U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Open Security Controls Assessment Language OSCAL

Overview

NIST is developing the Open Security Controls Assessment Language (OSCAL), a set of hierarchical, formatted, XML- and JSON-based formats that provide a standardized representation for different categories of information pertaining to the publication, implementation, and assessment of security controls. OSCAL is being developed through a collaborative approach with the public. The OSCAL website provides an overview of the OSCAL project, including an XML and JSON schema reference and examples. The OSCAL GitHub repository holds the actual OSCAL schemas, examples, documentation source files, and other resources. The NIST team welcomes public contributions to this project. If you are interested in contributing, please review the contributor documentation for ideas and information on how to get started.
 
Created April 24, 2018, Updated June 22, 2020