Open Security Controls Assessment Language (OSCAL)

NIST SP 800-53 content and other OSCAL content examples

FedRAMP Automation

An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.

A library of React components and an example user interface application that provides a direct UI into NIST's Open Security Controls Assessment Language (OSCAL) data in JSON format.

A simple open source command line tool to support common operations over OSCAL content.

A mirror of ISM OSCAL documents. The authoritative source can be found at https://www.cyber.gov.au/ism/oscal.

Various deployments of the OSCAL editor

Open source tool for processing OSCAL based FedRAMP SSPs

An initial OpenAPI definition of an OSCAL REST API.

Open Security Controls Assessment Language (OSCAL) Deep Differencing Tool

A Java library to support processing OSCAL content

A case study for ACSAC 2022 utilizing OSCAL with a custom GitHub action to automate assessments.

OSCAL tools for AI agents

NIST OSCAL SDK and CLI

Automatically generated diagrams for OSCAL models

CCCS security control profiles expressed using OSCAL

Automate vulnerability triage which prioritizes remediation over discovery

Implementation of the OSCAL REST API

Create a domain specific (GRC) agent with the Claude Agent SDK

Develop Enhancements, Future Implementations and New Education

Model reference pages for the OSCAL project

Open Security Controls Assessment Language (OSCAL) Website Content

Australian ISM in OSCAL format

MapOSCAL is an MIT-licensed tool that analyzes your codebase and generates compliance documentation in NIST’s OSCAL formatting via semantic analysis and AI-powered discovery.

Open source XSLT for OSCAL display and processing

Sample OSCAL files

OSCAL Component Definition Library

Demonstration of compliance trestle's ssp authoring capabilites.

Tools for working with YAML and other structured content.