Export OSCAL SSP
Generate and download Open Security Controls Assessment Language (OSCAL) JSON formatted System Security Plan (SSP) files containing authorization package data including controls, boundaries, and system implementation details from the Authorization package overview record page. The authorization package must be in Implement state or later to generate OSCAL System Security Plan (SSP) files.
Before you begin
Role required: sn_irm_cont_auth.admin, sn_irm_cont_auth.system_owner, sn_irm_cont_auth.authorization_official, sn_irm_cont_auth.info_system_sec_manager, or sn_irm_cont_auth.info_system_sec_officer
Procedure
-
In the CAM
Workspace, select the List icon (
).
-
To download the SSP zip file, select the Download OSCAL SSP from the Download OSCAL drop-down list.
Important:Verify that the pop-up blocker is disabled for the URL so that the SSP zip file is automatically downloaded to your local repository.
The downloaded zip file contains catalog.json, overlay-catalog.json, profile.json, ssp.json, and poam.json files. If diagrams attach to relevant fields or link to the package boundary, they appear in the zip file contents. Available diagrams include dataflow diagrams, network architecture diagrams, authorization boundary diagrams, and enterprise architecture diagrams.
Note:- If no POA&M is linked to the Authorization Package, the poam.json file will not be generated.
- The overlay-catalog.json file contains only the policies linked to the Authorization Package. If no catalog overlay is linked to the Authorization Package, the overlay-catalog.json file will not be generated. Multiple overlay-catalog files will be generated one for each overlay.
- To customize the OSCAL behavior for export, see the OSCAL Model customization support [KB1650397] article in the Now Support Knowledge Base.
For more information on OSCAL import error, see the OSCAL Import [KB1794095] article in the Now Support Knowledge Base.