🚧 Early alpha — building the foundation. See the roadmap →
OSCAL
Interchange format — machine-readable representation of security control catalogs, profiles, and assessment results. Created by NIST.
Why it matters
Section titled “Why it matters”OSCAL provides what most frameworks lack: formal versioning with compatibility guarantees. Content created under a MAJOR version remains valid in all subsequent releases within that major version.
Key features
Section titled “Key features”- SemVer versioning (MAJOR.MINOR.PATCH)
- Metaschema generates XML, JSON, and YAML simultaneously
- UUID per document with revision history
- Layer separation: Catalog → Profile → Implementation → Assessment
In Crosswalker
Section titled “In Crosswalker”OSCAL is a planned export format and a model for Crosswalker’s own versioning approach. The EvolutionPattern considers OSCAL the forbidden breaking changes model.