Security Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymore

Posted on in Presentations

COBIT, ISO/IEC 27001, NIST 800.53, PCI, oh my. The path to compliance is not a yellow brick road. IT professionals face a variety of security standards that they must meet simultaneously. This talk will present the NIST Open Security Controls Assessment Language (OSCAL) project as a way to standardize control, implementation and assessment information using an open, machine-readable format.

Learning Objectives:
1: Understand how to leverage automation to secure systems against multiple standards.
2: Learn how OSCAL is designed and how it can be used.
3: Discover how you can be a part of developing this new standard of standards.

Anil Karmel


Co-Founder and CEO, C2 Labs

David Waltermire


Security Automation Architect, National Institute of Standards and Technology

governance risk & compliance policy management standards & frameworks risk & vulnerability assessment cloud security


Share With Your Community