The National Institute of Standards and Technology (NIST) has issued an updated version of its Open Security Controls Assessment Language (OSCAL) milestone that includes guidelines for control baselines and system security plans (SSP) for various hardware and software.
NIST said Tuesday the OSCAL Milestone 3 serves as an official prerelease of the full OSCAL v1 and includes additional draft models for machine-readable formats such as XML, JSON and YAML.
OSCAL serves as a collaborative effort between NIST and Federal Risk and Authorization Management Program (FedRAMP) intended to help speed up the latter's authorization process.
According to NIST, the OSCAL team will continue collecting feedback on Milestone 3 to inform the development of more tutorials, layers and models. The agency added that it also seeks developers and offerors to support OSCAL implementation for commercial as well as open-source applications.
OSCAL Milestone 3’s release comes after FedRAMP issued its OSCAL SSP Template and Guidance.