Milestones, Approach and Status
The OSCAL Foundation's FedRAMP Technical Focus Group (TFG) is enabling FedRAMP stakeholders to adopt OSCAL for FedRAMP package deliverables. The following is our plan of work:
Milestones
- Phase 0 Establish Resources and Form Team [Complete]
- Phase 1 FedRAMP System Security Plans (SSP) [In Progress]
- Phase 2 FedRAMP Plan of Action and Milestones (POA&M) [Next]
- Phase 3 FedRAMP Security Assessment Plans and Reports (SAP and SAR)
Approach
Work within each of the above phases occurs in this sequence:
- Define the OSCAL Representation
- Address Validation:
- Communicate Availability
Status Log
Last Updated March 4, 2026
- Form TFG: Complete
- Establish Patterns Library: Complete
- Establish GitHub Repository: Complete
- Migrate prior FedRAMP baselines in OSCAL format to repository: Complete
- Migrate prior FedRAMP OSCAL SSP work into patterns library: Complete
- Formulate communication plan: In Progress
- Migrate prior FedRAMP OSCAL SSP example: Complete
- Review/Refine FedRAMP OSCAl SSP patterns: In Progress
- Review/Refine FedRAMP OSCAL SSP example: In Progress
- Draft "Executive Summary" and "Getting Started" content: Next
- POA&M example and patterns: Next