Recently Updated Pages

:root { --accent: #2d6be4; --accent-dim: #e8effe; --border: #dde1e9; --surface2: #f0f2f5; --muted...

Attachments All OSCAL models handle attachments the same way. The following is used to attach fil...

All FedRAMP artifacts include a title page. The content found on the title page is represented u...

Most attachments required by FedRAMP are called out in the NIST SP 800-53 controls appearning in ...

See the FedRAMP POA&M book.

Cryptographic Modules Implemented for Data-in-Transit (DIT) This page needs work: The examples ...

Entries in the services, ports, and protocols table are represented as component assemblies, with...

There is no OSCAL construct for representing an acronyms list. Attach a document (e.g., Word, Exc...

The Architecture, Network and Data Flow Diagramss are each represented using the same OSCAL patte...

FedRAMP authorized services should be used, whenever possible, since their risk is defined. Howe...

Get Started The oscal-cli is an open source command-line utility designed to help developers and ...

Validating OSCAL content is a tiered process that ensures data integrity from basic file structur...

Welcome to the OSCAL Foundation Patterns Library! The goal of the OSCAL Patterns Library is to ma...

If you need to convert legacy documentation to OSCAL, follow this path. If you are approaching OS...

OSCAL offers a great deal of flexibility for controls responses. To balance consistency, interope...

The normalized approach is prefered. Organizations starting new with no legacy SSP content should...

System Information CSP Name The cloud service provider (CSP) name and abbreviation are represent...

OSCAL makes two approaches available for depicting the system inventory: Flat Approach: Aligns ...

The flat approach to inventory is only intended as a starting point for service providers convert...

The normalized approach is prefered. Organizations starting new with no legacy inventory reportin...