Title | Speaker | Description | Timestamp |
---|---|---|---|
Conference Overview |
Michaela Iorga OSCAL Strategic Outreach Director, NIST |
Summarizing the timeline of the event | 25:39 |
Opening Remarks |
Andre Mendes CIO, DoC |
The advancements of the technology realm and how it relates to Cybersecurity and OSCAL | 28:51 |
OSCAL & A New Way of Doing Software in Federal |
Robert Wood CISO, Center for Medicare and Medicaid Services, HHS |
The culture of OSCAL and its innovative advancements to software development and security | 48:25 |
What is New in OSCAL |
Michaela Iorga OSCAL Strategic Outreach Director, NIST Alexander (A.J.) Stein OSCAL Technical Director (acting), NIST |
Highlighting the past and ongoing initiatives and projects within OSCAL, insights into OSCAL's Vision and Strategy, and a discussion on the community's future role with C3 | 1:15:40 |
CIS' Security Controls in OSCAL |
Phyllis Lee VP, Center of Internet Security |
Discovering the essential work of the CIS, gaining an overview of their critical security controls and how it functions, and learn how OSCAL is integrated to enhance security practices | 2:01:30 |
CSA CCM v4 in OSCAL |
Daniele Catteddu CTO, Cloud Security Alliance |
Exploring continuous governance through Cloud Control Metrics with the Cloud Security Alliance, covering the organization's functions and expertise, introducing the cloud control matrix and metrics, discussing the intersection of compliance and security. | 2:10:55 |
The Roadmap to CIS-CSA Control Mapping in OSCAL |
Chris Compton (Moderator) Senior IT Specialist, OSCAL Team, NIST Phyllis Lee VP, Center of Internet Security Daniele Catteddu CTO, Cloud Security Alliance |
A panel discussion around the OSCAL Mapping Model | 2:27:51 |
Integrate OSCAL with Other Supported Standards Using Metanorma |
Ronald Tse Founder & CEO, Ribose Inc. |
Introduction to Ribose Inc and Metanorma standardization with OSCAL | 2:47:04 |
Streamlining StateRAMP's Deliverables with OSCAL |
Kenny Scott Co-Founder & CEO, Paramify |
How OSCAL enhances the efficiency of State RAMP's Processes, the benefits and practical applications of integrating OSCAl for streamlined compliance and deliverables. | 3:13:55 |
From Artisanal to Industrial - Delivering Security at Scale |
Phil Venables CISO, Google Cloud |
How to think about scaling security program processes and how to move from the artisanal to the industrial | 4:32:42 |
Google's Internal OSCAL Adoption |
Vikram Khare Director, Cont. Assurance and Controls Engineer, Google Valentin Mihai Technical Lead, Cont. Assurance and Controls Engineer, Google |
Addressing the advancement of technology and Google towards continuous assurance, the adoption challenges and processes of aligning data using OSCAL | 5:03:42 |
OSCAL - The future of On Demand Assurance |
Chris (Rocky) Campione Sr. Manager, Security and Compliance US Regulated Industries, AWS |
Explore how OSCAL is shaping the future of assurances processes and its potential to provide real-time, on-demand security compliance verification, showcasing innovative applications and benefits of OSCAL's evolving framework. | 5:29:26 |
OSCAL Supporting Cloud Certification in the EU - MEDINA Project |
Dr. Jesus Luna Garcia Cybersecurity Governance, Technical Manager, Robert Bosch GmbH | EU-MEDINA Project |
Highlights how OSCAL is being utilized to support cloud certification efforts in the European Union through the MEDINA Project, detailing the framework's role in enhancing certification processes and promoting higher standards of cloud security and compliance. | 5:56:46 |
Collaborative Compliance Agile Authoring |
Anca Sailer Distinguished Engineer, IBM Research |
Learn about the innovative approaches to collaborative compliance, emphasizing agile authoring techniques that enhance efficiency and accuracy in compliance documentation. Observe practical examples and benefits of adopting these methods within an organization. | 6:26:26 |
OSCAL By-Component: Turtles, All the Way Down? |
Adam Brand Partner - Cybersecurity, KPMG |
Dive into the granular application of OSCAL by component, exploring the layered intricacies and the comprehensive nature of this approach. Learn the benefits of this detailed methodology, the system security plan model, and its impact on improving security and compliance frameworks. | 7:06:35 |
OSCAL Developers' Fireside Chat |
Alexander Stein (Moderator) OSCAL Technical Director (Acting), NIST Brian Ruf Director of Cybersecurity, Easy Dynamics Travis Howerton CTO, RegScale Stephanie Lacy Senior Solutions Architect, Telos Valinder Mangat Chief Innovation Officer, DTR Strategies |
A discussion panel with the representatives from the OSCAL based GRC tools. | 7:37:03 |
OSCAL in Practice - A Case Study for Kubernetes |
Robert Ficcaglia Chair, Kubernetes Policy Workgroup, Lead Assessor, CNCF Security Technical Advisory Group, CTO, SunStone Secure, LLC Francesco Beltramini Security Engineering Manager, ControlPlane |
Introducing the Kubernetes System, the process and creation of Kubernetes' threat models and its implementations with OSCAL Continuous Compliance Automation. | 8:22:55 |
Closing Remarks & Adjourn |
Matthew Scholl Chief, Computer Security Division, NIST |
Closing remarks from Matthew Scholl | 8:48:48 |
The National Institute of Standards and Technology (NIST) is co-hosting with the Department of Commerce on Tuesday, May 23rd, 2023, the fourth annual conference in the series focusing on the Open Security Controls Assessment Language (OSCAL). The conference will be in person at the Herbert C. Hoover Federal Building (HCHB) in Washington DC (see address) in Washington DC, and will be followed by a half-day educational workshop on May 24. The conference and the workshop are free to attend.
OSCAL is a standardized, flexible, open-source language that allows security controls and their associated implementations and assessment methods to be expressed in machine-readable formats and easy transformation to human-friendly representations.
OSCAL sets a standards-based foundation for the next generation of compliance processes and GRC tools by facilitating security automation, with a particular focus on the continuous authorization to operate (ATO) processes and continuous monitoring, and improved risk management, aiming to eliminate major challenges fueled by paper-based, human-driven security assessment process against multiple regulatory frameworks, especially in the context of complex, stacked systems.
The conference will highlight the latest development of NIST OSCAL models and will explore OSCAL-based automation of risk management, governance, and compliance processes and tools for different national and international regulatory frameworks. Our presenters, some of the most prestigious cybersecurity experts who share the same passion for new advancements in security automation, will share their innovative OSCAL-based solutions, demonstrating, in the process, OSCAL's international adoption.
Who should attend:
Format: In-person
When: May 24, 2023, 9:00 a.m. - 12:00 p.m. EDT
Where: Herbert C. Hoover Federal Building, 1401 Constitution Ave, NW, Washington, DC 20230
The OSCAL program and the conferences and workshops series are aligned with NIST’s mission of promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST works to maximize its impact and mission fulfillment by positioning itself to anticipate future technology trends and develop the most important measurements and standards products that are aligned with industry drivers and needs.
The OSCAL educational workshop, will provide attendees an opportunity to familiarize themselves with, and build skills in, the development and use of OSCAL. We encourage developers of control-oriented security tools and organizations that want to use or create OSCAL-based information, to register and attend the free workshop.
Starts: May 23, 2023 - 09:00 AM EDT
Ends: May 24, 2023 - 12:00 PM EDT
Format: In-person Type: Conference
Attendance Type: Open to public Technical POC: Dr. Michaela Iorga
Audience Type: Industry,Government,Academia,Other
Sponsors:
Herbert C. Hoover Federal Building 1401 Constitution Avenue NW Washington, DC 20230
Security and Privacy: assurance, continuous monitoring, modeling, security automation