OSCAL Concepts
This concepts page serves as a gateway to essential information designed to help community members navigate and fully understand OSCAL.
Here, you'll find a curated collection of key resources, including detailed explanations of the terminology used in OSCAL, a breakdown of OSCAL's architecture and its various layers, and insights into the types of identifiers OSCAL supports. You'll also discover practical guidance on profile resolution, risk management implementation, and examples of how to work with OSCAL data in formats like XML, JSON, and YAML. Additionally, there is an overview of how OSCAL aligns with other document standards.
Explore the links below to dive deeper into these key OSCAL concepts:
- Learn about key terminology used in OSCAL;
- The usage of URIs (Uniform Resource Identifiers) in OSCAL;
- Utilizing Well-formed Data Formats to easily read or write OSCAL documents;
- An overview of identifier use and UUIDs (Universally Unique Identifiers) in OSCAL models;
- An overview of the OSCAL layers and models, to include who and what processes they apply to;
- A Profile Resolution Specification for handling the transformation of OSCAL Profiles into OSCAL Catalogs;
- A discussion of how OSCAL relates to and draws inspiration from other documentary standards.
- Illustrative examples of how to represent control implementation and risk management data in OSCAL XML, JSON, and YAML formats including actual data and mockups for demonstration;