RegScale, the leader in Continuous Controls Monitoring (CCM), today launched the OSCAL Hub, an open-source industry platform that will help accelerate the approval of security authorizations (Authority to Operate (ATO) for government regulators, federal agencies, cloud service providers, and other organizations using the Open Security Controls Assessment Language (OSCAL) standardized framework for information systems. The OSCAL Hub was unveiled this week at OSCAL Plugfest, a hands-on event bringing together OSCAL practitioners, industry, regulators, and the broader community to collaborate on real-world technical challenges and workstreams.
Federal agencies and contractors spend thousands of hours on manual compliance work. As cyber threats to national security escalate in speed and sophistication, the need to automate cybersecurity risk management has become a priority across the public and private sectors to speed innovative technology solutions into production to support government missions and citizen services.
To meet this mission need, the OSCAL Hub was created as a free, open-source, and comprehensive platform for security compliance teams working with OSCAL documents. It enables government regulators and any Authorizing Officials to review and approve packages, and industry technology providers to submit their Risk Management Framework (RMF) documents in an OSCAL format—resulting in up to 85 percent time savings, due to machine-readable artifacts that can be reviewed and audited with automated approaches.
RegScale also announced today that it is donating the OSCAL Hub source code as both free and open source to the OSCAL Foundation to advance the use of the application in the community, across both commercial and federal applications.
The OSCAL Hub features templates and visual tools and can be run as a modern web application for supporting simple, rapid, and robust authorization processes and content sharing. It can be deployed to Google Cloud, Azure, AWS, locally, or even as a command line tool inside of customer data pipelines. The OSCAL Hub allows:
- Federal Agencies to maintain RMF packages and their associated ATOs
- Technology vendors to share component definitions for easy ingestion into their OSCAL tooling
- Regulators to publish and share OSCAL catalogs and profiles that can serve as a foundation for modern GRC tooling
- Security Engineers to validate OSCAL in CI/CD pipelines, convert between formats automatically, and integrate into workflows via REST APIs
- AOs to review validated packages and track conditions of approval and Plans of Action and Milestones (POAMs) over time
Learn more about the OSCAL Hub here or access the Hub in this link.
Like this:
Like Loading...
Related
This entry was posted on December 16, 2025 at 3:41 pm and is filed under Commentary with tags RegScale. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
RegScale Donates Open-Source OSCAL Hub to the OSCAL Foundation
RegScale, the leader in Continuous Controls Monitoring (CCM), today launched the OSCAL Hub, an open-source industry platform that will help accelerate the approval of security authorizations (Authority to Operate (ATO) for government regulators, federal agencies, cloud service providers, and other organizations using the Open Security Controls Assessment Language (OSCAL) standardized framework for information systems. The OSCAL Hub was unveiled this week at OSCAL Plugfest, a hands-on event bringing together OSCAL practitioners, industry, regulators, and the broader community to collaborate on real-world technical challenges and workstreams.
Federal agencies and contractors spend thousands of hours on manual compliance work. As cyber threats to national security escalate in speed and sophistication, the need to automate cybersecurity risk management has become a priority across the public and private sectors to speed innovative technology solutions into production to support government missions and citizen services.
To meet this mission need, the OSCAL Hub was created as a free, open-source, and comprehensive platform for security compliance teams working with OSCAL documents. It enables government regulators and any Authorizing Officials to review and approve packages, and industry technology providers to submit their Risk Management Framework (RMF) documents in an OSCAL format—resulting in up to 85 percent time savings, due to machine-readable artifacts that can be reviewed and audited with automated approaches.
RegScale also announced today that it is donating the OSCAL Hub source code as both free and open source to the OSCAL Foundation to advance the use of the application in the community, across both commercial and federal applications.
The OSCAL Hub features templates and visual tools and can be run as a modern web application for supporting simple, rapid, and robust authorization processes and content sharing. It can be deployed to Google Cloud, Azure, AWS, locally, or even as a command line tool inside of customer data pipelines. The OSCAL Hub allows:
Learn more about the OSCAL Hub here or access the Hub in this link.
Share this:
Like this:
Related
This entry was posted on December 16, 2025 at 3:41 pm and is filed under Commentary with tags RegScale. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.