Skip to content

About OSCAL Compass

What is OSCAL Compass?

The OSCAL Compass project is set of tools that enable the creation, validation, and governance of documentation artifacts for compliance needs. It leverages NIST's OSCAL (Open Security Controls Assessment Language) as a standard data format for interchange between tools and people, and provides an opinionated approach to OSCAL SDK and adoption by policy engines.

The OSCAL Compass project is hosted by the Cloud Native Computing Foundation (CNCF)

Project repositories

Project Description
compliance-trestle An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.
oscal-sdk-go OSCAL Software Development Kit for the Go programming language.
compliance-to-policy Compliance-to-Policy(C2P) provides the framework to bridge the gap between compliance and policy administration.
compliance-to-policy-go Compliance-to-Policy (C2P) provides the framework to bridge the gap between compliance and policy administration in Go.
community OSCAL Compass Community repository.
oscal-content Repository of OSCAL Content.
oscal-insights
sdk-conformance

Demo content repositories - OSCAL Compass in action

Demo Content Description
e2e-demo
e2e-demo-ssp
e2e-demo-cd
e2e-demo-profile Repository to demo OSCAL based profile and agile authoring using compliance-trestle and GitHub actions.
e2e-demo-catalog Repository to demo OSCAL based catalog and agile authoring using complaince-trestle and GitHub actions.
e2e-demo-mapping
e2e-demo-xccdf-ubuntu
e2e-demo-compliance-posture
compliance-trestle-demos Demo setup for compliance-trestle.
compliance-trestle-ssp-demo Demonstration of compliance trestle's SSP authoring capabilities.

Trestle plugins

Plugin repository Description
compliance-trestle-fedramp Compliance trestle plugin to support FedRAMP specific functionality.

Agile authoring templates

Authoring repository Description
compliance-trestle-agile-authoring Agile authoring tutorial and repository set-up tooling.
compliance-trestle-template-component-definition Agile authoring template for OSCAL Component Definition.
compliance-trestle-template-profile Agile authoring template for OSCAL Profile.
compliance-trestle-template-catalog Agile authoring template for OSCAL Catalog.
compliance-trestle-template-system-security-plan Agile authoring template for OSCAL System Security Plan.

We are a Cloud Native Computing Foundation sandbox project.

The Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see Trademark Usage.

OSCAL Compass was originally contributed by IBM.