Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

4th Annual OSCAL Conference and Workshop


 

Title Speaker Description Timestamp
Conference Overview

Michaela Iorga

OSCAL Strategic Outreach Director, NIST

Summarizing the timeline of the event 25:39
Opening Remarks

Andre Mendes

CIO, DoC

The advancements of the technology realm and how it relates to Cybersecurity and OSCAL 28:51
OSCAL & A New Way of Doing Software in Federal

Robert Wood

CISO, Center for Medicare and Medicaid Services, HHS

The culture of OSCAL and its innovative advancements to software development and security 48:25
What is New in OSCAL

Michaela Iorga 

OSCAL Strategic Outreach Director, NIST

Alexander (A.J.) Stein 

OSCAL Technical Director (acting), NIST

Highlighting the past and ongoing initiatives and projects within OSCAL, insights into OSCAL's Vision and Strategy, and a discussion on the community's future role with C3 1:15:40
CIS' Security Controls in OSCAL

Phyllis Lee 

VP, Center of Internet Security 

Discovering the essential work of the CIS, gaining an overview of their critical security controls and how it functions, and learn how OSCAL is integrated to enhance security practices 2:01:30
CSA CCM v4 in OSCAL

Daniele Catteddu 

CTO, Cloud Security Alliance

Exploring continuous governance through Cloud Control Metrics with the Cloud Security Alliance, covering the organization's functions and expertise, introducing the cloud control matrix and metrics, discussing the intersection of compliance and security. 2:10:55
The Roadmap to CIS-CSA Control Mapping in OSCAL

Chris Compton (Moderator)

Senior IT Specialist, OSCAL Team, NIST

Phyllis Lee

VP, Center of Internet Security 

Daniele Catteddu 

CTO, Cloud Security Alliance

A panel discussion around the OSCAL Mapping Model 2:27:51
Integrate OSCAL with Other Supported Standards Using Metanorma

Ronald Tse

Founder & CEO, Ribose Inc.

Introduction to Ribose Inc and Metanorma standardization with OSCAL 2:47:04
Streamlining StateRAMP's Deliverables with OSCAL

Kenny Scott

Co-Founder & CEO, Paramify

How OSCAL enhances the efficiency of State RAMP's Processes, the benefits and practical applications of integrating OSCAl for streamlined compliance and deliverables. 3:13:55
From Artisanal to Industrial - Delivering Security at Scale

Phil Venables

CISO, Google Cloud

How to think about scaling security program processes and how to move from the artisanal to the industrial 4:32:42
Google's Internal OSCAL Adoption

Vikram Khare

Director, Cont. Assurance and Controls Engineer, Google

Valentin Mihai

Technical Lead, Cont. Assurance and Controls Engineer, Google

Addressing the advancement of technology and Google towards continuous assurance, the adoption challenges and processes of aligning data using OSCAL 5:03:42
OSCAL - The future of On Demand Assurance

Chris (Rocky) Campione

Sr. Manager, Security and Compliance US Regulated Industries, AWS

Explore how OSCAL is shaping the future of assurances processes and its potential to provide real-time, on-demand security compliance verification, showcasing innovative applications and benefits of OSCAL's evolving framework. 5:29:26
OSCAL Supporting Cloud Certification in the EU - MEDINA Project

Dr. Jesus Luna Garcia Cybersecurity Governance, Technical Manager, Robert Bosch GmbH | EU-MEDINA Project

 Highlights how OSCAL is being utilized to support cloud certification efforts in the European Union through the MEDINA Project, detailing the framework's role in enhancing certification processes and promoting higher standards of cloud security and compliance. 5:56:46
Collaborative Compliance Agile Authoring

Anca Sailer

Distinguished Engineer, IBM Research

Learn about the innovative approaches to collaborative compliance, emphasizing agile authoring techniques that enhance efficiency and accuracy in compliance documentation. Observe practical examples and benefits of adopting these methods within an organization. 6:26:26
OSCAL By-Component: Turtles, All the Way Down?

Adam Brand

Partner - Cybersecurity, KPMG

Dive into the granular application of OSCAL by component, exploring the layered intricacies and the comprehensive nature of this approach. Learn the benefits of this detailed methodology, the system security plan model, and its impact on improving security and compliance frameworks. 7:06:35
OSCAL Developers' Fireside Chat

Alexander Stein (Moderator)

OSCAL Technical Director (Acting), NIST

Brian Ruf

Director of Cybersecurity, Easy Dynamics

Travis Howerton

CTO, RegScale

Stephanie Lacy

Senior Solutions Architect, Telos

Valinder Mangat

Chief Innovation Officer, DTR Strategies

A discussion panel with the representatives from the OSCAL based GRC tools. 7:37:03
OSCAL in Practice - A Case Study for Kubernetes

Robert Ficcaglia

Chair, Kubernetes Policy Workgroup, Lead Assessor, CNCF Security Technical Advisory Group, CTO, SunStone Secure, LLC

Francesco Beltramini

Security Engineering Manager, ControlPlane

Introducing the Kubernetes System, the process and creation of Kubernetes' threat models and its implementations with OSCAL Continuous Compliance Automation. 8:22:55
Closing Remarks & Adjourn

Matthew Scholl

Chief, Computer Security Division, NIST

Closing remarks from Matthew Scholl 8:48:48

 


The National Institute of Standards and Technology (NIST) is co-hosting with the Department of Commerce on Tuesday, May 23rd, 2023, the fourth annual conference in the series focusing on the Open Security Controls Assessment Language (OSCAL). The conference will be in person at the Herbert C. Hoover Federal Building (HCHB) in Washington DC (see address) in Washington DC, and will be followed by a half-day educational workshop on May 24. The conference and the workshop are free to attend.

OSCAL is a standardized, flexible, open-source language that allows security controls and their associated implementations and assessment methods to be expressed in machine-readable formats and easy transformation to human-friendly representations.

OSCAL sets a standards-based foundation for the next generation of compliance processes and GRC tools by facilitating security automation, with a particular focus on the continuous authorization to operate (ATO) processes and continuous monitoring, and improved risk management, aiming to eliminate major challenges fueled by paper-based, human-driven security assessment process against multiple regulatory frameworks, especially in the context of complex, stacked systems.

The conference will highlight the latest development of NIST OSCAL models and will explore OSCAL-based automation of risk management, governance, and compliance processes and tools for different national and international regulatory frameworks. Our presenters, some of the most prestigious cybersecurity experts who share the same passion for new advancements in security automation, will share their innovative OSCAL-based solutions, demonstrating, in the process, OSCAL's international adoption. 

Who should attend:

  • Leaders in digital transformation and security automation from the government, private, and academic sectors;
  • Vendors of security automation tools who are considering implementing OSCAL formats in their tools;
  • Participants in standard development organizations focusing on developing and publishing control catalogs and baselines;
  • System owners from the government, private, and academic sectors, who want to streamline the documentation of controls used in their information systems.

Speakers' BIOs

OSCAL Workshop

Format: In-person

When: May 24, 2023, 9:00 a.m. - 12:00 p.m. EDT

Where: Herbert C. Hoover Federal Building, 1401 Constitution Ave, NW, Washington, DC 20230

The OSCAL program and the conferences and workshops series are aligned with NIST’s mission of promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST works to maximize its impact and mission fulfillment by positioning itself to anticipate future technology trends and develop the most important measurements and standards products that are aligned with industry drivers and needs.

The OSCAL  educational workshop, will provide attendees an opportunity to familiarize themselves with, and build skills in, the development and use of OSCAL. We encourage developers of control-oriented security tools and organizations that want to use or create OSCAL-based information, to register and attend the free workshop.

 

Event Details

Starts: May 23, 2023 - 09:00 AM EDT
Ends: May 24, 2023 - 12:00 PM EDT

Format: In-person Type: Conference

Agenda Website

Attendance Type: Open to public
Audience Type: Industry,Government,Academia,Other
Sponsors:

Technical POC: Dr. Michaela Iorga

michaela.iorga@nist.gov



Location

Herbert C. Hoover Federal Building
1401 Constitution Avenue NW
Washington, DC 20230

Related Topics

Security and Privacy: assurance, continuous monitoring, modeling, security automation

Created March 24, 2023, Updated September 03, 2024