Oscal Visualizer
by euCann
Create visual diagrams and representations of OSCAL documents including control hierarchies, component relationships, implementation flows, and SSP overviews. Inspired by oscal-diagrams and community visualization tools.
Skill Details
Repository Files
1 file in this skill directory
name: oscal-visualizer description: Create visual diagrams and representations of OSCAL documents including control hierarchies, component relationships, implementation flows, and SSP overviews. Inspired by oscal-diagrams and community visualization tools.
OSCAL Visualizer Skill
Create visual representations of OSCAL documents to help understand control structures, relationships, and compliance status.
When to Use This Skill
Use this skill when you need to:
- Visualize control hierarchies and families
- Show component relationships
- Display implementation coverage
- Create SSP overview diagrams
- Generate assessment flow charts
- Produce compliance dashboards
✅ Data Source Principle
This skill creates visualizations from documents you provide. All diagram content reflects your OSCAL data — no compliance information is generated from training knowledge.
Diagram Types
| Type | Purpose | Best For |
|---|---|---|
| Control Hierarchy | Show control families and relationships | Catalogs, profiles |
| Component Relationships | Map components to controls | Component definitions |
| Implementation Flow | Show how controls are implemented | SSPs |
| Profile Inheritance | Display profile layering | Profiles |
| SSP Overview | System security summary | SSPs |
| Assessment Flow | Assessment process visualization | SAP, SAR |
Visualization Color Schemes
Control Families
| Family | Color | Hex |
|---|---|---|
| AC (Access Control) | Red | #FF6B6B |
| AU (Audit) | Teal | #4ECDC4 |
| CM (Config Mgmt) | Green | #96CEB4 |
| IA (Auth) | Purple | #DDA0DD |
| SC (Sys/Comm) | Med Purple | #9370DB |
| SI (Integrity) | Turquoise | #00CED1 |
Implementation Status
| Status | Color | Symbol |
|---|---|---|
| Implemented | Green | ✅ |
| Partial | Yellow | ⚠️ |
| Planned | Blue | 🔵 |
| Not Applicable | Gray | ➖ |
| Missing | Red | ❌ |
How to Create Visualizations
Control Hierarchy Diagram
For catalogs and profiles:
NIST 800-53 Rev 5
├── Access Control (AC) [20 controls]
│ ├── AC-1: Policy and Procedures
│ ├── AC-2: Account Management
│ │ ├── AC-2(1): Automated Management
│ │ ├── AC-2(2): Automated Temporary Accounts
│ │ └── AC-2(3): Disable Accounts
│ └── AC-3: Access Enforcement
│ └── AC-3(1): Restricted Access
├── Audit and Accountability (AU) [16 controls]
│ ├── AU-1: Policy and Procedures
│ └── AU-2: Event Logging
...
Component Relationship Diagram
┌─────────────────────────────────────────────────┐
│ SYSTEM │
├─────────────────────────────────────────────────┤
│ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Azure AD │────│ App Svc │────│ Azure DB │ │
│ └────┬─────┘ └────┬─────┘ └────┬─────┘ │
│ │ │ │ │
│ ┌────┴─────┐ ┌────┴─────┐ ┌────┴─────┐ │
│ │ AC-2,IA-2│ │ SC-7,CM-6│ │ SC-28,AU-2│ │
│ │ IA-5,AU-2│ │ SI-3,SI-4│ │ AC-3,SC-8 │ │
│ └──────────┘ └──────────┘ └──────────┘ │
│ │
└─────────────────────────────────────────────────┘
Implementation Status Heatmap
CONTROL IMPLEMENTATION STATUS
=============================
AC AT AU CA CM CP IA IR MA MP PE PL PM PS RA SA SC SI
┌───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┐
Imp │███│███│███│███│███│░░░│███│███│███│███│░░░│███│███│███│███│███│███│███│
Par │░░░│░░░│░░░│░░░│░░░│███│░░░│░░░│░░░│░░░│███│░░░│░░░│░░░│░░░│░░░│░░░│░░░│
Pln │░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│
N/A │░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│░░░│
└───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┘
Legend: ███ = Present ░░░ = None
SSP Overview Diagram
┌─────────────────────────────────────────────────────────────┐
│ SYSTEM SECURITY PLAN │
│ [System Name v1.0.0] │
├─────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ METADATA │ │ PROFILE │ │ SYSTEM │ │
│ │ │ │ IMPORT │ │ CHARS │ │
│ │ FedRAMP Mod │──────│ NIST 800-53 │──────│ Cloud SaaS │ │
│ │ v2024.01 │ │ Moderate │ │ Boundary │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────┐ │
│ │ CONTROL IMPLEMENTATION │ │
│ │ │ │
│ │ Controls: 325 Implemented: 287 (88%) │ │
│ │ Partial: 25 Planned: 10 N/A: 3 │ │
│ │ │ │
│ │ ┌────────┐ ┌────────┐ ┌────────┐ ┌────────┐ │ │
│ │ │AC: 100%│ │AU: 95% │ │CM: 90% │ │SC: 85% │ │ │
│ │ └────────┘ └────────┘ └────────┘ └────────┘ │ │
│ └───────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────┘
Profile Inheritance Diagram
┌──────────────────┐
│ NIST 800-53 │
│ (Catalog) │
│ 1189 controls │
└────────┬─────────┘
│
┌──────────────┼──────────────┐
▼ ▼ ▼
┌───────────┐ ┌───────────┐ ┌───────────┐
│ LOW │ │ MODERATE │ │ HIGH │
│ Baseline │ │ Baseline │ │ Baseline │
│ 200 ctrls │ │ 325 ctrls │ │ 421 ctrls │
└─────┬─────┘ └─────┬─────┘ └─────┬─────┘
│ │ │
▼ ▼ ▼
┌───────────┐ ┌───────────┐ ┌───────────┐
│ FedRAMP │ │ FedRAMP │ │ FedRAMP │
│ LOW │ │ MODERATE │ │ HIGH │
│ +tailored │ │ +tailored │ │ +tailored │
└───────────┘ └───────────┘ └───────────┘
Compliance Dashboard View
╔═══════════════════════════════════════════════════════════╗
║ COMPLIANCE DASHBOARD ║
╠═══════════════════════════════════════════════════════════╣
║ ║
║ OVERALL COMPLIANCE RISK LEVEL ║
║ ┌────────────────┐ ┌────────────────┐ ║
║ │ 88% │ │ MODERATE │ ║
║ │ ████████░░ │ │ ▲▲▲░░ │ ║
║ └────────────────┘ └────────────────┘ ║
║ ║
║ CONTROL STATUS POA&M STATUS ║
║ ┌──────────────────┐ ┌──────────────────┐ ║
║ │ ✅ Impl: 287 │ │ Open: 15 │ ║
║ │ ⚠️ Partial: 25 │ │ In Progress: 8 │ ║
║ │ 🔵 Planned: 10 │ │ Overdue: 3 │ ║
║ │ ➖ N/A: 3 │ │ Closed (30d): 12 │ ║
║ └──────────────────┘ └──────────────────┘ ║
║ ║
║ FAMILY COVERAGE ║
║ AC ████████████████████ 100% ║
║ AU ██████████████████░░ 95% ║
║ CM ████████████████░░░░ 90% ║
║ IA ██████████████████░░ 95% ║
║ SC █████████████████░░░ 85% ║
║ ║
╚═══════════════════════════════════════════════════════════╝
Output Formats
| Format | Use Case |
|---|---|
| ASCII | Terminal display, text reports |
| Mermaid | Documentation, GitHub |
| DOT/Graphviz | Complex relationships |
| SVG | Web display |
| Markdown tables | Documentation |
Example Usage
When asked "Visualize the control coverage in this SSP":
- Parse the SSP document
- Extract control implementations
- Group by family
- Calculate percentages by status
- Generate appropriate visualization
- Include legend and summary statistics
Related Skills
Dbt Transformation Patterns
Master dbt (data build tool) for analytics engineering with model organization, testing, documentation, and incremental strategies. Use when building data transformations, creating data models, or implementing analytics engineering best practices.
Clinical Decision Support
Generate professional clinical decision support (CDS) documents for pharmaceutical and clinical research settings, including patient cohort analyses (biomarker-stratified with outcomes) and treatment recommendation reports (evidence-based guidelines with decision algorithms). Supports GRADE evidence grading, statistical analysis (hazard ratios, survival curves, waterfall plots), biomarker integration, and regulatory compliance. Outputs publication-ready LaTeX/PDF format optimized for drug develo
Anndata
This skill should be used when working with annotated data matrices in Python, particularly for single-cell genomics analysis, managing experimental measurements with metadata, or handling large-scale biological datasets. Use when tasks involve AnnData objects, h5ad files, single-cell RNA-seq data, or integration with scanpy/scverse tools.
Xlsx
Spreadsheet toolkit (.xlsx/.csv). Create/edit with formulas/formatting, analyze data, visualization, recalculate formulas, for spreadsheet processing and analysis.
Tensorboard
Visualize training metrics, debug models with histograms, compare experiments, visualize model graphs, and profile performance with TensorBoard - Google's ML visualization toolkit
Deeptools
NGS analysis toolkit. BAM to bigWig conversion, QC (correlation, PCA, fingerprints), heatmaps/profiles (TSS, peaks), for ChIP-seq, RNA-seq, ATAC-seq visualization.
Scvi Tools
This skill should be used when working with single-cell omics data analysis using scvi-tools, including scRNA-seq, scATAC-seq, CITE-seq, spatial transcriptomics, and other single-cell modalities. Use this skill for probabilistic modeling, batch correction, dimensionality reduction, differential expression, cell type annotation, multimodal integration, and spatial analysis tasks.
Statsmodels
Statistical modeling toolkit. OLS, GLM, logistic, ARIMA, time series, hypothesis tests, diagnostics, AIC/BIC, for rigorous statistical inference and econometric analysis.
Scikit Survival
Comprehensive toolkit for survival analysis and time-to-event modeling in Python using scikit-survival. Use this skill when working with censored survival data, performing time-to-event analysis, fitting Cox models, Random Survival Forests, Gradient Boosting models, or Survival SVMs, evaluating survival predictions with concordance index or Brier score, handling competing risks, or implementing any survival analysis workflow with the scikit-survival library.
Neurokit2
Comprehensive biosignal processing toolkit for analyzing physiological data including ECG, EEG, EDA, RSP, PPG, EMG, and EOG signals. Use this skill when processing cardiovascular signals, brain activity, electrodermal responses, respiratory patterns, muscle activity, or eye movements. Applicable for heart rate variability analysis, event-related potentials, complexity measures, autonomic nervous system assessment, psychophysiology research, and multi-modal physiological signal integration.