Baselines

FedRAMP's baselines are available in OSCAL XML, JSON and YAML formats.

Quick Start

Jump straight to what you need.

Although OSCAL enablesoffers a lotgreat deal of flexibility with baselines and overlays, but you need to get started quickly and just want a single OSCAL file with exactly the controls youfor need.your baseline.

The following OSCAL "resolved profile" catalogs are exactly what you need:

• FedRAMP HIGH Baseline (OSCAL Catalog) [ XML | JSON | YAML ]
• FedRAMP MODERATE Baseline (OSCAL Catalog) [ XML | JSON | YAML ]
• FedRAMP LOW Baseline (OSCAL Catalog) [ XML | JSON | YAML ]
• FedRAMP LI-SaaS Baseline (OSCAL Catalog) [ XML | JSON | YAML ]

OSCAL Tailoring and Overlays

OSCAL is designed to be referential. It allows tailoring and control overlays. When your OSCAL provessing requires more flexible management of your control baselines, the FedRAMP profiles are available.

The following structure is used:

The following OSCAL catalogs and profiles are available:

• NIST SP 800-53, Revision 5 (OSCAL Catalog) [ XML | JSON | YAML ]

• FedRAMP Tailoring Profile (OSCAL Profile) [ XML | JSON | YAML ]

• FedRAMP HIGH Baseline (OSCAL Profile) [ XML | JSON | YAML ]

• FedRAMP MODERATE Baseline (OSCAL Profile) [ XML | JSON | YAML ]

• FedRAMP LOW Baseline (OSCAL Profile) [ XML | JSON | YAML ]

• FedRAMP LI-SaaS Baseline (OSCAL Profile) [ XML | JSON | YAML ]