OSCAL Training Resources

[CXMFR1]

I tried to ask this during the working group today, but there just wasn't enough time to get through all of the questions.

Are there any recommended guidance or trainings for transitioning from the current documentation, e.g. SSP (Word) or POA&M (Excel), to OSCAL/machine readable documentation? Something that is more friendly to us less technical individuals. The NIST guidance is difficult to follow for me since this is really my first time dipping into the world of machine-readable documentation.

[pjavan]

In terms of training there isn't much. FedRAMP does have an archived repo with an example SSP and POAM to give you an idea.

Can you produce your SSP in Excel? If so, there are folks that can help you with converting Excel to OSCAL along with commercial tools that enable you to do it yourself.

Reach out to the OSCAL Foundation and they may be able to help point you in the right direction.

[pete-gov]

Are there any recommended guidance or trainings for transitioning from the current documentation, e.g. SSP (Word) or POA&M (Excel), to OSCAL/machine readable documentation? Something that is more friendly to us less technical individuals. The NIST guidance is difficult to follow for me since this is really my first time dipping into the world of machine-readable documentation.

On the FedRAMP side, we're expecting industry to fill the gap here. This will require concerted effort for each provider along with collaboration with each other and likely support from industry groups and other collaborative alliances. There are a lot of webinars, youtube videos, and blog posts about how folks have attacked this in the past and I'm sure there's more to come, but you'll definitely need to dig in a bit.

I'd also echo pjavan's suggestion that the OSCAL Foundation is a great place to start connecting with one of those industry alliances that has already existed for a minute.

I hope other folks will chime in here with more resources/thoughts/etc. too!

[ethanolivertroy]

I tried to ask this during the working group today, but there just wasn't enough time to get through all of the questions.

Are there any recommended guidance or trainings for transitioning from the current documentation, e.g. SSP (Word) or POA&M (Excel), to OSCAL/machine readable documentation? Something that is more friendly to us less technical individuals. The NIST guidance is difficult to follow for me since this is really my first time dipping into the world of machine-readable documentation.

I'll be working on something with the https://github.com/oscal-compass/compliance-trestle community this month and next
My hope is to get some stuff out that makes it less intimidating

AWS Labs has started to work on an OSCAL MCP Server as well - https://github.com/awslabs/mcp-server-for-oscal

[brian-ruf]

@CXMFR1 I am one of the co-creators of OSCAL and represented FedRAMP's interests as a contractor during early OSCAL development. I became an independent consultant in Fall of 2024 so that I could support OSCAL efforts on both the government and commercial side with a minimum of OCI challenges.

I volunteer some time every week to furthering OSCAL enablement, such as supporting the OSCAL Foundation, and would be happy to have a few conversations with you to get you started and to help establish accurate, realistic expectations. Please feel free to initiate conversation via LinkedIn, where we can coordinate a time to speak.

Beyond that offer, I endorse everything cited by the other commenters above.
The OSCAL Foundation also has a YouTube channel that includes a Beginner's Guide Webinar as well as a Technical Deep Dive.

While I am not yet sure if NIST will be continuing their monthly workshop series in 2026, there are four years of past slides and recordings here:
https://pages.nist.gov/OSCAL/learn/presentations/mini-workshop/

[ethanolivertroy]

https://github.com/metaschema-framework/claude-plugins

[ethanolivertroy]

https://github.com/ethanolivertroy/compliance-trestle-claude-plugin
Working with a group over at Compliance Trestle on these