Explore the NIST Open Security Controls Assessment Language (OSCAL) project in this 43-minute conference talk from RSA Conference. Discover how OSCAL simplifies security automation by standardizing control, implementation, and assessment information using an open, machine-readable format. Learn to leverage automation for securing systems against multiple standards, understand OSCAL's design and applications, and find out how to contribute to this emerging standard. Delve into the OSCAL Catalog Model, Profile Model, and Implementation Model, and grasp their significance in addressing the complexities of various security standards like COBIT, ISO/IEC 27001, NIST 800.53, and PCI. Gain insights from experts Anil Karmel and David Waltermire on overcoming major challenges in security controls assessment and implementing OSCAL effectively in your organization.
Security Automation Simplified via NIST OSCAL - We’re Not in Kansas Anymore
Overview
Syllabus
Intro
Major challenges in security controls assessment
What is OSCAL?
OSCAL goals
A note about terminology
OSCAL Workflow
Phased Development of OSCAL
The OSCAL Catalog Model
The OSCAL Catalog Format - Other Features
OSCAL Catalog Example
The OSCAL Profile Model
OSCAL Profile Example
The OSCAL Profile Format - Other Features
The OSCAL Implementation Model
Remaining Work
Why Does this All Matter?
Summary
Apply What You Have Learned Today
Questions and Answers
Taught by
RSA Conference
