Next Gen Risk Management
Starts Here

Community support for OSCAL-enabled applications

Learn More View Events
The layers of OSCAL: the assessment layer, comprised of plan of action and milestones, assessment results, and assessment plans; the implementation layer, comprised of the System Security Plan Model and the Component Model; and the Controls Layer, comprised of the Profile Model and the Catalog Model

About OSCAL.io

The Open Security Controls Assessment Language (OSCAL) was developed by the National Institute of Standards and Technology (NIST) to enable automation of risk management and compliance framework based on security controls and functional requirements, such as SOC 2, FedRAMP, ISO-27001, StateRAMP, CMMC, HIPAA, and PCI. OSCAL is an open machine-readable information exchange format that enables tools to interoperate.

OSCAL was released on June 10, 2021 and several vendors are OSCAL-enabling their tools. These tools can be enhanced by a common repository of OSCAL resources.

Learn More

OSCAL.io Goals

Community Hub

To provide community resources for OSCAL adopters and OSCAL-enabled tools

Automate Discovery

Provide an Application Programming Interface (API) for tools to automatically query for OSCAL resources

Promote Adoption

Enable new OSCAL adopters to get started

What to Expect

01

Upcoming OSCAL Events

Discover virtual and in-person events related to OSCAL, or add your organization's event.

02

OSCAL Communication Channels

Find out where your OSCAL colleagues are communicating with each other.

03

OSCAL Content Directory and Repository

Make your OSCAL catalogs, baselines (profiles) and component definitions available to all OSCAL tools.

04

OSCAL-Enabled Tools Directory

Find existing OSCAL-enabled tools or list your own.

Community Events

FedRAMP Rev 5 Continuous Monitoring

Virtual

The Rev 5 Continuous Monitoring Reporting Working Group is focused on the development of continuous monitoring reports, and how these reports for CSPs with FedRAMP Rev. 5 authorizations will be… See more

OSCAL Foundation: Technical Working Group

Virtual

The TWG advances the core technical mission of the foundation to develop, improve, and extend the OSCAL standard and the OSCAL ecosystem. The group may work on the development of… See more

FedRAMP Automating Assessments

Virtual

The focus of this working group will be on the development of industry standards and tools to automate assessment, reporting, and/or the enforcement of technical controls. The group may also… See more

OSCAL Foundation: Engagement Working Group

Virtual

Members may elect to participate in the Engagement Working Group. The group centralizes community efforts to identify and leverage opportunities for the Foundation to broaden the adoption of OSCAL. Meetings… See more

OSCAL Foundation: Technical Working Group

Virtual

The TWG advances the core technical mission of the foundation to develop, improve, and extend the OSCAL standard and the OSCAL ecosystem. The group may work on the development of… See more

NIST OSCAL Workshop Series

Virtual

The NIST OSCAL team is hosting a series of monthly mini workshops that aims to address topics of interest for our community and to open this forum for its members… See more

See More