Charting the Course for NIST OSCAL: NIST CSWP 53 is Available for Public Comment
December 02, 2025

The initial public draft of NIST Cybersecurity White Paper (CSWP) 53, Charting the Course for NIST OSCAL, is available for public comment. This paper introduces the Open Security Controls Assessment Language (OSCAL) — an open-source, machine-readable language that standardizes security documentation for better monitoring and risk management.

OSCAL was developed to modernize manual, paper-based cybersecurity compliance through automated, scalable processes and continuous assessments. This draft describes OSCAL’s layered architecture, its growing global adoption, and its future integration with emerging technologies (e.g., digital twins, agentic AI) for autonomous risk reasoning and continuous assurance.

The public comment period is open through January 13, 2026. See the publication details for a copy of the draft and instructions for submitting comments.