Export in OSCAL format
Continuous Authorization and Monitoring supports the Open Security Controls Assessment Language (OSCAL) used by the National Institute of Standards and Technology (NIST) that provides control-related information in standardized machine-readable formats. CAM supports Catalog, Profile, System Security Plan (SSP), and Plan of Action and Milestones (POA&M) models.
Source tables to fetch data for the models
The following table identifies which CAM tables provide data for each Open Security Controls Assessment Language (OSCAL) JSON property during export operations.
For step-by-step instructions on exporting each OSCAL model, see the following topics:| Source table | JSON property |
|---|---|
| Catalog | |
| Control objective | controls |
| Control Objective to Control objective requirement | statements parts |
| Test template to Assessment procedure | assessment objective parts |
| Control Objective | guidance |
| Test Template | Assessment-method (Examine) |
| Test Template | Assessment-method (Interview) |
| Profile | |
| Baseline Control | Include-controls |
| Baseline Control | Exclude-controls |
| SSP | |
| Authorization boundary | components |
| Authorization package | leveraged-authorization |
| Authorization boundary | security-impact-level |
| Control requirement | statements |
| Authorization boundary | by-components |
| Information type | Information-types |