The National Institute of Standards and Technology (NIST) released Open Security Controls Assessment Language (OSCAL) 1.0.0 Milestone 3, a key step toward finalizing the full initial release of OSCAL v1.
OSCAL is a part of NIST’s and FedRAMP’s efforts to automate and streamline the authorization process. The latest OSCAL milestone features a new component definition model that defines each of the controls supported by specific technology or processes. Milestone 3 also includes draft models of OSCAL assessments and plan of action and milestones that were originally slated to be released in OSCAL v2.
OSCAL Milestone 3 features content in XML, JSON, and YAML for draft NIST Special Publication 800-53 revision 5, 800-53 revision 4, and several NIST and FedRAMP baselines.
“The OSCAL team will continue the development of OSCAL focusing our full attention on providing a more complete set of documentation for all the OSCAL layers and models, creating more examples, and providing a diverse set of tutorials,” the OSCAL team wrote. “We will continue to collect feedback from the community on the OSCAL models.”
NIST previously released OSCAL Milestone 2 for comment in December 2019. Based on Milestone 2 feedback, NIST updated the OSCAL catalog, profile, and system security plan to be more stable. The latest version also includes the ability to “up convert” content from Milestone 2 to Milestone 3.