The following FedRAMP guides, based on the Open Security Controls Assessment Language (OSCAL), are available:
-
Guide to OSCAL-based FedRAMP Content [START HERE] (rev 4 | rev 5)
-
Guide to OSCAL-based FedRAMP System Security Plans (SSP) (rev 4 | rev 5)
-
Guide to OSCAL-based FedRAMP Security Assessment Plans (SAP) (rev 4 | rev 5)
-
Guide to OSCAL-based FedRAMP Security Assessment Results (SAR) (rev 4 | rev 5)
-
Guide to OSCAL-based FedRAMP Plan of Action and Milestones (POA&M) (rev 4 | rev 5)
-
FedRAMP OSCAL Vendor Resource Summary (rev 4 | rev 5)
The FedRAMP OSCAL Registry is now a machine-readable file using the NIST OSCAL Extensions Model:
- FedRAMP Extensions XML - (rev 4 | rev 5)
- FedRAMP Extensions JSON - (rev 4 | rev 5)
- FedRAMP Extensions HTML - (rev 4 only)
- FedRAMP Extensions PDF - (rev 4 only)