OSCAL-Based React Library, REST API, and Editor

Begin your OSCAL journey with our open source projects today

What is OSCAL?

As government agencies and regulated industries evolve towards modern software development architectures and cloud environments, the current processes for documentation and assessment of security compliance must improve or will become an unsustainable bottleneck to delivering solutions.

NIST understands these challenges and has developed the Open Security Controls Assessment Language (OSCAL), a machine-readable language that allows security professionals to automate security assessment, auditing, and continuous monitoring processes, making systems’ authorization-to-operate processes and the overall risk management easier.

Our Contribution

Easy Dynamics has embraced, participated in, and contributed to this effort, and has now released a flexible modern, direct view into OSCAL data in the form of a React Component Library, a draft REST API specification for interacting with models, an implementation of that REST API, and an OSCAL Editor Docker image. All of these projects are designed to support NIST’s efforts to standardize how security controls can be captured and collaborated on across organizations.

We released these tools as open source projects to give back to the OSCAL community, provide non-technical IT decision-makers a way to interact with OSCAL, and promote the early adoption of emerging technologies for improving the entire compliance process.

Our Offering

OSCAL React Library and Web App

OSCAL React Library and Web App

A library of reusable React components that, when assembled, can render catalogs, profiles, components, and SSPs.

Follow on GitHub

The OSCAL React library will help to:

  • Provide options for UI developers to build a custom OSCAL viewer
  • Accelerate the development of user interfaces of a customized OSCAL viewer

OSCAL REST API

OSCAL REST API

A REST API that describes how systems might manipulate catalogs, profiles, components, and SSPs.

Follow on GitHub

The OSCAL REST API will help to:

  • Drive conversation around integrations and interaction with OSCAL models
  • Define relationships and scope of objects within systems

OSCAL Editor Docker Image

OSCAL Editor Docker Image

The OSCAL REST implementation and Web App bundled in a Docker image to enable editing of catalogs, profiles, components, and SSPs.

Follow on GitHub

The OSCAL Editor will help to:

  • View and edit OSCAL documents in a local folder using a UI
  • View and edit the raw source of OSCAL documents

OSCAL REST Service

OSCAL REST Service

A partial implementation of the OSCAL REST API that enables persistence against local files.

Follow on GitHub

The OSCAL REST Service will help to:

  • Enable REST requests to affect change in OCSAL JSON files in a local directory
  • Collaborate on OSCAL artifacts when that local directory is a Git repository

Changing Compliance Landscape

Take steps today to develop better insights and improve trust in your compliance practices

Read the White Paper

How Did We Get Here?

A long history of contributing to open standards and open source

Read the Blog

DevSecComp(liance)Ops

Our shift-left, Compliance as Code approach to compliance with OSCAL

Watch the Session

Looking Ahead

Our plans do not stop here. We are continuing the development on other OSCAL-related projects, primarily focused on the control and implementation of OSCAL layers, and hope to release more of those as open source projects in the future.

We encourage you to join us as active contributors in the OSCAL community and these open source projects to help with the successful adoption and implementation of OSCAL going forward.


Contact Us

 Are you looking to implement these technologies, or have questions? Send us a note.