Open Security Controls Assessment Language (OSCAL) Monthly Workshop Series
OSCAL Monthly Workshop Series
The NIST OSCAL team is hosting a new series of mini workshops, that aims to address topics of interest for our community and to open this forum for its members to present their OSCAL-related work. Unless specifically stated, the workshops will not require a deep, technical understanding of OSCAL, and the dialog is informal, allowing the community to interact with the presenters and with the OSCAL team members.
Please see below the call for proposals if you are interested in presenting your OSCAL work. To submit topics for discussion, please email us at oscal@nist.gov.
The OSCAL project and this workshop series are aligned with NIST’s mission of promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST works to maximize its impact and mission fulfillment by positioning itself to anticipate future technology trends and develop the most important measurements and standards products that are aligned with industry drivers and needs.
We encourage developers of control-oriented security tools, organizations that want to use or create OSCAL-based information to automate security assessment, and those planning to move towards continuous Authorization to Operate (cATO) to attend the workshops.
Who should attend:
- Leaders in digital transformation and security automation from the government, private, and academic sectors;
- Vendors of security automation tools who are considering implementing OSCAL formats in their tools;
- Participants in standard development organizations focusing on developing and publishing control catalogs and baselines;
- System owners from the government, private, and academic sectors, who want to streamline the documentation of controls used in their information systems.
Call for Proposals
NIST OSCAL Monthly Workshop program committee is seeking timely, topical, and thought-provoking technical presentations or demonstrations highlighting OSCAL editorial tools, OSCAL-based security assessment automation processes, and Governance Risk and Compliance (GRC) tools supporting OSCAL formats for integration into such processes.
NIST does not endorse any of the OSCAL tools or services presented. Presentations or demos promoting such tools or services, as opposed to focusing on the OSCAL-related technical aspects, will not be permitted.
We encourage proposals from a diverse array of organizations and individuals with different perspectives, from the public and private sectors, international bodies, assessment and authorization (A&A), or certification and authorization (C&A) providers.
Please find below the calendar of proposed dates. Before submitting a proposal, please consult the calendar and indicate the preferred date with your submission and the duration of your presentation (60 min, including Q&A). We will do our best to update the calendar as soon as a submission is approved.
Submit your proposal via email to oscal@nist.gov, with the subject line: “OSCAL Workshop - [Date: yyyy/mm/dd]”, where the “Date” is the selected date from the calendar below. Please include in your submission a pre-assessment of the OSCAL knowledge level the audience will need using a 4-levels scale with level one (L1/bronze) being equivalent to novice and level four (L4/platinum) being an OSCAL expert.
Attend the Next Monthly Workshop Event
We'd love for you to be a part of our upcoming virtual OSCAL Workshop! These engaging workshops are held monthly, typically around the middle of the month. For up-to-date information about the workshops, please visit our OSCAL CSRC page.
Visit our Events Page to explore an interactive web calendar and download our iCalendar for seamless access to both upcoming and past events.
Don't miss out on the next upcoming session! Simply click on the Zoom link to join: Zoom Link
Meeting ID: 160 984 5104
Passcode: 10782510
Workshops Calendar: jump to: 2025, 2024, 2023, 2022
2025
| Date | Time | Talk/Demo/Discussion | Presenter & Affiliation | Type |
|---|---|---|---|---|
| 2025/3/19 | 11:00Am-12:00PM EDT | OSCAL-based AI-augmented CISO Agent | Yuji Watanabe, Research Senior Technical Staff Member, IBM Tokyo; Hirokuni Kitahara, Research Scientist, IBM Tokyo; Takumi Yanagawa, Research Advisory, IBM Tokyo; Saki Takano, Research Scientist, IBM Tokyo; Anca Sailer, Distinguished Engineer, IBM TJ Watson | Recording will be available after the workshop concludes. |
| 2025/2/19 | 11:00AM-12:00PM EDT | The OSCAL Implementer's Guide: Strategies, Lessons, and Best Practices | Macy Smith, Vice President & Co Founder, USAI; Matthew Coughlin, Information System Security Officer, USAI | presentation, video part 1, video part 2, transcript |
| 2025/1/15 | 11:00AM-12:00PM EDT | From One-Size-Fits-All to Right-Sizing: Adapting OSCAL for the Singapore Government's Tech Standards | Hunter Nield, Distinguished Engineer, GovTech Singapore; Eugene Lim, Lead Cybersecurity Engineer, GovTech Singapore | presentation, video part 1, video part 2, video part 3, transcript |
2024
| Date | Time | Talk/Demo/Discussion | Presenter & Affiliation | Type |
|---|---|---|---|---|
| 2024/11/20 | 11:00AM-12:00PM EDT | Leveraging OSCAL to support cybersecurity lifecycle management | Sara Nieves Matheu Garcia, Post Doctoral Researcher, University of Murcia, Spain; Antonio Skarmeta, Full Professor, University of Murcia, Spain | presentation, video part 1, video part 2, video part 3, transcript |
| 2024/11/06 SPECIAL EDITION | 11:00AM-12:00PM EDT | Compliance Framework: An OSCAL-based framework for recording and reporting an audit state | Ian Miell, Partner, Container Solutions; Christiaan Vermeulen, Principal Consultant, Container Solutions | presentation, video part 1, video part 2, transcript |
| 2024/09/18 | 11:00AM-12:00PM EDT | Digital Authorizations: FedRAMP Modernization using OSCAL | David Waltermire, FedRAMP; Rene-Claude Tshiteya, FedRAMP | presentation, video part 1, video part 2, transcript |
| 2024/07/17 | 11:00AM-12:00PM EDT | OSCAL-COMPASS - Open Security Control Assessment Language Compliance Automated Standard Solution | Vikas Agarwal, Senior Research Scientist, IBM; Manjiree Gadgil, Engineering Manager, IBM; Jenn Power, Senior Product Security Engineer, RedHat; Anca Sailer, Distinguised Engineer, IBM; Takumi Yanagawa, Senior Engineer, IBM | presentation, video, transcript |
| 2024/06/20 | 11:00AM-12:00PM EDT | Automating Compliance Narratives and Artifacts in AWS | *Rick Kidder, USN (Ret), Senior Certified Cloud Security Specialist, AWS | presentation, video part 1, video part 2, video part 3, transcript |
| 2024/06/05 SPECIAL EDITION | 11:00AM-12:00PM EDT | ATO as Code - Enabling Cybersecurity Modernization Through Risk Management Framework Compliance Automation | Gaurav Pal, stackArmor | presentation, video part 1, video part 2, video part 3, transcript |
| 2024/05/15 | 11:00AM-12:00PM EDT | Adoption of OSCAL in ServiceNow CAM (Continuous Authorization & Monitoring) | Dharav Devani, ServiceNow; Ayush Srivanstava, ServiceNow | presentation |
| 2024/04/17 | 11:00AM-12:00PM EDT | Automated Governance - Modular Assessments for Quick Feedback Loops | Brandt Keller, OSS Maintainer, Defense Unicorns | presentation, video, demo |
| 2024/04/03 SPECIAL EDITION | 11:00AM-12:00PM EDT | Streamlining CMMC Compliance Deliverables with OSCAL | Kenny Scott, Co-Founder & CEO, Paramify | presentation, video, transcript |
| 2024/03/20 | 11:00AM-12:00PM EDT | OSCAL Community Capabilities | Brian Ruf, Director of Cybersecurity, Easy Dynamics; Chris Robles, CTO Strategic Advisor, Security and Product Development (Consultant), Easy Dynamics | presentation, video part 1, video part 2, video part 3, transcript |
| 2024/02/15 | 11:00AM-12:00PM EDT | PwC Compliance as Code with OSCAL | Tom Nash, PwC, UK; Joshua Kong, PwC, UK | presentation |
| 2024/1/14 | 11:00AM-12:00PM EDT | A Developer's View of OSCAL - Experiences and recommendations for implementing OSCAL Libraries | Rob Sherwood, Principal Consultant, Credentive Security | presentation, video part 1, video part 2, transcript |
2023
| Date | Time | Talk/Demo/Discussion | Presenter & Affiliation | Type |
|---|---|---|---|---|
| 2023/11/15 | 11:00AM-12:00PM EDT | Cyber Compliance Management Platform | Tom Nash, PwC, UK; Siva Mallampati, PwC, UK; Salma Bedair, PwC, UK; Joshua Kong, PwC, Middle East, Shereef Assem, PwC, Middle East | presentation |
| 2023/10/18 | 11:00AM-12:00PM EDT | OSCAL-Pydantic: A python library for OSCAL | Robert Sherwood, Principal Consultant, Credentive Security | presentation, video, transcript |
| 2023/09/20 | 11:00AM-12:00PM EDT | OSCAL in an Enterprise Context | JJ Contessa, COO, C1Secure; Vijay Addicam, Senior Developer, C1Secure; Todd Hughes, Senior Security Analyst, C1Secure; Steve Grogan, VP of Services | presentation, video part 1, video part 2, transcript part 1, transcript part 2 |
| 2023/08/23 | 11:00AM-12:00PM EDT | Step-by-Step Introduction to NIST's OSCAL-CLI Tool | Alexander Stein, OSCAL Technical Director, NIST | presentation, video, transcript |
| 2023/07/19 | 11:00AM-12:00PM EDT | Tracer - Accelerating ATOs at Scale with an Inheritance-driven Community Compliance Platform | Clark Pain, Product Manager, Rise8 | presentation, video, transcript, demo |
| 2023/05/17 | 11:00AM-12:00PM EDT | Applying OSCAL in the Context of Public Key Infrastructure | Robert Sherwood, Principal Consultant, Credentive Security | presentation, video, transcript |
| 2023/03/15 | 11:00AM-12:00PM EDT | Telos's Journey of Bringing OSCAL Adoption to Reality | Stephanie Lacy, Senior Solution Architect, Telos; Connor Hite, Solution Architect, Telos | presentation, video, transcript |
| 2023/03/01 SPECIAL EDITION | 11:00AM-12:00PM EDT | Shifting Left the Right Way With OSCAL (research use case and proof of concept) | Chris Compton, Senior IT Specialist, NIST; Alexander Stein, Senior IT Specialist, NIST; Nikita Wootten, Project Lead, IT Specialist, NIST | presentation, video, demo, presentation transcript, demo transcript |
| 2023/02/15 | 11:00AM-12:00PM EDT | Google's Internal OSCAL Adoption | Vikram Khare, Director – Continuous Assurance and Controls Engineering, Google; Val Mihai, Cloud CISO - Continuous Assurance and Controls Engineering, Google | presentation, video, transcript |
| 2023/02/01 SPECIAL EDITION | 11:00AM-12:00PM EDT | A Modern Authorization and Accreditation Platform Enabled by OSCAL | John Tibbits, Principal, IMPLERUS Corporation; Marcin Staszewski, Chief Development Officer, IMPLERUS Corporation | presentation, video & demo, transcript |
2022
| Date | Time | Talk/Demo/Discussion | Presenter & Affiliation | Type | Knowledge Level |
|---|---|---|---|---|---|
| 2022/11/30 | 11:00AM-12:00PM EDT | The OSCAL Futurist: Musing on What Is Possible and What is Needed | Greg Elin, Founder & CEO, GovReady PBC | presentation, video, transcript | L2-L3 |
| 2022/11/02 | 11:00AM-12:00PM EDT | Implementing an Agency Security Assessment Framework (SAF) with OSCAL "ComplianceOps" | Robert Ficcaglia, CNCF Kubernetes Policy Co-Chair, CNCF Security Technical Advisory Group Lead Assessor, Kubernetes SIG-Security Audit Team | presentation, video, transcript | L1-L3 |
| 2022/10/05 | 11:00AM-12:00PM EDT | Compliance as Code - from Upstream to Ops | Brandt Keller, Software Engineer, Defense Unicorns | presentation & demo | L2-L3 |
| 2022/09/07 | 11:00AM-12:00PM EDT | NIST OSCAL Open Source Tooling | David Waltermire, OSCAL Technical Director, NIST; Dmitry Cousin, OSCAL Team Member, NIST | video p1&p2, presentation1, presentation2 & demos | L1-L3 |
| 2022/08/10 | 11:00AM-12:00PM EDT | Extreme Automation with OSCAL - Exercising the Full OSCAL Stack in a Next Generation GRC video | Travis Howerton, Co-Founder & CTO, RegScale | presentation & demo | L1-L3 |
| 2022/07/13 | 11:00AM-12:00PM EDT | OSCAL Implementation: Early Lessons Learned video | Matthew Donkin, Security Assurance Manager, AWS; Stephanie Lacy, Senior Solutions Architect, Telos | presentation | L3 |
| 2022/06/15 | 11:00AM-12:00PM EDT | IBM's Trestle - compliance as code orchestrator and automation workflow | Dr. Anca Sailer video; Dr. Vikas Agarwal video; Lou DeGenaro video | presentation & demo summary | L4 |
| 2022/05/18 | 11:00AM-11:40AM EDT | 1. Compliance as Code for Big Bang Risk Management Framework (RMF) Control Mapping to Accelerate Department of Defense (DoD) Authorization to Operate (ATO) | Maj Camdon Cady, Chief Operating Officer, Platform One, US Airforce; Tom Runyon, Defense Unicorns | presentation | L2 |
| 2022/05/18 | 11:40AM-12:00PM EDT | 2. OSCAL Catalog Authoring Tool (CAT) | Dmitry Cousin, OSCAL Team Member, NIST | presentation demo | L1 |