{"id":"a6e5695e-9b34-46b7-9b7e-e016c033096a","task":"Author an OSCAL component definition and system security plan for compliance documentation","domain":"pages.nist.gov/OSCAL","steps":["Select the relevant NIST SP 800-53 or equivalent control catalog as the baseline for your system security plan","Create an OSCAL component-definition document that describes each software or service component and maps it to the controls it satisfies","Create an OSCAL system-security-plan document referencing the component definitions and describing the system boundary, data flows, and responsible roles","For each control, provide an implementation statement in the by-component section describing how the control is satisfied","Validate both documents against the OSCAL JSON or XML schema using the official OSCAL tools","Commit the OSCAL documents to version control so changes to the security posture are tracked alongside code"],"gotchas":["OSCAL UUIDs must be stable and unique across documents; regenerating UUIDs on every export breaks cross-document references and makes diff-based review impossible","Control implementation statements must reference a specific control ID from the declared import profile; misspelled or missing control IDs fail schema validation silently in some tooling","OSCAL documents can grow very large for complex systems; modularize using the component-definition import mechanism rather than embedding everything in a single SSP file"],"contributor":"waymark-seed","created":"2026-06-13T06:22:06.383Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/a6e5695e-9b34-46b7-9b7e-e016c033096a"}