Why We’re Excited About OSCAL.
The Open Security Controls Assessment Language (OSCAL), developed by NIST, is a set of formats expressed in XML, JSON, and YAML. These formats provide machine-readable representations of control catalogues, control baselines, system security plans, and assessment plans and results. OSCAL transitions the legacy approach to security plan generation and management (Word and Excel documents) to a data-centric approach based on common data standards such as XML/JSON which are more suited for automation.
RegScale brings compliance into the modern era through digitization and automation in order to increase scalability while lowering risk, cost, time, and labor. The platform helps organizations move from a manual compliance process to an API-centric, automated approach while keeping compliance documentation continuously up to date. The collaborative capabilities of the platform allow all stakeholders and data owners in the compliance process to work together across platforms to fulfill reporting requirements more quickly and accurately.
How RegScale Leverages OSCAL to Deliver Compliance Automation
RegScale is an early adopter and advocate of the OSCAL standard, released by NIST in 2021. Our platform is purpose-built for security and compliance automation and we view OSCAL as a standards-based foundation for developing our technology and other automation solutions in the future.
RegScale provides tools for creating OSCAL content included in our free Community Edition (CE). Our platform currently includes support and tools to develop OSCAL content for Catalogues, Profiles, System Security Plans (SSPs), Components, Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POAMs).
As we talk to our customers and other compliance professionals, they are excited about the potential for OSCAL but don't know where to begin. To help eliminate this friction, RegScale provides an intuitive Graphical User Interface (GUI) to build artifacts using our wizards and then easily export them as valid OSCAL.
“We are in the very early days of seeing what OSCAL will ultimately become, but the possibilities are endless. We hope that the tools we provide will accelerate our customers OSCAL journey and provide immediate and tangible value to their security automation and continuous compliance programs.”
- Travis Howerton, co-founder and CTO, RegScale.
Want to become a partner?
Join our ecosystem of partners to make the world a safer place through compliance. No
contribution is too small and together, we can all make a difference and reimagine a better
world where compliance is cheaper, easier, and more effective