Create Example FedRAMP OSCAL Templates with Examples of Embedded ZIP Archives

[ohsh6o]

Action Item

This is a ...

• enhancement - Something could be better.

This relates to ...

• the FedRAMP OSCAL Registry (Excel File)
• the Guide to OSCAL-based FedRAMP Content (PDF)
• the Guide to OSCAL-based FedRAMP System Security Plans (SSP) (PDF)
• the Guide to OSCAL-based FedRAMP Security Assessment Plans (SAP) (PDF)
• the Guide to OSCAL-based FedRAMP Security Assessment Reports (SAR) (PDF)
• the Guide to OSCAL-based FedRAMP Plan of Action and Milestones (POA&M) (PDF)
• the FedRAMP SSP OSCAL Template (JSON or XML Format)
• the FedRAMP SAP OSCAL Template (JSON or XML Format)
• the FedRAMP SAR OSCAL Template (JSON or XML Format)
• the FedRAMP POA&M OSCAL Template (JSON or XML Format)

Describe the problem or enhancement

Upon review of drafts of FedRAMP OSCAL-Based file guides, it would be prudent to show a more detail example of attachments, as alluded to in the drafts, but a fuller example with an example ZIP archive and a representative file structure within, could be of potential benefit.

Goals:

Better examples of real-world use of attachments in FedRAMP OSCAL document instances.

Dependencies:

N/A

Acceptance Criteria

• All FedRAMP Documents Related to OSCAL Adoption affected by the changes in this issue have been updated.
• A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.

[volpet2014]

FedRAMP PMO is investigating this further as process and policy issue related to how zipped up attachments and artifacts would be handled by the review team.