NIST OSCAL Virtual Escape Room
View the project on GitHub.
If you would like to skip the introduction and go straight to playing the game, please enter: HERE.
In a digital world defined by rapid cloud adoption, intricate system dependencies, and evolving threats, the traditional paper-based and proprietary methods of cybersecurity compliance methods no longer scale effectively. For over two decades, cybersecurity professionals have dedicated themselves to safeguarding critical systems. Their efforts, while earnest and diligent, were often burdened by paper-based documentation, manual assessments, and proprietary tools that limits security data portability. As systems evolved, especially with the rise of cloud solutions, the complexity of their work increased significantly. As systems grow more complex and cloud services became intricate, these limitations turned into mission-critical bottlenecks. Security teams found themselves drowning in scattered documents, struggling to understand control inheritance and interdependencies in modern hybrid environments. Today, understanding interdependencies, control inheritance, and risk mitigation across layered systems is a monumental task.
To address these challenges, NIST with industry partners developed an open-source, machine-readable language designed to digitize security information and support dynamic risk management. This solution supports faster, less costly, and more accurate continuous assessment and monitoring of critical systems. Known as Open Security Controls Assessment Language (OSCAL), this language meets the urgent need for standardized, machine-readable documentation and portable, automated compliance processes. Developed with flexibility and operational excellence at its core, OSCAL started as a federal-focused project but quickly grew into a global initiative. It enables the shift from manual to machine-driven, continuous assessments not only for security postures, but across a broad range of compliance domains. OSCAL's rapid international adoption includes collaborations with organizations from the information technology industry, spanning across multiple vertical markets include the international government, public sectors, financial services, demonstrating a broad appeal and effectiveness. Its diverse use cases in privacy, safety, and accessibility across diverse regulatory frameworks and industry verticals highlights OSCAL's groundbreaking role in advancing proactive system resilience assessments.
Game Creators
(in alphabetical order):
- Dr. Michaela Iorga,
- Marilyn Nguyen,
- Ned Goren,
- Selena Xiao.
Enter the game:
If you are interested in playing the game, please enter: HERE.