Stay up to date on releases
Create your free account today to subscribe to this repository for notifications about new releases, and build software alongside 40 million developers on GitHub.
Sign up for free See pricing for teams and enterprises
We are pleased to announce the release of OSCAL 1.0.0 Milestone 2. This is the second official release of OSCAL, and marks another important milestone for the OSCAL project.
This release contains:
• A new system security plan (SSP) model that allows organizations to document the security and privacy control implementation of their systems using a rich OSCAL model.
• Updated stable versions of the OSCAL catalog and profile models, along with associated XML and JSON schemas.
• Updated content in OSCAL XML, JSON, and YAML formats for the NIST SP 800-53 revision 4 catalog, and for the three NIST and four FedRAMP baselines.
• Provides tools to convert OSCAL catalog, profile, and SSP content between OSCAL XML and JSON formats.
To download this release, click on "Assets" below and download either the .zip or the .tar.bz2 bundle. These bundles contain the resources described above. There is also release notes containing a summary of changes in this release.
The OSCAL team will continue the development of OSCAL focusing our full attention on finalizing the Component model as part of the implementation layer. The OSCAL Component model will allow organizations producing hardware, software, services, policies, processes, and proceedures to document information on the controls implemented in these offerings. Organizations can import component definitions into an OSCAL SSP, saving time and improving the richness of the documented system implementation. Stable versions of this work will be featured in our next release, OSCAL 1.0.0 Milestone 3.
We are seeking feedback from the community on the current OSCAL Catalog, Profile, and SSP models. We are also seeking tool developers and vendors that would like to implement these models in commercial and open source offerings. To further validate the implementation layer's functionality and flexibility, NIST is seeking software and service providers that are willing to work with us to represent control implementation information about their products. To provide feedback or to ask questions, please email the NIST OSCAL team at oscal@nist.gov. You can also post publicly to the OSCAL development list: oscal-dev@nist.gov.
There are instructions for joining the OSCAL development and update lists on our contributing page.
Assets
4
We are pleased to announce the release of OSCAL 1.0.0 Milestone 1. As the first official release of OSCAL, this release marks an important milestone for the OSCAL project.
The release contains:
- Stable versions of the OSCAL catalog and profile models in XML and JSON formats, along with associated XML and JSON schemas.
- Includes draft versions of the NIST SP 800-53 revision 4 OSCAL content and FedRAMP baselines in OSCAL XML, JSON, and YAML formats.
- Provides content converters that are capable of accurately converting between OSCAL catalog and profile content in OSCAL XML to OSCAL JSON format and vice versa.
To download this release, click on "Assets" below and download either the .zip or the .tar.bz2 bundle. These bundles contain the resources described above.