As a FedRAMP PMO member, to have confidence that validations are easily usable by stakeholders outside of FedRAMP, I want to see one successful integration with OSCAL tooling developed by an external stakeholder outside of FedRAMP.

[ohsh6o]

Context:

An important open question from the 10x Phase Two Discovery Phase is the viability and level of effort of integrating the FedRAMP validations with one or more tools external to FedRAMP, with particular focus on language runtimes and ecosystems with different levels of XML and XSLT tooling maturity.

Acceptance Criteria:

• A proposed integration plan with the FedRAMP PMO.
• An external partner with a tentative documented roadmap.
• Proof-of-concept code integration with the external tool using the FedRAMP Validations to validate a system security plan

[ohsh6o]

One potential integration point is with the IBM Trestle team. We talked to them in P2 and it led to this oscal-compass/compliance-trestle#249. This is one potential partnership we can investigate. There are others, but this one had a concrete outcome. We should document others that are relevant to stories and tasks connected to this epic.