OSCAL Monthly Workshop Series - Event #33: OSCAL-based AI-augmented CISO Agent

This OSCAL Monthly Workshop presented by our OSCAL adaptors from IBM, focuses on leveraging OSCAL (Open Security Controls Assessment Language) to enhance compliance automation, particularly in AI-driven environments. This workshop detailed a five-year journey applying OSCAL for compliance management, covering its use in defining and enforcing security requirements across various domains, including infrastructure, data, AI, and applications. Emphasizing the integration of compliance as code with policy enforcement tools, such as Ansible and Kyverno, to automate and validate compliance checks. Introducing the concept of Compliance-to-Policy (C2P), C2P bridges OSCAL-defined controls with policy validation tools. This workshop also highlighted the potential for Gen-AI and Large Language Models (LLMs) to automate the generation of policy code, simplifying the traditionally human-intensive task of policy creation.