January 13, 2022 - NIST will be hosting on Tuesday, March 1st, and Wednesday, March 2nd, 2022, the third workshop in the series focusing on the Open Security Controls Assessment Language (OSCAL).

OSCAL is a set of formats expressed in XML, JSON, and YAML. These formats provide machine-readable representations of control catalogs, control baselines, system security plans, and assessment plans and results. OSCAL sets the foundation for security automation, with particular focus on the continuous authorization to operate (ATO) processes and continuous monitoring.

Day one of the workshop will highlight OSCAL 1.0.0 layers and models, with the goal to familiarize the audience with the OSCAL architecture, formats, how these models can be used to support security assessment automation, continuous monitoring, continuous ATO and development, security and operations (DevSecOps). Additionally, the audience will be introduced to the NIST SP 800-53 (Rev4 and Rev5) catalogs, assessment objectives, and associated baselines in OSCAL.

Day two of the workshop will explore OSCAL-based automation solutions, starting with the Federal Risk and Authorization Management Program (FedRAMP) Program Management Office’s (PMO) efforts to digitalize authorization packages submitted in OSCAL, will present FedRAMP’s updated OSCAL resources that include a comprehensive set of guides for additional deliverables.

Registration for the virtual workshop is here.