Welcome to the Center for Internet Security Controls' Open Security Controls Assessment Language (OSCAL) Repository. The repository contains OSCAL serializations of the CIS Critical Security Controls and will include a variety of OSCAL Catalogs for the main CIS Controls document, Controls Assessment Specification, and mappping documents.
OSCAL is develped by NIST as a standardized, data-centric framework that can be applied to an information system for documenting and assessing its security controls. Today, security controls and control baselines are represented in proprietary formats, requiring data conversion and manual effort to describe their implementation. An important goal of OSCAL is to move the security controls and control baselines from a text-based and manual approach (using word processors or spreadsheets) to a set of standardized and machine-readable formats. With systems security information represented in OSCAL, security professionals will be able to automate security assessment, auditing, and continuous monitoring processes.
Please note: this documentation is a work in progress. If you have questions or suggestions, please create an issue with a full description of your question or idea.
If you need help understanding and following this process, please email your questions to Controls Info. If you encounter issues or have ideas for improving this process, please create an issue with a full description of your issue or idea.