Recently Updated Pages

The best way to adopt OSCAL for your system depends on your circumstances. The OSCAL Foundation d...

If you are approaching OSCAL to intially create your system security plan and do not have legacy ...

See Inventory Approaches for guidance.

The flat approach to control responses is only intended as a starting point for service providers...

"Prepared by" and "Prepared for" follow the Roles pattern, using the prepared-by and prepared-fo...

SSP Approvals follow the Roles pattern, using the content-approver role. Defined Identifiers Re...

The SSP title page follows the Title Pages pattern.

System Owner follows the Roles pattern, using the system-owner role. Defined Identifiers Requir...

Information System Security Officer (ISSO) follows the Roles pattern, using the information-syst...

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

Conrol definitions are imported by an OSCAL SSP and referenced as needed. Importing a Baseline I...

The OSCAL Foundation's FedRAMP Technical Focus Group (TFG) is enabling FedRAMP stakeholders to ad...

UTF-8 Character Encoding OSCAL uses UTF-8 character encoding. JSON and YAML files are always UTF-...