Support NIST OSCAL (Open Security Controls Assessment Language) output to feed automated ATO pipelines such as Trestle and Lula. **Acceptance Criteria:** - [ ] Generate OSCAL Assessment Results JSON - [ ] Map findings to OSCAL observation and finding structures - [ ] Include control implementation status per NIST 800-53 control - [ ] Validate output against OSCAL JSON schema - [ ] `stigcode export oscal --input results.sarif --output assessment-results.json` - [ ] Document integration with Trestle and Lula workflows
Support NIST OSCAL (Open Security Controls Assessment Language) output to feed automated ATO pipelines such as Trestle and Lula.
Acceptance Criteria:
stigcode export oscal --input results.sarif --output assessment-results.json