Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

FedRAMP OSCAL SAR

The following guidelines describe how to apply the OSCAL models, along with some FedRAMP-specific data requirements and extensions, to express a FedRAMP Security Assessment Results (SAR) in OSCAL. This includes:

An overview of using the OSCAL SAR model to represent a FedRAMP SAR.
Guidance on representing FedRAMP SAR template information in OSCAL.
Using the OSCAL SAR for generating other content artifacts.

FedRAMP extensions and allowed values are cited in relevant portions of this documentation.

This page was last updated on July 17, 2024. Improve this Page.