Load every OSCAL format
Work with OSCAL documents expressed as JSON, XML, or YAML.
Load, validate, and transform machine-readable security and compliance data with a TypeScript toolkit and CLI from Secani.
import { load, validate } from "@secani/oscal"; const document = await load("./system-security-plan.json");const result = await validate(document); if (result.valid) { console.log(document.model);}Built for open compliance infrastructure
Work with OSCAL documents expressed as JSON, XML, or YAML.
Check documents against OSCAL models and schema constraints.
Inspect and reshape structured control data in TypeScript.
Create compliance workflows on open, portable data models.
OSCAL for every workflow
pnpm add @secani/oscalnpx skills add secani/oscal-skillssecani/oscal-skills · Coming soon
A planned open-source collection of packaged instructions and optional scripts for agents working with OSCAL validation, conversion, catalogs, profiles, and related workflows.
Follow development on GitHuboscal-cli · Coming soon
The planned open-source CLI will bring validation and conversion into local development and automated workflows.
The standard behind the toolkit
OSCAL stands for Open Security Controls Assessment Language. It is a NIST-led initiative, developed with industry and the public community, for representing security control information in machine-readable XML, JSON, and YAML.
NIST created the public project page in 2018 and published OSCAL 1.0.0, its first stable major release, in 2021.
secani/oscal · Coming soon
Read the OSCAL concepts, follow the planned toolkit surface, and prepare your next interoperable compliance workflow.