About

OSCAL Content Registry

The OSCAL Content Registry is an open platform for publishing, discovering, and sharing machine-readable security and compliance documentation written in the Open Security Controls Assessment Language (OSCAL), a set of formats developed by NIST.

Supported Model Types

The registry supports all seven OSCAL model types:

• Catalog – collections of security controls
• Profile – baselines that select and tailor controls from catalogs
• Component Definition – descriptions of how components implement controls
• System Security Plan (SSP) – security plans for information systems
• Assessment Plan (SAP) – plans for assessing control implementations
• Assessment Results (SAR) – findings from security assessments
• Plan of Action & Milestones (POA&M) – tracking of remediation activities

Features

• Browse and search documents across all model types
• Upload and manage your own OSCAL documents
• Automatic metadata extraction and validation
• Document versioning tied to content UUID
• Favorite documents for quick access
• RESTful API for programmatic access

API Access

All documents are available through a public REST API. See the API documentation for details.

Links

• OSCAL.io
• NIST OSCAL Project
• OSCAL on GitHub