OSCAL overview
Learn the OSCAL standard and how Secani's planned toolkit, CLI, and agent skills fit together.
OSCAL stands for Open Security Controls Assessment Language. NIST develops it with industry and the public community as a machine-readable way to describe security controls, their implementation, and their assessment.
Coming soon: Secani's toolkit, CLI, and agent skills are previews and are not published yet.
What is OSCAL?
OSCAL provides a set of connected models for control catalogs, profiles, component definitions, system security plans, assessment plans and results, and plans of action and milestones. These models let teams exchange compliance data between tools instead of locking it in proprietary documents.
OSCAL content can be serialized as JSON, XML, and YAML. Each format represents the same structured security and compliance concepts, so applications can choose the format that best fits their workflows.
NIST resources
Planned Secani projects
secani/oscal is the planned TypeScript toolkit for loading, validating, inspecting, and transforming OSCAL documents. oscal-cli is the planned command-line interface for validation and format conversion. secani/oscal-skills is the planned collection of guidance and optional scripts for coding agents working with OSCAL.
All three projects are planned as open source. Until they are published, follow Secani on GitHub for updates.