Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

4th Open Security Controls Assessment Language (OSCAL) Conference and Workshop

The National Institute of Standards and Technology (NIST) is co-hosting with the Department of Commerce on Tuesday, May 23rd, 2023, the fourth annual conference in the series focusing on the Open Security Controls Assessment Language (OSCAL). The conference will be in person at the Herbert C. Hoover Federal Building (HCHB) in Washington, DC and will be followed by a half day educational workshop on May 24. The conference and the workshop are free to attend.

OSCAL is a standardized, flexible, open-source language that allows security controls and their associated implementations and assessment methods to be expressed in machine-readable formats and easy transformation to human-friendly representation.

OSCAL sets a standards-based foundation for next generation of compliance processes and GRC tools by facilitating security automation, with particular focus on the continuous authorization to operate (ATO) processes and continuous monitoring, and improved risk management, aiming to eliminate major challenges fuelled by paper-based, human-driven security assessment process against multiple regulatory framewors, especially in the context of complex, stacked systems. The conference will highlight the latest development of NIST OSCAL Models, and will explore OSCAL-based automation of risk management, governance and compliance processes and tools for different national and international regulatory frameworks. Our presenters, some of the most prestigious cybersecurity experts which share the same passion for new advancements in security automation, will share their innovative OSCAL-based solutions, demonstrating, in the process, OSCAL's international adoption.

The agenda and a complete list of speakers and their bio will be available soon.

Who should attend

  • Leaders in digital transformation and security automation from the government, private, and academic sectors;
  • Vendors of security automation tools who are considering implementing OSCAL formats in their tools;
  • Participants in standard development organizations focusing on developing and publishing control catalogs and baselines;
  • System owners from the government, private, and academic sectors, who want to streamline the documentation of controls used in their information systems.

workshop information - may 24, 2023

Name: OSCAL Workshop

Location: Auditorium, Herbert C. Hoover Federal Building, 1401 Constitution Avenue NW, Washington, DC 20230

Time: 9:00 - 12:00 PM EDT

The OSCAL program and the conferences and workshops series are aligned with NIST’s mission of promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST works to maximize its impact and mission fulfillment by positioning itself to anticipate future technology trends and develop the most important measurements and standards products that are aligned with industry drivers and needs. The OSCAL educational workshop, will provide attendees an opportunity to familiarize themselves with, and build skills in, the development and use of OSCAL. We encourage developers of control-oriented security tools and organizations that want to use or create OSCAL-based information, to register and attend the workshop.

Created March 24, 2023, Updated June 23, 2023