The National Institute of Standards and Technology will be hosting the third workshop in the series focusing on the Open Security Controls Assessment Language (OSCAL).
Setting the foundation for security automation, with particular focus on the continuous authorization to operate (ATO) processes and continuous monitoring, OSCAL provides machine-readable representations of control catalogs, control baselines or profiles, system security plans, assessment plans, assessment results, and plan of actions and milestones, in a set of formats expressed in XML, JSON, and YAML.
The OSCAL project, and with this workshop series, align with NIST’s mission of promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST works to maximize its impact and mission fulfillment by positioning itself to anticipate future technology trends and develop the most important measurements and standards products that are aligned with industry drivers and needs.
The workshop will provide attendees an opportunity to familiarize themselves and build skills in the development and use of OSCAL. We encourage developers of control-oriented security tools and organizations that want to use or create OSCAL-based information, to register and attend the workshop.
Who should attend:
Day one of the workshop will highlight OSCAL 1.0.0 layers and models, with the goal to familiarize the audience with the OSCAL architecture, formats, how these models can be used to support security assessment automation, continuous monitoring, continuous ATO and development, security and operations (DevSecOps). Additionally, the audience will be introduced to the NIST SP 800-53 (Rev4 and Rev5) catalogs, assessment objectives, and associated baselines in OSCAL.
Day two of the workshop will explore OSCAL-based automation solutions, starting with the Federal Risk and Authorization Management Program (FedRAMP) Program Management Office’s (PMO) efforts to digitalize authorization packages submitted in OSCAL, will present FedRAMP’s updated OSCAL resources that include a comprehensive set of guides for additional deliverables.
During both days of the event, we will have a few time slots reserved for participants to give presentations. Attendees interested in being considered to present during the workshop, are encouraged to review the Call for Proposals (see below) for additional information, instructions, and consideration.
The 2022 NIST OSCAL Workshop program committee is seeking timely, topical, and thought-provoking presentations or demonstrations highlighting OSCAL-based security assessment automation processes or Governance Risk and Compliance (GRC) tools supporting OSCAL formats for integration into such processes.
We encourage proposals from a diverse array of organizations and individuals with different perspectives, from the public and private sectors, international bodies, assessment and authorization (A&A), or certification and authorization (C&A) providers.
Submissions must incorporate, in addition to the title, speaker information (bio and photo), a brief abstract, and proof of OSCAL support or integration into the tool, process, or solution.
Proposals will be evaluated and selected based on the quality of the written proposal, the topic proposed the proof of OSCAL integration.
Submission Deadline: midnight, EST, January 31, 2022.
Submit your proposal via email to oscal2022 [at] nist.gov, with the subject line: “OSCAL 2022 CFP”.
Accepted Proposals Notification: no later than midnight, EST, February 16, 2022.
Agenda Coming Soon!