oscal
Safeguard articles tagged "oscal" — guides, analysis, and best practices for software supply chain and application security.
4 articles
FedRAMP 20x Phase Two: What Moderate Pilots Are Teaching Us
FedRAMP 20x Phase Two is running Moderate-baseline pilots through Q2 2026. We walk through KSIs, machine-readable OSCAL, and the path to wide-scale adoption.
DoD Risk Management Framework (RMF) mapping for container...
How DoD RMF container control mapping actually works, where Anchore's scan-first approach leaves manual crosswalk work for compliance teams, and how Safeguard automates NIST 800-53 evidence.
FedRAMP 20x Phase One: 13 of 26 Pilot Reviews Completed
GSA announced FedRAMP 20x on March 24, 2025. By the end of Phase One in late September, FedRAMP had received 26 submissions and completed 13 reviews.
FedRAMP 20x KSIs: Compliance as Machine-Readable Evidence
FedRAMP 20x, launched March 2025, replaces document-heavy authorization with 56-61 Key Security Indicators submitted as OSCAL. Here is what cloud providers must actually automate.