Agent skill

oscal-parser

Parse OSCAL (Open Security Controls Assessment Language) documents in JSON, YAML, or XML formats and extract structured compliance data. Use this skill when working with security control catalogs, system security plans, component definitions, or other OSCAL document types.

View SKILL.md on GitHub Repository
Stars 6
Forks 1

Install this agent skill to your Project

npx add-skill https://github.com/euCann/OSCAL-GRC-SKILLS/tree/main/skills/oscal-parser

SKILL.md

OSCAL Parser Skill

Parse OSCAL documents in any supported format (JSON, YAML, XML) and extract structured data for compliance analysis.

When to Use This Skill

Use this skill when you need to:

  • Read and parse OSCAL documents from files
  • Detect the format and model type of an OSCAL document
  • Extract metadata, controls, components, or other OSCAL elements
  • Convert OSCAL data into a workable structure for further analysis

✅ Data Source Principle

This skill operates only on documents you provide. It reads and parses — it does not generate compliance data from training knowledge. All output comes directly from your OSCAL document.

Supported Formats

Format Extensions Notes
JSON .json Most common format, fastest parsing
YAML .yaml, .yml Human-readable, good for editing
XML .xml Legacy format, full schema support

OSCAL Model Types

The parser automatically detects these OSCAL model types:

  • Catalog - Security control catalogs (e.g., NIST 800-53)
  • Profile - Control baselines and overlays
  • System Security Plan (SSP) - System security documentation
  • Component Definition - Reusable component security capabilities
  • Assessment Plan - Assessment procedures
  • Assessment Results - Assessment findings
  • Plan of Action and Milestones (POA&M) - Remediation tracking

How to Parse an OSCAL Document

Step 1: Identify the File

Confirm the file path and check the extension to determine format.

Step 2: Parse the Content

Based on the format:

  • JSON: Parse using standard JSON parsing
  • YAML: Parse using YAML safe loading
  • XML: Parse using XML to dictionary conversion

Step 3: Detect Model Type

Examine the root keys to identify the document type:

  • Look for keys like catalog, profile, system-security-plan, etc.
  • The presence of specific keys indicates the model type

Step 4: Extract Key Information

For each model type, extract:

Catalog:

  • metadata - Title, version, OSCAL version
  • groups - Control families
  • controls - Individual security controls
  • back-matter - Resources and references

System Security Plan:

  • metadata - System identification
  • import-profile - Baseline reference
  • system-characteristics - System description
  • system-implementation - Implementation details
  • control-implementation - How controls are implemented

Component Definition:

  • metadata - Component identification
  • components - Individual components
  • capabilities - Component capabilities

Output Structure

When parsing is complete, provide:

  1. Format detected (JSON/YAML/XML)
  2. Model type (catalog, SSP, etc.)
  3. Metadata summary (title, version, last modified)
  4. Content summary (count of controls, components, etc.)
  5. Any parsing warnings or issues

Example Usage

When asked "Parse this OSCAL catalog and tell me what's in it":

  1. Read the file content
  2. Detect format from extension
  3. Parse the content
  4. Identify it as a catalog
  5. Report:
    • Title and version
    • Number of control families
    • Total number of controls
    • OSCAL version used

Error Handling

Handle these common issues:

  • File not found: Verify the path is correct
  • Invalid format: Check file extension matches content
  • Malformed content: Report specific parsing errors
  • Unknown model type: List root keys for manual identification

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

euCann/OSCAL-GRC-SKILLS

oscal-control-mapper

Create and analyze OSCAL Control Mapping documents to establish formal relationships between controls across different frameworks (NIST 800-53, ISO 27001, CIS, PCI-DSS, etc.). Use this skill to document control equivalencies, gaps, and harmonization for multi-framework compliance.

6 1
Explore
euCann/OSCAL-GRC-SKILLS

oscal-validator

Validate OSCAL documents for structural integrity, schema compliance, and OSCAL-specific requirements. Use this skill to check if OSCAL documents are properly formatted and meet NIST OSCAL specifications before processing.

6 1
Explore
euCann/OSCAL-GRC-SKILLS

control-implementation-generator

Generate detailed control implementation guidance, technical steps, and implementation plans for OSCAL security controls. Use this skill to create implementation narratives, technical procedures, and deployment plans.

6 1
Explore
euCann/OSCAL-GRC-SKILLS

oscal-visualizer

Create visual diagrams and representations of OSCAL documents including control hierarchies, component relationships, implementation flows, and SSP overviews. Inspired by oscal-diagrams and community visualization tools.

6 1
Explore
euCann/OSCAL-GRC-SKILLS

oscal-text-converter

Convert OSCAL documents between formats (JSON, YAML, XML) and to human-readable formats like Markdown or plain text. Use for document transformation, reporting, and making OSCAL data accessible to non-technical stakeholders.

6 1
Explore
euCann/OSCAL-GRC-SKILLS

controls-extractor

Extract and analyze security controls from OSCAL catalogs, profiles, and SSPs. Use this skill to get detailed information about control hierarchies, statements, parameters, and implementation status for compliance analysis.

6 1
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results