Mirage News
Mirage News
Technology
 Date Time

NIST has developed Open Security Controls Assessment Language

NIST has developed the Open Security Controls Assessment Language, which is a multi-format framework that allows security professionals to automate security assessment, auditing, and continuous monitoring processes, making systems' authorization-to-operate processes and the overall risk management easier. Today, security professionals are faced with several challenges that are resource intensive such as systems' complexity, paper-based assessment processes that do not scale well or proprietary automation solutions that are not interoperable and overlapping standards and regulatory frameworks.

The development of OSCAL sets the foundation for system security automation, which supports the risk management process and simultaneously supports a full spectrum of roles involved in this process, ranging from security professionals to policy authors. This first official, major release of OSCAL, readily available for download here, provides a stable OSCAL 1.0.0 for wide-scale implementation. The OSCAL 1.0.0 reveal is a major achievement for the OSCAL project and for the earlier adopters and implementers of security automation with OSCAL.

With the release of OSCAL 1.0.0, NIST also makes available the NIST OSCAL specification generated dynamically on the OSCAL website, and the SP 800-53, SP 800-53A and baselines, Rev. 4 and Rev. 5 in OSCAL. In response, a growing number of commercial and free community tools and services have come into existence or are under development.

OSCAL 1.0.0, the product of OSCAL community collaboration under NIST's leadership in collaboration with GSA/FedRAMP, was created from community feedback to serve international constituents. The updates included with OSCAL 1.0.0 comprises stable versions of the following:

  • Catalog and Profile models
  • Component definition model
  • System Security Plan
  • Assessment plan
  • Assessment results
  • Plan of Action & Milestones

The sectors that will see some of the greatest improvement because of OSCAL 1.0.0 are agencies, cloud service providers, and third-party assessment organizations.

As always, the NIST OSCAL team is appreciative of all the insightful feedback received to date.

/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.
Tags: , , , , , , , , ,

You might also like

Hidden Urban Wildlife: Our City-Dwelling Neighbors
The Perfect Pet Debate: Dogs vs. Cats
Animal Communication: How They Talk with Each Other
Yummy Fruits & Veggies That Didn't Exist in Nature
Emotional AI: The Science of Teaching Machines to Feel
Startup Culture: Revolutionary Work Ethic or Burnout Factory?