Search Results

The OSCAL Foundation's FedRAMP Technical Focus Group (TFG) is enabling FedRAMP stakeholders to adopt OSCAL for FedRAMP package deliverables. The following is our plan of work: Milestones Phase 0 Establish Resources and Form Team [Complete] Phase 1 MVP FedRAMP...

The SSP title page follows the Title Pages pattern.

Core OSCAL requires somne content to be present all OSCAL artifacts. This is crtical to consistent processing. Root Element and Root-Level Universally Unique Identifier The root element must be one of the case-sensitive OSCAL model names: catalog profile mapp...

FedRAMP no longer includes System Status in the SSP template; however core OSCAL requires the system status to be identified. The system statys is represented in system-characteristics. A status entry that includes: state field set to one of the allowed val...

Every FedRAMP assessment package must identify the party (individual, team or organization) responsible for pre-defined roles, such as system owner and information system security officer (ISSO). Representing this information in OSCAL requires four important e...

Attachments All OSCAL models handle attachments the same way. The following is used to attach files to OSCAL-based FedRAMP artifacts, such as when attaching policies and plans to a System Security Plan (SSP) or evidence to a Security Assessment Report (SAR). I...

This entire chapter is FedRAMP PMO boilerplate and does not need to be represented in OSCAL content.

This entire chapter is FedRAMP PMO boilerplate and does not need to be represented in OSCAL content.

System Owner follows the Roles pattern, using the system-owner role. Defined Identifiers Required Role ID: system-owner

Information System Security Officer (ISSO) follows the Roles pattern, using the information-system-security-officer role. Defined Identifiers Required Role ID: information-system-security-officer

This is address in Appendix Q: Cryptographic Modules.

All OSCAL artifacts must have the following content in metadata: title: The artifact's title last-modified: The date/timestamp of the last modification to any content in the artifact. This is an date-time-with-timezone format. version: The version of the cont...