信息格式标准-OSCAL

OSCAL

The Open Security Controls Assessment Language (OSCAL) is a project led by the National Institute of Standards and Technology (NIST) that allows security professionals to express control-related information in machine-readable formats. Expressing compliance information in this way allows security practitioners to use automated tools to support data analysis, while making it easier to address downstream requirements such as translation and accessibility. In the United States, Amazon Web Services (AWS) has collaborated closely with NIST and the FedRAMP program to advance the adoption of OSCAL, and was the first cloud service provider to submit a FedRAMP system security plan (SSP) in OSCAL format in 2022.