Skip to main content

3rd Open Security Controls Assessment Language (OSCAL) Workshop

When March 1, 2022 thru March 2nd, 2022

Purpose The workshop will provide attendees an opportunity to familiarize themselves and build skills in the development and use of OSCAL. We encourage developers of control-oriented security tools, and organizations that want to use or create OSCAL-based information, to register and attend the workshop.

The following presentations are available from this workshop. Recordings are also provided where available. The full agenda is also available. The speakers' bios is available for review.

March 1, 2022:

Welcome, Introduction and Administrative issues [no slides] [video]

  Matthew Scholl, Chief, Computer Security Division, NIST

Visionary Keynote [no slides] [video]

  André Mendez, CIO, DoC

What is OSCAL and Who Needs It? [video]

  Dr. Michaela Iorga, OSCAL Strategic Outreach Director, NIST

  David Waltermire, OSCAL Technical Director, NIST

FedRAMP Automation[video]

  Zach Baldwin, Program Manager for Strategy, Innovation, and Technology, FedRAMP, GSA

  Gary Gapinski, Security and XML Engineer, Flexion Inc. 

  Thomas Volpe Sr., CIO, VITG Inc.

Parallel Tracks

Track 1: OSCAL from Zero to Automation Hero [video]

  Alexander (AJ) Stein, OSCAL team member, NIST 

  Dr. Wendell Piez, OSCAL team member, NIST

Track 2: Achieving Continuous Authorization to Operate (ATO) with OSCAL [video]

  Jasson Walker, President, cFocus Software

Track 3: DevSecComp(liance)Ops with OSCAL [video]

  Ray Gauss, Director of Innovation, Easy Dynamics

Track 4: OSCAL Tools: Open Source XSLT for OSCAL [video]

  Dr. Wendell Piez, OSCAL team member, NIST

Track 5: Leveraged Authorizations to Operate [video]

  Jasson Walker, President, cFocus Software

Track 6: Accelerating FedRAMP, FISMA and CMMC ATO’s with OSCAL [video]

  Gaurav (GP) Pal, Principal/SME, StackArmorMartin Rieger, Chief Solutions Officer, StackArmor

Bloss@m - Security Assessment Automation with OSCAL [video]

   Alexander (AJ) Stein, OSCAL team member, NIST

   Nikita Wootten, OSCAL team member, NIST

NIST SP 800-53: Empowered by OSCAL [video]

  Victoria Pillitteri, Group Manager, ITL/CSD, NIST

Automate the Transition to NIST SP 800-53 Rev. 5 with OSCAL [video]

  Jasson Walker, President, cFocus Software

March 2, 2022:

Opening Remarks [no slides] [video]

  Dr. Michaela Iorga, OSCAL Strategic Outreach Director, NIST

Exchange Protocol for Third Party Tool Integrations via OSCAL (IBM) [video]

  Anca Sailer, SME, STSM, IBM Research

  Vikas Agarwal, Ph.D., Senior Researcher, SME, IBM Research 

  Lou DeGenaro, Senior Engineer, IBM Research

Initial Experiences with OSCAL and Continuous Monitoring in the EU Cybersecurity Certification Scheme for Cloud Services [video]

  Dr. Jesus Luna Garcia, Bosch, Germany

AWS and Implementation of OSCAL [video]

  Matthew Donkin, SME, AWS

  Douglas Boldt, Solutions Architect, AWS

Adopting OSCAL to Deliver the Latest NIST SP 800-53 Control Catalog to the CSAM Community [video]

  Ramon Burks, CSS Assistant Director, DoJ/CSAM

  Adam Oline, Technical Lead, CyberBalance, LLC, DoJ/CSAM

Parallel Tracks

Track 1: OSCAL Deep Diff Tool [video]

   Nikita Wootten, OSCAL team member, NIST

Track 2: Ignyte Assurance Platform OSCAL Component Aggregation Techniques [video]

  Max Aulakh, Managing Director, Ignyte Assurance Platform

Track 3: “TURBOTAX-STYLE” Authoring of OSCAL Files [video]

  Valinder Mangat, CIO, DRT Strategies

Track 4: [Entertainment] [no slides] [no video]

Track 5: Continuous ATO Demonstration Using OSCAL with Automated Assessments and Risk Modeling [video]

  J. Travis Howerton, Co-Founder and CTO, RegScale

Track 6: Getting a Head Start on Automating Your FedRAMP ATO Using OSCAL in Xacta360 [video]

  Jet Ryan, XACTA Solutions Architect, Telos

Kubernetes Policy Result Standardization via OSCAL (IBM) [video]

  Anca Sailer, SME, STSM, IBM Research

  Jaya Ramanathan, Ph.D., Chief Security and Governance Architect, Red Hat

  Jim Bugwadia, CEO, NirmataRobert Ficcaglia, CTO, SunStone Secure

Leading with OSCAL: The Crystallization of OSCAL-enabled Commercial Sector Use Case [video]

  Adam Brand, Managing Director, KPMG 

  Thomas Nash, Director, KPMG

The Applicability of OSCAL for Healthcare [video]

  Vikas Khosla, Chief Digital Health Officer, Intraprise Health

Continuous, Automated Compliance with OSCAL [video]

  Conner Phillippi, Senior Compliance Solutions Manager, Product Manager, Secureframe 

  Apostolos Delis, Software Engineer, Secureframe

OSCAL Roadmap: From Strategy to Vision [video]

  David Waltermire, OSCAL Technical Director, NIST

**Closing Remarks and Adjourn [no slides] [video]

  Matthew Scholl, Chief, Computer Security Division, NIST

This page was last updated on November 8, 2023.