The National Institute of Standards and Technology is looking to increase engagement and collaboration with the public sector to expand its open-source framework for security control assessment and maintenance, Federal News Network reported Wednesday.
NIST aims to develop Open Security Controls Assessment Language models that can enable continuous security assessment information exchange between organizations and cloud service providers, according to Michaela Iorga, the OSCAL strategic outreach director at NIST.
“We will accomplish this vision by increasing the engagement and collaboration with the community, private and public sectors, so OSCAL models reach the desired maturity state faster in support of a broader international adoption,” he added.
To encourage industry collaboration, Iorga proposed creating a committee tasked with overseeing the OSCAL community and coordinating efforts to drive program development and maintenance to the next level.
OSCAL uses machine-readable languages such as XML, JSON and YAML to provide “representations of control catalogs, control baselines, system security plans and assessment plans and results.”
Andre Mendes, chief information officer at the Department of Commerce, said OSCAL could help agencies accelerate the process of documenting and reviewing security authorization packages for software.
