OSCAL Tools

The OSCAL models provide standardized formats for exchanging control, control implementation, and control assessment information in XML, JSON, and YAML. These formats allow this information to be exchanged between tools and for individual tools to process exchanged data, supporting analytics, user interaction, and increased automation.

Tools exist that support the use of the OSCAL models. These tools are listed below in the following categories:

• OSCAL Project provided tools and libraries
• Open Source Tools provided by 3rd parties

If you have produced a tool that supports the OSCAL formats that you would like to have listed on this page, please contact us.

Disclaimer

Certain products may be identified on this web page, but such identification doesn’t imply recommendation by the US National Institute of Standards and Technology or other agencies of the US Government, nor does it imply that the products identified are necessarily the best available for the purpose.

See the NIST Software Disclaimer for more information.

OSCAL Project: Open Source Tools and Libraries

• OSCAL Java Library: Provides a Java-based programming API for reading and writing content conformant to the OSCAL XML, JSON, and YAML based models. This library is kept up-to-date with the latest formats provided by the OSCAL project.
• XSLT Tooling: A variety of Extensible Stylesheet Language (XSL) Transformations (XSLT), Cascading Style Sheets (CSS), and related utilities for authoring, converting, and publishing OSCAL content in various forms.

Community: Open Source Tools and Libraries

• OSCALkit: Provides a GoLang SDK for OSCAL. Converts OSCAL XML -> JSON (and vice versa). Converts OpenControl projects into OSCAL.
• OSCAL GUI: A proof of concept GUI tool for interacting with OSCAL content based on OSCAL milestone 2.