The OSCAL assessment results layer provides models for describing or reporting the results of assessment activities.
The OSCAL models comprising the assessment layer are:
An Assessment Results model, which represents the findings of a periodic or continuous assessment of a specific system.
A Plan of Action and Milestones (POA&M) model, which represents the known risks for a specific system, as well as the identified deviations, remediation plan, and disposition status of each risk.
Possible additional assessment results models to be defined and developed as part of OSCAL 2.0.
The assessment results and POA&M models are designed to enable easy flow of risk information from the results to the POA&M. These models are intended to be used in the context of a specific system. The assessment results are further intended to be used in the context of a specific assessment plan.
The OSCAL assessment results layer is part of the OSCAL architecture.