U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

4th Annual OSCAL Conference and Workshop

OSCAL hero graphic

The National Institute of Standards and Technology (NIST) is co-hosting with the Department of Commerce on Tuesday, May 23rd, 2023, the fourth annual conference in the series focusing on the Open Security Controls Assessment Language (OSCAL). The conference will be in person at the Herbert C. Hoover Federal Building (HCHB) in Washington DC (see address) in Washington DC, and will be followed by a half-day educational workshop on May 24. The conference and the workshop are free to attend.

OSCAL is a standardized, flexible, open-source language that allows security controls and their associated implementations and assessment methods to be expressed in machine-readable formats and easy transformation to human-friendly representations.

OSCAL sets a standards-based foundation for the next generation of compliance processes and GRC tools by facilitating security automation, with a particular focus on the continuous authorization to operate (ATO) processes and continuous monitoring, and improved risk management, aiming to eliminate major challenges fueled by paper-based, human-driven security assessment process against multiple regulatory frameworks, especially in the context of complex, stacked systems.

The conference will highlight the latest development of NIST OSCAL models and will explore OSCAL-based automation of risk management, governance, and compliance processes and tools for different national and international regulatory frameworks. Our presenters, some of the most prestigious cybersecurity experts who share the same passion for new advancements in security automation, will share their innovative OSCAL-based solutions, demonstrating, in the process, OSCAL's international adoption. 

Who should attend:

  • Leaders in digital transformation and security automation from the government, private, and academic sectors;
  • Vendors of security automation tools who are considering implementing OSCAL formats in their tools;
  • Participants in standard development organizations focusing on developing and publishing control catalogs and baselines;
  • System owners from the government, private, and academic sectors, who want to streamline the documentation of controls used in their information systems.

Speakers' BIOs

OSCAL Workshop

Format: In-person

When: May 24, 2023, 9:00 a.m. - 12:00 p.m. EDT

Where: Herbert C. Hoover Federal Building, 1401 Constitution Ave, NW, Washington, DC 20230

The OSCAL program and the conferences and workshops series are aligned with NIST’s mission of promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST works to maximize its impact and mission fulfillment by positioning itself to anticipate future technology trends and develop the most important measurements and standards products that are aligned with industry drivers and needs.

The OSCAL  educational workshop, will provide attendees an opportunity to familiarize themselves with, and build skills in, the development and use of OSCAL. We encourage developers of control-oriented security tools and organizations that want to use or create OSCAL-based information, to register and attend the free workshop.


Event Details

Starts: May 23, 2023 - 09:00 AM EDT
Ends: May 24, 2023 - 12:00 PM EDT

Format: In-person Type: Conference

Agenda Website

Attendance Type: Open to public
Audience Type: Industry,Government,Academia,Other

Technical POC: Dr. Michaela Iorga



Herbert C. Hoover Federal Building
1401 Constitution Avenue NW
Washington, DC 20230

Created March 24, 2023, Updated May 22, 2023