This repository contains validated and non-validated OSCAL files across multiple FedRAMP and NIST-supported formats. Validation was performed using the OSCAL CLI Tool , a high-fidelity metaschema-based framework for OSCAL schema validation.

Link to OSCAL Foundation Open Letter to FedRAMP

List out the different files tested. Which ones work and which did not. For the ones that did not work, do you know why it failed?

If Yes, What would be the recommended fix. Please Submit a Github Issue OR Add the information in the readme for each folder type.

Each top-level directory represents a distinct OSCAL model:

📁 SAP/
   ├── 📁 Valid/
   └── 📁 Not_Valid/
📁 SSP/
   ├── 📁 Valid/
   └── 📁 Not_Valid/
📁 POAM/
📁 Component_Definition/
📁 Profile/

Each model folder contains:

• Valid/: Files that successfully passed validation via oscal-cli validate
• Not_Valid/: Files that did not pass validation and require attention

All files in the Valid/ subfolders were tested using the oscal-cli as follows:

🧪 Sample Validation Command:

oscal-cli validate (File)

For SSP (FedRAMP Contraints in SSP Folder):

oscal-cli validate (File) -c (Constraint File 1) -c (Constraint File 2)

The tool checks against:

• OSCAL metaschema constraints
• Format correctness for JSON/XML/YAML
• Required fields, enumerations, and references

Files in the Not_Valid/ directories failed at least one validation check. Common issues include:

• Missing required metadata (e.g., uuid, title)
• Schema mismatches
• Malformed JSON, XML, or YAML
• Unresolved import/include references

These files are retained for debugging, completeness, and ongoing improvement.