diff --git a/src/content/learn/presentations/_index.md b/src/content/learn/presentations/_index.md index 17b21f10..1e73409a 100644 --- a/src/content/learn/presentations/_index.md +++ b/src/content/learn/presentations/_index.md @@ -6,13 +6,19 @@ suppresstopiclists: true The following are presentations on OSCAL-related topics. Some of the older presentations were based on earlier versions of OSCAL, which may be slightly different from the current OSCAL releases. In such cases, the content will still apply conceptually and will give you a good overview of the core OSCAL concepts. +### Workshops +- [4th NIST OSCAL Workshop](oscal-workshop-2023-04) - May 23, 2023 - [3rd NIST OSCAL Workshop](oscal-workshop-2022-03/) - March 1-2, 2022 +- [2nd NIST OSCAL Workshop](oscal-workshop-2021-02/) - February 2-3, 2021 +- [1st NIST OSCAL Workshop](OSCAL-workshop-20191105.pdf) - November 5, 2019 + +### Presentations - [OSCAL Deep Diff Introduction](/presentations/OSCAL-deep-diff-LWtD-20220505.pdf) presented during the [Lunch with the OSCAL Developers](/contribute/dev-lunch/) - May 5, 2022 -- [Blog: Innovating Security Compliance Through Open Standards](https://www.easydynamics.com/blog/innovating-security-compliance-through-open-standards/) - July 7, 2021 -- [Blog: The Foundation for Interoperable and Portable Security Automation is Revealed in NIST’s OSCAL Project](https://www.nist.gov/blogs/cybersecurity-insights/foundation-interoperable-and-portable-security-automation-revealed) - May 19. 2021 -- [2nd NIST OSCAL Workshop](oscal-workshop-2021-02/) - February 2 & 3, 2021 - [Using Leveraged Authorizations in OSCAL](/presentations/oscal-leveraged-authorizations-v6a.pdf) presented during the [OSCAL Model Review](/contribute/model-review/) - July 24, 2020 - [OSCAL Assessment Models Overview](/presentations/oscal-ap-ar-poam-v3.pdf) presented during the [Lunch with the OSCAL Developers](/contribute/dev-lunch/) - July 2, 2020 -- [NIST OSCAL Workshop](OSCAL-workshop-20191105.pdf) - November 5, 2019 - [Security Automation Simplified via NIST OSCAL: We're Not in Kansas Anymore](https://www.youtube.com/watch?v=eP8K7piU5UQ) presented at RSA Conference 2018 - April 18, 2018 - [Automating Security and Compliance via a New Standard of Standards](https://www.youtube.com/watch?v=mo3J0tFxixg) presented at Docker Government Summit 2018 - April 11, 2018 + +### Blogs +- [Blog: Innovating Security Compliance Through Open Standards](https://www.easydynamics.com/blog/innovating-security-compliance-through-open-standards/) - July 7, 2021 +- [Blog: The Foundation for Interoperable and Portable Security Automation is Revealed in NIST’s OSCAL Project](https://www.nist.gov/blogs/cybersecurity-insights/foundation-interoperable-and-portable-security-automation-revealed) - May 19, 2021 \ No newline at end of file diff --git a/src/content/learn/presentations/mini-workshop/_index.md b/src/content/learn/presentations/mini-workshop/_index.md index b0ccfa23..a9ad7986 100644 --- a/src/content/learn/presentations/mini-workshop/_index.md +++ b/src/content/learn/presentations/mini-workshop/_index.md @@ -6,6 +6,7 @@ toc: enabled: true aliases: - /learn/presentations/oscal-mini-workshop-series/ +weight: 1 --- # OSCAL Mini Workshop Series @@ -44,24 +45,41 @@ Enter the meeting ID and passcode as follows: Meeting ID: 743 906 781 Participant Passcode: 9254 -## Workshops Calendar: jump to: [2023](#2023), [2022](#2022) +## Workshops Calendar: jump to: [2024](#2024), [2023](#2023), [2022](#2022) + +### 2024 + +| Date | Time | Talk/Demo/Discussion | Presenter & Affiliation | Type | +| :--: | :--: | :------------------- | :---------------------- | :--: | +| **2024/1/14** | 11:00AM-12:00PM EDT | A Developer's View of OSCAL - Experiences and recommendations for implementing OSCAL Libraries | **Rob Sherwood**, Principal Consultant, *Credentive Security* | [presentation](https://csrc.nist.gov/csrc/media/presentations/2024/oscal-mini-workshops/20240117-Sherwood-Programmers%20view%20of%20OSCAL.pdf), [video part 1](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part1_1.17.2024_A-developers-view-of-oscal_R.Sherwood.mp4), [video part 2](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part2_1.17.2024_A-developers-view-of-oscal_R.Sherwood.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Captions_1.17.2024_R.Sherwood.txt) | +| **2024/02/15** | 11:00AM-12:00PM EDT | PwC Compliance as Code with OSCAL | **Tom Nash**, PwC, *UK*; **Joshua Kong**, PwC, *UK* | [presentation](https://csrc.nist.gov/csrc/media/presentations/2024/oscal-mini-workshops/20240221-Nash-PWC-OSCAL%20Demo%20for%20NIST_Slides_Nov-2023.pdf) | +| **2024/03/20** | 11:00AM-12:00PM EDT | OSCAL Community Capabilities | **Brian Ruf**, Director of Cybersecurity, *Easy Dynamics*; **Chris Robles**, CTO Strategic Advisor, Security and Product Development (Consultant), *Easy Dynamics*| [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/documents/20240320-%20ED-OSCAL%20Community%20Capabilities%202024-03-20.pdf), [video part 1](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part1_3.20.2024_Easy-Dynamics_OSCAL-Community-Collaboration.mp4), [video part 2](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part2_3.20.2024_Easy-Dynamics_OSCAL-Community-Collaboration.mp4), [video part 3](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part3_3.20.2024_Easy-Dynamics_OSCAL-Community-Collaboration.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/3.20.2024_OSCAL-Community-Capabilities-Captions.txt) | +| **2024/04/03 SPECIAL EDITION** | 11:00AM-12:00PM EDT | Streamlining CMMC Compliance Deliverables with OSCAL | **Kenny Scott**, Co-Founder & CEO, *Paramify* | [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Streamlining%20CMMC%20Deliverables%20with%20OSCAL%20(1).pdf), [video](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Paramity-Kenny_Scott_2024.04.03_withcaption.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/documents/oscal-mini-workshop-22-Paramify/Paramity-Kenny_Scott_2024.04.03.cc.vtt) | +| **2024/04/17** | 11:00AM-12:00PM EDT | Automated Governance - Modular Assessments for Quick Feedback Loops | **Brandt Keller**, OSS Maintainer, *Defense Unicorns* | [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Automated%20Governance%20-%20Modular%20Assessments%20V2.pdf), [video](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/DefenseUnicorns_20240417_withcaptions_part1.mp4), [demo](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/DefenseUnicorns_20240417_withcaptions_part2.mp4) | +| **2024/05/15** | 11:00AM-12:00PM EDT | Adoption of OSCAL in ServiceNow CAM (Continuous Authorization & Monitoring)| **Dharav Devani**, *ServiceNow*; **Ayush Srivanstava**, *ServiceNow*| [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Adoption%20of%20OSCAL%20-%20ServiceNow%20CAM.pdf)| +| **2024/06/05 SPECIAL EDITION** | 11:00AM-12:00PM EDT | ATO as Code - Enabling Cybersecurity Modernization Through Risk Management Framework Compliance Automation | **Gaurav Pal**, *stackArmor* | [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/ACT-IAC_Cyber_COI-%20ATOasCode.pdf), [video part 1](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/part1_2024.6.05_ATO-as-code.mp4), [video part 2](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/part2_2024.6.05_ATO-as-code.mp4), [video part 3](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/part3_2024.6.05_ATO-as-code.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/ATO-as-code_2024.6.05_Transcript.txt) | +| **2024/06/20** | 11:00AM-12:00PM EDT | Automating Compliance Narratives and Artifacts in AWS | **Rick Kidder*, USN (Ret), Senior Certified Cloud Security Specialist, *AWS* | [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/2024.06.20_SHCA_OSCAL%20Presentation.pdf), [video part 1](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part-1_2024.06.20_Automating-Compliance-AWS-Rick_Kidder.mp4), [video part 2](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part-2_2024.06.20_Automating-Compliance-AWS-Rick_Kidder.mp4), [video part 3](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part-3_2024.06.20_Automating-Compliance-AWS-Rick_Kidder.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Automating-Compliance-AWS-Rick_Kidder_2024.06.20.transcript.vtt) | +| **2024/07/17** | 11:00AM-12:00PM EDT | OSCAL-COMPASS - Open Security Control Assessment Language Compliance Automated Standard Solution | **Vikas Agarwal**, Senior Research Scientist, *IBM*; **Manjiree Gadgil**, Engineering Manager, *IBM*; **Jenn Power**, Senior Product Security Engineer, *RedHat*; **Anca Sailer**, Distinguised Engineer, *IBM*; **Takumi Yanagawa**, Senior Engineer, *IBM*| [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/7.17.2024_oscal-compass-End-to-End.pdf), [video](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/7.17.2024_IBM-Redhat_OSCAL-COMPASS.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/7.17.2024_IBM-Redhat_Captions.txt)| +| **2024/09/18** | 11:00AM-12:00PM EDT | Digital Authorizations: FedRAMP Modernization using OSCAL | **David Waltermire**, *FedRAMP*; **Rene-Claude Tshiteya**, *FedRAMP*| [presentation](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/OSCAL%20Mini%20Workshop%20Series%20Presentation%209.18.2024.pdf), [video part 1](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part1_9.18.2024_FedRAMP.mp4), [video part 2](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/Part2_9.18.2024_FedRAMP.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/9.18.2024_FedRAMP_CAPTIONS.txt) | +| **2024/11/06 SPECIAL EDITION** | 11:00AM-12:00PM EDT | Compliance Framework: An OSCAL-based framework for recording and reporting an audit state | **Ian Miell**, Partner, *Container Solutions*; **Christiaan Vermeulen**, Principal Consultant, *Container Solutions* | [presentation](), [video](), [transcript]() | +| **2024/11/20** | 11:00AM-12:00PM EDT | Leveraging OSCAL to support cybersecurity lifecycle management | **Sara Nieves Matheu Garcia**, Post Doctoral Researcher, *IBM-COBALT*; **Antonio Skarmeta**, Full Professor (University of Murcia). *IBM-EMERALD* | [presentation](), [video](), [transcript]() | + ### 2023 -| Date | Time | Talk/Demo/Discussion | Presenter & Affiliation | Type | Knowledge Level | -| :---:|:----:|:-------------------- |:----------------------- |:----:|:---------------:| -| 2023/02/01 SPECIAL EDITION | 11:00AM-12:00PM EDT | A Modern Authorization and Accreditation Platform, Enabled by OSCAL | John Tibbitts, Principal, IMPLERUS Corporation; Marcin Staszewski, Chief Development Officer, IMPLERUS Corporation | presentation & demo, video, transcript | L2-L3 | -| 2023/02/15 | 11:00AM-12:00PM EDT | Google's Internal OSCAL Adoption | Vikram Khare, Director – Continuous Assurance and Controls Engineering, Google & Val Mihai, Cloud CISO - Continuous Assurance and Controls Engineering, Google | presentation, video, transcript | L2 | -| 2023/03/01 SPECIAL EDITION | 11:00AM-12:00PM EDT | Shifting Left the Right Way With OSCAL (research use case and proof of concept) | Chris Compton, Senior IT Specialist; Alexander Stein, Senior IT Specialist; Nikita Wootten, Project Lead, IT Specialist | presentation & demo, video, transcript | L3-L4 | -| 2023/03/15 | 11:00AM-12:00PM EDT | Telos's Journey of Bringing OSCAL Adoption to Reality | Stephanie Lacy, Senior Solution Architect, Telos; Connor Hite, Solution Architect, Telos| | | -| 2023/04/19 | 11:00AM-12:00PM EDT | | | | | -| 2023/05/17 | 11:00AM-12:00PM EDT | | | | | -| 2023/06/14 | 11:00AM-12:00PM EDT | | | | | -| 2023/07/19 | 11:00AM-12:00PM EDT | | | | | -| 2023/08/16 | 11:00AM-12:00PM EDT | | | | | -| 2023/09/20 | 11:00AM-12:00PM EDT | | | | | -| 2023/10/18 | 11:00AM-12:00PM EDT | | | | | -| 2023/11/15 | 11:00AM-12:00PM EDT | | | | | +| Date | Time | Talk/Demo/Discussion | Presenter & Affiliation | Type | +| :--: | :--: | :------------------- | :---------------------- | :--: | +| **2023/02/01 SPECIAL EDITION** | 11:00AM-12:00PM EDT | A Modern Authorization and Accreditation Platform Enabled by OSCAL | **John Tibbits**, Principal, *IMPLERUS Corporation*; **Marcin Staszewski**, Chief Development Officer, *IMPLERUS Corporation* | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2023/oscal-mini-workshop-9-implerus/Synergeo%20PPT-v1.4%20NIST%2031-JAN-2023%20v3.pdf), [video & demo](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/2.01.2023_Modern-Authorization-and-Accreditation_John-Tibbitts.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/2.15.2023_Googles-Internal-OSCAL-Adoption_CAPTIONS.txt) | +| 2023/02/15 | 11:00AM-12:00PM EDT | Google's Internal OSCAL Adoption | **Vikram Khare**, Director – Continuous Assurance and Controls Engineering, *Google*; **Val Mihai**, Cloud CISO - Continuous Assurance and Controls Engineering, *Google* | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2023/oscal-mini-workshop-10-Google/Google_OSCAL_Presentation.pdf), [video](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/2.15.2023_Googles-Internal-OSCAL-Adoption_VKhare-VMihai.mp4), [transcript](https://csrc.nist.gov/csrc/media/Projects/open-security-controls-assessment-language/images-media/2.15.2023_Googles-Internal-OSCAL-Adoption_CAPTIONS.txt) | +| **2023/03/01 SPECIAL EDITION** | 11:00AM-12:00PM EDT | Shifting Left the Right Way With OSCAL (research use case and proof of concept) | **Chris Compton**, Senior IT Specialist, *NIST*; **Alexander Stein**, Senior IT Specialist, *NIST*; **Nikita Wootten**, Project Lead, IT Specialist, *NIST* | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2023/oscal-mini-workshop-11-NIST-Blossom/Presentation.ACSAC.2022.pdf), [video](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-11-NIST-Blossom/3.01.2023_Shifting-Left-the-Right-Way-with-OSCAL.mp4), [demo](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-11-NIST-Blossom/DEMO_3.01.2023_Shifting-left-the-right-way-with-OSCAL.mp4), [presentation transcript](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-11-NIST-Blossom/3.01.2023_Shifting-left-the-right-way_Presentation_Transcript.txt), [demo transcript](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-11-NIST-Blossom/DEMO_3.01.2023_shifting-left-the-right-way_TRANSCRIPT.txt) | +| **2023/03/15** | 11:00AM-12:00PM EDT | Telos's Journey of Bringing OSCAL Adoption to Reality | **Stephanie Lacy**, Senior Solution Architect, *Telos*; **Connor Hite**, Solution Architect, *Telos* | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2023/oscal-mini-workshop-12-Telos/OSCALInheritance.pptx), [video](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-12-Telos/3.15.2023_TELOS-XACTA.mp4), [transcript](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-12-Telos/3.15.2023_TELOS-XACTA.txt) | +| 2023/05/17 | 11:00AM-12:00PM EDT | Applying OSCAL in the Context of Public Key Infrastructure | **Robert Sherwood**, Principal Consultant, *Credentive Security* | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2023/oscal-mini-workshop-13-FPKI/FPKI-OSCAL%2Bnotes.pdf), [video](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-13-FPKI/5.17.2023_FedPKI-OSCAL_R.Sherwood.mp4), [transcript](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-13-FPKI/5.17.2023_FPKI-OSCAL_CAPTIONS.txt) | +| 2023/07/19 | 11:00AM-12:00PM EDT | Tracer - Accelerating ATOs at Scale with an Inheritance-driven Community Compliance Platform | **Clark Pain**, Product Manager, *Rise8* | [presentation](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-14-Rise8/Tracer_Presentation_2023-07-19_orig.mp4), [video](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-14-Rise8/7.19.2023_Tracer_C.Pain.mp4), [transcript](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-14-Rise8/7.19.2023_Tracer_C.Plain_CAPTIONS.txt), [demo](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-14-Rise8/Tracer_Demo.mov) | +| 2023/08/23 | 11:00AM-12:00PM EDT | Step-by-Step Introduction to NIST's OSCAL-CLI Tool | **Alexander Stein**, OSCAL Technical Director, *NIST* | [presentation](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-15-NIST/OSCAL-CLI_20230823.pdf), [video](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-15-NIST/8.23.2023_Step-by-Step-Intro-to-OSCAl-CLI_AJ.Stien.mp4), [transcript](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-15-NIST/8.23.23_Step-by-step-to-OSCAL-CLI_CAPTIONS.txt) | +| 2023/09/20 | 11:00AM-12:00PM EDT | OSCAL in an Enterprise Context | **JJ Contessa**, COO, *C1Secure*; **Vijay Addicam**, Senior Developer, *C1Secure*; **Todd Hughes**, Senior Security Analyst, *C1Secure*; **Steve Grogan**, VP of Services| [presentation](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-16-C1Security/An%20Enterprise%20Platform%20Perspective%20-%20September%202023_c1secure_updated.pdf), [video part 1](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-16-C1Security/PART-1_9.20.2023_C1service.mp4), [video part 2](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-16-C1Security/PART-2_9.20.2023_C1Secure.mp4), [transcript part 1](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-16-C1Security/9.20.2023_C1Secure-Transcript-P1.txt), [transcript part 2](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-16-C1Security/9.20.2023_C1secure_Transcript-P2.txt) | +| 2023/10/18 | 11:00AM-12:00PM EDT | OSCAL-Pydantic: A python library for OSCAL | **Robert Sherwood**, Principal Consultant, *Credentive Security* | [presentation](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-17-Rob_Sherwood/OSCAL-Pydanticv-%20notes.pdf), [video](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-17-Rob_Sherwood/10.18.2023_OSCAL-Pydantic.mp4), [transcript](https://csrc.nist.gov/csrc/media/presentations/2023/oscal-mini-workshop-17-Rob_Sherwood/10.18.2023_OSCAL-Pydantic_Captions.txt) | +| 2023/11/15 | 11:00AM-12:00PM EDT | Cyber Compliance Management Platform | **Tom Nash**, PwC, *UK*; **Siva Mallampati**, PwC, *UK*; **Salma Bedair**, PwC, *UK*; **Joshua Kong**, PwC, *Middle East*, **Shereef Assem**, PwC, *Middle East* | [presentation](https://csrc.nist.gov/csrc/media/presentations/OSCAL%20Demo%20for%20NIST_Slides69.pdf) | + ### 2022 @@ -76,4 +94,3 @@ Participant Passcode: 9254 | 2022/10/05 | 11:00AM-12:00PM EDT | Compliance as Code - from Upstream to Ops | Brandt Keller, Software Engineer, Defense Unicorns | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2022/P1%20OSCAL%20PA%20Approved_10.2022.pdf) & demo | L2-L3 | | 2022/11/02 | 11:00AM-12:00PM EDT | Implementing an Agency Security Assessment Framework (SAF) with OSCAL "ComplianceOps" | Robert Ficcaglia, CNCF Kubernetes Policy Co-Chair, CNCF Security Technical Advisory Group Lead Assessor, Kubernetes SIG-Security Audit Team | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2022/oscal-mini-workshop-7-CNCF/images-media/OSCAL%20Mini%20Workshop%2011-2022-NEW.pdf), [video](https://csrc.nist.gov/csrc/media/Presentations/2022/oscal-mini-workshop-7-CNCF/images-media/CNCF-Roberrt-Ficcaglia-2022-11-02-captions.mp4), [transcript](https://csrc.nist.gov/csrc/media/Presentations/2022/oscal-mini-workshop-7-CNCF/images-media/CNCF-Roberrt_Ficcaglia_2022-11-02-caption.pdf) | L1-L3 | | 2022/11/30 | 11:00AM-12:00PM EDT | The OSCAL Futurist: Musing on What Is Possible and What is Needed | Greg Elin, Founder & CEO, GovReady PBC | [presentation](https://csrc.nist.gov/csrc/media/Presentations/2022/oscal-mini-workshop-8-GovReady/images-media/OSCAL-Futurist-Nov-30-2022%20v2.pdf), [video](https://csrc.nist.gov/csrc/media/Presentations/2022/oscal-mini-workshop-8-GovReady/images-media/GovReady-Greg_Elin-2022-11-30.mp4), [transcript](https://csrc.nist.gov/csrc/media/Presentations/2022/oscal-mini-workshop-8-GovReady/images-media/GovReady-Greg_Elin-2022-11-30_caption.pdf) | L2-L3 | - diff --git a/src/content/learn/presentations/oscal-workshop-2021-02.md b/src/content/learn/presentations/oscal-workshop-2021-02.md index c5226100..f3973f93 100644 --- a/src/content/learn/presentations/oscal-workshop-2021-02.md +++ b/src/content/learn/presentations/oscal-workshop-2021-02.md @@ -4,6 +4,7 @@ date: 2021-04-22 09:52:36 -0400 heading: 2nd Open Security Controls Assessment Language (OSCAL) Workshop toc: enabled: true +weight: 2 --- {{% usa-tag %}}When{{% /usa-tag %}} February 2, 2021 thru February 3, 2021 diff --git a/src/content/learn/presentations/oscal-workshop-2022-03.md b/src/content/learn/presentations/oscal-workshop-2022-03.md index 6179deae..bbdcdd7c 100644 --- a/src/content/learn/presentations/oscal-workshop-2022-03.md +++ b/src/content/learn/presentations/oscal-workshop-2022-03.md @@ -4,6 +4,7 @@ date: 2022-05-26 13:18:18 -0400 heading: 3rd Open Security Controls Assessment Language (OSCAL) Workshop toc: enabled: true +weight: 3 --- {{% usa-tag %}}When{{% /usa-tag %}} March 1, 2022 thru March 2nd, 2022 diff --git a/src/content/learn/presentations/oscal-workshop-2023-04.md b/src/content/learn/presentations/oscal-workshop-2023-04.md new file mode 100644 index 00000000..343fe767 --- /dev/null +++ b/src/content/learn/presentations/oscal-workshop-2023-04.md @@ -0,0 +1,94 @@ +--- +title: 4th OSCAL Workshop +date: 2024-09-3 +heading: 4th Open Security Controls Assessment Language (OSCAL) Workshop +toc: + enabled: true +weight: 4 +--- + +{{% usa-tag %}}When{{% /usa-tag %}} May 23rd, 2023 +{{% usa-tag %}}Purpose{{% /usa-tag %}} The conference will highlight the latest development of NIST OSCAL models and will explore OSCAL-based automation of risk management, governance, and compliance processes and tools for different national and international regulatory frameworks. Our presenters, some of the most prestigious cybersecurity experts who share the same passion for new advancements in security automation, will share their innovative OSCAL-based solutions, demonstrating, in the process, OSCAL's international adoption. + +The following presentations are available from this workshop. Recordings are also provided where available. The [full agenda](https://csrc.nist.gov/csrc/media/Events/2023/4th-annual-oscal-conference/documents/OSCAL_AGENDA.pdf) is also available. The [speakers' bios](https://csrc.nist.gov/csrc/media/Events/2023/4th-annual-oscal-conference/documents/2023_OSCAL-Speaker-Bios.pdf) is available for review. + +## Conference Speaker Timestamps: + +- **Welcome & Conference Overview** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=25:39)\] + - Dr. Michaela Iorga, OSCAL Strategic Outreach Director, *NIST* + + +- **Opening Remarks** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=28:51)\] + - Andre Mendes, CIO, *DoC* + + +- **OSCAL & A New Way of Doing Software in Federal** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=48:24)\] + - Robert Wood, CISO, Center for Medicare and Medicaid Services, *HHS* + + +- **What is New in OSCAL** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=1:15:40)\] + - Dr. Michaela Iorga, OSCAL Strategic Outreach Director, *NIST* + - Alexander (A.J) Stein, OSCAL Technical Director (Acting), *NIST* + + +- **CIS' Security Controls in OSCAL** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=2:01:30)\] + - Phyllis Lee, VP, *Center of Internet Security* + + +- **CSA CCM v4 in OSCAL** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=2:10:55)\] + - Daniele Catteddu, CTO, *Cloud Security Alliance* + + +- **The Roadmap to CIS-CSA Control Mapping in OSCAL** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=2:27:51)\] + - Chris Compton (Moderator). Senior IT Specialist, OSCAl Team, *NIST* + - Phyllis Lee, VP, *Center of Internet Security* + - Daniele Catteddu, CTO, *Cloud Security Alliance* + + +- **Integrate OSCAL with Other Supported Standards Using Metanorma** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=2:47:04)\] + - Ronald Tse, Founder & CEO, *Ribose Inc.* + + +- **Streamlining StateRAMP's Deliverables with OSCAL** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=3:13:55)\] + - Kenny Scott, Co-Founder & CEO, *Paramify* + + +- **From Artisanal to Industrial - Delivering Security at Scale** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=4:32:42)\] + - Phil Venables, CISO, *Google Cloud* + + +- **Google's Internal OSCAL Adoption** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=5:03:42)\] + - Vikram Khare, Director, Cont. Assurance and Controls Engineer, *Google* + - Valentin Mihai, Technical Lead, Cont. Assurance and Controls Engineer, *Google* + + +- **OSCAL - The future of On Demand Assurance** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=5:29:26)\] + - Chris (Rocky) Campione, Sr. Manager, Security and Compliance US Regulated Industries, *AWS* + +- **OSCAL Supporting Cloud Certification in the EU - MEDINA Project** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=5:56:46)\] + - Dr. Jesus Luna Garcia Cybersecurity Governance, Technical Manager, *Robert Bosch GmbH | EU-MEDINA Project* + + +- **Collaborative Compliance Agile Authoring** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=6:26:26)\] + - Anca Sailer, Distinguished Engineer, *IBM Research* + + +- **OSCAL By-Component: Turtles, All the Way Down?** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=7:06:35)\] + - Adam Brand, Partner - Cybersecurity, *KPMG* + + +- **OSCAL Developers' Fireside Chat** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=7:37:03)\] + - Alexander Stein (Moderator). OSCAL Technical Director (Acting), *NIST* + - Brian Ruf, Director of Cybersecurity, *Easy Dynamics* + - Travis Howerton, CTO, *RegScale* + - Stephanie Lacy, Senior Solutions Architect, *Telos* + - Valinder Mangat, Chief Innovation Officer, *DTR Strategies* + + +- **OSCAL in Practice - A Case Study for Kubernetes** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=8:22:55)\] + - Robert Ficcaglia, Chair, Kubernetes Policy Workgroup, Lead Assessor, *CNCF Security Technical Advisory Group, CTO, SunStone Secure, LLC* + - Francesco Beltramini, Security Engineering Manager, *ControlPlane* + + +- **Closing Remarks & Adjourn** \[[video](https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/31013851/entry_id/1_e861yoyu/embed/dynamic#t=8:48:48)\] + - Matthew Scholl, Chief, Computer Security Division, *NIST*