Open Security Controls Assessment Language. Ties into both NIST 800-53 revisions and helps in compliance with various versions of the controls. OSCAL can be used in both Java Script Object Notation (JSON) or eXtensible Markup Language (XML), both of which are open formats and used by information system applications to support automation. OSCAL was designed to assist organizations in the development of the required documentation associated with the accreditation process to achieve an authority to operate (ATO). Rather than using document editing software (e.g. MS Word) the organization has the ability to develop or acquire software that can automate the generation of the documentation associated with the accreditation process, saving countless hours for the organization. 

Applicability: Relevant in compliance auditing, cybersecurity standards, control implementation.

URL: OSCAL Explanation