Skip to content

Open source tool for processing OSCAL based FedRAMP SSPs


Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit


Repository files navigation

FedRAMP - Automate Authorization Process Build CI Gitter PkgGoDev

This is open source tool that manipulates official FedRAMP assets. Everyone is welcome to contribute!


  • take FedRAMP/OSCAL formatted System Security Plan and outputs FedRAMP document
  • take opencontrol repository and produce FedRAMP/OSCAL formatted System Security Plans

User Resources

Developer Resources

Exemplary usage - inside of container

Easiest way to reap the fruits of the GoComply/fedramp tool is to use ready made GoComply container. For instance, following command can be issued to generate OSCAL formatted FedRAMP SSPs within a container

podman run \
  --rm -t --security-opt label=disable \
  -v $(pwd):/shared-dir \ sh -c "\
      cd /shared-dir && \
      gocomply_fedramp opencontrol oscal.xml/"
  find oscal.xml/ -type f

And by the way, results of this particular command can be reviewed online under ComplianceAsCode/oscal project.

Exemplary usage - outside of container

Build project (install golang as prerequisite)

go get -u -v

Explore command-line UI

gocomply_fedramp --help
gocomply_fedramp opencontrol --hep
gocomply_fedramp convert --help

Covert Open Control SSPs (in form of masonry repository) to OSCAL SSPs

gocomply_fedramp opencontrol test_output/

Covert OSCAL SSP to DOCX Document

gocomply_fedramp convert ./openshift-container-platform-4-fedramp-Low.xml FedRAMP-Low.docx

This latest step is not fully complete as you can see, some of the fields in the DOCX being blank. This is work in progress.