NIST’s held their 3rd Open Security Controls Assessment Language (OSCAL) Workshop earlier this month, and it was abundantly clear from the content and participation that the OSCAL standard and community has gained momentum and has a real opportunity to revolutionize the entire security and privacy compliance assessment and authorization space.
Easy Dynamics has been supporting OSCAL for some time and we were fortunate enough to be able present at the conference where we focused on promoting the developer’s perspective of OSCAL. Our vision is that a DevSecComp(liance)Ops culture and mentality is needed for a shift-left of compliance documentation and consideration for the assessment process earlier in the development lifecycle, involving engineers and developers, enabled through OSCAL and related tools.
In addition to our current OSCAL open source projects, we also announced the addition of two more projects to our offerings:
- OSCAL REST Service – New!
- A partial implementation of the previous OSCAL REST API definition that enables persistence against local files
- OSCAL Editor Docker Image – New!
- The OSCAL REST implementation and the previous OSCAL React Web App bundled in a Docker image to enable editing of catalogs, profiles, components, and SSPs.
The OSCAL Editor in particular enables team members to contribute incremental updates to artifacts like SSPs using familiar development tools and lifecycles.
Watch our presentation below to learn more!