Speaker
Description
OSCAL (Open Security Controls Assessment Language), developed by NIST, is rapidly becoming the standard for representing compliance, controls, risks, and assessment data in machine-readable formats. While already gaining traction in FedRAMP and other GRC automation efforts, its potential for the broader cybersecurity ecosystem is only beginning to unfold.
In this talk, I will share extensions to OSCAL that enable more efficient handling of multi-framework conformance and crosswalks between standards. I will also show how OSCAL can be applied to audit reporting, making reports not just human-readable but also machine-parseable and automation-friendly. These advancements open the door to faster compliance workflows, reduced manual effort, and a more open, interoperable approach to GRC.