In order to promote the adoption of OSCAL in Europe, we are launching EUROSCAL (The EU Friends of OSCAL), as an open community of motivated individuals interested on leveraging OSCAL.
We seek to become a central EU hub for supporting the creation of synergies and sharing relevant information about OSCAL (including guidelines, reference implementations, and success stories).
Since 2020 the EU-funded MEDINA project (952633) has been working on developing a framework for automating the cybersecurity certification of cloud services. Based on this experience, it has been identified that leveraging realistic levels of automation will be possible only if interoperability can be achieved. We refer in particular to the way cloud service providers communicate security requirements / catalogs, establish machine-readable baselines, maintain up-to-date descriptions of implemented controls, and automate their monitoring and assessment activities.
We, as EUROSCAL community, see OSCAL playing a critical role for supporting the achievement of these goals.
NIST, in collaboration with industry, is developing the Open Security Controls Assessment Language (OSCAL). OSCAL is a set of formats expressed in XML, JSON, and YAML. These formats provide machine-readable representations of control catalogs, control baselines, system security plans, and assessment plans and results.
Please find below a collection of relevant EUROSCAL resources / activities within the European Union (EU). If you want to contribute with information about EU-resources not listed below, please contact us.
If you are interested in becoming part of our EUROSCAL community, please do not hesitate in contacting us.