The EU Friends of OSCAL

In order to promote the adoption of OSCAL in Europe, we are launching EUROSCAL (The EU Friends of OSCAL), as an open community of motivated individuals interested on leveraging OSCAL.

We seek to become a central EU hub for supporting the creation of synergies and sharing relevant information about OSCAL (including guidelines, reference implementations, and success stories).


Automation-based certification for Cloud Services in Europe

Since 2020 the EU-funded MEDINA project (952633) has been working on developing a framework for automating the cybersecurity certification of cloud services. Based on this experience, it has been identified that leveraging realistic levels of automation will be possible only if interoperability can be achieved. We refer in particular to the way cloud service providers communicate security requirements / catalogs, establish machine-readable baselines, maintain up-to-date descriptions of implemented controls, and automate their monitoring and assessment activities.

We, as EUROSCAL community, see OSCAL playing a critical role for supporting the achievement of these goals.

MEDINA Framework

What is OSCAL

OSCAL framework

NIST, in collaboration with industry, is developing the Open Security Controls Assessment Language (OSCAL). OSCAL is a set of formats expressed in XML, JSON, and YAML. These formats provide machine-readable representations of control catalogs, control baselines, system security plans, and assessment plans and results.

NIST Open Security Controls Assessment Language

All official information related to OSCAL

Learn More →

Community supporting OSCAL-enabled applications

Learn More →

Who is who in EUROSCAL

EUROSCAL Resources

Please find below a collection of relevant EUROSCAL resources / activities within the European Union (EU). If you want to contribute with information about EU-resources not listed below, please contact us.

H2020 MEDINA Project

EU-funded R&D project developing a framework for automating the cybersecurity certification of cloud services. MEDINA is exploring OSCAL leverage for representing EU security catalogues, and security assessments…

Learn More →

ETSI TR 103 305-4

This ETSI Technical Report (Cyber Security (CYBER); Critical Security Controls for Effective Cyber Defence; Part 4: Facilitation Mechanisms), includes a presentation of OSCAL and how to serialize the “Critical Security Controls”.

Learn More →



No EUROSCAL events scheduled, please come back soon to receive further updates. For OSCAL-related events (not necessarily EU-specific), please visit  NIST’s OSCAL website or OSCAL-io.


Latest Posts

  • Kick-off of MEDINA’s EUROSCAL Initiative

    Kick-off of MEDINA’s EUROSCAL Initiative

    During the i-4 Global Hybrid Forum 102 organized on June 26th 2023, our partner Bosch (represented by MEDINA’s technical manager Jesus Luna Garcia) will officially kick-off the EUROSCAL (EU Friends of OSCAL) initiative. This event has been carefully selected by the consortium because on one hand it gathers important members of the EU-based CISO community,…

    Read more →

Join the EUROSCAL community

If you are interested in becoming part of our EUROSCAL community, please do not hesitate in contacting us.