4th Open Security Controls Assessment Language (OSCAL) Workshop
When May 23rd, 2023
Purpose The conference will highlight the latest development of NIST OSCAL models and will explore OSCAL-based automation of risk management, governance, and compliance processes and tools for different national and international regulatory frameworks. Our presenters, some of the most prestigious cybersecurity experts who share the same passion for new advancements in security automation, will share their innovative OSCAL-based solutions, demonstrating, in the process, OSCAL's international adoption.
The following presentations are available from this workshop. Recordings are also provided where available. The full agenda is also available. The speakers' bios is available for review.
Conference Speaker Timestamps:
Welcome & Conference Overview [video]
- Dr. Michaela Iorga, OSCAL Strategic Outreach Director, NIST
Opening Remarks [video]
- Andre Mendes, CIO, DoC
OSCAL & A New Way of Doing Software in Federal [video]
- Robert Wood, CISO, Center for Medicare and Medicaid Services, HHS
What is New in OSCAL [video]
- Dr. Michaela Iorga, OSCAL Strategic Outreach Director, NIST
- Alexander (A.J) Stein, OSCAL Technical Director (Acting), NIST
CIS' Security Controls in OSCAL [video]
- Phyllis Lee, VP, Center of Internet Security
CSA CCM v4 in OSCAL [video]
- Daniele Catteddu, CTO, Cloud Security Alliance
The Roadmap to CIS-CSA Control Mapping in OSCAL [video]
- Chris Compton (Moderator). Senior IT Specialist, OSCAl Team, NIST
- Phyllis Lee, VP, Center of Internet Security
- Daniele Catteddu, CTO, Cloud Security Alliance
Integrate OSCAL with Other Supported Standards Using Metanorma [video]
- Ronald Tse, Founder & CEO, Ribose Inc.
Streamlining StateRAMP's Deliverables with OSCAL [video]
- Kenny Scott, Co-Founder & CEO, Paramify
From Artisanal to Industrial - Delivering Security at Scale [video]
- Phil Venables, CISO, Google Cloud
Google's Internal OSCAL Adoption [video]
- Vikram Khare, Director, Cont. Assurance and Controls Engineer, Google
- Valentin Mihai, Technical Lead, Cont. Assurance and Controls Engineer, Google
OSCAL - The future of On Demand Assurance [video]
- Chris (Rocky) Campione, Sr. Manager, Security and Compliance US Regulated Industries, AWS
OSCAL Supporting Cloud Certification in the EU - MEDINA Project [video]
- Dr. Jesus Luna Garcia Cybersecurity Governance, Technical Manager, Robert Bosch GmbH | EU-MEDINA Project
Collaborative Compliance Agile Authoring [video]
- Anca Sailer, Distinguished Engineer, IBM Research
OSCAL By-Component: Turtles, All the Way Down? [video]
- Adam Brand, Partner - Cybersecurity, KPMG
OSCAL Developers' Fireside Chat [video]
- Alexander Stein (Moderator). OSCAL Technical Director (Acting), NIST
- Brian Ruf, Director of Cybersecurity, Easy Dynamics
- Travis Howerton, CTO, RegScale
- Stephanie Lacy, Senior Solutions Architect, Telos
- Valinder Mangat, Chief Innovation Officer, DTR Strategies
OSCAL in Practice - A Case Study for Kubernetes [video]
- Robert Ficcaglia, Chair, Kubernetes Policy Workgroup, Lead Assessor, CNCF Security Technical Advisory Group, CTO, SunStone Secure, LLC
- Francesco Beltramini, Security Engineering Manager, ControlPlane
Closing Remarks & Adjourn [video]
- Matthew Scholl, Chief, Computer Security Division, NIST