Baselines
FedRAMP's baselines are available in OSCAL XML, JSON and YAML formats.
Quick Start
Jump straight to what you need.
Although OSCAL offers a great deal of flexibility with baselines and overlays, you need to get started quickly and just want a single OSCAL file with the controls for your baseline.
The following OSCAL "resolved profile" catalogs are exactly what you need:
- FedRAMP HIGH Baseline (OSCAL Catalog) [ XML | JSON | YAML ]
- FedRAMP MODERATE Baseline (OSCAL Catalog) [ XML | JSON | YAML ]
- FedRAMP LOW Baseline (OSCAL Catalog) [ XML | JSON | YAML ]
- FedRAMP LI-SaaS Baseline (OSCAL Catalog) [ XML | JSON | YAML ]
OSCAL Tailoring and Overlays
OSCAL is designed to be referential. It allowsenables tailoring of controls and controlthe overlays.ability Whento youroverlay OSCALcontrols. provessing requires more flexible management of your control baselines, theThe FedRAMP profiles are available.available for these more complex scearios.
The following referential structure is used:
- A single FedRAMP Rev 5 tailoring profile imports the NIST SP 800-53 Rev 5 catalog. FedRAMP control tailoring that applies to all baselines is performed here.
- High, Moderate, and Low FedRAMP Rev 5 Profiles each import the FedRAMP Tailoring Profile. Each also identifies the controls for that baseline and include any baseline-speicifc control tailoring.
- Low-Impact SaaS is a special FedRAMP tailoring of the FedRAMP Low baseline. It imports the FedRAMP Low Profile and tailors it further.
The "resolved profile" catalogs at the top of this page are the result of processing the control selection and tailoring represented here.
Available OSCAL Catalog and Profiles
The following OSCAL catalogs and profiles are available: