Search Results

System Owner follows the Roles pattern, using the system-owner role. Defined Identifiers Required Role ID: system-owner

Information System Security Officer (ISSO) follows the Roles pattern, using the information-system-security-officer role. Defined Identifiers Required Role ID: information-system-security-officer

This is address in Appendix Q: Cryptographic Modules.

All OSCAL artifacts must have the following content in metadata: title: The artifact's title last-modified: The date/timestamp of the last modification to any content in the artifact. This is an date-time-with-timezone format. version: The version of the cont...

If you need to convert legacy documentation to OSCAL, follow this path. If you are approaching OSCAL to intially create your system security plan and do not have legacy documentaiton to convert, follow the New Adoption Path. Organizations with existing Word a...

The best way to adopt OSCAL for your system depends on your circumstances. The OSCAL Foundation defines two adoption strategies: Retrofit Adoption Path: Converting Legacy Documentation New Adoption Path: Creating New Documentation Retrofit Adoption Path If ...

If you are approaching OSCAL to intially create your system security plan and do not have legacy documentaiton to convert, follow this path. If you need to convert legacy documentation to OSCAL, follow the Retrofit Adoption Path. Organizations adopting OSCAL ...

OSCAL component include: this system, a special component that represents the entire system and everything within the authorization boundary technical components, including virtual and physical hardware as well as software, such as routers, switches, firewall...

See [Controls citation and link]

There is no OSCAL construct for representing an acronyms list. Attach a document (e.g., Word, Excel, PDF) with acronyms using a back-matter, resources entry.

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: Each -1 control should have links entries to the relevant plolicy and procedure documents This...

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: The SA-5 (id=sa-5 control should have links entries to the user guide This is not normalized a...

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: The PL-4 (id=pl-4 control should have links entries to the RoB This is not normalized and is o...

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: The CP-2 (id=cp-2 control should have links entries to the RoB This is not normalized and is o...

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: The CM-9 (id=cm-9 control should have links entries to the RoB This is not normalized and is o...

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: The IR-8 (id=ir-8 control should have links entries to the RoB This is not normalized and is o...

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: The CA-7 (id=ca-7 control should have links entries to the RoB This is not normalized and is o...

The FedRAMP Control Information Summary (CIS) and Customer Responsibility Matrix (CRM) are derived directly from the OSCAL control responses. There is no need to maintain a separate CIS/CRM artifact; however, this information must be properly represented in th...