The following types of users are most likely to benefit from consuming OSCAL tools and content when they are available:
- Operations personnel, who will be able to rapidly verify that systems comply with organizational security requirements
- Security and privacy personnel, who will be able to automatically identify problems and address them quickly before loss or damage occur; for example, a profile could be used to identify incorrect parameter values that are weakening security
- Auditors/assessors, who will be able to perform audits/assessments on demand with minimal effort
- Policy personnel, who will be able to better identify systemic problems that necessitate changes to organization security policy
At this time, we do not have information available on using OSCAL tools and content because the initial components of OSCAL are still under development and are not yet ready for operational use. As OSCAL development continues, we will add pointers here to examples of OSCAL content so you can get an idea for what operational OSCAL content will look like.