Skip to main content

OSCAL Assessment Results Layer

The OSCAL assessment results layer provides models for describing or reporting the results of assessment activities.

The OSCAL models comprising the assessment layer are:

  1. An Assessment Results model, which represents the findings of a periodic or continuous assessment of a specific system.

  2. A Plan of Action and Milestones (POA&M) model, which represents the known risks for a specific system, as well as the identified deviations, remediation plan, and disposition status of each risk.

  3. Possible additional assessment results models to be defined and developed as part of OSCAL 2.0.

The assessment results and POA&M models are designed to enable easy flow of risk information from the results to the POA&M. These models are intended to be used in the context of a specific system. The assessment results are further intended to be used in the context of a specific assessment plan.

The OSCAL assessment results layer is part of the OSCAL architecture.

This section contains the following topics:

  • Assessment Results Model: XML and JSON format documentation for the OSCAL Assessment Results model, which is part of the OSCAL Assessment Results layer. These formats model the findings of a periodic or continuous assessment.
  • Plan of Action and Milestones (POA&M) Model: XML and JSON format documentation for the OSCAL Plan of Action and Milestones (POA&M) model, which is part of the OSCAL Assessment Results layer. These formats model the findings of a periodic or continuous assessment.

This page was last updated on May 6, 2020.