Skip to content
@oscal-compass

oscal-compass

OSCAL Compass Logo Welcome to the OSCAL Compass project

The OSCAL Compass project is set of tools that enable the creation, validation, and governance of documentation artifacts for compliance needs. It leverages NIST's OSCAL (Open Security Controls Assessment Language) as a standard data format for interchange between tools and people, and provides an opinionated approach to OSCAL SDK and adoption by policy engines.

The OSCAL Compass project is hosted by the Cloud Native Computing Foundation (CNCF)

Get Started

Check out the Community README to get started with using and contributing to the project. The README also details all the ways to collaborate with project maintainers and your fellow users of OSCAL Compass tools. Anyone is welcome to participate and contribute provided they follow the OSCAL Compass Code of Conduct.

Learn about the projects

Trestle - Command line tool and SDK for interacting with OSCAL-based compliance-as-code documents

Agile Authoring - Ready to use CI/CD pipeline configuration and setup using a GitOps approach and Trestle SDK for human and machine readable OSCAL compliance documents collaborative authoring. Manage semantic versioning, provenance traceability, change log, and approval based release to foster continuous compliance.

Compliance to Policy (AKA C2P) - C2P is a plugin based tool to deploy compliance-as-code represented in OSCAL into policy validation or enforcement engines and collect and normalize their native results into OSCAL audit required format. Supported Policy Engines include Kyverno (for Kubernetes resources), Open Cluster Management Policy Framework (for Kubernetes resources), Auditree (generic).

Quick Links

Website

https://oscal-compass.github.io

Note: This has Trestle specific information

Read the Blogs

Personas and Roles
Trestle SDK
Artifacts and Personas
Topologies of Compliance Policy Administration Centers
A Lack of Network Boundaries Invites a Lack of Compliance
Compliance to Policy for Multiple Kubernetes Clusters

Pinned Loading

  1. compliance-trestle compliance-trestle Public

    An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.

    Python 169 61

  2. compliance-to-policy compliance-to-policy Public

    Compliance-to-Policy (C2P) provides the framework to bridge the gap between compliance and policy administration.

    Go 23 16

  3. compliance-trestle-agile-authoring compliance-trestle-agile-authoring Public

    Agile authoring tutorial and repo set-up tooling

    Python 18 3

  4. community community Public

    OSCAL Compass community-wide collaboration space

    4 4

Repositories

Showing 10 of 18 repositories
  • compliance-trestle Public

    An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.

    oscal-compass/compliance-trestle’s past year of commit activity
    Python 169 Apache-2.0 61 98 (1 issue needs help) 11 Updated Nov 26, 2024
  • oscal-sdk-go Public

    OSCAL SDK for the Go programming language

    oscal-compass/oscal-sdk-go’s past year of commit activity
    Go 0 Apache-2.0 2 7 2 Updated Nov 25, 2024
  • compliance-to-policy Public

    Compliance-to-Policy (C2P) provides the framework to bridge the gap between compliance and policy administration.

    oscal-compass/compliance-to-policy’s past year of commit activity
    Go 23 Apache-2.0 16 8 1 Updated Nov 22, 2024
  • community Public

    OSCAL Compass community-wide collaboration space

    oscal-compass/community’s past year of commit activity
    4 Apache-2.0 4 13 5 Updated Nov 21, 2024
  • compliance-trestle-ssp-demo Public

    Demonstration of compliance trestle's ssp authoring capabilites.

    oscal-compass/compliance-trestle-ssp-demo’s past year of commit activity
    Python 8 Apache-2.0 2 0 2 Updated Nov 20, 2024
  • compliance-trestle-fedramp Public

    Compliance trestle plugin to support FedRAMP specific functionality.

    oscal-compass/compliance-trestle-fedramp’s past year of commit activity
    XSLT 4 Apache-2.0 2 0 2 Updated Nov 18, 2024
  • compliance-to-policy-go Public

    Compliance-to-Policy (C2P) provides the framework to bridge the gap between compliance and policy administration in Go.

    oscal-compass/compliance-to-policy-go’s past year of commit activity
    Go 1 Apache-2.0 2 2 1 Updated Nov 13, 2024
  • oscal-content Public

    This repo will hold OSCAL content

    oscal-compass/oscal-content’s past year of commit activity
    1 Apache-2.0 1 0 0 Updated Nov 5, 2024
  • oscal-compass.github.io Public

    Organization level GitHub Pages

    oscal-compass/oscal-compass.github.io’s past year of commit activity
    1 Apache-2.0 0 3 1 Updated Oct 29, 2024
  • infrastructure-workflows Public

    Infrastructure automation for the oscal compass project

    oscal-compass/infrastructure-workflows’s past year of commit activity
    0 Apache-2.0 0 3 1 Updated Oct 4, 2024

Most used topics

Loading…