Originally submitted by Damian Hickey (Damian Hickey) on 2026-01-29
Hi All,
I’ve been exploring the automated compliance documentation space which led me to https://pages.nist.gov/OSCAL/ and I was wondering if the group considered an FAPI2.0 OSCAL profile (perhaps against NIST 800-53) which would bridge the gap between the security profile and automated GRC/audit tooling? I’ve performed some initial investigation (and make no assertion it’s even feasible yet) but thought I’d reach out to the group first to see if anyone has explored this.
Thank you
Damian
Bitbucket status: open
Bitbucket origin: issue 851
Hi All,
I’ve been exploring the automated compliance documentation space which led me to https://pages.nist.gov/OSCAL/ and I was wondering if the group considered an FAPI2.0 OSCAL profile (perhaps against NIST 800-53) which would bridge the gap between the security profile and automated GRC/audit tooling? I’ve performed some initial investigation (and make no assertion it’s even feasible yet) but thought I’d reach out to the group first to see if anyone has explored this.
Thank you
Damian
Bitbucket status: open
Bitbucket origin: issue 851