https://sinetris.info/tags/oscal/Recent content in OSCAL on Sinetris's viewpointsSine Die theme for Hugoenduilio@sinetris.info (Duilio Ruggiero)Mon, 17 Mar 2025 10:45:42 GMThttps://sinetris.info/topics/iam/grc/compliance-as-code/Mon, 17 Mar 2025 10:45:42 GMThttps://sinetris.info/topics/iam/grc/compliance-as-code/<h2 id="standards">Standards</h2> <ul> <li> <a href="https://scap.nist.gov/" rel="external">SCAP</a>: Security Content Automation Protocol</li> <li> <a href="https://pages.nist.gov/OSCAL/" rel="external">OSCAL</a>: Open Security Controls Assessment Language</li> <li> <a href="https://www.omg.org/spec/BPMN" rel="external">BPMN</a>: Business Process Model and Notation</li> <li> <a href="https://www.omg.org/spec/DMN" rel="external">DMN</a>: Decision Model and Notation</li> </ul> <h2 id="guidelines">Guidelines</h2> <ul> <li> <a href="https://complianceascode.readthedocs.io/" rel="external">ComplianceAsCode</a>: The ComplianceAsCode project <blockquote> <p>Previously known as SCAP Security Guide (SSG)</p> </blockquote> </li> </ul> <h2 id="tools">Tools</h2> <ul> <li> <a href="https://www.open-scap.org/" rel="external">OpenSCAP</a>: open source security compliance toolkit <blockquote> <p>NIST certified for SCAP 1.2</p> </blockquote> </li> <li> <a href="https://github.com/IBM/compliance-trestle" rel="external">Trestle</a>: Manage compliance as code using NIST&rsquo;s OSCAL standard</li> <li> <a href="https://www.openpolicyagent.org/" rel="external">Open Policy Agent (OPA)</a>: Declarative Policies <blockquote> <p>Context-aware, Expressive, Fast, Portable</p> </blockquote> </li> <li> <a href="https://github.com/permitio/opal" rel="external">OPAL</a>: Open Policy Administration Layer</li> </ul> <h2 id="good-reads-and-presentations">Good reads and presentations</h2> <ul> <li> <a href="https://pages.nist.gov/OSCAL/learn/presentations/mini-workshop/" rel="external">OSCAL Mini Workshop Series</a></li> </ul>