2nd Open Security Controls Assessment Language (OSCAL) Workshop
When February 2, 2021 thru February 3, 2021
Purpose The workshop will provide attendees an opportunity to familiarize themselves and build skills in the development and use of OSCAL. We encourage developers of control-oriented security tools, and organizations that want to use or create OSCAL-based information, to register and attend the workshop.
The following presentations are available from this workshop. Recordings are also provided where available. The full agenda is also available.
Day 1
- Welcome, Introduction and Administrative issues [video]
Matthew Scholl, Chief, Computer Security Division, NIST
Next Generation Security Assessment - Visionary Keynote [video @ time 9:53]
Victoria Pillitteri, FISMA Lead, NIST
What is OSCAL and Who Needs It [video @ time 38:26]
Dr. Michaela Iorga, OSCAL Strategic Outreach Director, NIST
OSCAL-based System Security Plans [video]
David Waltermire, OSCAL Technical Director, NIST
OSCAL Models: Assessment Planning, Results and POA&M [video @ time 45:14]
Brian Ruf, OSCAL Team Member, NIST / FedRAMP
Parallel Lunch Break Tracks
Track 1: OSCAL tools integration and interoperability
Greg Elin, Founder and CEO, GovReady Travis Howerton, CTO, C2 Labs
Track 2: Automating FedRAMP System Security Plan Development Using OSCAL
Jasson Walker, President & CEO, cFocus Software
Track 3: Automation for DER-Risk Manager using OSCAL
Paul Wand, Cybersecurity Visualization Engineer, NREL
Anuj Sanghvi, Cybersecurity Researcher, NRELTrack 4: Leveraging Compliance Automation for our Cloud-First World
Scott Schwan, Co-founder & CEO, Shujinko Rick Harwood, VP of Engineering, Shujinko
OSCAL Content (SP 800-53 Rev5, SP 800-53B and beyond) [video]
Dr. Michaela Iorga, OSCAL Strategic Outreach Director, NIST
CMS and What Makes an Agency Ready for Security Automation with OSCAL: A Vendors View
Greg Elin, Founder and CEO, GovReady
Risk Management for Distributed Energy Resources
Anuj Sanghvi, Cybersecurity Researcher, NREL
Day 2
Zach Baldwin, Program Manager, FedRAMP/ GSA Brian Ruf, SME, FedRAMP/ GSA/Noblis Alexander Stein, SME, Flexion Inc
Prof Dr. Jesus Luna, Cloud Security Expert, Robert Bosch GmbH
Xacta 360 Implementation of OSCAL Increases Efficiency of A&A Processes
Milica Green, Compliance SME, Telos Hugh Barrett, VP Technical Solutions, Telos
Parallel Lunch Break Tracks
Track 1: What Does a Working OSCAL Component Library Really Look Like
Omar Abed & Tom Wood, CivicActions/GovReady Greg Elin, Founder and CEO, GovReady
Track 2: Cyber Security Controls: Data portability between vendor tools using NIST OSCAL
Travis Howerton, CTO, C2 Labs
Track 3: Automating and ATO for a blockchain system using OSCAL
Jasson Walker, President and CEO, cFocus Softwar
Enabling continuous risk visibility – the role for OSCAL in revolutionizing third party security
Jonathan Dambrot, Global Third-Party Security Lead, KPMG Adam Brand, Managing Director, KPMG
Compliance Trestle – An Open-Source Opinionated Implementation of OSCAL
Anca Sailer, Senior Technical Staff Member in Hybrid Cloud Compliance, IBM Research Chris Butler, Senior Technical Staff Member in Hybrid Cloud Compliance, IBM Research