This supports the Open Security Controls Assessment Language (OSCAL) Program through the Public NIST Website.
The OSCAL website provides an overview of the OSCAL project, including an XML and JSON schema reference, examples, and other resources.
If you are interested in contributing to the development of OSCAL, refer to the contributor guidance for more information.
To provide feedback, to ask questions, or to let us know about an OSCAL implementation you are working on, please email the NIST OSCAL team at [email protected]. You can also post publicly to the OSCAL development list: [email protected] or create an issue on our GitHub repository.
Please find instructions for joining the OSCAL development and update lists on our contacts page.
If you have any questions about OSCAL in general or if you would like to get involved in the OSCAL project, please contact us at: [email protected] or on Gitter.
Run the following Git command to clone the OSCAL-Pages repository, and you can begin editing content without any special setup.
git clone https://github.com/usnistgov/OSCAL-Pages.git
The website content in this repository is generated into the full website with Hugo. If you wish to run the website locally, you can either install hugo, or use Docker and docker-compose.
In terminal:
hugo server -s ./src --enableGitInfo=false --verbose --debug --minify
In terminal:
docker-compose up
You can use CTRL+C to stop the server.
- The
develop
branch is where all content is merged and PR'd for publication. - Once content is ready for release, the
develop
branch will be merged intomain
with a PR. - When this occurs the workflow will begin the publication process.
- The static site generator (
hugo
) will generate the website. - Rendered content will be placed into the
published-pages
branch. - The content from
published-pages
will be copied (pushed) to the OSCAL projectnist-pages
branch. - The site will update.
There is a nist-pages
branch in OSCAL-Pages, but we are not using this since it will
publish a site at https://pages.nist.gov/OSCAL-Pages. Since redirects are not supported, we cross push to the OSCAL repository directly.