https://github.com/GoComply/fedramp

Open source tool for processing OSCAL based FedRAMP SSPs
https://github.com/GoComply/fedramp

docx fedramp fedramp-ssps oscal oscal-ssps

Last synced: 24 days ago
JSON representation

Open source tool for processing OSCAL based FedRAMP SSPs

• Host: GitHub
• URL: https://github.com/GoComply/fedramp
• Owner: GoComply
• License: other
• Created: 2020-02-06T15:20:32.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2024-04-30T05:53:50.000Z (2 months ago)
• Last Synced: 2024-04-30T07:11:05.838Z (2 months ago)
• Topics: docx, fedramp, fedramp-ssps, oscal, oscal-ssps
• Language: Go
• Homepage:
• Size: 24.8 MB
• Stars: 33
• Watchers: 9
• Forks: 11
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Lists

• awesome-oscal - GoComply's FedRAMP Utility

README

        
# FedRAMP - Automate Authorization Process ![Build CI](https://github.com/gocomply/fedramp/workflows/Build%20CI/badge.svg) [![Gitter](https://badges.gitter.im/GoComply/community.svg)](https://gitter.im/GoComply/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) [![PkgGoDev](https://pkg.go.dev/badge/github.com/gocomply/fedramp)](https://pkg.go.dev/github.com/gocomply/fedramp)

This is open source tool that manipulates official FedRAMP assets. Everyone is welcome to contribute!

## Features

 - take FedRAMP/OSCAL formatted System Security Plan and outputs FedRAMP document

 - take opencontrol repository and produce FedRAMP/OSCAL formatted System Security Plans

## User Resources

 - [Additional FedRAMP OSCAL Resources and Templates](https://www.fedramp.gov/additional-fedramp-oscal-resources-and-templates/) (August 20, 2020)

 - [FedRAMP adopts OSCAL Announcement](https://www.fedramp.gov/FedRAMP-moves-to-automate-the-authorization-process/) (December 17, 2019)

## Developer Resources

 - [Guide to OSCAL-based FedRAMP](https://github.com/GSA/fedramp-automation/raw/master/documents/FedRAMP_OSCAL_Vendor_Resources.pdf)

## Exemplary usage - inside of container

Easiest way to reap the fruits of the GoComply/fedramp tool is to use ready made GoComply container. For instance, following command can be issued to generate OSCAL formatted FedRAMP SSPs within a container

```

podman run \

  --rm -t --security-opt label=disable \

  -v $(pwd):/shared-dir \

  quay.io/gocomply/gocomply sh -c "\

      cd /shared-dir && \

      gocomply_fedramp opencontrol https://github.com/ComplianceAsCode/redhat oscal.xml/"

  find oscal.xml/ -type f

  ```

  

  And by the way, results of this particular command can be reviewed online under [ComplianceAsCode/oscal](https://github.com/ComplianceAsCode/oscal) project.

## Exemplary usage - outside of container

Build project (install golang as prerequisite)

```

go get -u -v github.com/gocomply/fedramp/cli/gocomply_fedramp

```

Explore command-line UI

```

gocomply_fedramp --help

gocomply_fedramp opencontrol --hep

gocomply_fedramp convert --help

```

Covert [Open Control](https://open-control.org/) SSPs (in form of [masonry repository](https://github.com/opencontrol/compliance-masonry)) to OSCAL SSPs

```

gocomply_fedramp opencontrol https://github.com/ComplianceAsCode/redhat test_output/

```

Covert OSCAL SSP to DOCX Document

```

wget https://raw.githubusercontent.com/ComplianceAsCode/oscal/master/xml/openshift-container-platform-4-fedramp-Low.xml

gocomply_fedramp convert ./openshift-container-platform-4-fedramp-Low.xml FedRAMP-Low.docx

```

This latest step is not fully complete as you can see, some of the fields in the DOCX being blank. This is work in progress.