Recently Updated Pages

See Control Response: Policies and Procedures.

There is no OSCAL construct for representing an acronyms list. Attach a document (e.g., Word, Exc...

See the FedRAMP Security Controls chapter.

The metadata / roles array must have one entry for each column an id with a token (use pre-defi...

Cryptographic Modules Implemented for Data-in-Transit (DIT) OSCAL's component model treats indepe...

Individuals, teams, corporations and government agencies are represented in OSCAL metadata using ...

This content uses YAML for examples. All examples are derived from complete example OSCAL content...

Attachments All OSCAL models handle attachments the same way. The following is used to attach fil...

All FedRAMP artifacts include a title page. The content found on the title page is represented u...

Most attachments required by FedRAMP are called out in the NIST SP 800-53 controls appearning in ...

See the FedRAMP POA&M book.

Entries in the services, ports, and protocols table are represented as component assemblies, with...

The Architecture, Network and Data Flow Diagramss are each represented using the same OSCAL patte...

FedRAMP authorized services should be used, whenever possible, since their risk is defined. Howe...

Get Started The oscal-cli is an open source command-line utility designed to help developers and ...

Validating OSCAL content is a tiered process that ensures data integrity from basic file structur...

OSCAL offers a great deal of flexibility for controls responses. To balance consistency, interope...

The normalized approach is prefered. Organizations starting new with no legacy SSP content should...

System Information CSP Name The cloud service provider (CSP) name and abbreviation are represent...

OSCAL makes two approaches available for depicting the system inventory: Flat Approach: Aligns ...