AI Agent Skill HUB

advanced-oscal-validator

Perform comprehensive OSCAL validation using community-inspired patterns including JSON schema validation, business rule validation, cross-reference checking, and best practices from IBM Trestle, oscal-pydantic, and Lula. Use for thorough document quality assurance.

181 stars
bymajiayu000
View on GitHubInstallation ↓

Best use case

advanced-oscal-validator is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Perform comprehensive OSCAL validation using community-inspired patterns including JSON schema validation, business rule validation, cross-reference checking, and best practices from IBM Trestle, oscal-pydantic, and Lula. Use for thorough document quality assurance.

Teams using advanced-oscal-validator should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/advanced-oscal-validator/SKILL.md --create-dirs "https://raw.githubusercontent.com/majiayu000/claude-skill-registry/main/skills/data/advanced-oscal-validator/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/advanced-oscal-validator/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How advanced-oscal-validator Compares

Feature / Agentadvanced-oscal-validatorStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Perform comprehensive OSCAL validation using community-inspired patterns including JSON schema validation, business rule validation, cross-reference checking, and best practices from IBM Trestle, oscal-pydantic, and Lula. Use for thorough document quality assurance.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Advanced OSCAL Validator Skill

Perform comprehensive OSCAL document validation using advanced patterns inspired by community tools including IBM Trestle, oscal-pydantic, and Defense Unicorns' Lula.

## When to Use This Skill

Use this skill when you need to:
- Perform thorough validation beyond basic structure
- Validate against NIST OSCAL JSON schemas
- Check business rules and best practices
- Validate cross-references and links
- Ensure FedRAMP-specific requirements are met

---

## ⛔ Authoritative Data Requirement

Validation checks **user-provided documents** against structural rules.

### What This Skill Does (Safe)
- Validates OSCAL structure and syntax
- Checks UUID formats and references
- Verifies required fields are present
- Confirms cross-references resolve
- Applies business rule logic to YOUR document

### What Requires Authoritative Sources
| Validation Type | Requires |
|-----------------|----------|
| Baseline completeness | The baseline profile being validated against |
| Control reference validation | The catalog that controls reference |
| FedRAMP-specific rules | FedRAMP baseline |

### For Baseline Validation
```
To validate SSP completeness against a baseline, I need both:
1. Your SSP document (provided)
2. The baseline profile it should meet (e.g., FedRAMP Moderate)

I cannot determine if controls are missing without the authoritative baseline.
```

---

## Validation Levels

| Level | Description | Checks |
|-------|-------------|--------|
| Schema | JSON schema compliance | Structure, types, required fields |
| Semantic | Business logic | UUIDs, references, dates |
| Quality | Best practices | Completeness, clarity |
| Framework | FedRAMP/NIST specific | Baseline compliance |

## Advanced Validation Categories

### Schema Validation
Validate against official NIST OSCAL JSON schemas:
- Catalog schema
- Profile schema
- SSP schema
- Component definition schema
- Assessment schemas

### UUID Validation
- Format: RFC 4122 compliant
- Uniqueness: No duplicates within document
- References: All UUID refs resolve

### Cross-Reference Validation
- Control references exist in imported catalogs
- Party references resolve within document
- Component references are valid
- Resource links are accessible

### Business Rule Validation

| Rule | Description |
|------|-------------|
| BIZ-001 | SSP must import a profile |
| BIZ-002 | All baseline controls must be addressed |
| BIZ-003 | Implementation status required for each control |
| BIZ-004 | Responsible parties must be defined |
| BIZ-005 | System characteristics must be complete |

### FedRAMP-Specific Validation
- All required control families present
- POA&M references valid
- Required attachments present
- Naming conventions followed

## Validation Report Structure

```
ADVANCED VALIDATION REPORT
==========================
Document: ssp.json
Type: System Security Plan
Schema Version: 1.2.0
Validation Date: 2024-01-15

SUMMARY
-------
Schema Valid: ✅ Yes
Semantically Valid: ⚠️ Warnings
Quality Score: 85/100

SCHEMA VALIDATION
-----------------
Status: PASS
- Structure: Valid
- Required Fields: All present
- Data Types: Correct

UUID VALIDATION
---------------
Total UUIDs: 245
Unique: 245 ✅
Invalid Format: 0 ✅
Orphaned References: 2 ⚠️
  - #uuid-abc123 not found
  - #uuid-def456 not found

CROSS-REFERENCE VALIDATION
--------------------------
Control References: 320/325 valid
  Missing: AC-1(1), CM-7(1), SI-4(2), ...
  
Party References: 12/12 valid ✅
Component References: 45/45 valid ✅

BUSINESS RULES
--------------
✅ BIZ-001: Profile imported
⚠️ BIZ-002: 5 controls not addressed
✅ BIZ-003: All have implementation status
✅ BIZ-004: Responsible parties defined
⚠️ BIZ-005: System boundary incomplete

QUALITY CHECKS
--------------
- Implementation narratives: 95% complete
- Evidence references: 80% complete
- Parameter values: 100% set
- Remarks clarity: Good

RECOMMENDATIONS
---------------
1. Add missing control implementations
2. Resolve orphaned UUID references
3. Complete system boundary description
```

## How to Perform Advanced Validation

### Step 1: Schema Validation
1. Identify document type from root element
2. Fetch appropriate NIST schema
3. Validate document against schema
4. Collect all schema violations

### Step 2: UUID Analysis
1. Extract all UUIDs from document
2. Validate format (8-4-4-4-12 hex)
3. Check for duplicates
4. Build reference graph
5. Find orphaned references

### Step 3: Cross-Reference Check
1. Extract all internal references (#uuid-...)
2. Extract all control-id references
3. Resolve each reference
4. Report unresolved references

### Step 4: Business Rule Evaluation
Apply business rules based on document type:

**For SSP:**
- Verify profile import exists
- Check all baseline controls addressed
- Validate implementation statements present
- Confirm responsible parties assigned

**For Component Definition:**
- Verify component has title
- Check control implementations reference valid controls
- Validate capability descriptions

### Step 5: Quality Assessment
Score based on:
- Completeness of narratives
- Presence of evidence references
- Parameter value coverage
- Clarity and specificity

## Validation Patterns from Community

### From IBM Trestle
- Workspace-based validation
- Model assembly validation
- Profile resolution checking

### From oscal-pydantic
- Type-safe validation
- Field-level constraints
- Nested object validation

### From Lula
- Control validation automation
- Policy-as-code patterns
- Continuous validation

## Common Validation Issues

| Issue | Severity | Fix |
|-------|----------|-----|
| Missing metadata.title | ERROR | Add title |
| Invalid UUID format | ERROR | Regenerate UUID |
| Orphaned reference | WARNING | Update or remove |
| Missing implementation | WARNING | Add narrative |
| Empty remarks | INFO | Add context |

## Example Usage

When asked "Thoroughly validate this SSP":

1. Parse the SSP document
2. Validate against OSCAL SSP schema
3. Check all UUIDs for format and uniqueness
4. Resolve all cross-references
5. Apply SSP business rules
6. Score quality metrics
7. Generate comprehensive validation report
8. Provide prioritized fix recommendations

Related Skills

advanced-skill-creator

181
from majiayu000/claude-skill-registry

Meta-skill that generates domain-specific skills using advanced reasoning techniques. PROACTIVELY activate for: (1) Create/build/make skills, (2) Generate expert panels for any domain, (3) Design evaluation frameworks, (4) Create research workflows, (5) Structure complex multi-step processes, (6) Instantiate templates with parameters. Triggers: "create a skill for", "build evaluation for", "design workflow for", "generate expert panel for", "how should I approach [complex task]", "create skill", "new skill for", "skill template", "generate skill"

advanced-rendering

181
from majiayu000/claude-skill-registry

Master high-performance rendering for large datasets with Datashader. Use this skill when working with datasets exceeding 100M+ points, optimizing visualization performance, or implementing efficient rendering strategies with rasterization and colormapping techniques.

Advanced React Clean Integration

181
from majiayu000/claude-skill-registry

Integrate React with clean architecture without framework leakage using hooks as adapters and presenters. Use when connecting React to domain logic, designing hook-based DI, or isolating UI from business rules.

Advanced RE Analysis

181
from majiayu000/claude-skill-registry

Specialized reverse engineering analysis workflows for binary analysis, pattern recognition, and vulnerability assessment

advanced-patterns

181
from majiayu000/claude-skill-registry

Advanced T-SQL patterns and techniques for SQL Server. Use this skill when: (1) User needs help with CTEs or recursive queries, (2) User asks about APPLY operator, (3) User wants MERGE or OUTPUT clause help, (4) User works with temporal tables, (5) User needs In-Memory OLTP guidance, (6) User asks about advanced grouping (ROLLUP, CUBE, GROUPING SETS).

Advanced Modular Library Design

181
from majiayu000/claude-skill-registry

Design modular libraries with clear package boundaries, feature-first organization, and clean API surfaces. Use when structuring monorepos, defining module boundaries, or designing library APIs.

advanced-memory-skill-creator

181
from majiayu000/claude-skill-registry

Use when planning, scaffolding, validating, or packaging Claude skills inside Advanced Memory MCP.

advanced-memoization-strategies

181
from majiayu000/claude-skill-registry

Apply principled memoization techniques to reduce re-rendering without introducing correctness bugs.

advanced-math-trading/robustness-risk

181
from majiayu000/claude-skill-registry

Tail risk, EVT, regularization, validation guardrails, and common pitfalls.

advanced-math-trading/portfolio-factors

181
from majiayu000/claude-skill-registry

Factor modeling and portfolio construction (Markowitz, Black-Litterman, constraints, turnover).

advanced-math-trading/foundations-core

181
from majiayu000/claude-skill-registry

Probability, moments/tails, Bayes, and statistical learning foundations for systematic trading.

advanced-kubernetes

181
from majiayu000/claude-skill-registry

Custom Resource Definitions (CRDs) extend Kubernetes API with custom object types. Operators are controllers that manage these custom resources using domain-specific logic.