Learning Resources
The following Open Security Controls Assessment Language (OSCAL) learning resources are available to help you understand the concepts behind and use of the OSCAL models.
Concepts
The concepts section contains detailed information about the organization of OSCAL models, processing specifications, and explanations of important primitives (i.e. identifiers) underlying OSCAL data elements.
Walkthrough Tutorials
The tutorials section provides step-by-step walk-throughs explaining how to create OSCAL content of various types, such as:
- Using the metadata section: Explains use of the
metadatasection that is required to be provided in all OSCAL content. - Extending OSCAL models: Discusses how to use OSCAL properties and links to provided extended data in OSCAL content.
- Testing new releases: Provides a few pointers for community members looking to test new OSCAL releases.
- Using the metadata section: Explains use of the
- Creating a Basic Control Catalog: Explains how to create a catalog of controls using the OSCAL catalog model.
- Creating a Basic Profile: Explains how to create and modify a subset of controls from a catalog in OSCAL by using the OSCAL profile model.
implementation layer tutorials
- Creating a Basic Component Definition: Teaches how to create a component-definition using the OSCAL component definition model.
- Representing proof of compliance or test validation information: Describes how to represent test validation information (e.g., FIPS-140-2) using a component in an OSCAL component definition or system security plan.
Events and Presentations
Events
- Monthly Workshops - 2022-present
- 4th NIST OSCAL Conference and Workshop - May 23, 2023
- 3rd NIST OSCAL Workshop - March 1-2, 2022
- 2nd NIST OSCAL Workshop - February 2-3, 2021
- 1st NIST OSCAL Workshop - November 5, 2019
Presentations
- OSCAL Deep Diff Introduction presented during the Lunch with the OSCAL Developers - May 5, 2022
- Using Leveraged Authorizations in OSCAL presented during the OSCAL Model Review - July 24, 2020
- OSCAL Assessment Models Overview presented during the Lunch with the OSCAL Developers - July 2, 2020
- Security Automation Simplified via NIST OSCAL: We're Not in Kansas Anymore presented at RSA Conference 2018 - April 18, 2018
- Automating Security and Compliance via a New Standard of Standards presented at Docker Government Summit 2018 - April 11, 2018