The Inner Circle

NIST Security Assessment Automation with OSCAL -- NEWS: OSCAL 1.0.0 Release Candidate 2 (RC2)

  • 1.  NIST Security Assessment Automation with OSCAL -- NEWS: OSCAL 1.0.0 Release Candidate 2 (RC2)

    Posted 22 days ago
    Hi All,

    Security Assessment Automation with OSCAL -- NEWS: OSCAL 1.0.0 Release Candidate 2 (RC2) has been published

    Open Security Controls Assessment Language (OSCAL) defines seven models for the representation of security information in machine-readable format to facilitate automation of the assessment process in a flexible way that can be used by different risk management regulatory frameworks without customization. For example, the OSCAL Catalog model is used today to represent the NIST SP 800-53 security and privacy controls and the SP 800-53A security objectives in XML, JSON, and YAML. The same OSCAL can be used to represent the ISO/IEC 27002 controls or any other catalog of controls. NIST is also maintaining the NIST SP 800-53 baselines in OSCAL using the OSCAL Profile model. NIST provides OSCAL models for the representation of systems' security documentation or plans (OSCAL SSP and OSCAL Component Definition models), assessment plans (OSCAL Assessment Plan or AP model), assessment reports (OSCAL Assessment Report or AR model), and plan of action and milestones data (OSCAL POA&M model).

    The NIST OSCAL team, is pleased to announce the publication of OSCAL 1.0.0 Release Candidate (RC) 2. This is the second full draft release of OSCAL 1.0.0 which is made available for public review and feedback before releasing the final OSCAL 1.0.0.
    Please provide feedback by May 7, 2021 by emailing the NIST OSCAL team at [email protected] or by creating an issue on our GitHub repository.
    Changes in this release can be found on the OSCAL releases page, along with instructions on how to download this release.

    Open Security Controls Assessment Language (OSCAL):
    https://pages.nist.gov/OSCAL/

    creating an issue:
    https://github.com/usnistgov/OSCAL/issues

    OSCAL Releases page:
    https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-rc2

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------