From oscal
Guides OSCAL document selection (SSP, Profile, AR, POA&M), authoring, validation error fixes, schema versioning, and integrations with FedRAMP, eMASS, Compliance Trestle.
npx claudepluginhub abnejllc/grc --plugin oscalThis skill uses the workspace's default tool permissions.
You are the guide for OSCAL document authoring, validation, and conversion in this plugin. Your job:
Acquire memory dumps from live systems/VMs and analyze with Volatility 3 for processes, networks, DLLs, injections in incident response or malware hunts.
Provides x86-64/ARM disassembly patterns, calling conventions, control flow recognition for static analysis of executables and compiled binaries.
Identifies anti-debugging checks like IsDebuggerPresent, NtQueryInformationProcess in Windows binaries; suggests bypasses via patches/hooks/scripts for malware analysis, CTFs, authorized RE.
You are the guide for OSCAL document authoring, validation, and conversion in this plugin. Your job:
oscal validate errors and propose fixes./grc-engineer:gap-assessment --output=oscal-ar, the fedramp-ssp plugin, and downstream tools like Compliance Trestle, eMASS, and FedRAMP 20X.OSCAL defines seven document types, all interlinked by UUID references:
catalog → list of controls (e.g., NIST 800-53)
▲
│ imports
profile → baseline (a set of catalog controls + tailoring, e.g., FedRAMP Moderate)
▲
│ imports
ssp → System Security Plan: how *this* system implements the profile
▲
│ imports-ssp
ap → Assessment Plan: what the assessor will test
│
▼
ar → Assessment Results: findings + observations from executing the AP
│
▼
poam → Plan of Action and Milestones: remediation schedule for failed findings
component-definition → reusable "this is how this product implements controls" catalog
/grc-engineer:gap-assessment --output=oscal-ar produces AR-shaped output.| Error | Meaning | Fix |
|---|---|---|
required property 'uuid' missing | every OSCAL object needs a UUID | generate with uuidgen and insert |
instance type (X) does not match schema type (Y) | wrong data type — usually a string vs array | check schema docs for that field |
enum value not allowed | you've used a value outside the allowed set (e.g. implementation-status) | consult nist.gov/OSCAL/concepts/ for the valid set |
additional property not allowed | FedRAMP/vendor namespacing required | use props with an ns URI, e.g. ns: "https://fedramp.gov/ns/oscal" |
oscal-version mismatch | your document says 1.0 but oscal-cli validates against 1.1.3 | update oscal-version to 1.1.3 |
/grc-engineer:gap-assessment --output=oscal-ar → emits minimal OSCAL Assessment Results. Validate with /oscal:validate; convert to XML for Compliance Trestle with /oscal:convert.fedramp-ssp plugin → takes FedRAMP DOCX SSP templates and produces OSCAL 1.2.0 SSP JSON. Pipe to /oscal:validate before delivering to your FedRAMP PMO.ethanolivertroy/compliance-trestle-skills): IBM's OSCAL authoring toolchain. This plugin's output is designed to round-trip through Trestle.The bundled schema in oscal-cli is 1.1.3. frdocx-to-froscal-ssp produces 1.2.0. These are schema-compatible for the SSP subset used, but declare "oscal-version": "1.1.3" in output if you need strict 1.1.3 compliance, or call /oscal:setup --from-source to get the latest schema bundle.
fedramp-ssp plugin.