Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

FedRAMP OSCAL SAP

The following guidelines describe how to apply the OSCAL models, along with some FedRAMP-specific data requirements and extensions, to express a FedRAMP Security Assessment Plan (SAP) in OSCAL. This includes:

An overview of using the OSCAL SAP model to represent a FedRAMP SAP.
Guidance on representing FedRAMP SAP template information in OSCAL.
Using the OSCAL SAP for generating other content artifacts.

FedRAMP extensions and allowed values are cited in relevant portions of this documentation.

This page was last updated on July 17, 2024. Improve this Page.