Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Open Security Controls Assessment Language OSCAL

Open Security Controls Assessment Language (OSCAL) Educational Workshop 101 Series

The National Institute of Standards and Technology is hosting a series of monthly educational workshops focused on the Open Security Controls Assessment Language (OSCAL).

The purpose of these workshops is to improve OSCAL adoption by expanding the OSCAL community of interest (COI) through the onboarding of members who have no previous knowledge of OSCAL.

Setting the foundation for security automation, with a particular focus on the continuous authorization to operate (ATO) processes and continuous monitoring, OSCAL provides machine-readable representations of control catalogs, control baselines or profiles, system security plans, assessment plans, assessment results, and plan of actions and milestones, in a set of formats expressed in XML, JSON, and YAML.

The educational workshops will be virtual or in-person, and will provide one of the following topics:

  • An overview of OSCAL models and alignment with NIST RMF
  • An understanding of the OSCAL models
  • Basic knowledge for new OSCAL developers

In addition to presenting one of the topics listed above, the host will facilitate an open dialog with the participants, and, when applicable, demo the concepts. 

The NIST OSCAL team is committed to hosting those workshops monthly, on the third Tuesday of each month, 11:00 AM - 12:00 PM ET, except for the months of May and December 2023. A detailed schedule is provided below.

How to join the workshop:

Meeting URL


2023 Planned Sessions:
Date Topic Presenter Format


11:00am-12:00pm EST

What is OSCAL and Who Can Use It Michaela Iorga, NIST




11:00am-12:00pm EDT

The Anatomy of OSCAL Models - Where to Start? The Catalog Layer

(presentation part1 & part2)

Michaela Iorga, NIST

Robert Sherwood, Credentive Security



11:00am-12:00pm EDT

The Anatomy of OSCAL Implementation Layer Michaela Iorga, NIST virtual


11:00am-12:00pm EDT

The Anatomy of OSCAL Assessment Layer Michaela Iorga, NIST virtual


Created April 24, 2018, Updated July 10, 2024