Example Track 1

Automating Security Monitoring

Nov 19, 2019

10:50 AM - 11:10 AM

Dr. Michaela Iorga

Senior Security Technical Lead for Cloud Computing

NIST

Acknowledging the complexity of today’s information systems and the difficulty of monitoring and assessing the effectiveness of the implemented security controls, the National Institute of Standards and Technology (NIST) is developing, in collaboration with FedRAMP, the Open Security Controls Assessment Language (OSCAL) that sets the foundation for advancing system security assessment automation by streamlining and standardizing the processes of documenting, implementing and assessing the security controls.

NIST recently released the program’s second milestone, the OSCAL System Security Plan, which incorporates updates to the OSCAL Catalog of controls and OSCAL Profile (NIST and FedRAMP baselines). This session will cover:

-- What is OSCAL and why is it needed
-- Challenges addressed by OSCAL
-- OSCAL concepts and architectures
-- Progress of the OSCAL project
-- Managing multiple regulatory frameworks
-- Machine-readable system security plan (SSP)
-- OSCAL Component and assets' implementation guidance
-- Future OSCAL development