Frameworks (PCI CSA, CIS, DSS, SOC 2, ISO-270xx, etc.)

### Target Dates

- March 31: Full Draft  SSP 
- April: Socialize with FedRAMP PMO and CSP-AB
- April 15: Presentation at NIST OSCAL Workshop

### Approach

Work within each of the above phases occurs in this sequence:
1. **Define the OSCAL MVP Representation** 
1. **Address Validation**:
1. **Communicate Availability**
1. **Expand and Refine Representation**

### Status Log

_Last Updated April 8, 2026_

- Form TFG: _Complete_
- Establish Patterns Library: _Complete_
- Establish GitHub Repository: _Complete_
- Migrate prior FedRAMP baselines in OSCAL format to repository: _Complete_
- Migrate prior FedRAMP OSCAL SSP work into patterns library: _Complete_
- Formulate communication plan: _Complete_
- Migrate prior FedRAMP OSCAL SSP example: _Complete_
- Formulate Adoption Paths: _Complete_
- Review/Refine FedRAMP OSCAl SSP patterns: _In Progress_
- Review/Refine FedRAMP OSCAL SSP example: _In Progress_
- Draft "Getting Started" content: _Next_
- POA&M example and patterns: _Next_

---