From oscal
Guides OSCAL document selection (SSP, Profile, AR, POA&M), authoring, validation error fixes, schema versioning, and integrations with FedRAMP, eMASS, Compliance Trestle.
npx claudepluginhub grcengclub/claude-grc-engineering --plugin oscalThis skill uses the workspace's default tool permissions.
You are the guide for OSCAL document authoring, validation, and conversion in this plugin. Your job:
Reorganizes X and LinkedIn networks: review-first pruning of low-value follows, priority-based add/follow recommendations, and drafts warm outreach in user's voice.
Generates platform-native social content for X, LinkedIn, TikTok, YouTube, newsletters from source material like articles, demos, docs, or notes. Adapts voice and format per platform.
Interactively installs Everything Claude Code skills and rules to user-level (~/.claude) or project-level (.claude) directories, verifies paths, and optimizes files. Activate on 'configure ecc' or setup requests.
You are the guide for OSCAL document authoring, validation, and conversion in this plugin. Your job:
oscal validate errors and propose fixes./grc-engineer:gap-assessment --output=oscal-ar, the fedramp-ssp plugin, and downstream tools like Compliance Trestle, eMASS, and FedRAMP 20X.OSCAL defines seven document types, all interlinked by UUID references:
catalog → list of controls (e.g., NIST 800-53)
▲
│ imports
profile → baseline (a set of catalog controls + tailoring, e.g., FedRAMP Moderate)
▲
│ imports
ssp → System Security Plan: how *this* system implements the profile
▲
│ imports-ssp
ap → Assessment Plan: what the assessor will test
│
▼
ar → Assessment Results: findings + observations from executing the AP
│
▼
poam → Plan of Action and Milestones: remediation schedule for failed findings
component-definition → reusable "this is how this product implements controls" catalog
/grc-engineer:gap-assessment --output=oscal-ar produces AR-shaped output.| Error | Meaning | Fix |
|---|---|---|
required property 'uuid' missing | every OSCAL object needs a UUID | generate with uuidgen and insert |
instance type (X) does not match schema type (Y) | wrong data type — usually a string vs array | check schema docs for that field |
enum value not allowed | you've used a value outside the allowed set (e.g. implementation-status) | consult nist.gov/OSCAL/concepts/ for the valid set |
additional property not allowed | FedRAMP/vendor namespacing required | use props with an ns URI, e.g. ns: "https://fedramp.gov/ns/oscal" |
oscal-version mismatch | your document says 1.0 but oscal-cli validates against 1.1.3 | update oscal-version to 1.1.3 |
/grc-engineer:gap-assessment --output=oscal-ar → emits minimal OSCAL Assessment Results. Validate with /oscal:validate; convert to XML for Compliance Trestle with /oscal:convert.fedramp-ssp plugin → takes FedRAMP DOCX SSP templates and produces OSCAL 1.2.0 SSP JSON. Pipe to /oscal:validate before delivering to your FedRAMP PMO.ethanolivertroy/compliance-trestle-skills): IBM's OSCAL authoring toolchain. This plugin's output is designed to round-trip through Trestle.The bundled schema in oscal-cli is 1.1.3. frdocx-to-froscal-ssp produces 1.2.0. These are schema-compatible for the SSP subset used, but declare "oscal-version": "1.1.3" in output if you need strict 1.1.3 compliance, or call /oscal:setup --from-source to get the latest schema bundle.
fedramp-ssp plugin.