Start Your OSCAL Journey With RegScale
Partner with RegScale to streamline compliance.
Why We’re Excited About OSCAL
The Open Security Controls Assessment Language (OSCAL), developed by NIST, is a set of formats expressed in XML, JSON, and YAML. These formats provide machine-readable representations of control catalogs, control baselines, system security plans, as well as assessment plans and results. OSCAL transitions the legacy approach to security plan generation and management (Word and Excel documents) to a data-centric approach based on common data standards such as XML/JSON, which are more suited for automation.
RegScale brings compliance into the modern era through digitization and automation in order to increase scalability while lowering risk, cost, time, and labor. The platform helps organizations move from a manual compliance process to an API-centric, automated approach while keeping compliance documentation continuously up to date. The collaborative capabilities of the platform allow all stakeholders and data owners in the compliance process to work together across platforms to fulfill reporting requirements more quickly and accurately.
How RegScale Leverages OSCAL to Deliver Compliance Automation
RegScale is an early adopter and advocate of the OSCAL standard, released by NIST in 2021. Our platform is purpose-built for security and compliance automation and we view OSCAL as a standards-based foundation for developing our technology and other automation solutions in the future.
In November, 2022, RegScale acquired GovReady, an open-source Compliance-as-Code platform, to deliver leading NIST OSCAL-enabled GRC platform.
RegScale provides tools for creating OSCAL content included in our free Community Edition (CE). Our platform currently includes support and tools to develop OSCAL content for Catalogs, Profiles, System Security Plans (SSPs), Components, Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POAMs).
As we talk to our customers and other compliance professionals, they are excited about the potential for OSCAL but don’t know where to begin. To help eliminate this friction, RegScale provides an intuitive Graphical User Interface (GUI) to build artifacts using our wizards and then easily export them as valid OSCAL.
“We are in the very early days of seeing what OSCAL will ultimately become, but the possibilities are endless. We hope that the tools we provide will accelerate our customers’ OSCAL journey and provide immediate and tangible value to their security automation and continuous compliance programs.”
– Travis Howerton, Co-Founder and CTO, RegScale