Advanced Search
Search Results
103 total results found
Appendix L: CSO-Specific Required Laws and Regulations
Needs Work Content cleanup YAML Example For MVP: attach a Word or PDF document enumerating the applicable laws and regulations. For Normalized: Provide one back-matter/resources entry per applicable law or regulation that includes: a title with the tit...
Appendix M: Integrated Inventory Workbook
See Inventory Approaches for guidance.
Appendix O: POA&M
See the FedRAMP POA&M book.
Appendix P: Supply Chain Risk Management Plan (SCRMP)
This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples MVP Key Points Include: The SR-2 (id=sr-2 control should have links entries to the user guide This is not normalized a...
Control Response: Approaches
OSCAL offers a great deal of flexibility for controls responses. To balance consistency, interoperability and ease of adoption, the OSCAL Foundation recommends two approaches: Flat Approach: Aligns with FedRAMP's SSP Word template where control responses are ...
Control Response: Normalized Approach
The normalized approach is prefered. Organizations starting new with no legacy SSP content should use this. For organizations converting from a legacy FedRAMP SSP Word template, consider starting with the Control Response: Flat Approach and migrating to the no...
Control Response: Flat Approach
The flat approach to control responses is only intended as a starting point for service providers converting from a legacy FedRAMP SSP Word template. If you are not converting a legacy SSP, use the Control Response: Normalized Approach. With the flat approach...
Getting Started
Welcome to the OSCAL Foundation Patterns Library! The goal of the OSCAL Patterns Library is to maximize interoperability across OSCAL tools. The library accomplishes this by defining the recommended OSCAL representation for specific use cases. Recommendations ...
Overview
This includes overview topics of the OSCAL Foundation Patterns Library
Validating FedRAMP Content with OSCAL CLI
Get Started The oscal-cli is an open source command-line utility designed to help developers and security professionals interact with OSCAL. To get started, follow the installation instructions from the OSCAL-CLI GitHub "README" page. Once installed, you can u...
Validating Content
The adoption of standardized, machine-readable security data requires a rigorous approach to ensuring data integrity across various layers of complexity. By implementing a systematic validation framework, organizations can transition from manual document revie...
Reports
Comments Summary
:root { --accent: #2d6be4; --accent-dim: #e8effe; --border: #dde1e9; --surface2: #f0f2f5; --muted: #6b7280; --tag-open: #16a34a; --tag-arc: #92400e; --radius: 6px; --mono: "JetBrains Mono", "Fira Mono", monospace; } .cr-meta { font-size: .8rem; color: var(--mu...