Security Automation Simplified with Open Security Controls Assessment Language

Logo
Presented by

Dr. Michaela Iorga Senior Security Technical Lead for Cloud Computing National Institute of Standards and Technology (NIST)

About this talk

Security Automation Simplified with Open Security Controls Assessment Language Aligning security risk management and compliance activities with the broader adoption of cloud technology and the exponential increase in the complexity of smart systems leveraging such cloud solutions, has been a challenging task to date. Additionally, the proliferation of containers and service mesh technologies employed in cloud ecosystems for enhanced portability and security, compels organizations to leverage risk management strategies that are tightly coupled with the dynamic nature of their systems. NIST’s Open Security Controls Assessment Language (OSCAL) is a standard of standards that provides a normalized expression of security requirements across standards, and a machine-readable representation of security information from controls to system implementation and security assessment. This bridges the gap between antiquated approaches to IT compliance and innovative technology solutions. Imagine a future where security documentation builds itself, and security management tools from different vendors integrate seamlessly. Security practitioners will spend less time on security documentation, assessments, and adjudication, yet the results of those activities will be more accurate and more easily monitored. OSCAL enables this and more.

Related topics:

More from this channel

Upcoming talks (3)
On-demand talks (884)
Subscribers (55241)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa