2nd Open Security Controls Assessment Language (OSCAL) Workshop

When February 2, 2021 thru February 3, 2021

Purpose The workshop will provide attendees an opportunity to familiarize themselves and build skills in the development and use of OSCAL. We encourage developers of control-oriented security tools, and organizations that want to use or create OSCAL-based information, to register and attend the workshop.

The following presentations are available from this workshop. Recordings are also provided where available. The full agenda is also available.

Day 1

• Welcome, Introduction and Administrative issues [video]

Matthew Scholl, Chief, Computer Security Division, NIST

• Next Generation Security Assessment - Visionary Keynote [video @ time 9:53]

  Victoria Pillitteri, FISMA Lead, NIST

• What is OSCAL and Who Needs It [video @ time 38:26]

  Dr. Michaela Iorga, OSCAL Strategic Outreach Director, NIST

• OSCAL-based System Security Plans [video]

  David Waltermire, OSCAL Technical Director, NIST

• OSCAL Models: Assessment Planning, Results and POA&M [video @ time 45:14]

  Brian Ruf, OSCAL Team Member, NIST / FedRAMP

• Parallel Lunch Break Tracks

  • Track 1: OSCAL tools integration and interoperability

    Greg Elin, Founder and CEO, GovReady Travis Howerton, CTO, C2 Labs

  • Track 2: Automating FedRAMP System Security Plan Development Using OSCAL

    Jasson Walker, President & CEO, cFocus Software

  • Track 3: Automation for DER-Risk Manager using OSCAL

    Paul Wand, Cybersecurity Visualization Engineer, NREL
    Anuj Sanghvi, Cybersecurity Researcher, NREL

  • Track 4: Leveraging Compliance Automation for our Cloud-First World

    Scott Schwan, Co-founder & CEO, Shujinko Rick Harwood, VP of Engineering, Shujinko

• OSCAL Content (SP 800-53 Rev5, SP 800-53B and beyond) [video]

  Dr. Michaela Iorga, OSCAL Strategic Outreach Director, NIST

• CMS and What Makes an Agency Ready for Security Automation with OSCAL: A Vendors View

  Greg Elin, Founder and CEO, GovReady

• Risk Management for Distributed Energy Resources

  Anuj Sanghvi, Cybersecurity Researcher, NREL

Day 2

• FedRAMP Automation Roadmap

  Zach Baldwin, Program Manager, FedRAMP/ GSA Brian Ruf, SME, FedRAMP/ GSA/Noblis Alexander Stein, SME, Flexion Inc

• Paving the road towards continuous certification: Leveraging OSCAL into the EU-wide cloud security certification scheme

  Prof Dr. Jesus Luna, Cloud Security Expert, Robert Bosch GmbH

• Xacta 360 Implementation of OSCAL Increases Efficiency of A&A Processes

  Milica Green, Compliance SME, Telos Hugh Barrett, VP Technical Solutions, Telos

• Parallel Lunch Break Tracks

  • Track 1: What Does a Working OSCAL Component Library Really Look Like

    Omar Abed & Tom Wood, CivicActions/GovReady Greg Elin, Founder and CEO, GovReady

  • Track 2: Cyber Security Controls: Data portability between vendor tools using NIST OSCAL

    Travis Howerton, CTO, C2 Labs

  • Track 3: Automating and ATO for a blockchain system using OSCAL

    Jasson Walker, President and CEO, cFocus Softwar

• Enabling continuous risk visibility – the role for OSCAL in revolutionizing third party security

  Jonathan Dambrot, Global Third-Party Security Lead, KPMG Adam Brand, Managing Director, KPMG

• Compliance Trestle – An Open-Source Opinionated Implementation of OSCAL

  Anca Sailer, Senior Technical Staff Member in Hybrid Cloud Compliance, IBM Research Chris Butler, Senior Technical Staff Member in Hybrid Cloud Compliance, IBM Research