Skip to main content

4th Open Security Controls Assessment Language (OSCAL) Workshop

When May 23rd, 2023

Purpose The conference will highlight the latest development of NIST OSCAL models and will explore OSCAL-based automation of risk management, governance, and compliance processes and tools for different national and international regulatory frameworks. Our presenters, some of the most prestigious cybersecurity experts who share the same passion for new advancements in security automation, will share their innovative OSCAL-based solutions, demonstrating, in the process, OSCAL's international adoption.

The following presentations are available from this workshop. Recordings are also provided where available. The full agenda is also available. The speakers' bios is available for review.

Conference Speaker Timestamps:

  • Welcome & Conference Overview [video]

    • Dr. Michaela Iorga, OSCAL Strategic Outreach Director, NIST
  • Opening Remarks [video]

    • Andre Mendes, CIO, DoC
  • OSCAL & A New Way of Doing Software in Federal [video]

    • Robert Wood, CISO, Center for Medicare and Medicaid Services, HHS
  • What is New in OSCAL [video]

    • Dr. Michaela Iorga, OSCAL Strategic Outreach Director, NIST
    • Alexander (A.J) Stein, OSCAL Technical Director (Acting), NIST
  • CIS' Security Controls in OSCAL [video]

    • Phyllis Lee, VP, Center of Internet Security
  • CSA CCM v4 in OSCAL [video]

    • Daniele Catteddu, CTO, Cloud Security Alliance
  • The Roadmap to CIS-CSA Control Mapping in OSCAL [video]

    • Chris Compton (Moderator). Senior IT Specialist, OSCAl Team, NIST
    • Phyllis Lee, VP, Center of Internet Security
    • Daniele Catteddu, CTO, Cloud Security Alliance
  • Integrate OSCAL with Other Supported Standards Using Metanorma [video]

    • Ronald Tse, Founder & CEO, Ribose Inc.
  • Streamlining StateRAMP's Deliverables with OSCAL [video]

    • Kenny Scott, Co-Founder & CEO, Paramify
  • From Artisanal to Industrial - Delivering Security at Scale [video]

    • Phil Venables, CISO, Google Cloud
  • Google's Internal OSCAL Adoption [video]

    • Vikram Khare, Director, Cont. Assurance and Controls Engineer, Google
    • Valentin Mihai, Technical Lead, Cont. Assurance and Controls Engineer, Google
  • OSCAL - The future of On Demand Assurance [video]

    • Chris (Rocky) Campione, Sr. Manager, Security and Compliance US Regulated Industries, AWS
  • OSCAL Supporting Cloud Certification in the EU - MEDINA Project [video]

    • Dr. Jesus Luna Garcia Cybersecurity Governance, Technical Manager, Robert Bosch GmbH | EU-MEDINA Project
  • Collaborative Compliance Agile Authoring [video]

    • Anca Sailer, Distinguished Engineer, IBM Research
  • OSCAL By-Component: Turtles, All the Way Down? [video]

    • Adam Brand, Partner - Cybersecurity, KPMG
  • OSCAL Developers' Fireside Chat [video]

    • Alexander Stein (Moderator). OSCAL Technical Director (Acting), NIST
    • Brian Ruf, Director of Cybersecurity, Easy Dynamics
    • Travis Howerton, CTO, RegScale
    • Stephanie Lacy, Senior Solutions Architect, Telos
    • Valinder Mangat, Chief Innovation Officer, DTR Strategies
  • OSCAL in Practice - A Case Study for Kubernetes [video]

    • Robert Ficcaglia, Chair, Kubernetes Policy Workgroup, Lead Assessor, CNCF Security Technical Advisory Group, CTO, SunStone Secure, LLC
    • Francesco Beltramini, Security Engineering Manager, ControlPlane
  • Closing Remarks & Adjourn [video]

    • Matthew Scholl, Chief, Computer Security Division, NIST

This page was last updated on November 5, 2024.