Skip to main content

OSCAL Examples

To facilitate the OSCAL adoption in ways that allow the adopters to take full advange of OSCAL abilities of representing the security data and the automation of the security assessment and of the risk management with a maximum return on investment (ROI), the NIST OSCAL team published basic examples of OSCAL content instances in the NIST's OSCAL-content repository, the examples directory.

To properly understand the examples, interested parties are advised to also review the OSCAL walkthrough tutorials.

More OSCAL examples supporting the use of the OSCAL models are developed and maintained by the community in the OSCAL Club examples repository .


OSCAL examples need to always be formally validated to confirm their correctness and fitness for a risk management process and security automation. See Well-formed Data Formats and Valid OSCAL and Validation of any OSCAL content instance for more details on how to accomplish OSCAL content instance validation by applying the appropriate schema for the respective format.

This page was last updated on November 8, 2023.