NIST is developing the Open Security Controls Assessment Language (OSCAL), a set of hierarchical, XML-, JSON-, and YAML-based formats that provide a standardized representation of information pertaining to the publication, implementation, and assessment of security controls. OSCAL is being developed through a collaborative approach with the public. Public contributions to this project are welcome. With this effort, we are stressing the agile development of a set of minimal formats that are generic enough to capture the breadth of data in scope (controls specifications), while also capable of ad-hoc tuning and extension to support peculiarities of both (industry or sector) standards and new control types. The OSCAL website provides an overview of the OSCAL project, including an XML and JSON schema reference, examples, and other resources.

Features

  • Transitions the legacy approach to security plan generation and management (Word and Excel documents) to a data-centric approach based on common data standards such as XML/JSON
  • Puts security compliance data to work by allowing an extensible architecture that expresses security controls in both machine and human readable formats
  • Apply the benefits of the data-centric approach to automate existing processes that are resource intensive
  • Allows tool developers to implement APIs and provide a standards-based foundation for next generation compliance tools
  • Easily access control information from security and privacy control catalogs
  • Establish and share machine-readable control baselines
  • Maintain and share actionable, up-to-date information about how controls are implemented in your systems

Project Samples

OSCAL Screenshot 1

Project Activity

See All Activity >

Categories

JSON

Follow OSCAL

OSCAL Web Site

You Might Also Like
Our Free Plans just got better! | Auth0 by Okta Icon
Our Free Plans just got better! | Auth0 by Okta

With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your secuirty. Auth0 now, thank yourself later.
Try free now
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of OSCAL!

Additional Project Details

Programming Language

Unix Shell, Python

Related Categories

Unix Shell JSON Software, Python JSON Software

Registered

2023-10-24
Report inappropriate content