C2 Labs was excited to see NIST publish their long-awaited 1.0 release of the Open Security Controls Assessment Language (OSCAL). C2 Labs remains an advocate for security and compliance automation and we view OSCAL as a standards-based foundation for building these automation platforms in the future. We have followed this standard since its early days of development and want to play a small part in helping accelerate its adoption.
To that end, C2 Labs is excited to announce that the upcoming 2.0 release of our Atlasity product in July 2021 will provide free tools for creating OSCAL content using our Community Edition (CE) version of the product. This free support includes tools to develop OSCAL content for:
Catalogs
Profiles
System Security Plans
Components
This support will always remain free within our product with no restrictions. In addition, as the standard continues to evolve, future releases of Atlasity will add support for additional functionality such as Security Assessment Plans, Security Assessment Reports, and Plans of Action and Milestones (POAMs).
As we talk to our customers and other compliance professionals, they are excited about the potential for OSCAL but don't know where to begin. For many security analysts, the data modeling in XML and JSON may create a barrier to entry for adopting the standard. To help eliminate this friction, Atlasity provides an intuitive Graphical User Interface (GUI) to build artifacts using our wizards and then easily export them as valid OSCAL with a single button click!
How might you use Atlasity today to get started on your OSCAL journey? Below are a couple of popular use cases that you might consider:
If you are a standard provider/developer, you can leverage our tools to translate your catalog/framework into an OSCAL version of your standard. For example, you could load ISO 27001 in as a catalog and then export an OSCAL version of it for use with automated tools.
If you are seeking FedRAMP approval for your cloud solution, you could develop your System Security Plan (SSP) in Atlasity using our simple builders/wizards and export an OSCAL version of the SSP to expedite FedRAMP's review and approval.
If you are a tool vendor, you could build out a component in Atlasity to provide hardening and configuration guidance that can be exported in OSCAL to be used by automated tools and scanners.
The possibilities are endless and we are in the very early days of seeing what OSCAL will ultimately become. We hope that the free tools we provide will accelerate your OSCAL journey and provide immediate and tangible value to your security automation and continuous compliance programs.
Want to learn more about how Atlasity and OSCAL can help your organization? Contact us today to discuss your use case and get expert guidance from our Atlasity engineers, or you can book a demo right here. Join us in supporting NIST as they advance the practice of security automation through the release of the OSCAL 1.0 standard.