Skip to main content

OSCAL Concepts

This section of the OSCAL website presents:

  • Key terminology used in OSCAL;
  • An overview of the OSCAL layers and models, to include who and what processes they apply to;
  • A processing specification for handling some types of OSCAL content;
  • Illustrative examples of how to represent control implementation and risk management data in OSCAL XML, JSON, and YAML formats; and
  • A discussion of how OSCAL relates to and draws inspiration from other documentary standards.

This page was last updated on May 27, 2021.