compliance-fedramp-validator_skill

This skill validates FedRAMP POAM files for structure, naming, deduplication, and cross-sheet consistency to ensure submission readiness.
  • Python

5

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill williamzujkowski/cognitive-toolworks --skill compliance-fedramp-validator

  • CHANGELOG.md1.3 KB
  • SKILL.md12.0 KB

Overview

This skill validates FedRAMP Plan of Action and Milestones (POAM) TSV files for structural integrity, naming conventions, duplicate entries, and cross-sheet consistency. It runs fast tiered checks—from header and format sanity to naming/deduplication and deep cross-sheet validation—producing machine-readable findings and prioritized fix suggestions. Use it as a pre-submission quality gate or as part of continuous monitoring workflows.

How this skill works

The skill parses a tab-delimited POAM TSV, verifies encoding and required headers, and performs row-level format checks (dates, required fields, severity values). In tiered stages it enforces naming schemas, computes hashes and text-similarity for deduplication, validates timelines against FedRAMP remediation windows, and performs cross-sheet consistency checks (Open vs Closed). Outputs include a findings JSON and a markdown fix suggestions report with timestamps and skill version metadata.

When to use it

  • Before FedRAMP POAM submission or AO handoff
  • During continuous monitoring updates prior to AO submission
  • After assessments to clean and deduplicate POAM entries
  • When converting OSCAL-to-TSV to validate mapping integrity
  • As an automated quality gate in CI for POAM artifacts

Best practices

  • Provide a naming_convention JSON to enforce org-specific IDs; otherwise FedRAMP defaults apply
  • Run Tier 1 first to catch blocking parse/format errors before deeper analysis
  • Keep input files ≤10 MB and UTF-8 encoded, tab-delimited
  • Log validation steps and preserve original files; the skill performs read-only checks
  • Treat Critical errors as blockers; address warnings before final submission

Example use cases

  • CI pipeline step that rejects POAM TSVs with >10% row errors
  • Pre-submission check that flags High severity items overdue against FedRAMP timelines
  • Post-assessment deduplication to merge identical or near-duplicate weaknesses across Open/Closed sheets
  • Cross-sheet audit to detect items accidentally listed in both Open and Closed
  • Automated report generation producing findings.json and fix_suggestions.md for reviewers

FAQ

Parse failures, unreadable/corrupted file, missing header row, or critical schema errors cause the skill to abort and report pre-check failures.

How are duplicates detected?

Exact duplicates use a deterministic hash on Control Identifier + Weakness Description + Resource. Near-duplicates use a reproducible text-similarity threshold (≥80%).

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
compliance-fedramp-validator skill by williamzujkowski/cognitive-toolworks | VeilStrat