A collection of awesome community resources, maybe not quite production ready, for increasing the adoption of the Open Security Controls Assessment Language, OSCAL.
Before contributing, please review the Contribution Guidelines.
-
Brian Ruf's OSCAL-GUI: An example PHP web interface developed by @brian-ruf of former FedRAMP fame. It has core presentation logic, file import, format conversion, and working profile resolution.
-
GSA's OSCAL Tools: A collection of open-source tools provided by GSA teams to interoperate between OSCAL data (with required FedRAMP Extensions) and Word (DOCX) formats for SSPs, SARs, and SAPs.
-
GoComply's FedRAMP Utility: a tool that uses oscalkit (see below) to stamp in OSCAL data to the FedRAMP Word (DOCX) system security plan templates.
-
GoComply's oscalkit: a Golang-based software development kit and command-line utility for operating on OSCAL data models.
-
GovReady's GovReady-Q: An open source, web-based self-service GRC tool to automate security assessments and compliance from @gregelin and the GovReady crew. It focuses on import and export of OSCAL data models.
-
IBM Compliance Trestle: An opinionated command-line tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.
-
John Jediny's OSCAL Static Site Playground: a static web application, using Gatsby and the US Web Design System, with hosting on the Federalist platform, to host a modern responsive application with OSCAL data models in JSON format dropped in place.
-
mocolicious OSCAL-Examples: A collection of different front-end web applications leveraging OSCAL, mainly to show off different development workflows and environments. Current development status or community use is unclear.
-
OMB'S OPAL: OSCAL Policy Administration Library (OPAL) provides a simple web application from the US government's Office of Management and Budget for managing system security plans, using the OSCAL standard to inform its data models.
-
SHR Group's pyOSCAL: Python library to convert OSCAL content into python objects, developed by the clever @mruge. pyOSCAL-Builder automatically generates pyOSCAL dynamically from the lastes NIST OSCAL Metaschema.
-
Wendell Piez's OSCAL Profile Import Examiner: XMLJellySandwich is a web-based, in-browser XSLT transform system leveraging SaxonJS. @wendellpiez has focused one demo on validating an OSCAL profile in XML form by validating upstream catalog references.
- Brad Hards ISM OSCAL Catalog: a community developer's collection of the Australian government's Information Security Manual security controls in the form of OSCAL catalogs.