Skip to main content

This website and its code are not currently under active development: read more details here.

U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Take Control OSCAL Tools

Software for the Open Security Controls Assessment Language (OSCAL)

Demonstrations, project documentation and links from the NIST (ITL/CSD) OSCAL Team

Learn More

Tools supporting OSCAL processing.

NIST, in collaboration with industry, is developing the Open Security Controls Assessment Language (OSCAL). OSCAL is a set of formats expressed in XML, JSON, and YAML. These formats provide machine-readable representations of control catalogs, control baselines and overlays, system security plans, and assessment plans and results.

This site documents and presents some of the OSCAL tooling developed by NIST project members and released for public use, testing and emulation. Source code for projects and demonstrations described here is maintained (and can be examined, cloned or copied) in the public Github repository.

For more tools produced by OSCAL community members including independent developers, vendors, and user groups, see the OSCAL Tools listing on the main OSCAL site.

This page was last updated on March 16, 2023.