Search Results

See Inventory Approaches for guidance.

See the FedRAMP POA&M book.

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: The SR-2 (id=sr-2 control should have links entries to the user guide This is not normalized a...

OSCAL offers a great deal of flexibility for controls responses. To balance consistency, interoperability and ease of adoption, the OSCAL Foundation recommends two approaches: Flat Approach: Aligns with FedRAMP's SSP Word template where control responses are ...

The normalized approach is prefered. Organizations starting new with no legacy SSP content should use this. For organizations converting from a legacy FedRAMP SSP Word template, consider starting with the Control Response: Flat Approach and migrating to the no...

The flat approach to control responses is only intended as a starting point for service providers converting from a legacy FedRAMP SSP Word template. If you are not converting a legacy SSP, use the Control Response: Normalized Approach. With the flat approach...

The goal of the OSCAL Patterns Library is to maximize interoperability across OSCAL tools. The library accomplishes this by defining the recommended OSCAL representation for specific use cases. Recommendations are based on the consensus of participating Founda...

:root { --accent: #2d6be4; --accent-dim: #e8effe; --border: #dde1e9; --surface2: #f0f2f5; --muted: #6b7280; --tag-open: #16a34a; --tag-arc: #92400e; --radius: 6px; --mono: "JetBrains Mono", "Fira Mono", monospace; } .cr-meta { font-size: .8rem; color: var(--mu...

Individuals, teams, corporations and government agencies are represented in OSCAL metadata using the parties array. Location information can be included within a party's information or defined separately for sharing. Locations Define a common location to be as...

OSCAL SSPs cite OSCAL baseline statement identifiers when representing control implementation responses. Citing the identifiers correctly is critical to machine processing. Within OSCAL baselines, identifiers are assigned to statement parts and item parts for ...

This page is still under development. The <allowed-values> assembly provides a consistent and unambiguous list of machine-readable tokens to be used as data for an identified OSCAL field or flag values. Human readability is coincidental and not their intended...