RegScale NIST OSCAL CLI
The National Institute of Standards and Technology (NIST) Open Security Control Assessment Language (OSCAL) CLI command is used to bulk-process and load OSCAL JSON files into RegScale. It serves the following purposes:
- Performs bulk loading of data via the command line
- Allows for scripting the loading of many files in batch
- Avoids the need to custom code OSCAL file loading into RegScale via APIs
The current CLI supports bulk uploading of:
Future iterations will support loading System Security Plans and Components. NOTE - all importers only support OSCAL JSON files. XML and YAML are not supported.
There are two pieces of information needed to configure for the NIST OSCAL RegScale CLI functionality:
oscalCliPath- file path to your OSCAL CLI installation from
maxThreads- The total number of threads the application is allowed to use for bulk processing. The default value is 1000. (NOTE: Changing this number can have a negative or positive impact on performance.)
Supported CLI Commands
The following commands are supported via this CLI:
Load a catalogue
regscale oscal catalog --file_name="my-file-name"
For loading catalogues, you only need to provide the path to the OSCAL JSON file to load.
Load a profile
regscale oscal profile --title="NIST 800-53 Rev5 - Privacy" --categorization="Moderate" --catalog=225 --file_name="artifacts/oscal/NIST_SP-800-53_rev5_PRIVACY-baseline_profile.json"
For loading profiles, you need to provide the following parameters:
title- a friendly name for the profile you are creating
categorization- a valid FIPS categorization (High, Moderate, Low)
catalog- primary key (ID #) for the RegScale parent catalogue for this profile (e.g., NIST 800-53 Rev4)
file_name- path to the OSCAL profile JSON file to load
To convert OSCAL formatted JSON to XML or YAML, RegScale has integration with OSCAL Conversion Tools (see https://github.com/usnistgov/oscal-cli for details)
regscale oscal convert /path/to/basic-catalog.json /path/to/basic-catalog.xml ssp xml
regscale oscal convert-json-yaml /path/to/basic-catalog.json /path/to/basic-catalog.yaml ssp yaml
How to Use the OSCAL CLI
domainvariable is set in your
init.yamlfile to your RegScale instance's URL (i.e.
https://mycompany.regscale.com) and that you have set the userId and token variables to allow access via APIs
To use the OSCAL conversion tools:
- Download and install the OpenJDK 17 LTS release and set the JAVA_HOME path in windows or linux
- Download and install the latest version of the oscal-cli tool here:
https://github.com/usnistgov/oscal-cli/releasesand extract the entire contents of the release to a folder of your choice. Find the full path to the executable in the
bindirectory and add the full pathvariable in your
oscalCliPath: C:\oscal-cli\bin\oscal-cli.batif you're using windows.
Begin bulk uploading with the commands above.
Loading may take a few minutes to complete depending on the size of the JSON files. Detailed logs will stream to your command line terminal to update progress as the CLI executes.
Example NIST OSCAL Documents
NIST publishes and maintains a set of documentation in OSCAL format. Below are some handy links to the OSCAL content:
Updated 3 months ago