Agent-Skills.md

Agent Skills: OSCAL Validator Skill

Validate OSCAL documents for structural integrity, schema compliance, and OSCAL-specific requirements. Use this skill to check if OSCAL documents are properly formatted and meet NIST OSCAL specifications before processing.

UncategorizedID: euCann/OSCAL-GRC-SKILLS/oscal-validator

Repository

euCann/OSCAL-GRC-SKILLS
euCannLicense: MIT
51

Install this agent skill to your local

pnpm dlx add-skill https://github.com/euCann/OSCAL-GRC-SKILLS/tree/HEAD/skills/oscal-validator

Skill Files

Browse the full folder contents for oscal-validator.

Download Skill

Loading file tree…

skills/oscal-validator/SKILL.md

Skill Metadata

Name
oscal-validator
Description
Validate OSCAL documents for structural integrity, schema compliance, and OSCAL-specific requirements. Use this skill to check if OSCAL documents are properly formatted and meet NIST OSCAL specifications before processing.

OSCAL Validator Skill

Validate OSCAL documents against NIST schemas and perform structural integrity checks to ensure compliance data quality.

When to Use This Skill

Use this skill when you need to:

  • Verify an OSCAL document is properly formatted
  • Check for missing required fields
  • Validate UUIDs and cross-references
  • Ensure metadata completeness
  • Identify structural issues before further processing

✅ Data Source Principle

This skill validates documents you provide against structural rules and OSCAL schema requirements. Validation logic is safe — it checks format and syntax, not compliance content.

Note: For baseline completeness validation (e.g., "does this SSP cover all FedRAMP Moderate controls?"), you must also provide the baseline profile/catalog.

Validation Severity Levels

| Level | Meaning | Action Required | |-------|---------|-----------------| | ERROR | Document is invalid | Must fix before use | | WARNING | Potential issues | Should review | | INFO | Suggestions | Optional improvements |

Validation Rules

Structure Validation (STRUCT)

| Rule | Description | |------|-------------| | STRUCT-001 | Document must not be empty or null | | STRUCT-002 | Document must have a root element | | STRUCT-003 | Root element must be a valid OSCAL model type |

Metadata Validation (META)

| Rule | Description | |------|-------------| | META-001 | Metadata section is required | | META-002 | Title is required | | META-003 | Last-modified timestamp is required | | META-004 | Version is required | | META-005 | OSCAL version should match current spec |

UUID Validation (UUID)

| Rule | Description | |------|-------------| | UUID-001 | Document UUID must be present | | UUID-002 | UUIDs must be valid RFC 4122 format | | UUID-003 | UUIDs must be unique within document |

Reference Validation (REF)

| Rule | Description | |------|-------------| | REF-001 | Internal references must resolve | | REF-002 | Control references must exist | | REF-003 | Party references must resolve |

How to Validate an OSCAL Document

Step 1: Check Basic Structure

  1. Verify document is not empty
  2. Confirm root element exists
  3. Validate root element is a valid OSCAL type

Step 2: Validate Metadata

  1. Check for required metadata section
  2. Verify title is present and non-empty
  3. Confirm last-modified is valid ISO timestamp
  4. Check version is present
  5. Validate oscal-version matches expected format

Step 3: Validate UUIDs

  1. Check document-level UUID exists
  2. Validate UUID format (8-4-4-4-12 hexadecimal)
  3. Build list of all UUIDs
  4. Check for duplicates

Step 4: Validate References

  1. Find all internal references (e.g., #uuid-value)
  2. Verify each reference resolves to existing element
  3. Check control-id references against imported catalogs
  4. Validate party-uuid references

Step 5: Model-Specific Validation

For Catalogs:

  • Groups should have controls
  • Controls should have statements
  • Parameters should have values or selections

For SSPs:

  • Import-profile must reference valid profile
  • System-characteristics must include system-ids
  • Control-implementation must address all imported controls

For Component Definitions:

  • Components must have titles
  • Control implementations must reference valid controls

Validation Report Format

Provide validation results as:

VALIDATION REPORT
=================
Document: [filename]
Model Type: [type]
Valid: [YES/NO]

Issues Found:
- [SEVERITY] [RULE-ID]: [Message] at [location]

Summary:
- Errors: X
- Warnings: Y
- Info: Z

Common Issues and Fixes

| Issue | Cause | Fix | |-------|-------|-----| | Missing metadata | Incomplete document | Add required metadata section | | Invalid UUID | Malformed identifier | Generate new RFC 4122 UUID | | Unresolved reference | Broken link | Update reference or add target | | Missing timestamp | Incomplete metadata | Add ISO 8601 timestamp |

Example Usage

When asked "Validate this SSP for compliance":

  1. Parse the document
  2. Run all validation checks
  3. Collect issues by severity
  4. Report findings with specific locations
  5. Provide actionable fix recommendations