From c43fc78464c6dc1ba6b9cb2846350d44c54a6582 Mon Sep 17 00:00:00 2001 From: Marilyn Nguyen Date: Tue, 29 Oct 2024 13:38:09 -0400 Subject: [PATCH 1/8] Updated Mini-workshop events and added 4th OSCAL workshop --- src/content/learn/presentations/_index.md | 14 ++- .../presentations/mini-workshop/_index.md | 48 ++++++---- .../presentations/oscal-workshop-2023-04.md | 93 +++++++++++++++++++ 3 files changed, 135 insertions(+), 20 deletions(-) create mode 100644 src/content/learn/presentations/oscal-workshop-2023-04.md diff --git a/src/content/learn/presentations/_index.md b/src/content/learn/presentations/_index.md index 17b21f10..8ecd6708 100644 --- a/src/content/learn/presentations/_index.md +++ b/src/content/learn/presentations/_index.md @@ -6,13 +6,19 @@ suppresstopiclists: true The following are presentations on OSCAL-related topics. Some of the older presentations were based on earlier versions of OSCAL, which may be slightly different from the current OSCAL releases. In such cases, the content will still apply conceptually and will give you a good overview of the core OSCAL concepts. +### Workshops +- [4th NIST OSCAL Workshop](oscal-workshop-2023-04) - May 23, 2023 - [3rd NIST OSCAL Workshop](oscal-workshop-2022-03/) - March 1-2, 2022 +- [2nd NIST OSCAL Workshop](oscal-workshop-2021-02/) - February 2-3, 2021 +- [1st NIST OSCAL Workshop](OSCAL-workshop-20191105.pdf) - November 5, 2019 + +### Presentations - [OSCAL Deep Diff Introduction](/presentations/OSCAL-deep-diff-LWtD-20220505.pdf) presented during the [Lunch with the OSCAL Developers](/contribute/dev-lunch/) - May 5, 2022 -- [Blog: Innovating Security Compliance Through Open Standards](https://www.easydynamics.com/blog/innovating-security-compliance-through-open-standards/) - July 7, 2021 -- [Blog: The Foundation for Interoperable and Portable Security Automation is Revealed in NIST’s OSCAL Project](https://www.nist.gov/blogs/cybersecurity-insights/foundation-interoperable-and-portable-security-automation-revealed) - May 19. 2021 -- [2nd NIST OSCAL Workshop](oscal-workshop-2021-02/) - February 2 & 3, 2021 - [Using Leveraged Authorizations in OSCAL](/presentations/oscal-leveraged-authorizations-v6a.pdf) presented during the [OSCAL Model Review](/contribute/model-review/) - July 24, 2020 - [OSCAL Assessment Models Overview](/presentations/oscal-ap-ar-poam-v3.pdf) presented during the [Lunch with the OSCAL Developers](/contribute/dev-lunch/) - July 2, 2020 -- [NIST OSCAL Workshop](OSCAL-workshop-20191105.pdf) - November 5, 2019 - [Security Automation Simplified via NIST OSCAL: We're Not in Kansas Anymore](https://www.youtube.com/watch?v=eP8K7piU5UQ) presented at RSA Conference 2018 - April 18, 2018 - [Automating Security and Compliance via a New Standard of Standards](https://www.youtube.com/watch?v=mo3J0tFxixg) presented at Docker Government Summit 2018 - April 11, 2018 + +### Blogs +- [Blog: Innovating Security Compliance Through Open Standards](https://www.easydynamics.com/blog/innovating-security-compliance-through-open-standards/) - July 7, 2021 +- [Blog: The Foundation for Interoperable and Portable Security Automation is Revealed in NIST’s OSCAL Project](https://www.nist.gov/blogs/cybersecurity-insights/foundation-interoperable-and-portable-security-automation-revealed) - May 19. 2021 \ No newline at end of file diff --git a/src/content/learn/presentations/mini-workshop/_index.md b/src/content/learn/presentations/mini-workshop/_index.md index b0ccfa23..3dda17c4 100644 --- a/src/content/learn/presentations/mini-workshop/_index.md +++ b/src/content/learn/presentations/mini-workshop/_index.md @@ -44,24 +44,41 @@ Enter the meeting ID and passcode as follows: Meeting ID: 743 906 781 Participant Passcode: 9254 -## Workshops Calendar: jump to: [2023](#2023), [2022](#2022) +## Workshops Calendar: jump to: [2024](#2024), [2023](#2023), [2022](#2022) + +### 2024 + +| Date | Time | Talk/Demo/Discussion | Presenter & Affiliation | Type | +| :--: | :--: | :------------------- | :---------------------- | :--: | +| **2024/1/14** | 11:00AM-12:00PM EDT | A Developer's View of OSCAL - Experiences and recommendations for implementing OSCAL Libraries | **Rob Sherwood**, Principal Consultant, *Credentive Security* | [presentation](https://csrc.nist.gov/csrc/media/presentations/2024/oscal-mini-workshops/20240117-Sherwood-Programmers%20view%20of%20OSCAL.pdf), [video part 1](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part1_1.17.2024_A-developers-view-of-oscal_R.Sherwood.mp4), [video part 2](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part2_1.17.2024_A-developers-view-of-oscal_R.Sherwood.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Captions_1.17.2024_R.Sherwood.txt) | +| **2024/02/15** | 11:00AM-12:00PM EDT | PwC Compliance as Code with OSCAL | **Tom Nash**, PwC, *UK*; **Joshua Kong**, PwC, *UK* | [presentation](https://csrc.nist.gov/csrc/media/presentations/2024/oscal-mini-workshops/20240221-Nash-PWC-OSCAL%20Demo%20for%20NIST_Slides_Nov-2023.pdf) | +| **2024/03/20** | 11:00AM-12:00PM EDT | OSCAL Community Capabilities | **Brian Ruf**, Director of Cybersecurity, *Easy Dynamics*; **Chris Robles**, CTO Strategic Advisor, Security and Product Development (Consultant), *Easy Dynamics*| [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/documents/20240320-%20ED-OSCAL%20Community%20Capabilities%202024-03-20.pdf), [video part 1](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part1_3.20.2024_Easy-Dynamics_OSCAL-Community-Collaboration.mp4), [video part 2](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part2_3.20.2024_Easy-Dynamics_OSCAL-Community-Collaboration.mp4), [video part 3](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part3_3.20.2024_Easy-Dynamics_OSCAL-Community-Collaboration.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/3.20.2024_OSCAL-Community-Capabilities-Captions.txt) | +| **2024/04/03 SPECIAL EDITION** | 11:00AM-12:00PM EDT | Streamlining CMMC Compliance Deliverables with OSCAL | **Kenny Scott**, Co-Founder & CEO, *Paramify* | [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Streamlining%20CMMC%20Deliverables%20with%20OSCAL%20(1).pdf), [video](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Paramity-Kenny_Scott_2024.04.03_withcaption.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/documents/oscal-mini-workshop-22-Paramify/Paramity-Kenny_Scott_2024.04.03.cc.vtt) | +| **2024/04/17** | 11:00AM-12:00PM EDT | Automated Governance - Modular Assessments for Quick Feedback Loops | **Brandt Keller**, OSS Maintainer, *Defense Unicorns* | [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Automated%20Governance%20-%20Modular%20Assessments%20V2.pdf), [video](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/DefenseUnicorns_20240417_withcaptions_part1.mp4), [demo](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/DefenseUnicorns_20240417_withcaptions_part2.mp4) | +| **2024/05/15** | 11:00AM-12:00PM EDT | Adoption of OSCAL in ServiceNow CAM (Continuous Authorization & Monitoring)| **Dharav Devani**, *ServiceNow*; **Ayush Srivanstava**, *ServiceNow*| [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Adoption%20of%20OSCAL%20-%20ServiceNow%20CAM.pdf)| +| **2024/06/05 SPECIAL EDITION** | 11:00AM-12:00PM EDT | ATO as Code - Enabling Cybersecurity Modernization Through Risk Management Framework Compliance Automation | **Gaurav Pal**, *stackArmor* | [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/ACT-IAC_Cyber_COI-%20ATOasCode.pdf), [video part 1](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/part1_2024.6.05_ATO-as-code.mp4), [video part 2](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/part2_2024.6.05_ATO-as-code.mp4), [video part 3](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/part3_2024.6.05_ATO-as-code.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/ATO-as-code_2024.6.05_Transcript.txt) | +| **2024/06/20** | 11:00AM-12:00PM EDT | Automating Compliance Narratives and Artifacts in AWS | **Rick Kidder*, USN (Ret), Senior Certified Cloud Security Specialist, *AWS* | [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/2024.06.20_SHCA_OSCAL%20Presentation.pdf), [video part 1](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part-1_2024.06.20_Automating-Compliance-AWS-Rick_Kidder.mp4), [video part 2](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part-2_2024.06.20_Automating-Compliance-AWS-Rick_Kidder.mp4), [video part 3](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part-3_2024.06.20_Automating-Compliance-AWS-Rick_Kidder.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Automating-Compliance-AWS-Rick_Kidder_2024.06.20.transcript.vtt) | +| **2024/07/17** | 11:00AM-12:00PM EDT | OSCAL-COMPASS - Open Security Control Assessment Language Compliance Automated Standard Solution | **Vikas Agarwal**, Senior Research Scientist, *IBM*; **Manjiree Gadgil**, Engineering Manager, *IBM*; **Jenn Power**, Senior Product Security Engineer, *RedHat*; **Anca Sailer**, Distinguised Engineer, *IBM*; **Takumi Yanagawa**, Senior Engineer, *IBM*| [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/7.17.2024_oscal-compass-End-to-End.pdf), [video](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/7.17.2024_IBM-Redhat_OSCAL-COMPASS.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/7.17.2024_IBM-Redhat_Captions.txt)| +| **2024/09/18** | 11:00AM-12:00PM EDT | Digital Authorizations: FedRAMP Modernization using OSCAL | **David Waltermire**, *FedRAMP*; **Rene-Claude Tshiteya**, *FedRAMP*| [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/OSCAL%20Mini%20Workshop%20Series%20Presentation%209.18.2024.pdf), [video part 1](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part1_9.18.2024_FedRAMP.mp4), [video part 2](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part2_9.18.2024_FedRAMP.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/9.18.2024_FedRAMP_CAPTIONS.txt) | +| **2024/11/06 SPECIAL EDITION** | 11:00AM-12:00PM EDT | Compliance Framework: An OSCAL-based framework for recording and reporting an audit state | **Ian Miell**, Partner, *Container Solutions*; **Christiaan Vermeulen**, Principal Consultant, *Container Solutions* | [presentation](), [video](), [transcript]() | +| **2024/11/20** | 11:00AM-12:00PM EDT | Leveraging OSCAL to support cybersecurity lifecycle management | **Sara Nieves Matheu Garcia**, Post Doctoral Researcher, *IBM-COBALT*; **Antonio Skarmeta**, Full Professor (University of Murcia). *IBM-EMERALD* | [presentation](), [video](), [transcript]() | + ### 2023 -| Date | Time | Talk/Demo/Discussion | Presenter & Affiliation | Type | Knowledge Level | -| :---:|:----:|:-------------------- |:----------------------- |:----:|:---------------:| -| 2023/02/01 SPECIAL EDITION | 11:00AM-12:00PM EDT | A Modern Authorization and Accreditation Platform, Enabled by OSCAL | John Tibbitts, Principal, IMPLERUS Corporation; Marcin Staszewski, Chief Development Officer, IMPLERUS Corporation | presentation & demo, video, transcript | L2-L3 | -| 2023/02/15 | 11:00AM-12:00PM EDT | Google's Internal OSCAL Adoption | Vikram Khare, Director – Continuous Assurance and Controls Engineering, Google & Val Mihai, Cloud CISO - Continuous Assurance and Controls Engineering, Google | presentation, video, transcript | L2 | -| 2023/03/01 SPECIAL EDITION | 11:00AM-12:00PM EDT | Shifting Left the Right Way With OSCAL (research use case and proof of concept) | Chris Compton, Senior IT Specialist; Alexander Stein, Senior IT Specialist; Nikita Wootten, Project Lead, IT Specialist | presentation & demo, video, transcript | L3-L4 | -| 2023/03/15 | 11:00AM-12:00PM EDT | Telos's Journey of Bringing OSCAL Adoption to Reality | Stephanie Lacy, Senior Solution Architect, Telos; Connor Hite, Solution Architect, Telos| | | -| 2023/04/19 | 11:00AM-12:00PM EDT | | | | | -| 2023/05/17 | 11:00AM-12:00PM EDT | | | | | -| 2023/06/14 | 11:00AM-12:00PM EDT | | | | | -| 2023/07/19 | 11:00AM-12:00PM EDT | | | | | -| 2023/08/16 | 11:00AM-12:00PM EDT | | | | | -| 2023/09/20 | 11:00AM-12:00PM EDT | | | | | -| 2023/10/18 | 11:00AM-12:00PM EDT | | | | | -| 2023/11/15 | 11:00AM-12:00PM EDT | | | | | +| Date | Time | Talk/Demo/Discussion | Presenter & Affiliation | Type | +| :--: | :--: | :------------------- | :---------------------- | :--: | +| **2023/02/01 SPECIAL EDITION** | 11:00AM-12:00PM EDT | A Modern Authorization and Accreditation Platform Enabled by OSCAL | **John Tibbits**, Principal, *IMPLERUS Corporation*; **Marcin Staszewski**, Chief Development Officer, *IMPLERUS Corporation* | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2023/oscal-mini-workshop-9-implerus/Synergeo%20PPT-v1.4%20NIST%2031-JAN-2023%20v3.pdf), [video & demo](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/2.01.2023_Modern-Authorization-and-Accreditation_John-Tibbitts.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/2.15.2023_Googles-Internal-OSCAL-Adoption_CAPTIONS.txt) | +| 2023/02/15 | 11:00AM-12:00PM EDT | Google's Internal OSCAL Adoption | **Vikram Khare**, Director – Continuous Assurance and Controls Engineering, *Google*; **Val Mihai**, Cloud CISO - Continuous Assurance and Controls Engineering, *Google* | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2023/oscal-mini-workshop-10-Google/Google_OSCAL_Presentation.pdf), [video](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/2.15.2023_Googles-Internal-OSCAL-Adoption_VKhare-VMihai.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/2.15.2023_Googles-Internal-OSCAL-Adoption_CAPTIONS.txt) | +| **2023/03/01 SPECIAL EDITION** | 11:00AM-12:00PM EDT | Shifting Left the Right Way With OSCAL (research use case and proof of concept) | **Chris Compton**, Senior IT Specialist, *NIST*; **Alexander Stein**, Senior IT Specialist, *NIST*; **Nikita Wootten**, Project Lead, IT Specialist, *NIST* | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2023/oscal-mini-workshop-11-NIST-Blossom/Presentation.ACSAC.2022.pdf), [video](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-11-NIST-Blossom/3.01.2023_Shifting-Left-the-Right-Way-with-OSCAL.mp4), [demo](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-11-NIST-Blossom/DEMO_3.01.2023_Shifting-left-the-right-way-with-OSCAL.mp4), [presentation transcript](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-11-NIST-Blossom/3.01.2023_Shifting-left-the-right-way_Presentation_Transcript.txt), [demo transcript](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-11-NIST-Blossom/DEMO_3.01.2023_shifting-left-the-right-way_TRANSCRIPT.txt) | +| **2023/03/15** | 11:00AM-12:00PM EDT | Telos's Journey of Bringing OSCAL Adoption to Reality | **Stephanie Lacy**, Senior Solution Architect, *Telos*; **Connor Hite**, Solution Architect, *Telos* | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2023/oscal-mini-workshop-12-Telos/OSCALInheritance.pptx), [video](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-12-Telos/3.15.2023_TELOS-XACTA.mp4), [transcript](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-12-Telos/3.15.2023_TELOS-XACTA.txt) | +| 2023/05/17 | 11:00AM-12:00PM EDT | Applying OSCAL in the Context of Public Key Infrastructure | **Robert Sherwood**, Principal Consultant, *Credentive Security* | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2023/oscal-mini-workshop-13-FPKI/FPKI-OSCAL%2Bnotes.pdf), [video](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-13-FPKI/5.17.2023_FedPKI-OSCAL_R.Sherwood.mp4), [transcript](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-13-FPKI/5.17.2023_FPKI-OSCAL_CAPTIONS.txt) | +| 2023/07/19 | 11:00AM-12:00PM EDT | Tracer - Accelerating ATOs at Scale with an Inheritance-driven Community Compliance Platform | **Clark Pain**, Product Manager, *Rise8* | [presentation](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-14-Rise8/Tracer_Presentation_2023-07-19_orig.mp4), [video](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-14-Rise8/7.19.2023_Tracer_C.Pain.mp4), [transcript](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-14-Rise8/7.19.2023_Tracer_C.Plain_CAPTIONS.txt), [demo](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-14-Rise8/Tracer_Demo.mov) | +| 2023/08/23 | 11:00AM-12:00PM EDT | Step-by-Step Introduction to NIST's OSCAL-CLI Tool | **Alexander Stein**, OSCAL Technical Director, *NIST* | [presentation](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-15-NIST/OSCAL-CLI_20230823.pdf), [video](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-15-NIST/8.23.2023_Step-by-Step-Intro-to-OSCAl-CLI_AJ.Stien.mp4), [transcript](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-15-NIST/8.23.23_Step-by-step-to-OSCAL-CLI_CAPTIONS.txt) | +| 2023/09/20 | 11:00AM-12:00PM EDT | OSCAL in an Enterprise Context | **JJ Contessa**, COO, *C1Secure*; **Vijay Addicam**, Senior Developer, *C1Secure*; **Todd Hughes**, Senior Security Analyst, *C1Secure*; **Steve Grogan**, VP of Services| [presentation](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-16-C1Security/An%20Enterprise%20Platform%20Perspective%20-%20September%202023_c1secure_updated.pdf), [video part 1](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-16-C1Security/PART-1_9.20.2023_C1service.mp4), [video part 2](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-16-C1Security/PART-2_9.20.2023_C1Secure.mp4), [transcript part 1](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-16-C1Security/9.20.2023_C1Secure-Transcript-P1.txt), [transcript part 2](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-16-C1Security/9.20.2023_C1secure_Transcript-P2.txt) | +| 2023/10/18 | 11:00AM-12:00PM EDT | OSCAL-Pydantic: A python library for OSCAL | **Robert Sherwood**, Principal Consultant, *Credentive Security* | [presentation](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-17-Rob_Sherwood/OSCAL-Pydanticv-%20notes.pdf), [video](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-17-Rob_Sherwood/10.18.2023_OSCAL-Pydantic.mp4), [transcript](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-17-Rob_Sherwood/10.18.2023_OSCAL-Pydantic_Captions.txt) | +| 2023/11/15 | 11:00AM-12:00PM EDT | Cyber Compliance Management Platform | **Tom Nash**, PwC, *UK*; **Siva Mallampati**, PwC, *UK*; **Salma Bedair**, PwC, *UK*; **Joshua Kong**, PwC, *Middle East*, **Shereef Assem**, PwC, *Middle East* | [presentation](https://csrc.nist.gov/csrc/media/presentations/OSCAL%20Demo%20for%20NIST_Slides69.pdf) | + ### 2022 @@ -76,4 +93,3 @@ Participant Passcode: 9254 | 2022/10/05 | 11:00AM-12:00PM EDT | Compliance as Code - from Upstream to Ops | Brandt Keller, Software Engineer, Defense Unicorns | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2022/P1%20OSCAL%20PA%20Approved_10.2022.pdf) & demo | L2-L3 | | 2022/11/02 | 11:00AM-12:00PM EDT | Implementing an Agency Security Assessment Framework (SAF) with OSCAL "ComplianceOps" | Robert Ficcaglia, CNCF Kubernetes Policy Co-Chair, CNCF Security Technical Advisory Group Lead Assessor, Kubernetes SIG-Security Audit Team | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2022/oscal-mini-workshop-7-CNCF/images-media/OSCAL%20Mini%20Workshop%2011-2022-NEW.pdf), [video](https://csrc.nist.gov/csrc/media/Presentations/2022/oscal-mini-workshop-7-CNCF/images-media/CNCF-Roberrt-Ficcaglia-2022-11-02-captions.mp4), [transcript](https://csrc.nist.gov/csrc/media/Presentations/2022/oscal-mini-workshop-7-CNCF/images-media/CNCF-Roberrt_Ficcaglia_2022-11-02-caption.pdf) | L1-L3 | | 2022/11/30 | 11:00AM-12:00PM EDT | The OSCAL Futurist: Musing on What Is Possible and What is Needed | Greg Elin, Founder & CEO, GovReady PBC | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2022/oscal-mini-workshop-8-GovReady/images-media/OSCAL-Futurist-Nov-30-2022%20v2.pdf), [video](https://csrc.nist.gov/csrc/media/Presentations/2022/oscal-mini-workshop-8-GovReady/images-media/GovReady-Greg_Elin-2022-11-30.mp4), [transcript](https://csrc.nist.gov/csrc/media/Presentations/2022/oscal-mini-workshop-8-GovReady/images-media/GovReady-Greg_Elin-2022-11-30_caption.pdf) | L2-L3 | - diff --git a/src/content/learn/presentations/oscal-workshop-2023-04.md b/src/content/learn/presentations/oscal-workshop-2023-04.md new file mode 100644 index 00000000..7c6eecf0 --- /dev/null +++ b/src/content/learn/presentations/oscal-workshop-2023-04.md @@ -0,0 +1,93 @@ +--- +title: 4th OSCAL Workshop +date: 2024-09-3 +heading: 4th Open Security Controls Assessment Language (OSCAL) Workshop +toc: + enabled: true +--- + +{{% usa-tag %}}When{{% /usa-tag %}} May 24th, 2023 +{{% usa-tag %}}Purpose{{% /usa-tag %}} The conference will highlight the latest development of NIST OSCAL models and will explore OSCAL-based automation of risk management, governance, and compliance processes and tools for different national and international regulatory frameworks. Our presenters, some of the most prestigious cybersecurity experts who share the same passion for new advancements in security automation, will share their innovative OSCAL-based solutions, demonstrating, in the process, OSCAL's international adoption. + +The following presentations are available from this workshop. Recordings are also provided where available. The [full agenda](https://csrc.nist.gov/csrc/media/Events/2023/4th-annual-oscal-conference/documents/OSCAL_AGENDA.pdf) is also available. The [speakers' bios](https://csrc.nist.gov/csrc/media/Events/2023/4th-annual-oscal-conference/documents/2023_OSCAL-Speaker-Bios.pdf) is available for review. + +## Conference Speaker Timestamps: + +- **Welcome & Conference Overview** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=25:39)\] + - Dr. Michaela Iorga, OSCAL Strategic Outreach Director, *NIST* + + +- **Opening Remarks** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=28:51)\] + - Andre Mendes, CIO, *DoC* + + +- **OSCAL & A New Way of Doing Software in Federal** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=48:24)\] + - Robert Wood, CISO, Center for Medicare and Medicaid Services, *HHS* + + +- **What is New in OSCAL** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=1:15:40)\] + - Dr. Michaela Iorga, OSCAL Strategic Outreach Director, *NIST* + - Alexander (A.J) Stein, OSCAL Technical Director (Acting), *NIST* + + +- **CIS' Security Controls in OSCAL** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=2:01:30)\] + - Phyllis Lee, VP, *Center of Internet Security* + + +- **CSA CCM v4 in OSCAL** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=2:10:55)\] + - Daniele Catteddu, CTO, *Cloud Security Alliance* + + +- **The Roadmap to CIS-CSA Control Mapping in OSCAL** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=2:27:51)\] + - Chris Compton (Moderator). Senior IT Specialist, OSCAl Team, *NIST* + - Phyllis Lee, VP, *Center of Internet Security* + - Daniele Catteddu, CTO, *Cloud Security Alliance* + + +- **Integrate OSCAL with Other Supported Standards Using Metanorma** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=2:47:04)\] + - Ronald Tse, Founder & CEO, *Ribose Inc.* + + +- **Streamlining StateRAMP's Deliverables with OSCAL** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=3:13:55)\] + - Kenny Scott, Co-Founder & CEO, *Paramify* + + +- **From Artisanal to Industrial - Delivering Security at Scale** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=4:32:42)\] + - Phil Venables, CISO, *Google Cloud* + + +- **Google's Internal OSCAL Adoption** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=5:03:42)\] + - Vikram Khare, Director, Cont. Assurance and Controls Engineer, *Google* + - Valentin Mihai, Technical Lead, Cont. Assurance and Controls Engineer, *Google* + + +- **OSCAL - The future of On Demand Assurance** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=5:29:26)\] + - Chris (Rocky) Campione, Sr. Manager, Security and Compliance US Regulated Industries, *AWS* + +- **OSCAL Supporting Cloud Certification in the EU - MEDINA Project** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=5:56:46)\] + - Dr. Jesus Luna Garcia Cybersecurity Governance, Technical Manager, *Robert Bosch GmbH | EU-MEDINA Project* + + +- **Collaborative Compliance Agile Authoring** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=6:26:26)\] + - Anca Sailer, Distinguished Engineer, *IBM Research* + + +- **OSCAL By-Component: Turtles, All the Way Down?** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=7:06:35)\] + - Adam Brand, Partner - Cybersecurity, *KPMG* + + +- **OSCAL Developers' Fireside Chat** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=7:37:03)\] + - Alexander Stein (Moderator). OSCAL Technical Director (Acting), *NIST* + - Brian Ruf, Director of Cybersecurity, *Easy Dynamics* + - Travis Howerton, CTO, *RegScale* + - Stephanie Lacy, Senior Solutions Architect, *Telos* + - Valinder Mangat, Chief Innovation Officer, *DTR Strategies* + + +- **OSCAL in Practice - A Case Study for Kubernetes** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=8:22:55)\] + - Robert Ficcaglia, Chair, Kubernetes Policy Workgroup, Lead Assessor, *CNCF Security Technical Advisory Group, CTO, SunStone Secure, LLC* + - Francesco Beltramini, Security Engineering Manager, *ControlPlane* + + +- **Closing Remarks & Adjourn** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=8:48:48)\] + - Matthew Scholl, Chief, Computer Security Division, *NIST* From 3cc7b213c201bbcd465637ac6504414a5f419dc9 Mon Sep 17 00:00:00 2001 From: Marilyn Nguyen Date: Tue, 29 Oct 2024 14:21:24 -0400 Subject: [PATCH 2/8] Updated mini-workshop page --- src/content/learn/presentations/mini-workshop/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/learn/presentations/mini-workshop/_index.md b/src/content/learn/presentations/mini-workshop/_index.md index 3dda17c4..7986a5a7 100644 --- a/src/content/learn/presentations/mini-workshop/_index.md +++ b/src/content/learn/presentations/mini-workshop/_index.md @@ -61,7 +61,7 @@ Participant Passcode: 9254 | **2024/07/17** | 11:00AM-12:00PM EDT | OSCAL-COMPASS - Open Security Control Assessment Language Compliance Automated Standard Solution | **Vikas Agarwal**, Senior Research Scientist, *IBM*; **Manjiree Gadgil**, Engineering Manager, *IBM*; **Jenn Power**, Senior Product Security Engineer, *RedHat*; **Anca Sailer**, Distinguised Engineer, *IBM*; **Takumi Yanagawa**, Senior Engineer, *IBM*| [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/7.17.2024_oscal-compass-End-to-End.pdf), [video](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/7.17.2024_IBM-Redhat_OSCAL-COMPASS.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/7.17.2024_IBM-Redhat_Captions.txt)| | **2024/09/18** | 11:00AM-12:00PM EDT | Digital Authorizations: FedRAMP Modernization using OSCAL | **David Waltermire**, *FedRAMP*; **Rene-Claude Tshiteya**, *FedRAMP*| [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/OSCAL%20Mini%20Workshop%20Series%20Presentation%209.18.2024.pdf), [video part 1](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part1_9.18.2024_FedRAMP.mp4), [video part 2](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part2_9.18.2024_FedRAMP.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/9.18.2024_FedRAMP_CAPTIONS.txt) | | **2024/11/06 SPECIAL EDITION** | 11:00AM-12:00PM EDT | Compliance Framework: An OSCAL-based framework for recording and reporting an audit state | **Ian Miell**, Partner, *Container Solutions*; **Christiaan Vermeulen**, Principal Consultant, *Container Solutions* | [presentation](), [video](), [transcript]() | -| **2024/11/20** | 11:00AM-12:00PM EDT | Leveraging OSCAL to support cybersecurity lifecycle management | **Sara Nieves Matheu Garcia**, Post Doctoral Researcher, *IBM-COBALT*; **Antonio Skarmeta**, Full Professor (University of Murcia). *IBM-EMERALD* | [presentation](), [video](), [transcript]() | +| **2024/11/20** | 11:00AM-12:00PM EDT | Leveraging OSCAL to support cybersecurity lifecycle management | **Sara Nieves Matheu Garcia**, Post Doctoral Researcher, *IBM-COBALT*; **Antonio Skarmeta**, Full Professor (University of Murcia). *IBM-EMERALD* | [presentation](), [video](), [transcript]() | ### 2023 From 0c5114f834b72eebfeb4561d5df1e6abdd866569 Mon Sep 17 00:00:00 2001 From: Marilyn Nguyen Date: Tue, 29 Oct 2024 14:29:21 -0400 Subject: [PATCH 3/8] Rearranged the side navigation bar --- src/content/learn/presentations/mini-workshop/_index.md | 1 + src/content/learn/presentations/oscal-workshop-2021-02.md | 1 + src/content/learn/presentations/oscal-workshop-2022-03.md | 1 + src/content/learn/presentations/oscal-workshop-2023-04.md | 1 + 4 files changed, 4 insertions(+) diff --git a/src/content/learn/presentations/mini-workshop/_index.md b/src/content/learn/presentations/mini-workshop/_index.md index 7986a5a7..a9ad7986 100644 --- a/src/content/learn/presentations/mini-workshop/_index.md +++ b/src/content/learn/presentations/mini-workshop/_index.md @@ -6,6 +6,7 @@ toc: enabled: true aliases: - /learn/presentations/oscal-mini-workshop-series/ +weight: 1 --- # OSCAL Mini Workshop Series diff --git a/src/content/learn/presentations/oscal-workshop-2021-02.md b/src/content/learn/presentations/oscal-workshop-2021-02.md index c5226100..f3973f93 100644 --- a/src/content/learn/presentations/oscal-workshop-2021-02.md +++ b/src/content/learn/presentations/oscal-workshop-2021-02.md @@ -4,6 +4,7 @@ date: 2021-04-22 09:52:36 -0400 heading: 2nd Open Security Controls Assessment Language (OSCAL) Workshop toc: enabled: true +weight: 2 --- {{% usa-tag %}}When{{% /usa-tag %}} February 2, 2021 thru February 3, 2021 diff --git a/src/content/learn/presentations/oscal-workshop-2022-03.md b/src/content/learn/presentations/oscal-workshop-2022-03.md index 6179deae..bbdcdd7c 100644 --- a/src/content/learn/presentations/oscal-workshop-2022-03.md +++ b/src/content/learn/presentations/oscal-workshop-2022-03.md @@ -4,6 +4,7 @@ date: 2022-05-26 13:18:18 -0400 heading: 3rd Open Security Controls Assessment Language (OSCAL) Workshop toc: enabled: true +weight: 3 --- {{% usa-tag %}}When{{% /usa-tag %}} March 1, 2022 thru March 2nd, 2022 diff --git a/src/content/learn/presentations/oscal-workshop-2023-04.md b/src/content/learn/presentations/oscal-workshop-2023-04.md index 7c6eecf0..055e983c 100644 --- a/src/content/learn/presentations/oscal-workshop-2023-04.md +++ b/src/content/learn/presentations/oscal-workshop-2023-04.md @@ -4,6 +4,7 @@ date: 2024-09-3 heading: 4th Open Security Controls Assessment Language (OSCAL) Workshop toc: enabled: true +weight: 4 --- {{% usa-tag %}}When{{% /usa-tag %}} May 24th, 2023 From e9480a89882ff4254243ed37ac2eef46014a73cb Mon Sep 17 00:00:00 2001 From: Michaela Iorga Date: Tue, 5 Nov 2024 18:05:54 -0500 Subject: [PATCH 4/8] Update src/content/learn/presentations/oscal-workshop-2023-04.md Fixed the date of the event Co-authored-by: selenaxiao-nist --- src/content/learn/presentations/oscal-workshop-2023-04.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/learn/presentations/oscal-workshop-2023-04.md b/src/content/learn/presentations/oscal-workshop-2023-04.md index 055e983c..343fe767 100644 --- a/src/content/learn/presentations/oscal-workshop-2023-04.md +++ b/src/content/learn/presentations/oscal-workshop-2023-04.md @@ -7,7 +7,7 @@ toc: weight: 4 --- -{{% usa-tag %}}When{{% /usa-tag %}} May 24th, 2023 +{{% usa-tag %}}When{{% /usa-tag %}} May 23rd, 2023 {{% usa-tag %}}Purpose{{% /usa-tag %}} The conference will highlight the latest development of NIST OSCAL models and will explore OSCAL-based automation of risk management, governance, and compliance processes and tools for different national and international regulatory frameworks. Our presenters, some of the most prestigious cybersecurity experts who share the same passion for new advancements in security automation, will share their innovative OSCAL-based solutions, demonstrating, in the process, OSCAL's international adoption. The following presentations are available from this workshop. Recordings are also provided where available. The [full agenda](https://csrc.nist.gov/csrc/media/Events/2023/4th-annual-oscal-conference/documents/OSCAL_AGENDA.pdf) is also available. The [speakers' bios](https://csrc.nist.gov/csrc/media/Events/2023/4th-annual-oscal-conference/documents/2023_OSCAL-Speaker-Bios.pdf) is available for review. From f91fb94b2f7cd9e8b3848a5aeded51201cefb257 Mon Sep 17 00:00:00 2001 From: Michaela Iorga Date: Tue, 5 Nov 2024 18:06:15 -0500 Subject: [PATCH 5/8] Update src/content/learn/presentations/_index.md Fixed typo Co-authored-by: selenaxiao-nist --- src/content/learn/presentations/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/learn/presentations/_index.md b/src/content/learn/presentations/_index.md index 8ecd6708..1e73409a 100644 --- a/src/content/learn/presentations/_index.md +++ b/src/content/learn/presentations/_index.md @@ -21,4 +21,4 @@ The following are presentations on OSCAL-related topics. Some of the older prese ### Blogs - [Blog: Innovating Security Compliance Through Open Standards](https://www.easydynamics.com/blog/innovating-security-compliance-through-open-standards/) - July 7, 2021 -- [Blog: The Foundation for Interoperable and Portable Security Automation is Revealed in NIST’s OSCAL Project](https://www.nist.gov/blogs/cybersecurity-insights/foundation-interoperable-and-portable-security-automation-revealed) - May 19. 2021 \ No newline at end of file +- [Blog: The Foundation for Interoperable and Portable Security Automation is Revealed in NIST’s OSCAL Project](https://www.nist.gov/blogs/cybersecurity-insights/foundation-interoperable-and-portable-security-automation-revealed) - May 19, 2021 \ No newline at end of file From 51a1f61f632f48851b073c5d55ebe5f7699dca05 Mon Sep 17 00:00:00 2001 From: Marilyn Nguyen Date: Tue, 12 Nov 2024 14:49:28 -0500 Subject: [PATCH 6/8] Fixed Broken Links on 2 Pages --- src/content/about/blog/oscal-first-deep-cleaning.md | 2 +- src/content/resources/concepts/layer/overview.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/about/blog/oscal-first-deep-cleaning.md b/src/content/about/blog/oscal-first-deep-cleaning.md index 94a72e1a..e1afa2a9 100644 --- a/src/content/about/blog/oscal-first-deep-cleaning.md +++ b/src/content/about/blog/oscal-first-deep-cleaning.md @@ -5,7 +5,7 @@ date: 2023-09-19 17:31:43 -0400 Welcome to the Open Security Controls Assessment Language (OSCAL) Blog, open to the NIST OSCAL Team and to the community! -If you work closely with us, you might have noticed we finished [a large code repository reorganization](https://github.com/usnistgov/OSCAL/blob/f24dd56d5569ade8489924cf6fc2640dc297bfbe/decisions/0005-repository-reorganization.md) alongside [the release of OSCAL v1.1.0](https://github.com/usnistgov/OSCAL/releases/tag/v1.1.0) and the subsequent [OSCAL v1.1.1 release] (https://github.com/usnistgov/OSCAL/releases/tag/v1.1.1). The OSCAL Project was in a desperate need of some internal restructuring, a fall cleaning of sorts. As an OSCAL user, the differences should not affect affect you, but we will still summarize some key changes for you. +If you work closely with us, you might have noticed we finished [a large code repository reorganization](https://github.com/usnistgov/OSCAL/blob/f24dd56d5569ade8489924cf6fc2640dc297bfbe/decisions/0005-repository-reorganization.md) alongside [the release of OSCAL v1.1.0](https://github.com/usnistgov/OSCAL/releases/tag/v1.1.0) and the subsequent [OSCAL v1.1.1 release](https://github.com/usnistgov/OSCAL/releases/tag/v1.1.1). The OSCAL Project was in a desperate need of some internal restructuring, a fall cleaning of sorts. As an OSCAL user, the differences should not affect affect you, but we will still summarize some key changes for you. One may wonder why we reorganized our code repos only recently. Our answer is simple: we started small (more than six years ago!) and wanted to keep everything in one place to reduce the maintenance overhead. As we expanded our work, we needed to separate code repos to get better organized. diff --git a/src/content/resources/concepts/layer/overview.md b/src/content/resources/concepts/layer/overview.md index e8249c33..ff28df56 100644 --- a/src/content/resources/concepts/layer/overview.md +++ b/src/content/resources/concepts/layer/overview.md @@ -234,4 +234,4 @@ This allows developers to use their preferred format. A tool designed for one fo Currently, converters are available to convert XML-based OSCAL files to JSON and JSON-based OSCAL files to XML. -For more details on converter usage, see the build and usage instructions on the [tools page](../../tools/_index.md#data-conversion). +For more details on converter usage, see the build and usage instructions on the [tools page](https://pages.nist.gov/OSCAL/resources/tools/#data-conversion). From 153b137c3325c6e360096f05e7a2b31028034b5a Mon Sep 17 00:00:00 2001 From: Marilyn Nguyen Date: Tue, 26 Nov 2024 11:22:18 -0500 Subject: [PATCH 7/8] Added November 2024 Mini Workshop Documentation --- src/content/learn/presentations/mini-workshop/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/learn/presentations/mini-workshop/_index.md b/src/content/learn/presentations/mini-workshop/_index.md index a9ad7986..219b3bcf 100644 --- a/src/content/learn/presentations/mini-workshop/_index.md +++ b/src/content/learn/presentations/mini-workshop/_index.md @@ -61,8 +61,8 @@ Participant Passcode: 9254 | **2024/06/20** | 11:00AM-12:00PM EDT | Automating Compliance Narratives and Artifacts in AWS | **Rick Kidder*, USN (Ret), Senior Certified Cloud Security Specialist, *AWS* | [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/2024.06.20_SHCA_OSCAL%20Presentation.pdf), [video part 1](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part-1_2024.06.20_Automating-Compliance-AWS-Rick_Kidder.mp4), [video part 2](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part-2_2024.06.20_Automating-Compliance-AWS-Rick_Kidder.mp4), [video part 3](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part-3_2024.06.20_Automating-Compliance-AWS-Rick_Kidder.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Automating-Compliance-AWS-Rick_Kidder_2024.06.20.transcript.vtt) | | **2024/07/17** | 11:00AM-12:00PM EDT | OSCAL-COMPASS - Open Security Control Assessment Language Compliance Automated Standard Solution | **Vikas Agarwal**, Senior Research Scientist, *IBM*; **Manjiree Gadgil**, Engineering Manager, *IBM*; **Jenn Power**, Senior Product Security Engineer, *RedHat*; **Anca Sailer**, Distinguised Engineer, *IBM*; **Takumi Yanagawa**, Senior Engineer, *IBM*| [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/7.17.2024_oscal-compass-End-to-End.pdf), [video](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/7.17.2024_IBM-Redhat_OSCAL-COMPASS.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/7.17.2024_IBM-Redhat_Captions.txt)| | **2024/09/18** | 11:00AM-12:00PM EDT | Digital Authorizations: FedRAMP Modernization using OSCAL | **David Waltermire**, *FedRAMP*; **Rene-Claude Tshiteya**, *FedRAMP*| [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/OSCAL%20Mini%20Workshop%20Series%20Presentation%209.18.2024.pdf), [video part 1](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part1_9.18.2024_FedRAMP.mp4), [video part 2](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part2_9.18.2024_FedRAMP.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/9.18.2024_FedRAMP_CAPTIONS.txt) | -| **2024/11/06 SPECIAL EDITION** | 11:00AM-12:00PM EDT | Compliance Framework: An OSCAL-based framework for recording and reporting an audit state | **Ian Miell**, Partner, *Container Solutions*; **Christiaan Vermeulen**, Principal Consultant, *Container Solutions* | [presentation](), [video](), [transcript]() | -| **2024/11/20** | 11:00AM-12:00PM EDT | Leveraging OSCAL to support cybersecurity lifecycle management | **Sara Nieves Matheu Garcia**, Post Doctoral Researcher, *IBM-COBALT*; **Antonio Skarmeta**, Full Professor (University of Murcia). *IBM-EMERALD* | [presentation](), [video](), [transcript]() | +| **2024/11/06 SPECIAL EDITION** | 11:00AM-12:00PM EDT | Compliance Framework: An OSCAL-based framework for recording and reporting an audit state | **Ian Miell**, Partner, *Container Solutions*; **Christiaan Vermeulen**, Principal Consultant, *Container Solutions* | [presentation](https://cms.csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/11.06.2024_ContainerSolutions.pdf), [video part 1](https://cms.csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/PART1_11.06.2024_ContainerSolutions.mp4), [video part 2](https://cms.csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/PART2_11.06.2024_ContainerSolutions.mp4), [transcript](https://cms.csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/CAPTIONS_11.06.2024_ContainerSolutions.txt) | +| **2024/11/20** | 11:00AM-12:00PM EDT | Leveraging OSCAL to support cybersecurity lifecycle management | **Sara Nieves Matheu Garcia**, Post Doctoral Researcher, *University of Murcia, Spain*; **Antonio Skarmeta**, Full Professor, *University of Murcia, Spain* | [presentation](https://cms.csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/11.06.2024_COBALT.pdf), [video part 1](https://cms.csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/PART1_11.20.2024_COBALT.mp4), [video part 2](https://cms.csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/PART2_11.20.2024_COBALT.mp4), [video part 3](https://cms.csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/PART3_11.20.2024_COBALT.mp4), [transcript](https://cms.csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/CAPTIONS_11.20.2024_COBALT.txt) | ### 2023 From 2d4e4ccc68233762644b2402e40fd4c30594c46a Mon Sep 17 00:00:00 2001 From: Marilyn Nguyen Date: Mon, 23 Dec 2024 14:34:39 -0500 Subject: [PATCH 8/8] Updated Relative Path to Tools Page --- src/content/resources/concepts/layer/overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/resources/concepts/layer/overview.md b/src/content/resources/concepts/layer/overview.md index ff28df56..c09d82c6 100644 --- a/src/content/resources/concepts/layer/overview.md +++ b/src/content/resources/concepts/layer/overview.md @@ -234,4 +234,4 @@ This allows developers to use their preferred format. A tool designed for one fo Currently, converters are available to convert XML-based OSCAL files to JSON and JSON-based OSCAL files to XML. -For more details on converter usage, see the build and usage instructions on the [tools page](https://pages.nist.gov/OSCAL/resources/tools/#data-conversion). +For more details on converter usage, see the build and usage instructions on the [tools page](../../../tools/#data-conversion). \ No newline at end of file