Skip to main content

How can tool developers get involved?

Tool developers who build security compliance systems (Electronic Governance Risk and Compliance [eGRC] systems), or who provide secure infrastructure/software solutions to the Federal Government or to highly regulated industries

OSCAL provides standardized formats for consuming control, catalog, profile, and implementation information to visualize and automate security compliance processes. OSCAL provides a standardized means for the automated assessment of infrastructure and software solutions to verify the ongoing effectiveness of the system's security control implementation.

How Does OSCAL Help Me?

  • Use automated tools to create more complete and consistent security plans with machine assistance.
  • Easily attest to the state of control implementations, reducing the paperwork burden associated with supporting federal agencies.
  • Expose security control and assessment data in a standardized format which can be represented via JSON or XML.
  • Improve the User Experience (UX) and Machine Experience (MX) by offering new compliance tools.
  • Minimizes the need for vendors to customize solutions for customers by adhering to a broad-based set of standardized formats.

This page was last updated on November 8, 2023.