NOV 19 WRAP UP for Dr. Michaela Iorga on NIST’s Open Security Controls Assessment Language (OSCAL)

Presenter’s slides from Thursday, November 19 @ 6pm

We had a great meeting on Thursday with 30 members in attendance. Dr. Iorga is the project lead for OSCAL and gave us a great overview not only about what OSCAL is about, but how it represents an evolutionary shift in the compliance paradigm for companies. OSCAL will allow companies to both automate the compliance process by encapsulating regulatory requirements in data sets that can be pushed throughout the organization, but can be fed compliance data from a variety of sources to allow personnel to quickly match requirements with applicable data sets to determine if the enterprise is meeting its obligations.

Dr. Iorga provided a couple of resources if you are interested in finding out more about OSCAL and how you can participate:

  • Lunch with the OSCAL DevelopersVirtual lunch on Thursdays at noon
  • OSCAL Model ReviewTeleconference at 10am on Fridays
  • Mailing Lists & Chat Room — Subscribe here
  • 2nd OSCAL Workshop — Save the date for Feb 2-3, 2020

Presentation — Video available here

Aligning security risk management and compliance activities with the broader adoption of cloud technology and the exponential increase in the complexity of cloud-connected smart systems has been challenging. Additionally, the proliferation of container technology employed in cloud ecosystems compels organizations to leverage risk management strategies tightly coupled with the dynamic nature of these systems. NIST’s Open Security Controls Assessment Language (OSCAL) is a standard of standards that provides a normalized expression of security requirements across standards, and a machine-readable representation of security information from controls for system implementation and security assessment. This bridges the gap between antiquated approaches to IT compliance and innovative technology solutions.

Imagine a future where security documentation builds itself, and security management tools from different vendors integrate seamlessly. Security practitioners will spend less time on security documentation, assessments, and adjudication, yet the results of those activities will be more accurate and more easily monitored. OSCAL enables this and more.

About our Speaker

Dr. Michaela Iorga serves as senior security technical lead for cloud computing with the National Institute of Standards and Technology (NIST), Computer Security Division. She also leads the Open Security Controls Assessment Language (OSCAL) project and chairs the NIST Cloud Computing Public Security and Forensics Working Groups. Having previously served in a wide range of consulting positions in both government and private sector industries, Dr. Iorga has a deep understanding of cybersecurity, risk assessment and information assurance for cloud, fog and IoT systems. In her role at NIST, Dr. Iorga supports the development and dissemination of cybersecurity standards and guidelines that meet national priorities and promote American innovation and industrial competitiveness. Aligned with NIST’s mission, Dr. Iorga’s work particularly focuses on collaborating with industry, academia, and other government stakeholders on developing a high-level, vendor-neutral cloud, fog and IoT security and forensics guidance. Dr. Iorga received her Ph.D. from Duke University in North Carolina, USA.