OSCAL Tools and Libraries

[egyptiankarim]

I'm hoping you all will consider including my open source side projects on your OSCAL Tools and Libraries page. Specifically:

• control_freak - This tool seeks to provide folks with a searchable and easy-to-navigate reference for NIST SP 800-53 Rev 5. I built it using parsed content directly from the OSCAL repositories.
• typist - This tool is "control_freak for NIST SP 800-60 content" (i.e., the NIST catalog of information classes and types and their provisional "security categorizations").
• performatron - Like the others, but for NIST SP 800-181. I built this tool to help with performance planning and reviews for my diverse staff of cybersecurity professionals with expertise across the NICE framework.

typist and performatron are definitely OSCAL adjacent, but having that content available in an easy-to-use format has come in handy for me on many occasions. The "banner project", Risk Redux, is just generally my attempt to turn useful frameworks for thinking about cybersecurity (i.e., all the amazing NIST documentation out there) into practical web applications.

[aj-stein-nist]

@egyptiankarim thanks for letting us know about your tools. For now, since control_freak is OSCAL specific, I will work on adding that to the tools page. PR incoming.