Search Results

If you need to convert legacy documentation to OSCAL, follow this path. If you are approaching OSCAL to intially create your system security plan and do not have legacy documentaiton to convert, follow the New Adoption Path. Organizations with existing Word a...

UTF-8 Character Encoding OSCAL uses UTF-8 character encoding. JSON and YAML files are always UTF-8 character encoded, but XML files must include an explicit UTF-8 encoding. Other encodings are not allowed and could create unpredictable results in OSCAL tools. ...

The best way to adopt OSCAL for your system depends on your circumstances. The OSCAL Foundation defines two adoption strategies: Retrofit Adoption Path: Converting Legacy Documentation New Adoption Path: Creating New Documentation Retrofit Adoption Path If ...

If you are approaching OSCAL to intially create your system security plan and do not have legacy documentaiton to convert, follow this path. If you need to convert legacy documentation to OSCAL, follow the Retrofit Adoption Path. Organizations adopting OSCAL ...

Document Revision History The OSCAL revision history requires one FedRAMP extension to meet FedRAMP’s revision history requirements. The revision history’s author information is derived from FedRAMP’s party-uuid flag, which points to a metadata party UUID valu...

OSCAL component include: this system, a special component that represents the entire system and everything within the authorization boundary technical components, including virtual and physical hardware as well as software, such as routers, switches, firewall...

Validating OSCAL content is a tiered process that ensures data integrity from basic file structure to complex compliance requirements. For organizations following the Retrofit FedRAMP adoption path, validation requirements evolve as you move from initial MVP s...

See [Controls citation and link]

There is no OSCAL construct for representing an acronyms list. Attach a document (e.g., Word, Excel, PDF) with acronyms using a back-matter, resources entry.

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: Each -1 control should have links entries to the relevant plolicy and procedure documents This...

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: The SA-5 (id=sa-5 control should have links entries to the user guide This is not normalized a...

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: The PL-4 (id=pl-4 control should have links entries to the RoB This is not normalized and is o...

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: The CP-2 (id=cp-2 control should have links entries to the RoB This is not normalized and is o...

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: The CM-9 (id=cm-9 control should have links entries to the RoB This is not normalized and is o...

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: The IR-8 (id=ir-8 control should have links entries to the RoB This is not normalized and is o...

This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: The CA-7 (id=ca-7 control should have links entries to the RoB This is not normalized and is o...

The FedRAMP Control Information Summary (CIS) and Customer Responsibility Matrix (CRM) are derived directly from the OSCAL control responses. There is no need to maintain a separate CIS/CRM artifact; however, this information must be properly represented in th...