Open Security Controls Assessment Language (OSCAL) Workshop

The National Institute of Standards and Technology is hosting the first of a new series of workshops focusing on the Open Security Controls Assessment Language (OSCAL). OSCAL provides a standardized set of XML-, JSON- and YAML-based formats for use by authors and maintainers of security and privacy control catalogs, control baselines, and system security plans. These formats provide for the automated exchange of control-related information between tools and facilitate the automated assessment of security and privacy controls implemented in an information system.

We are seeking attendees who are developers of control-oriented security tools, and organizations that want to use or create OSCAL-based information. This workshop will provide this audience familiarity with, and skill in, the development and use of OSCAL. 

The OSCAL project and this new workshop series are aligned with NIST’s mission of promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST works to maximize its impact and mission fulfillment by positioning itself to anticipate future technology trends and develop the most important measurements and standards products that are aligned with industry drivers and needs.

Who should attend:

• Leaders in digital transformation and security automation from the government, private, and academic sectors;
• Vendors of security automation tools who are considering implementing OSCAL formats in their tools;
• Participants in standard development organizations focusing on developing and publishing control catalogs and baselines;
• System owners from the government, private, and academic sectors who want to streamline the documentation of controls used in their information systems.