When it comes to OSCAL, I understand the what, but not the how. I understand that the goal of OSCAL is to automate the monitoring of control implementation, and that it does so through a set of extensible formats which support a range of risk management processes.
I've been reading this guide to learn more about the XML and JSON files included in the FedRAMP Automation release, but I'm having a hard time making sense of it (I'm not a software developer).
What am I supposed to do with these XML/JSON files to automate the creation of SSPs, monitor the implementation of controls, etc.? Are there any resources which teach XML/JSON noobs how to get started with OSCAL?
Thank you!
[link] [comments]