2nd Open Security Controls Assessment Language (OSCAL) Workshop

Video Recordings of the Event

OSCAL Session 1

OSCAL Session 2

OSCAL Session 3

The National Institute of Standards and Technology will be hosting on Tuesday, February 2 and Wednesday, February 3, 2021, the second workshop in a new series focusing on the Open Security Controls Assessment Language (OSCAL).

Setting the foundation for security automation, OSCAL provides machine-readable representations of control catalogs, control baselines, system security plans, assessment plans and assessment results in a set of formats expressed in XML, JSON, and YAML.

Day one of the workshop will highlight OSCAL layers and models, with the goal  to familiarize the audience with the OSCAL architecture, formats, and with the NIST SP 800-53 Rev5 catalog and baselines in OSCAL. Day two will explore the Federal Risk and Authorization Management Program (FedRAMP) Program Management Office’s (PMO) efforts to digitalize authorization packages submitted in OSCAL, will present FedRAMP’s updated OSCAL resources that include a comprehensive set of guides for additional deliverables. During both days of the event, we will have a few time slots reserved for participants to give presentations. Attendees interested in being considered to present during the workshop are encouraged to review the Call for Proposals below for additional information and instructions.

The OSCAL project, along with this workshop series, align with NIST’s mission of promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST works to maximize its impact and mission fulfillment by positioning itself to anticipate future technology trends and develop the most important measurements and standards products that are aligned with industry drivers and needs.

The workshop will provide attendees an opportunity to familiarize themselves and build skills in the  development and use of OSCAL. We encourage developers of control-oriented security tools, and organizations that want to use or create OSCAL-based information, to register and attend the workshop.

Who should attend:

• Leaders in digital transformation and security automation from the government, private, and academic sectors;
• Vendors of security automation tools who are considering implementing OSCAL formats in their tools;
• Participants in standard development organizations focusing on developing and publishing control catalogs and baselines;
• System owners from the government, private, and academic sectors who want to streamline the documentation of controls used in their information systems.

Call for Proposals

The 2021 NIST OSCAL Workshop program committee is seeking timely, topical, and thought-provoking presentations or demonstrations highlighting OSCAL-based security assessment automation processes or Governance Risk and Compliance (GRC) tools supporting OSCAL formats for integration into such processes.

We encourage proposals from a diverse array of organizations and individuals with different perspectives, from the public and private sectors, international bodies, assessment and authorization (A&A) or certification and authorization (C&A) providers.

Submissions must incorporate, in addition to the title, speaker information (bio and photo), a brief abstract and a proof of OSCAL support or integration into the tool, process or solution.

Proposals will be evaluated and selected based on the quality of the written proposal, the topic proposed, the proof of OSCAL integration.

Submission Deadline: midnight, ET, January 4th, 2021
Submit your proposal via email to oscal2021 [at] nist.gov (oscal2021[at]nist[dot]gov), with the subject line: “OSCAL 2021 CFP”

CPE Credits