Automated Control-Based Assessment
Risk Management with
Providing control-related information in machine-readable formats.
Transitions the legacy approach to security plan generation and management (Word and Excel documents) to a data-centric approach based on common data standards such as XML/JSON.
Puts security compliance data to work by allowing an extensible architecture that expresses security controls in both machine and human readable formats.
Allows tool developers to implement APIs and provide a standards-based foundation for next generation compliance tools.
Apply the benefits of the data-centric approach to automate existing processes that are resource intensive.
Use Information in OSCAL Formats
Control-based information expressed using OSCAL formats allows you to:
- Easily access control information from security and privacy control catalogs
- Establish and share machine-readable control baselines
- Maintain and share actionable, up-to-date information about how controls are implemented in your systems
- Automate the monitoring and assessment of your system control implementation effectiveness
If you are new to the OSCAL project, we provide learning material on the project.