NIST is pleased to announce the first official release of the Open Security Controls Assessment Language (OSCAL), Version 1.0.0 - Milestone 1. The release contains:
The development of OSCAL will continue with primary focus on the finalization of the OSCAL implementation layer, which is intended to support the expression of system security plans (SSPs) in machine-readable OSCAL formats and allow software and service vendors to document the controls implemented in their offerings. Stable versions of this work will be featured in the next release, OSCAL Version 1.0.0 - Milestone 2.
The current experimental OSCAL implementation layer is being validated as part of a pilot with GSA/FedRAMP to ensure that the necessary functionality and adequate flexibility are provided to support a wide variety of SSPs. To further validate the implementation layer's functionality and flexibility, NIST is seeking software and service providers to help represent control implementation information about their products. Please email oscal@nist.gov if you are interested.
Future releases can be found at https://github.com/usnistgov/OSCAL/releases, and additional information on the OSCAL project can be found at https://www.nist.gov/oscal. If you have any questions regarding OSCAL or the Milestone 1 release, or if you would like to become involved with the OSCAL project, please contact oscal@nist.gov.
Security and Privacy: assurance, audit & accountability, controls assessment, risk assessment, security automation, system authorization, systems security engineering
Technologies: cloud & virtualization