The National Institute of Standards and Technology is hosting a series of monthly educational workshops focused on the Open Security Controls Assessment Language (OSCAL).
The purpose of these workshops is to improve OSCAL adoption by expanding the OSCAL community of interest (COI) through the onboarding of members who have no previous knowledge of OSCAL.
Setting the foundation for security automation, with a particular focus on the continuous authorization to operate (ATO) processes and continuous monitoring, OSCAL provides machine-readable representations of control catalogs, control baselines or profiles, system security plans, assessment plans, assessment results, and plan of actions and milestones, in a set of formats expressed in XML, JSON, and YAML.
The educational workshops will be virtual or in-person, and will provide one of the following topics:
In addition to presenting one of the topics listed above, the host will facilitate an open dialog with the participants, and, when applicable, demo the concepts.
The NIST OSCAL team is committed to hosting those workshops monthly, on the third Tuesday of each month, 11:00 AM - 12:00 PM ET, except for the months of May and December 2023. A detailed schedule is provided below.
2023 Planned Sessions:
Date | Topic | Presenter | Format |
---|---|---|---|
2023.02.21 11:00am-12:00pm EST |
What is OSCAL and Who Can Use It? | Michaela Iorga, NIST |
virtual
|
2023.03.21 11:00am-12:00pm EDT |
The Anatomy of OSCAL Models - Where to Start? The Catalog Layer |
Michaela Iorga, NIST Robert Sherwood, Credentive Security |
virtual |
2023.04.18 11:00am-12:00pm EDT |
The Anatomy of OSCAL Implementation Layer | Michaela Iorga, NIST | virtual |
2023.06.20 11:00am-12:00pm EDT |
The Anatomy of OSCAL Assessment Layer | Michaela Iorga, NIST | virtual |
Security and Privacy: assurance, audit & accountability, controls assessment, risk assessment, security automation, system authorization, systems security engineering
Technologies: cloud & virtualization