Getting Started
Welcome!
The goal of the OSCAL Patterns Library is to maximize interoperability across OSCAL tools. The library accomplishes this by defining the recommended OSCAL representation for specific use cases. Recommendations are based on the consenss of participating Foundation members.
Organization
-
Core OSCAL: Patterns, guidance, information and resources common to any OSCAL representation regardless of framework or control set.
-
FedRAMP: Patterns, guidance, information and resources for expressing FedRAMP Authorization Packages in OSCAL.
- FedRAMP System Security Plan (SSP): Represent FedRAMP SSP content in OSCAL (New!)
- FedRAMP Plan of Action and Milestones (POA&M): Represent FedRAMP POA&M content in OSCAL (Next Priority)
- FedRAMP Assessments: Represent FedRAMP SAP and SAR content in OSCAL (Future)
-
Additional Frameworks and Industries: Framework-specific and industry-specific patterns, guidance, information and resources. (Prioritized based on demand and available resources.)
Library Status and Next Steps
The OSCAL Foundation jumpstarted this library using prior content created by former FedRAMP PMO members. The initial deployment focuses on deployment and cleanup of that FedRAMP-specific content in response to new OSCAL requirements for FedRAMP-authorized systems.
See the Milestones, Approach and Status for completed work, current status and future steps.
Content Development and Governance
The organizational structure of the Foundation is as follows:
- Board of Directors
- Executive Steering Committee
- Technical Advisory Group (TAG)
- Technical Working Group (TWG) *
- Technical Working Groups (TFGs)
- Technical Working Group (TWG) *
- Technical Advisory Group (TAG)
- Executive Steering Committee
All content in this library is produced by members of various TFGs. Each TFG reports status and raises issues to the TWG weekly.
Completed work is subject to review and approval by the TAG.
The Steering Committee and/or Board weigs in on more strategic or broad-reaching topics as well as to resolve conflicts.
- There are other OSCAL Foundation working groups not relevant to this governance chain.
Getting Involved
The OSCAL Foundation TWG and TFGs are open to the public. Join the appropriate OSCAL Foundation group lists to see meeting details and receive announcements.
Paid membership is required for approval or voting rights, and to ensure the Foundation's future viability. See the Get Involved page to enquire about membership.