Skip to main content

Plan and Milestones

The OSCAL Foundation's FedRAMP Technical Focus Group (TFG) is enabling FedRAMP stakeholders to adopt OSCAL for FedRAMP package deliverables. The following is our plan of work:

Milestones

  • Phase 0 Establish Resources and Form Team [Complete]
  • Phase 1 FedRAMP System Security Plans (SSP) [In Progress]
  • Phase 2 FedRAMP Plan of Action and Milestones (POA&M) [Next]
  • Phase 3 FedRAMP Security Assessment Plans and Reports (SAP and SAR)

Approach

Work within each of the above phases occurs in this sequence:

  1. Define the OSCAL Representation
  2. Address Validation:
  3. Communicate Availability

Status Log

Last Updated March 4, 2026

  • Form TFG: Complete
  • Establish Patterns Library: Complete
  • Establish GitHub Repository: Complete
  • Migrate prior FedRAMP baselines in OSCAL format to repository: Complete
  • Migrate prior FedRAMP OSCAL SSP work into patterns library: Complete
  • Formulate communication plan: In Progress
  • Migrate prior FedRAMP OSCAL SSP example: Complete
  • Review/Refine FedRAMP OSCAl SSP patterns: In Progress
  • Review/Refine FedRAMP OSCAL SSP example: In Progress
  • Draft "Executive Summary" and "Getting Started" content: Next
  • POA&M example and patterns: Next
Back to top