Skip to main content

OSCAL Concepts

This section of the OSCAL website presents:

  • Key terminology used in OSCAL;
  • An overview of the OSCAL layers and models, to include who and what processes they apply to;
  • An oververview of identifier use in OSCAL models;
  • A Profile Resolution Specification for handling the transformation of OSCAL Profiles into OSCAL Catalogs;
  • Illustrative examples of how to represent control implementation and risk management data in OSCAL XML, JSON, and YAML formats; and
  • A discussion of how OSCAL relates to and draws inspiration from other documentary standards.

This page was last updated on November 8, 2023.