HomeGuidesAPI ReferenceChangelog
Log In
Guides

NIST OSCAL

RegScale NIST OSCAL CLI

The National Institute of Standards and Technology (NIST) Open Security Control Assessment Language (OSCAL) CLI command is used to bulk-process and load OSCAL JSON files into RegScale. It serves the following purposes:

  • Performs bulk loading of data via the command line
  • Allows for scripting the loading of many files in batch
  • Avoids the need to custom code OSCAL file loading into RegScale via APIs

The current CLI supports bulk uploading of:

  • Catalogues
  • Profiles

Future iterations will support loading System Security Plans and Components. NOTE - all importers only support OSCAL JSON files. XML and YAML are not supported.

Init.yaml Configuration

There are two pieces of information needed to configure for the NIST OSCAL RegScale CLI functionality:

  • oscalCliPath - file path to your OSCAL CLI installation from https://github.com/usnistgov/oscal-cli/releases
  • maxThreads - The total number of threads the application is allowed to use for bulk processing. The default value is 1000. (NOTE: Changing this number can have a negative or positive impact on performance.)

Supported CLI Commands

The following commands are supported via this CLI:

Load a catalogue

Usage: regscale oscal catalog --file_name="my-file-name"

For loading catalogues, you only need to provide the path to the OSCAL JSON file to load.

Load a profile

Usage: regscale oscal profile --title="NIST 800-53 Rev5 - Privacy" --categorization="Moderate" --catalog=225 --file_name="artifacts/oscal/NIST_SP-800-53_rev5_PRIVACY-baseline_profile.json"

For loading profiles, you need to provide the following parameters:

  • title - a friendly name for the profile you are creating
  • categorization - a valid FIPS categorization (High, Moderate, Low)
  • catalog - primary key (ID #) for the RegScale parent catalogue for this profile (e.g., NIST 800-53 Rev4)
  • file_name - path to the OSCAL profile JSON file to load

How to Use the OSCAL CLI

  • Ensure the domain variable is set in your init.yaml file to your RegScale instance's URL (i.e. https://mycompany.regscale.com ) and that you have set the userId and token variables to allow access via APIs

  • To use the OSCAL conversion tools:

    • Download and install the OpenJDK 17 LTS release and set the JAVA_HOME path in windows or linux
    • Download and install the latest version of the oscal-cli tool here: https://github.com/usnistgov/oscal-cli/releases and extract the entire contents of the release to a folder of your choice. Find the full path to the executable in the bin directory and add the full pathvariable in your init.yaml file, e.g. oscalCliPath: /opt/oscal-cli/bin/oscal-cli OR oscalCliPath: C:\oscal-cli\bin\oscal-cli.bat if you're using windows.
  • Begin bulk uploading with the commands above.

  • Loading may take a few minutes to complete depending on the size of the JSON files. Detailed logs will stream to your command line terminal to update progress as the CLI executes.

Example NIST OSCAL Documents

NIST publishes and maintains a set of documentation in OSCAL format. Below are some handy links to the OSCAL content: