The National Institute of Standards and Technology will be hosting on Tuesday, February 2 and Wednesday, February 3, 2021, the second workshop in a new series focusing on the Open Security Controls Assessment Language (OSCAL).
Setting the foundation for security automation, OSCAL provides machine-readable representations of control catalogs, control baselines, system security plans, assessment plans and assessment results in a set of formats expressed in XML, JSON, and YAML.
Day one of the workshop will highlight OSCAL layers and models, with the goal to familiarize the audience with the OSCAL architecture, formats, and with the NIST SP 800-53 Rev5 catalog and baselines in OSCAL. Day two will explore the Federal Risk and Authorization Management Program (FedRAMP) Program Management Office’s (PMO) efforts to digitalize authorization packages submitted in OSCAL, will present FedRAMP’s updated OSCAL resources that include a comprehensive set of guides for additional deliverables. During both days of the event, we will have a few time slots reserved for participants to give presentations. Attendees interested in being considered to present during the workshop are encouraged to review the Call for Proposals below for additional information and instructions.
The OSCAL project, along with this workshop series, align with NIST’s mission of promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST works to maximize its impact and mission fulfillment by positioning itself to anticipate future technology trends and develop the most important measurements and standards products that are aligned with industry drivers and needs.
The workshop will provide attendees an opportunity to familiarize themselves and build skills in the development and use of OSCAL. We encourage developers of control-oriented security tools, and organizations that want to use or create OSCAL-based information, to register and attend the workshop.
Who should attend:
The 2021 NIST OSCAL Workshop program committee is seeking timely, topical, and thought-provoking presentations or demonstrations highlighting OSCAL-based security assessment automation processes or Governance Risk and Compliance (GRC) tools supporting OSCAL formats for integration into such processes.
We encourage proposals from a diverse array of organizations and individuals with different perspectives, from the public and private sectors, international bodies, assessment and authorization (A&A) or certification and authorization (C&A) providers.
Submissions must incorporate, in addition to the title, speaker information (bio and photo), a brief abstract and a proof of OSCAL support or integration into the tool, process or solution.
Proposals will be evaluated and selected based on the quality of the written proposal, the topic proposed, the proof of OSCAL integration.
Submission Deadline: midnight, ET, January 4th, 2021
Submit your proposal via email to firstname.lastname@example.org, with the subject line: “OSCAL 2021 CFP”