U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)
Presentation

Security Automation Simplified Via NIST's Open Security Controls Assessment Language (OSCAL)

June 5, 2019

Presenters

Michaela Iorga - NIST
Brian Ruf - FedRAMP PMO

Description

Aligning security risk management and compliance activities with the broader adoption of cloud technology and the exponential increase in the complexity of smart systems leveraging such cloud solutions, has been a challenging task to date. Additionally, the proliferation of container technology employed in cloud ecosystems for enhanced portability and security, compels organizations to leverage risk management strategies that are tightly coupled with the dynamic nature of their systems. NIST’s Open Security Controls Assessment Language (OSCAL) is a standard of standards that provides a normalized expression of security requirements across standards, and a machine-readable representation of security information from controls to system implementation and security assessment. This bridges the gap between antiquated approaches to IT compliance and innovative technology solutions.

Imagine a future where security documentation builds itself, and security management tools from different vendors integrate seamlessly. Security practitioners will spend less time on security documentation, assessments, and adjudication, yet the results of those activities will be more accurate and more easily monitored. OSCAL enables this and more.

More on OSCAL: https://www.nist.gov/oscal

Presented at

National Cybersecurity Summit (June 4-6, 2019), Huntsville, AL. https://www.nationalcybersummit.com [178MB file; no audio in video on slide 21]

Related Topics

Security and Privacy: controls assessment, security automation

Created July 23, 2019, Updated June 22, 2020