OSCAL Blog Posts
2025/02/07
OSCAL Foundation launches to move security standard forward
-- John Banghart jfbanghart@venable.com
The ability to automate security assessments to information technology systems is critical. It removes the possibility of human error and assists in overall security compliance. The Open Security Controls Assessment Language (OSCAL) is a machine-readable language that automates, simplifies, and standardizes these assessments. OSCAL was originally developed by the National Institute of Standards and Technology (NIST) in collaboration with FedRAMP and industry, and aims to improve the efficiency, timeliness, accuracy, and consistency of system security assessments and significantly reduce the associated paperwork. To carry this work forward, the OSCAL Foundation has launched to advance the development and adoption of OSCAL by industry and government. The Foundation will focus on six objectives: adoption, education, community, development, extension, and internationalization. The OSCAL Foundation will bring together communities to collaborate on advancing the use of the standard. The foundation has been created to offer support and resources for OSCAL and its community to increase adoption, new use cases, and integration into the globally recognized compliance standards. “NIST developed OSCAL to standardize the digitization of foundational risk management artifacts in support of the automated assessment and monitoring of system controls,” said Dr. Michaela Iorga of NIST. “OSCAL seeds the evolution of next-generation compliance processes and tools to facilitate interoperability, reliability, and cost-effectiveness with minimal human interaction. The OSCAL Foundation will bring the community support that we need to accelerate OSCAL adoption across the globe.” The Foundation will host a kickoff event on Tuesday February 11th at 1 p.m. at Venable LLP in Washington, D.C. with a webinar viewing option available. Registration is required. More information is available here.
Location
Civiletti Center 600 Massachusetts Ave NW Washington, DC 20001
Registration
Agenda
| Time | Session |
|---|---|
| 1:00 p.m. - 1:10 p.m. ET: | Introduction: John Banghart, Venable |
| 1:10 p.m. - 1:30 p.m. ET: | Keynote: Hart Rossman, VP, Amazon |
| 1:30 p.m. - 2:10 p.m. ET: | Panel discussion: The FedRAMP OSCAL Use Case |
| (Moderator) Pirooz Javan, Easy Dynamics | |
| Brian Ruf, RufRisk | |
| Travis Howerton, RegScale | |
| 2:10 p.m. - 2:50 p.m. ET | Panel discussion: The Global OSCAL Use Case |
| (Moderator) Michaela Iorga, NIST | |
| Vikram Khare, Google | |
| Matt Weinberg, AWS | |
| Jim Reavis, Cloud Security Alliance | |
| 2:50 p.m. - 3:30 p.m. ET | Panel discussion: Financial Services, OSCAL Use Case |
| (Moderator) Josh Magri, Cyber Risk Institute | |
| Julie Rohlena, US Bank | |
| Elisabeth Nottingham, JPMorgan Chase | |
| John Goodman, Cyber Risk Institute | |
| 3:30 p.m. - 4:00 p.m. ET | Discussion of Upcoming Foundation Technical Activities and Q&A |
| John Banghart, OSCAL Foundation | |
| Ross Nodurft, OSCAL Foundation | |
| Stephen Banghart, OSCAL Foundation | |
| 4:00 p.m. - 4:05 p.m. ET | Closing Remarks |
| 4:05 p.m. - 6:00 p.m. ET | Reception & Networking |
Learn more about the OSCAL Foundation at OSCALFoundation.org.