UIAO Core — Generation Engine & Adapter Framework

Mission

UIAO is a federal compliance and network modernization platform that eliminates manual, error-prone compliance machinery and replaces it with a single deterministic engine — one strict YAML SSOT that continuously generates every required artifact, enforces every required control, and contains drift in under 120 seconds.

What this platform is designed to accomplish:

• FedRAMP Moderate Rev 5 — Full 247-control baseline, OSCAL-native SSP/POA&M generation, continuous ATO evidence. Authorization packages are a pipeline output.
• CISA SCuBA / BOD 25-01 — Live bidirectional governance envelope across covered M365 and cloud platforms. Policy drift is detected, attributed, and evidence-backed automatically.
• KSI Compliance Engine — 163 Key Security Indicators across 7 categories, continuously evaluated and embedded in OSCAL back-matter as cryptographically linked evidence.
• Immutable Evidence Fabric — Every compliance claim is backed by a tamper-evident bundle (raw output → normalized overlay → KSI result → GPG-signed commit hash). Auditors get a verifiable chain, not a screenshot.
• Drift Detection in < 120 s — Every commit and scheduled run validates live state against the YAML canon. Drift is never silently tolerated — always measured, attributed, and actionable.
• Zero Trust / TIC 3.0 — Identity is the root namespace. Six control planes (Identity, Addressing, Overlay, Telemetry, Management, Governance) implement NIST SP 800-207 and TIC 3.0 as architectural properties, not checkboxes.
• Future-proof governance — The adapter framework and KSI schema extend to any new CISA directive, OMB memo, or cloud platform without touching the generation engine.

→ Full mission scope, mandate alignment, and architectural invariants: VISION.md

→ Customer Documentation Platform architecture (federal pair): ARCHITECTURE.md — canonical architecture for the uiao-core + uiao-docs federal FedRAMP-Moderate pair. Covers canon registry, cross-repo sync, image pipeline, Git LFS strategy, Azure Government migration roadmap, and NIST 800-53 compliance mapping. Out of scope: uiao-gos (commercial product, separate architecture).

Compliance with Presidential Executive Orders

UIAO is explicitly architected to help Federal agencies implement the provisions of the following Presidential Executive Orders:

• EO 14144 (January 16, 2025) — Strengthening and Promoting Innovation in the Nation's Cybersecurity — third-party software supply-chain, post-quantum cryptography, AI-cyber hardening, IoT security, zero-trust expansion.
• EO 14306 (June 6, 2025) — Sustaining Select Efforts to Strengthen the Nation's Cybersecurity; amending EO 13694 and EO 14144 — current controlling cybersecurity EO.
• EO 14390 (March 6, 2026) — Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens — paired with the March 2026 President Trump's Cyber Strategy for America.

UIAO's four capability pillars — claims-based evidence fabric, adapter framework, drift detection, and KSI provenance — map directly to the Zero Trust architecture, federal cybersecurity modernization, FedRAMP / cloud transition, and continuous-compliance themes of these orders. The canonical EO mapping (UIAO_004) is the single source of truth for these provisions.

---

Repository: uiao-core Role: Machine-readable tooling — OSCAL generation, adapter framework, Python engine, schemas Classification: Open Source

---

What This Repository Is

uiao-core is the generation engine and adapter framework for the Unified Identity-Addressing-Overlay Architecture (UIAO) — a federal network modernization program targeting FedRAMP Moderate Rev 5 compliance. It transforms YAML definitions into OSCAL JSON, Markdown, DOCX, PPTX, and CycloneDX SBOM artifacts.

• Python generation engine (src/) — transforms YAML canon into OSCAL JSON, Markdown, DOCX, PPTX, and CycloneDX SBOM
• • Control library (data/control-library/) — 247 granular NIST controls covering the full FedRAMP Moderate baseline
  • • Adapter framework — standardized interfaces connecting vendor systems (Entra, Infoblox, CyberArk, ServiceNow, Palo Alto, Cisco, SD-WAN) to the UIAO schema
    • • JSON schemas (schemas/) — validation schemas for KSI mappings, OSCAL profiles, drift detection

      • • Scripts (scripts/) — crosswalk validation, drift checks, pre-commit hooks, directory enforcement

        • • Tests (tests/) — unit and integration tests for the generation pipeline

          ---

          Documentation Canon — Separation Notice

          This repository is the engine, not the documentation source. The canonical .qmd source files, YAML data schemas, rendered HTML site, and Quarto pipeline live in uiao-docs.

          What	Where
          20+ canonical documents (.qmd)	uiao-docs
          YAML data schemas (30 files)	uiao-docs/data/
          Rendered HTML site	whalermike.github.io/uiao-docs
          OSCAL generation engine	This repo (src/)
          Control library (247 controls)	This repo (data/control-library/)