Automated Control-Based Assessment
Supporting Control-Based
Risk Management with
Standardized Formats
Providing control-related information in machine-readable formats.
![data centric](./dataCentric.png)
Data-centric
Transitions the legacy approach to security plan generation and management (Word and Excel documents) to a data-centric approach based on common data standards such as XML/JSON.
![extensible](./extensible.png)
Extensible
Puts security compliance data to work by allowing an extensible architecture that expresses security controls in both machine and human readable formats.
![integrated](./integrated.png)
Integrated
Allows tool developers to implement APIs and provide a standards-based foundation for next generation compliance tools.
![automated](./automated.png)
Automated
Apply the benefits of the data-centric approach to automate existing processes that are resource intensive.
Use Information in OSCAL Formats
Control-based information expressed using OSCAL formats allows you to:
- Easily access control information from security and privacy control catalogs
- Establish and share machine-readable control baselines
- Maintain and share actionable, up-to-date information about how controls are implemented in your systems
- Automate the monitoring and assessment of your system control implementation effectiveness
If you are new to the OSCAL project, we provide learning materials for the project.