1 The Problem Space gospel dream pop, portuguese breakbeat, russian flamenco · 3:08 Explore the chaotic world of compliance management where organizations struggle with scattered documentation, manual processes, and legacy systems that consume thousands of hours and fail to scale with growing complexity.
2 What OSCAL Is (and Isn't) salsa polka, acoustic chicago blues motown · 3:39 Learn the fundamental nature of OSCAL as a standardized data format language designed for security documentation, not a downloadable program, that enables seamless communication between security controls across different systems using XML, JSON, and YAML formats.
3 Core Value Propositions barbershop balkan brass band, dark acid jazz, acoustic funk · 3:46 Learn how OSCAL revolutionizes security assessments by replacing months of manual review with automated processes that systematically document everything from catalogs to control implementation. Discover the three fundamental value propositions that make OSCAL a game-changer for modern cybersecurity compliance.
4 Key Prerequisite Knowledge chanson, chillstep chillwave · 4:20 Before mastering OSCAL, learners must understand the foundational Risk Management Framework (RMF 800-37) and its seven critical steps that form the backbone of cybersecurity implementation. This essential groundwork covers categorization, control selection, implementation, assessment, authorization, and ongoing monitoring processes that enable effective security management.
1 The Three-Layer Architecture prog shoegaze, grime reggaeton · 4:17 Learn how OSCAL's foundational three-layer architecture connects controls, implementation, and assessment in a systematic framework that ensures cybersecurity compliance from definition through validation.
2 Controls Layer barbershop balkan brass band, dark acid jazz, acoustic funk · 4:41 Explore OSCAL's foundational two-layer control architecture, learning how catalogs establish the foundation of security controls while profiles customize and tighten them for specific organizational needs.
3 Implementation Layer gospel dream pop, portuguese breakbeat, russian flamenco · 3:48 Vendors learn to document their software components and controls with precision, mapping everything from encryption standards to hardware specifications that demonstrate compliance requirements.
4 Assessment Layer gospel dream pop, portuguese breakbeat, russian flamenco · 3:31 Learn how to systematically evaluate your cybersecurity framework by creating assessment plans, importing system security plans, and identifying all critical components that need testing. This comprehensive guide walks you through the essential steps of conducting thorough security assessments to ensure your controls are working effectively.
5 Common OSCAL Structure (All Models) prog shoegaze, grime reggaeton · 4:32 Learn the fundamental five-element structure that forms the backbone of every OSCAL document, from the root element that identifies the model type to the UUID system that tracks revisions. Discover how Catalog, Profile, Component, Plan, and Assessment Results models all share this consistent organizational framework.
6 Traceability Chain chanson, chillstep chillwave · 3:43 Learn how OSCAL creates a six-step traceability chain that connects security catalogs to implementation plans, ensuring proper flow and accountability from initial control definitions through final system documentation.
1 Supported Formats prog shoegaze, grime reggaeton · 3:00 Learn about OSCAL's three supported data formats - XML, JSON, and YAML - and discover their unique strengths for security compliance documentation. Explore how XML offers mature schema validation, JSON provides modern API compatibility, and YAML delivers human-readable simplicity for different use cases.
2 Metaschema 16-bit celtic, jazz · 3:41 Learn how NIST's innovative Metaschema solution eliminates the chaos of managing multiple data formats by providing a single definition that automatically generates XML, JSON, and YAML schemas. Discover how this "one definition rules them all" approach keeps complex data structures perfectly synchronized across different format requirements.
3 Working with OSCAL Data prog shoegaze, grime reggaeton · 3:52 Learn the essential techniques for validating and working with OSCAL data across XML, JSON, and YAML formats using proper schema checking methods. Master the fundamentals of ensuring your OSCAL files are clean, structured, and ready for implementation in your security compliance workflows.
4 Hands-On Exercise Ideas barbershop balkan brass band, dark acid jazz, acoustic funk · 4:13 Learn four practical exercises for mastering OSCAL implementation, from parsing NIST control catalogs to extracting access control rules and making security frameworks actionable through hands-on data manipulation.
1 Creating a Catalog 16-bit celtic, jazz · 4:01 Learn how to build a custom OSCAL control catalog from scratch when standard frameworks don't meet your organization's unique security requirements. Discover the hierarchical structure of groups, controls, and sub-controls that forms the foundation of effective compliance management.
2 Creating a Profile chanson, chillstep chillwave · 4:04 Learn how to build comprehensive security control profiles by importing frameworks like NIST 800-53 and ISO standards, then selecting and organizing controls through catalogs, IDs, and pattern matching. Master the foundational step of creating tailored security profiles that match your organization's specific compliance and risk management needs.
3 Creating Component Definitions salsa polka, acoustic chicago blues motown · 4:34 Learn how to identify and document the fundamental building blocks of your OSCAL security framework, from software and hardware to services and policies. Master the essential skill of creating clear component definitions that form the foundation of effective security documentation.
4 Building a System Security Plan barbershop balkan brass band, dark acid jazz, acoustic funk · 4:02 Learn how to construct a comprehensive system security plan by importing baseline controls, selecting appropriate frameworks like NIST, and mapping your system's architectural boundaries. This methodical approach transforms complex security requirements into an organized, manageable framework that keeps your systems properly aligned and protected.
5 Assessment Planning and Results gospel dream pop, portuguese breakbeat, russian flamenco · 4:12 Learn how to transform your System Security Plan into a comprehensive assessment roadmap by defining scope, mapping activities to security controls, and creating the foundation for successful compliance evaluations.
6 Practical Authoring Patterns barbershop balkan brass band, dark acid jazz, acoustic funk · 3:40 Learn six essential patterns for creating effective OSCAL documents, from leveraging NIST templates as your foundation to understanding real-world complexity through FedRAMP implementations. Master the practical techniques that will transform your approach to building robust compliance documentation from the ground up.
1 FedRAMP and OSCAL barbershop balkan brass band, dark acid jazz, acoustic funk · 3:33 Discover how FedRAMP became the pioneering force behind OSCAL adoption, transforming government cloud security from cumbersome paperwork into streamlined, structured data processes. Learn about the foundational partnership that established the proving ground for modern cybersecurity compliance standards.
2 OSCAL and CMMC chanson, chillstep chillwave · 4:21 Learn how OSCAL transforms CMMC compliance by structuring assessment documentation and control mappings in standardized JSON and XML formats. Discover the essential connection between CMMC practices and OSCAL's systematic approach to cybersecurity framework implementation.
3 OSCAL Across Other Frameworks gospel dream pop, portuguese breakbeat, russian flamenco · 3:54 Learn how OSCAL transforms compliance frameworks like SOC 2 and HIPAA into machine-readable formats, eliminating manual checking and creating structured, automated pathways for organizational security controls.
4 The Shared Responsibility Model in OSCAL prog shoegaze, grime reggaeton · 4:03 Learn how cloud security responsibilities are divided between service providers and customers through OSCAL's four-origin framework, exploring the layered control structures that define who manages what in modern cloud infrastructure.
1 NIST Tools and Resources barbershop balkan brass band, dark acid jazz, acoustic funk · 3:27 Discover the essential NIST command-line tools that validate OSCAL files, convert between formats, and ensure your security catalogs and profiles are deployment-ready with proper syntax and structure.
2 Open-Source Tools chanson, chillstep chillwave · 3:31 Learn how IBM Trestle streamlines compliance by transforming messy spreadsheets into organized OSCAL artifacts, while Lula protects your Kubernetes environments with automated compliance validation and monitoring.
3 Commercial GRC Platforms with OSCAL Support prog shoegaze, grime reggaeton · 3:32 Discover three leading commercial platforms - RegScale, Xacta, and Ignyte - that leverage OSCAL standards to streamline compliance workflows with AI-powered automation and FedRAMP certification capabilities.
4 Building Your Own Tooling chanson, chillstep chillwave · 3:53 Learn the essential components for developing custom OSCAL tools, from selecting the right programming libraries and frameworks to implementing proper schema validation that keeps your security compliance pipeline running smoothly.
1 Profile Resolution in Depth 16-bit celtic, jazz · 3:59 Learn how OSCAL's profile resolution process transforms imported control references into comprehensive, actionable security catalogs by automatically building unified documentation from your control schemes and requirements.
2 OSCAL Extensions and Customization chanson, chillstep chillwave · 3:53 Learn how to extend and customize OSCAL's standard framework to meet your organization's unique compliance needs through properties, annotations, and links while maintaining interoperability.
3 Continuous Monitoring with OSCAL chanson, chillstep chillwave · 3:47 Learn how OSCAL transforms traditional annual security assessments into dynamic, real-time monitoring systems that continuously track and report security findings as they occur. Discover the shift from static point-in-time evaluations to living assessment reports that provide ongoing visibility into your organization's security posture.
4 Cross-Framework Mapping and Deduplication gospel dream pop, portuguese breakbeat, russian flamenco · 4:14 Learn how to efficiently map overlapping security controls across multiple compliance frameworks like NIST, ISO, SOC 2, and FedRAMP to eliminate redundant work and streamline your assessment processes. Discover practical techniques for deduplicating controls so you can assess once but satisfy multiple regulatory requirements simultaneously.
5 The Future of OSCAL gospel dream pop, portuguese breakbeat, russian flamenco · 4:11 Explore NIST's ambitious roadmap for OSCAL through 2025, including revolutionary developments like digital twins for security modeling, autonomous AI reasoning capabilities, and the transformative automation features planned for version 2.0.
Lab 1: Explore Existing Content salsa polka, acoustic chicago blues motown · 5:01 Navigate through OSCAL's foundational structure by cloning repositories and examining the SP 800-53 security control catalog in JSON format. Learn to locate and explore the essential building blocks that form the backbone of OSCAL's standardized security documentation framework.
Lab 2: Build a Custom Profile salsa polka, acoustic chicago blues motown · 3:13 Learn how to create a tailored OSCAL profile by selecting and customizing specific controls from the NIST 800-53 revision 5 catalog to match your organization's unique security requirements and operational needs.
Lab 3: Create a Component Definition salsa polka, acoustic chicago blues motown · 4:28 Learn to document your technology stack's security features by creating detailed component definitions that map specific controls to your databases, servers, or frameworks. Master the art of translating technical configurations into compliance-ready documentation that clearly demonstrates how your systems maintain security.
Lab 4: Draft an SSP salsa polka, acoustic chicago blues motown · 4:24 Learn the systematic approach to creating a System Security Plan using OSCAL methodology, covering profile importing, boundary definition, component inventory, and the five-step validation process that ensures comprehensive security documentation.
Lab 5: Assessment Workflow chanson, chillstep chillwave · 4:02 Learn how to build a comprehensive cybersecurity assessment workflow by creating an Assessment Plan that systematically tests your existing System Security Plan controls. Master the process of selecting key controls and defining testing methods to evaluate your security implementation's effectiveness.
Lab 6: FedRAMP OSCAL Templates 16-bit celtic, jazz · 4:22 Learn how to navigate and utilize FedRAMP's official OSCAL templates for government compliance, including downloading baseline controls and validating federal security requirements. Master the essential workflow of examining, comparing, and implementing these standardized templates for successful federal authorization processes.
Lab 7: Tool Integration 16-bit celtic, jazz · 4:09 Learn how to transform basic spreadsheet data into powerful OSCAL compliance frameworks using IBM Trestle's automated conversion tools. Master the practical workflow of feeding Excel data into structured compliance systems that bring your security frameworks to life.
Elevator Pitch (30 seconds) 16-bit celtic, jazz · 2:54 Learn to deliver a compelling 30-second pitch that explains OSCAL's automated compliance benefits to federal stakeholders in high-pressure meeting situations.
Key Talking Points chanson, chillstep chillwave · 3:37 Learn how OSCAL transforms time-consuming manual compliance processes into efficient, machine-readable systems that eliminate repetitive documentation and streamline auditor communications. Discover the structured approach that revolutionizes compliance management by replacing error-prone spreadsheets with automated, standardized data formats.
Common Questions You Should Be Ready For barbershop balkan brass band, dark acid jazz, acoustic funk · 3:46 Learn the key distinctions between OSCAL as a data format versus GRC tools, clearing up common misconceptions about how OSCAL functions as a standardized communication language for security compliance systems.