Next Gen Risk Management
Starts Here

Community support for OSCAL-enabled applications

Learn More View Events
The layers of OSCAL: the assessment layer, comprised of plan of action and milestones, assessment results, and assessment plans; the implementation layer, comprised of the System Security Plan Model and the Component Model; and the Controls Layer, comprised of the Profile Model and the Catalog Model

About OSCAL.io

The Open Security Controls Assessment Language (OSCAL) was developed by the National Institute of Standards and Technology (NIST) to enable automation of risk management and compliance framework based on security controls and functional requirements, such as SOC 2, FedRAMP, ISO-27001, StateRAMP, CMMC, HIPAA, and PCI. OSCAL is an open machine-readable information exchange format that enables tools to interoperate.

OSCAL was released on June 10, 2021 and several vendors are OSCAL-enabling their tools. These tools can be enhanced by a common repository of OSCAL resources.

Learn More

OSCAL.io Goals

Community Hub

To provide community resources for OSCAL adopters and OSCAL-enabled tools

Automate Discovery

Provide an Application Programming Interface (API) for tools to automatically query for OSCAL resources

Promote Adoption

Enable new OSCAL adopters to get started

What to Expect

01

Upcoming OSCAL Events

Discover virtual and in-person events related to OSCAL, or add your organization's event.

02

OSCAL Communication Channels

Find out where your OSCAL colleagues are communicating with each other.

03

OSCAL Content Directory and Repository

Make your OSCAL catalogs, baselines (profiles) and component definitions available to all OSCAL tools.

04

OSCAL-Enabled Tools Directory

Find existing OSCAL-enabled tools or list your own.

Community Events