The OSCAL models provide standardized formats for exchanging control, control implementation, and control assessment information in XML, JSON, and YAML. These formats allow this information to be exchanged between tools and for individual tools to process exchanged data, supporting analytics, user interaction, and increased automation.
Tools exist that support the use of the OSCAL models. These tools are listed below in the following categories:
- OSCAL Project provided tools and libraries
- Open Source Tools provided by 3rd parties
If you have produced a tool that supports the OSCAL formats that you would like to have listed on this page, please contact us.
Certain products may be identified on this web page, but such identification doesn’t imply recommendation by the US National Institute of Standards and Technology or other agencies of the US Government, nor does it imply that the products identified are necessarily the best available for the purpose.
See the NIST Software Disclaimer for more information.
OSCAL Tools and Libraries
|Compliance trestle||IBM||A python SDK and command line tool which manipulates OSCAL structures and supports transformation of data into OSCAL.||open source|
|OSCAL Java Library||NIST OSCAL Project||A Java-based programming API for reading and writing content conformant to the OSCAL XML, JSON, and YAML based models.||open source|
|OSCAL React Component Library||Easy Dynamics||A library of reusable React components and an example user interface application that provides a direct UI into OSCAL.||open source|
|OSCAL REST API||Easy Dynamics||An initial OpenAPI definition of an OSCAL REST API that describes how systems might manipulate catalogs, profiles, components, and SSPs.||open source|
|XSLT Tooling||NIST OSCAL Project||A variety of Extensible Stylesheet Language (XSL) Transformations (XSLT), Cascading Style Sheets (CSS), and related utilities for authoring, converting, and publishing OSCAL content in various forms.||open source|
|XML Jelly Sandwich||Wendell Piez (NIST)||Interactive XSLT in the browser includes OSCAL demonstrations.||open source|
|Xacta 360||Telos||Xacta 360 is a cyber risk management and compliance analytics platform that enables users to create and submit FedRAMP system security plans (SSPs) in OSCAL format. Future OSCAL capabilities are forthcoming as the standard evolves.||license|
|Atlasity: Continuous Compliance Automation||C2 Labs||Atlasity CE (release 2.0) runs in any environment and supports the development of OSCAL v1.0 content for Catalogs, Profiles, System Security Plans and Components. Additional detail can be found in this blog post: Atlasity Delivers Free Tools to Create OSCAL Content.||community edition|