Skip to main content

How can security professionals get involved?

Security professionals who document or implement security controls within information systems.

OSCAL provides a standardized format for documenting security and privacy controls that maps across multiple compliance frameworks (i.e. NIST, PCI, etc.) and a method for attesting to the implementation of the controls within information systems

How Does OSCAL Help Me?

  • Enables continuous maintenance of control documentation within a framework designed for that purpose.
  • Reduces the amount of paperwork required to implement multiple compliance frameworks.
  • Ensures that security as proposed and planned (defined in the controls) matches with security as implemented, with less need for manual assessments.
  • Flattens the learning curve for new staff by enabling them to focus on problems not technology.
  • Enables mapping standard catalogs of controls to common control baselines, implemented as OSCAL profiles, reducing the number of assessments required to ensure compliance with multiple frameworks.

This page was last updated on November 8, 2023.