OSCAL Archives

RegScale Open Sources OSCAL Hub to Further Compliance-as-Code Adoption

Michael Vizard | December 18, 2025 | AI, open source, OSCAL, RegScale

RegScale this week added an open source hub through which organizations can collect and organize compliance data based on the Open Security Controls Assessment Language (OSCAL) framework. Announced at the OSCAL Plugfest ...

Security Boulevard

Making FedRAMP ATOs Great with OSCAL and Components

stackArmor | January 5, 2025 | Blog, FedRAMP, OMB, OSCAL

OMB Memo M-24-15 published on July 24, 2024 directed GSA and the FedRAMP PMO to streamline the FedRAMP ATO process using NIST OSCAL. By late 2025 or early 2026 (18 months after ...

Blog Archives - stackArmor

A New Way to SSP: The Component Definition Approach to Defining Controls

stackArmor | December 12, 2024 | ATO, Blog, FedRAMP, OSCAL, rmf, SSP

A New Way to SSP: The Component Definition Approach to Defining Controls Guest Post by Johann Dettweiler, CISO, stackArmor Imagine a world where the “say nothing” narrative implementation statements, rampant across the ...

Blog Archives - stackArmor

What is FedRAMP POAM? FedRAMP Compliance and Certification Explained

stackArmor | January 15, 2023 | Blog, fedramp poam, OSCAL

The Federal Risk and Authorization Management Program was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of commercial cloud services by the federal government and contractors ...

Blog Archives - stackArmor

Building Secure, Compliant Systems With Composability

J. Travis Howerton | January 31, 2022 | composability, Cybersecurity, NIST, OSCAL

One of the fundamental challenges we see today for security compliance professionals is the struggle between the desire to design and configure secure systems and the difficulty and complexity involved in doing ...

Security Boulevard

OSCAL

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On