EUROSCAL
The EU Friends of OSCAL
In order to promote the adoption of OSCAL in Europe, we are launching EUROSCAL (The EU Friends of OSCAL), as an open community of motivated individuals interested on leveraging OSCAL.
We seek to become a central EU hub for supporting the creation of synergies and sharing relevant information about OSCAL (including guidelines, reference implementations, and success stories).
Why OSCAL
Automation-based certification for Cloud Services in Europe
Since 2020 the EU-funded MEDINA project (952633) has been working on developing a framework for automating the cybersecurity certification of cloud services. Based on this experience, it has been identified that leveraging realistic levels of automation will be possible only if interoperability can be achieved. We refer in particular to the way cloud service providers communicate security requirements / catalogs, establish machine-readable baselines, maintain up-to-date descriptions of implemented controls, and automate their monitoring and assessment activities.
We, as EUROSCAL community, see OSCAL playing a critical role for supporting the achievement of these goals.
What is OSCAL
OSCAL framework
NIST, in collaboration with industry, is developing the Open Security Controls Assessment Language (OSCAL). OSCAL is a set of formats expressed in XML, JSON, and YAML. These formats provide machine-readable representations of control catalogs, control baselines, system security plans, and assessment plans and results.
NIST Open Security Controls Assessment Language
All official information related to OSCAL
Do not forget to visit NIST’s Open Security Controls Assessment Language pages for all official information related to OSCAL.
Furthermore, our colleagues from OSCAL.io maintain a community supporting OSCAL-enabled applicationse.
Who is who in EUROSCAL
EUROSCAL Resources
Please find below a collection of relevant EUROSCAL resources / activities within the European Union (EU). If you want to contribute with information about EU-resources not listed below, please contact us.
H2020 MEDINA Project
EU-funded R&D project developing a framework for automating the cybersecurity certification of cloud services. MEDINA is exploring OSCAL leverage for representing EU security catalogues, and security assessments…
ETSI TR 103 305-4
This ETSI Technical Report (Cyber Security (CYBER); Critical Security Controls for Effective Cyber Defence; Part 4: Facilitation Mechanisms), includes a presentation of OSCAL and how to serialize the “Critical Security Controls”.
Events
EUROSCAL Events
No EUROSCAL events scheduled, please come back soon to receive further updates. For OSCAL-related events (not necessarily EU-specific), please visit NIST’s OSCAL website or OSCAL-io.
Blog
Latest Posts
-
Kick-off of MEDINA’s EUROSCAL Initiative
During the i-4 Global Hybrid Forum 102 organized on June 26th 2023, our partner Bosch (represented by MEDINA’s technical manager Jesus Luna Garcia) will officially kick-off the EUROSCAL (EU Friends of OSCAL) initiative. This event has been carefully selected by the consortium because on one hand it gathers important members of the EU-based CISO community,…
Join the EUROSCAL community
If you are interested in becoming part of our EUROSCAL community, please do not hesitate in contacting us.
