NIST OSCAL
RegScale NIST OSCAL CLI
The National Institute of Standards and Technology (NIST) Open Security Control Assessment Language (OSCAL) CLI command is used to bulk-process and load OSCAL JSON files into RegScale. It serves the following purposes:
- Performs bulk loading of data via the command line
- Allows for scripting the loading of many files in batch
- Avoids the need to custom code OSCAL file loading into RegScale via APIs
The current CLI supports bulk uploading of:
- Catalogues
- Profiles
Future iterations will support loading System Security Plans and Components. NOTE - all importers only support OSCAL JSON files. XML and YAML are not supported.
Init.yaml Configuration
There are two pieces of information needed to configure for the NIST OSCAL RegScale CLI functionality:
oscalCliPath
- file path to your OSCAL CLI installation fromhttps://github.com/usnistgov/oscal-cli/releases
maxThreads
- The total number of threads the application is allowed to use for bulk processing. The default value is 1000. (NOTE: Changing this number can have a negative or positive impact on performance.)
Supported CLI Commands
The following commands are supported via this CLI:
Load a catalogue
Usage: regscale oscal catalog --file_name="my-file-name"
For loading catalogues, you only need to provide the path to the OSCAL JSON file to load.
Load a profile
Usage: regscale oscal profile --title="NIST 800-53 Rev5 - Privacy" --categorization="Moderate" --catalog=225 --file_name="artifacts/oscal/NIST_SP-800-53_rev5_PRIVACY-baseline_profile.json"
For loading profiles, you need to provide the following parameters:
title
- a friendly name for the profile you are creatingcategorization
- a valid FIPS categorization (High, Moderate, Low)catalog
- primary key (ID #) for the RegScale parent catalogue for this profile (e.g., NIST 800-53 Rev4)file_name
- path to the OSCAL profile JSON file to load
How to Use the OSCAL CLI
-
Ensure the
domain
variable is set in yourinit.yaml
file to your RegScale instance's URL (i.e.https://mycompany.regscale.com
) and that you have set the userId and token variables to allow access via APIs -
To use the OSCAL conversion tools:
- Download and install the OpenJDK 17 LTS release and set the JAVA_HOME path in windows or linux
- Download and install the latest version of the oscal-cli tool here:
https://github.com/usnistgov/oscal-cli/releases
and extract the entire contents of the release to a folder of your choice. Find the full path to the executable in thebin
directory and add the full pathvariable in yourinit.yaml
file, e.g.oscalCliPath: /opt/oscal-cli/bin/oscal-cli
ORoscalCliPath: C:\oscal-cli\bin\oscal-cli.bat
if you're using windows.
-
Begin bulk uploading with the commands above.
-
Loading may take a few minutes to complete depending on the size of the JSON files. Detailed logs will stream to your command line terminal to update progress as the CLI executes.
Example NIST OSCAL Documents
NIST publishes and maintains a set of documentation in OSCAL format. Below are some handy links to the OSCAL content:
Updated 12 months ago