3rd Open Security Controls Assessment Language (OSCAL) Workshop
When March 1, 2022 thru March 2nd, 2022
Purpose The workshop will provide attendees an opportunity to familiarize themselves and build skills in the development and use of OSCAL. We encourage developers of control-oriented security tools, and organizations that want to use or create OSCAL-based information, to register and attend the workshop.
The following presentations are available from this workshop. Recordings are also provided where available. The full agenda is also available. The speakers' bios is available for review.
March 1, 2022:
Welcome, Introduction and Administrative issues [no slides] [video]
Matthew Scholl, Chief, Computer Security Division, NIST
Visionary Keynote [no slides] [video]
André Mendez, CIO, DoC
What is OSCAL and Who Needs It? [video]
Dr. Michaela Iorga, OSCAL Strategic Outreach Director, NIST
David Waltermire, OSCAL Technical Director, NIST
Zach Baldwin, Program Manager for Strategy, Innovation, and Technology, FedRAMP, GSA
Gary Gapinski, Security and XML Engineer, Flexion Inc.
Thomas Volpe Sr., CIO, VITG Inc.
Parallel Tracks
Track 1: OSCAL from Zero to Automation Hero [video]
Alexander (AJ) Stein, OSCAL team member, NIST
Dr. Wendell Piez, OSCAL team member, NIST
Track 2: Achieving Continuous Authorization to Operate (ATO) with OSCAL [video]
Jasson Walker, President, cFocus Software
Track 3: DevSecComp(liance)Ops with OSCAL [video]
Ray Gauss, Director of Innovation, Easy Dynamics
Track 4: OSCAL Tools: Open Source XSLT for OSCAL [video]
Dr. Wendell Piez, OSCAL team member, NIST
Track 5: Leveraged Authorizations to Operate [video]
Jasson Walker, President, cFocus Software
Track 6: Accelerating FedRAMP, FISMA and CMMC ATO’s with OSCAL [video]
Gaurav (GP) Pal, Principal/SME, StackArmorMartin Rieger, Chief Solutions Officer, StackArmor
Bloss@m - Security Assessment Automation with OSCAL [video]
Alexander (AJ) Stein, OSCAL team member, NIST
Nikita Wootten, OSCAL team member, NIST
NIST SP 800-53: Empowered by OSCAL [video]
Victoria Pillitteri, Group Manager, ITL/CSD, NIST
Automate the Transition to NIST SP 800-53 Rev. 5 with OSCAL [video]
Jasson Walker, President, cFocus Software
March 2, 2022:
Opening Remarks [no slides] [video]
Dr. Michaela Iorga, OSCAL Strategic Outreach Director, NIST
Exchange Protocol for Third Party Tool Integrations via OSCAL (IBM) [video]
Anca Sailer, SME, STSM, IBM Research
Vikas Agarwal, Ph.D., Senior Researcher, SME, IBM Research
Lou DeGenaro, Senior Engineer, IBM Research
Initial Experiences with OSCAL and Continuous Monitoring in the EU Cybersecurity Certification Scheme for Cloud Services [video]
Dr. Jesus Luna Garcia, Bosch, Germany
AWS and Implementation of OSCAL [video]
Matthew Donkin, SME, AWS
Douglas Boldt, Solutions Architect, AWS
Adopting OSCAL to Deliver the Latest NIST SP 800-53 Control Catalog to the CSAM Community [video]
Ramon Burks, CSS Assistant Director, DoJ/CSAM
Adam Oline, Technical Lead, CyberBalance, LLC, DoJ/CSAM
Parallel Tracks
Track 1: OSCAL Deep Diff Tool [video]
Nikita Wootten, OSCAL team member, NIST
Track 2: Ignyte Assurance Platform OSCAL Component Aggregation Techniques [video]
Max Aulakh, Managing Director, Ignyte Assurance Platform
Track 3: “TURBOTAX-STYLE” Authoring of OSCAL Files [video]
Valinder Mangat, CIO, DRT Strategies
Track 4: [Entertainment] [no slides] [no video]
Track 5: Continuous ATO Demonstration Using OSCAL with Automated Assessments and Risk Modeling [video]
J. Travis Howerton, Co-Founder and CTO, RegScale
Track 6: Getting a Head Start on Automating Your FedRAMP ATO Using OSCAL in Xacta360 [video]
Jet Ryan, XACTA Solutions Architect, Telos
Kubernetes Policy Result Standardization via OSCAL (IBM) [video]
Anca Sailer, SME, STSM, IBM Research
Jaya Ramanathan, Ph.D., Chief Security and Governance Architect, Red Hat
Jim Bugwadia, CEO, NirmataRobert Ficcaglia, CTO, SunStone Secure
Leading with OSCAL: The Crystallization of OSCAL-enabled Commercial Sector Use Case [video]
Adam Brand, Managing Director, KPMG
Thomas Nash, Director, KPMG
The Applicability of OSCAL for Healthcare [video]
Vikas Khosla, Chief Digital Health Officer, Intraprise Health
Continuous, Automated Compliance with OSCAL [video]
Conner Phillippi, Senior Compliance Solutions Manager, Product Manager, Secureframe
Apostolos Delis, Software Engineer, Secureframe
OSCAL Roadmap: From Strategy to Vision [video]
David Waltermire, OSCAL Technical Director, NIST
**Closing Remarks and Adjourn [no slides] [video]
Matthew Scholl, Chief, Computer Security Division, NIST