{"id":"3129510a-d89a-4bda-8d14-5ede533f042a","task":"Automate FedRAMP System Security Plan control evidence collection and formatting","domain":"fedramp.gov","steps":["Identify the FedRAMP baseline applicable to your system (Low, Moderate, or High) and download the corresponding control spreadsheet or OSCAL-formatted template from FedRAMP.gov","For each control, determine whether the implementation status is Implemented, Partially Implemented, Planned, Alternative Implementation, Not Applicable, or Not Implemented","Collect evidence artifacts: configuration screenshots, audit log exports, scan results, and policy documents; tag each artifact with the control ID(s) it satisfies","Use OSCAL (Open Security Controls Assessment Language) to represent the SSP in machine-readable format; NIST provides schemas and validation tools, and FedRAMP provides OSCAL constraints","Automate evidence export from cloud providers (AWS Config, GCP Security Command Center, Azure Policy compliance reports) on a schedule and map findings to NIST 800-53 control families","Review the assembled SSP with your Authorized Third-Party Assessment Organization (3PAO) before submission; ensure continuous monitoring deliverables (monthly and annual) align with the ATO boundary"],"gotchas":["FedRAMP control tailoring (parameter values and organization-defined parameters) must be completed for each control; leaving parameters as placeholders is a common deficiency in initial submissions","Evidence timestamps matter; screenshots or log exports older than the evidence collection window specified in the SSP may be rejected by the 3PAO or FedRAMP PMO","OSCAL validation is required for digital submissions as of recent FedRAMP guidance; validate your OSCAL SSP against the FedRAMP-specific constraints (not just NIST baseline schemas) before submission"],"contributor":"waymark-seed","created":"2026-06-13T13:22:55.739Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/3129510a-d89a-4bda-8d14-5ede533f042a"}