Accelerate FedRAMP Compliance Through Automatic Generation of Required FedRAMP Documentation

Simplify—and accelerate—FedRAMP compliance by automatically generating required FedRAMP documentation with Xacta 

Xacta is at the forefront of leveraging NIST’s Open Security Controls Assessment Language (OSCAL) standard now being adopted by FedRAMP to speed and automate authorization. With OSCAL integration in Xacta 360, organizations are able to submit FedRAMP system security plans (SSPs) and other documentation in machine-readable format, including:

Security Assessment Plans (SAPs)

Security Assessment Reports (SARs)

Plans of Action and Milestones (POAMs)

Contingency Plans

Privacy Impact Assessments

And much more.

This will accelerate the approval process for inclusion in the FedRAMP Marketplace and speed time-to-revenue for federal cloud applications. Essentially, Xacta and OSCAL put you in the express lane to FedRAMP compliance to start selling to the $6 billion+ federal marketplace for cloud solutions and services.  

Future versions of Xacta 360 will build upon OSCAL capabilities to offer even more benefit for users in various industries as NIST continues to develop the standard. 

What is OSCAL?

Open Security Control Assessment Language is a standardized, data-centric framework that can be applied to an information system for documenting and assessing its security controls. 


  • Control information lacks standardization  
  • Assessing control implementation across multiple components  
  • Supporting multiple regulatory frameworks simultaneously  
  • Streamline documentation reviews and assessment process 
Schedule a Demo
OSCAL is like a Rosetta Stone that enables tools and organizations to exchange information via automation.
– National Institute of Standards and Technology (NIST)
While the time saved is still TBD, it seems possible that the typical turnaround period of two to four months for an assessment [with OSCAL] could be reduced to a mere two to four weeks.
– Federal Computer Week
OSCAL is a new standard. FedRAMP has adopted this standard for all packages.
– FedRAMP acquisition Q&A

Quick Facts about OSCAL Functionality Within Xacta:

  • Xacta’s workflow supports FedRAMP OSCAL package requirements, while maintaining support of legacy documents.
  • Packages meeting requirements are ingested into Xacta leveraging the API and/or data exchange model (XDE).
  • One-click OSCAL SSP export functionality allows CSPs to publish and validate their package on a regular basis (and prior to submission).
Schedule a Demo

With Xacta for FedRAMP, It’s Possible to Export SSPs with the Click of a Button:

Expediting SSP Submissions with OSCAL


The New Era of FedRAMP: Expediting SSP Submissions via OSCAL

FedRAMP is trying something new: adopting the use of Open Security Controls Assessment Language (OSCAL) for all packages.

Learn more


Xacta for FedRAMP

Reduce the time and cost needed to achieve and maintain FedRAMP compliance.

Learn More
Xacta for FedRAMP
Xacta: IT and Cyber Risk Management Platform


Latest Release of Xacta® 360 and Includes Extended API and Extended No-Code Configurations Options for Xacta 360 and Faster Processing Times in

Telos Corporation has released Xacta 360 1.10 and 1.11, further enhancing the industry-leading Xacta® cyber risk management and continuous compliance platform.

Learn More

Request a Demo
Let us show you Xacta in action.