This is a potential security issue, you are being redirected to https://csrc.nist.gov.
NIST is pleased to announce the release of OSCAL 1.0.0 Milestone 3. This is the third official milestone pre-release of OSCAL and marks the last pre-release milestone for OSCAL v1. At this point we have drafts of all the models we intended to produce for OSCAL v1 and will now start working towards producing a full initial release of OSCAL v1, which will be v1.0.0.
This release contains:
To download this release, click on "Assets" on our OSCAL release page, and download either the .zip or the .tar.bz2 bundle. These bundles contain the resources described above. There are also release notes containing a summary of changes in this and previous releases.
The OSCAL team will continue the development of OSCAL focusing our full attention on providing a more complete set of documentation for all the OSCAL layers and models, creating more examples, and providing a diverse set of tutorials. We will continue to collect feedback from the community on the OSCAL models. We are also seeking tool developers, vendors, and service providers that would like to implement the OSCAL models in commercial and open source offerings. To provide feedback, to ask questions, or to let us know about an OSCAL implementation you are working on, please email the NIST OSCAL team at firstname.lastname@example.org. You can also post publicly to the OSCAL development list: email@example.com.
Also, the FedRAMP PMO has released a blog and a short video that discusses high-level OSCAL goals, applications, and how to use the FedRAMP OSCAL SSP template and other resources. It is important to note that the FedRAMP’s OSCAL SSP Template and Guidance are based of the previous milestone release of OSCAL, Milestone 2 while NIST’s latest OSCAL release is Milestone 3.
Please find instructions for joining the OSCAL development and update lists on our contacts page.
Security and Privacy: assurance, audit & accountability, controls assessment, risk assessment, security automation, system authorization, systems security engineering
Technologies: cloud & virtualization