How can authors of baselines get involved?
Systems security policy professionals who set requirements for security programs, both across and within organizations and agencies
OSCAL provides a standardized solution for building security baselines, through the use of OSCAL profiles, that set the expectations for control implementation within one or more programs and associated information systems.
How Does OSCAL Help Me?
- Ensures consistency of control implementation across the enterprise.
- Improves the transparency of policy implementation by automating reviews of security control implementation and assessments.
- Permits market-based development of shared OSCAL profiles, working across agencies, compliance frameworks and domains.
- Improves the Machine Experience (MX) for vendors in implementing enterprise-specific policies by representing them in a standardized format.