In Part 2 of this episode with Michaela Iorga, PhD, Senior Technical Lead at NIST and OSCAL Strategic Director, Vikas and Dr. Iorga discuss how the NIST Open Security Controls and Assessment Language (OSCAL) is being utilized in real world settings to automate the risk assessment process. Dr. Iorga describes how federal agencies utilize OSCAL’s capabilities to perform automated security risk assessments up to 60% faster. We also discuss the adoption of OSCAL in the private sector and by ENISA the European Union Cybersecurity Agency. By leveraging this innovative programming language, based on the NIST CSF and RMF standards, organizations that utilize OSCAL are able to normalize risk assessment data within a standards-based data model that can be leveraged by all assessment participants.
