Recently Updated Pages
Comments Summary
:root { --accent: #2d6be4; --accent-dim: #e8effe; --border: #dde1e9; --surface2: #f0f2f5; --muted...
Defining Allowed Values
This page is still under development. The <allowed-values> assembly provides a consistent and una...
Components
OSCAL component are the backbone of an OSCAL System Security Plan (SSP), enabling data normalizat...
Native Adoption Path
If you are approaching OSCAL to intially create your system security plan and do not have legacy ...
SSP Adoption Strategies
The best way to adopt OSCAL for your system depends on your circumstances. The OSCAL Foundation d...
Welcome
The goal of the OSCAL Patterns Library is to maximize interoperability across OSCAL tools. The li...
Retrofit Adoption Path
If you need to convert legacy documentation to OSCAL, follow this path. If you are approaching OS...
Roles
Every FedRAMP assessment package must identify the party (individual, team or organization) respo...
Control Origination
FedRAMP accepts only one of five values for control-origination: sp-corporate, sp-system, custome...
Implementaiton Status
FedRAMP only accepts only one of five values for implementation-status: implemented, partial, pla...
Inheritence and Customer Responsibilities
For systems that may be leveraged, OSCAL enables a robust mechanism for providing both inheritanc...
Responding By Component
OSCAL SSPs represent control responses in control-implementation / implemented-requirements / st...
Control Implementation Statements
Typically, the controls in the FedRAMP baselines have lettered parts (a., b., etc.). A few only h...
Citing Control Statements
OSCAL SSPs cite OSCAL baseline statement identifiers when representing control implementation res...
Responding to Control Baselines
OSCAL references controls in baselines and catalogs. The statements are not duplicated into an O...
Parameter Assignments
Representation If a FedRAMP control has one or more parameters, add a set-parameters array Withi...
Milestones, Approach and Status
The OSCAL Foundation's FedRAMP Technical Focus Group (TFG) is enabling FedRAMP stakeholders to ad...
Prepared By/For
Prepared By and Prepared For follow the Roles pattern, using the prepared-by and prepared-for ro...
Responsible Roles
Every control should have one or more responsible roles identified. In OSCAL, there are three po...
Control Response: Policies, Procedures, Plans, RoB, and Guides
Most FedRAMP-required attachments derive their requirement from one or more NIST SP 800-53 contro...