Introducing the RegScale OSCAL Command Line Interface (CLI)

May 10, 2022 | By J. Travis Howerton

National Institute of Standards and Technology (NIST) Open Security Controls Assessment Language (OSCAL) is a set of formats expressed in XML, JSON, and YAML to provide machine-readable representations of control catalogs, control baselines, system security plans, and assessment plans and results. This standard represents the government’s move toward compliance as code based on a data-centric, integrated, extensible, and automated framework published by NIST. At RegScale, we view continuous compliance automation as the future of Governance, Risk, and Compliance (GRC) and a necessary component of any scalable cloud strategy. OSCAL will play a critical role as a standards-based format for exchanging machine readable compliance information in the cloud. As more and more vendors adopt the OSCAL standard over time, tools will be needed to publish and ingest OSCAL to perform automated checks that inform risk-based decisions.

To that end, RegScale was an early adopter of OSCAL and published our Community Edition (CE) version of the platform as a free tool that allows customers to create and publish OSCAL content. In so doing, we became the first free OSCAL publishing tool in the market. However, once OSCAL content is easily generated, you need to be able to do something with it.

As of May 10, 2022, RegScale has announced our support for bulk uploading and processing OSCAL files using our RegScale CLI (currently in BETA). Available for our commercial Enterprise Edition (EE) customers, the RegScale CLI is a Python package that allows for efficiently processing OSCAL JSON files via the command line using a set of structured commands and a YAML configuration file. The YAML file allows you to express your intent for what you want to do and the specific commands then read the configuration file to conduct bulk processing and loading of data into RegScale via our Application Programming Interfaces (APIs). The CLI can be orchestrated using scripting languages (i.e. Bash or Powershell) and scheduled via CRON job, serverless function, or Kubernetes jobs. The result is the ability to bulk process large amounts of data efficiently using OSCAL and the RegScale CLI/APIs using only a single line of code in the command line.

With the release of our OSCAL CLI, RegScale now has the richest support for OSCAL in the market with our free publishing and bulk uploading tools into our Compliance Automation Platform. Schedule a free demo today to learn how RegScale can help you leverage OSCAL for continuous compliance. If you are ready to start automating your compliance processes for creating and managing OSCAL, this demo will also show how you can leverage RegScale to accelerate your OSCAL journey while improving the user experience for your compliance professionals. In addition to offering free tools, we have experienced compliance professionals who can assist you in creating robust OSCAL artifacts that will help you pass audits and reduce your risk with ease. With RegScale, our customers get software with a service to provide a concierge like experience for accelerating their OSCAL journey.

Ready to get started?

Choose the path that is right for you! 

Skip the line

My organization doesn’t have GRC tools yet and I am ready to start automating my compliance with continuous monitoring pipelines now. 


My organization already has legacy compliance software, but I want to automate many of the manual processes that feed it.