Skip to content

Open source tool for processing OSCAL based FedRAMP SSPs

License

Notifications You must be signed in to change notification settings

GoComply/fedramp

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

FedRAMP - Automate Authorization Process Build CI Gitter PkgGoDev

This is open source tool that manipulates official FedRAMP assets. Everyone is welcome to contribute!

Features

  • take FedRAMP/OSCAL formatted System Security Plan and outputs FedRAMP document
  • take opencontrol repository and produce FedRAMP/OSCAL formatted System Security Plans

User Resources

Developer Resources

Exemplary usage - inside of container

Easiest way to reap the fruits of the GoComply/fedramp tool is to use ready made GoComply container. For instance, following command can be issued to generate OSCAL formatted FedRAMP SSPs within a container

podman run \
  --rm -t --security-opt label=disable \
  -v $(pwd):/shared-dir \
  quay.io/gocomply/gocomply sh -c "\
      cd /shared-dir && \
      gocomply_fedramp opencontrol https://github.com/ComplianceAsCode/redhat oscal.xml/"
  find oscal.xml/ -type f

And by the way, results of this particular command can be reviewed online under ComplianceAsCode/oscal project.

Exemplary usage - outside of container

Build project (install golang as prerequisite)

go get -u -v github.com/gocomply/fedramp/cli/gocomply_fedramp

Explore command-line UI

gocomply_fedramp --help
gocomply_fedramp opencontrol --hep
gocomply_fedramp convert --help

Covert Open Control SSPs (in form of masonry repository) to OSCAL SSPs

gocomply_fedramp opencontrol https://github.com/ComplianceAsCode/redhat test_output/

Covert OSCAL SSP to DOCX Document

wget https://raw.githubusercontent.com/ComplianceAsCode/oscal/master/xml/openshift-container-platform-4-fedramp-Low.xml
gocomply_fedramp convert ./openshift-container-platform-4-fedramp-Low.xml FedRAMP-Low.docx

This latest step is not fully complete as you can see, some of the fields in the DOCX being blank. This is work in progress.