The oscal.club domain means it’s official.
All OSCAL Club projects and materials are hosted on this domain or sub-domains. Source code and technical artifacts are on github.com/oscal-club. That's it.
The site is secure.
We deploy our website with https:// to provide encryption in transit, and force redirects when clients attempt unencrypted access with http://. Thanks to Certificate Transparency, you can review our current and old certs here. We uses Let's Encrypt R3 certificate authority, and they update certificates periodically after checking we maintain public DNS records to prove we still own this infrastructure.
Define compliance objectives, realize security outcomes.
OSCAL Club is a community to discuss, test, and implement solutions at the intersection of compliance and security.
Discuss in the forumHow do you contribute?
OSCAL is a standard for saving data about an organization's security, risk management, and compliance programs in a machine-readable way.
For OSCAL to succeed, information technology executives, security professionals, security baseline authors, security assessors, and software developers must find real-world use cases, discuss what works, and discuss what needs improvement.
If you have expertise or passion in these disciplines, this community needs you to discuss benefits, debate challenges, and prototype tools in the process.
Is this a NIST project?
No, OSCAL Club is a community effort, distinct from NIST. It is complementary, but separate, from the official NIST OSCAL community.
NIST make OSCAL, but its staff cannot address all the different domain knowledge and experience of stakeholders.
This community and its resources empower stakeholders to apply OSCAL to their own domain.