Skip to main content

Open Security Controls Assessment Language (OSCAL) Mini Workshop Series

OSCAL Mini Workshop Series

The NIST OSCAL team is hosting a new series of mini workshops, that aims to address topics of interest for our community and to open this forum for its members to present their OSCAL-related work. Unless specifically stated, the workshops will not require a deep, technical understanding of OSCAL, and the dialog is informal, allowing the community to interact with the presenters and with the OSCAL team members.

Please see below the call for proposals if you are interested in presenting your OSCAL work. To submit topics for discussion, please email us at

The OSCAL project and this workshop series are aligned with NIST’s mission of promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST works to maximize its impact and mission fulfillment by positioning itself to anticipate future technology trends and develop the most important measurements and standards products that are aligned with industry drivers and needs.

We encourage developers of control-oriented security tools, organizations that want to use or create OSCAL-based information to automate security assessment, and those planning to move towards continuous Authorization to Operate (cATO) to attend the workshops.

Who should attend:

  • Leaders in digital transformation and security automation from the government, private, and academic sectors;
  • Vendors of security automation tools who are considering implementing OSCAL formats in their tools;
  • Participants in standard development organizations focusing on developing and publishing control catalogs and baselines;
  • System owners from the government, private, and academic sectors, who want to streamline the documentation of controls used in their information systems.

Call for Proposals

NIST OSCAL Mini Workshop program committee is seeking timely, topical, and thought-provoking technical presentations or demonstrations highlighting OSCAL editorial tools, OSCAL-based security assessment automation processes, and Governance Risk and Compliance (GRC) tools supporting OSCAL formats for integration into such processes.

NIST does not endorse any of the OSCAL tools or services presented. Presentations or demos promoting such tools or services, as opposed to focusing on the OSCAL-related technical aspects, will not be permitted.

We encourage proposals from a diverse array of organizations and individuals with different perspectives, from the public and private sectors, international bodies, assessment and authorization (A&A), or certification and authorization (C&A) providers.

Please find below the calendar of proposed dates. Before submitting a proposal, please consult the calendar and indicate the preferred date with your submission and the duration of your presentation (60 min, including Q&A). We will do our best to update the calendar as soon as a submission is approved.

Submit your proposal via email to, with the subject line: “OSCAL Workshop - [Date: yyyy/mm/dd]”, where the “Date” is the selected date from the calendar below. Please include in your submission a pre-assessment of the OSCAL knowledge level the audience will need using a 4-levels scale with level one (L1/bronze) being equivalent to novice and level four (L4/platinum) being an OSCAL expert.

Join the meetings here or dial one of the following numbers: +1.202.795.3352,,, 743 906 781 ,,, 9254 (United States (Washington DC)) +1.408.317.9254,,, 743 906 781 ,,, 9254 (US (San Jose)) (To see all available numbers, go to: Enter the meeting ID and passcode as follows: Meeting ID: 743 906 781 Participant Passcode: 9254

Workshops Calendar: jump to: 2023, 2022


DateTimeTalk/Demo/DiscussionPresenter & AffiliationTypeKnowledge Level
2023/02/01 SPECIAL EDITION11:00AM-12:00PM EDTA Modern Authorization and Accreditation Platform, Enabled by OSCALJohn Tibbitts, Principal, IMPLERUS Corporation; Marcin Staszewski, Chief Development Officer, IMPLERUS Corporationpresentation & demo, video, transcriptL2-L3
2023/02/1511:00AM-12:00PM EDTGoogle's Internal OSCAL AdoptionVikram Khare, Director – Continuous Assurance and Controls Engineering, Google & Val Mihai, Cloud CISO - Continuous Assurance and Controls Engineering, Googlepresentation, video, transcriptL2
2023/03/01 SPECIAL EDITION11:00AM-12:00PM EDTShifting Left the Right Way With OSCAL (research use case and proof of concept)Chris Compton, Senior IT Specialist; Alexander Stein, Senior IT Specialist; Nikita Wootten, Project Lead, IT Specialistpresentation & demo, video, transcriptL3-L4
2023/03/1511:00AM-12:00PM EDTTelos's Journey of Bringing OSCAL Adoption to RealityStephanie Lacy, Senior Solution Architect, Telos; Connor Hite, Solution Architect, Telos
2023/04/1911:00AM-12:00PM EDT
2023/05/1711:00AM-12:00PM EDT
2023/06/1411:00AM-12:00PM EDT
2023/07/1911:00AM-12:00PM EDT
2023/08/1611:00AM-12:00PM EDT
2023/09/2011:00AM-12:00PM EDT
2023/10/1811:00AM-12:00PM EDT
2023/11/1511:00AM-12:00PM EDT


DateTimeTalk/Demo/DiscussionPresenter & AffiliationTypeKnowledge Level
2022/05/1811:00AM-11:40AM EDT1. Compliance as Code for Big Bang Risk Management Framework (RMF) Control Mapping to Accelerate Department of Defense (DoD) Authorization to Operate (ATO)Maj Camdon Cady, Chief Operating Officer, Platform One, US Airforce & Tom Runyon, Defense UnicornspresentationL2
11:40AM-12:00PM EDT2. OSCAL Catalog Authoring Tool (CAT)Dmitry Cousin, NISTpresentation demoL1
2022/06/1511:00AM-12:00PM EDTIBM's Trestle - compliance as code orchestrator and automation workflowDr. Anca Sailer video, Dr. Vikas Agarwal video, and Lou DeGenaro videopresentation & demo summaryL4
2022/07/1311:00AM-12:00PM EDTOSCAL Implementation: Early Lessons Learned videoMatthew Donkin, Security Assurance Manager, AWS & Stephanie Lacy, Senior Solutions Architect, TelospresentationL3
2022/08/1011:00AM-12:00PM EDTExtreme Automation with OSCAL - Exercising the Full OSCAL Stack in a Next Generation GRC videoTravis Howerton, Co-Founder & CTO, RegScalepresentation & demoL1-L3
2022/09/0711:00AM-12:00PM EDTNIST OSCAL Open Source ToolingDavid Waltermire, OSCAL Technical Director, Dmitry Cousin, OSCAL team member, NISTvideo p1&p2, presentation1, presentation2 & demosL1-L3
2022/10/0511:00AM-12:00PM EDTCompliance as Code - from Upstream to OpsBrandt Keller, Software Engineer, Defense Unicornspresentation & demoL2-L3
2022/11/0211:00AM-12:00PM EDTImplementing an Agency Security Assessment Framework (SAF) with OSCAL "ComplianceOps"Robert Ficcaglia, CNCF Kubernetes Policy Co-Chair, CNCF Security Technical Advisory Group Lead Assessor, Kubernetes SIG-Security Audit Teampresentation, video, transcriptL1-L3
2022/11/3011:00AM-12:00PM EDTThe OSCAL Futurist: Musing on What Is Possible and What is NeededGreg Elin, Founder & CEO, GovReady PBCpresentation, video, transcriptL2-L3

This page was last updated on November 8, 2023.