RegScale launches OSCAL Hub to simplify audits and authorizations between government regulators, agencies, cloud service providers and other organizations to standardize security assessments and modernize risk and compliance processes

RegScale, the leader in Continuous Controls Monitoring (CCM), today launched the OSCAL Hub, an open-source industry platform that will help accelerate the approval of security authorizations (Authority to Operate) (ATO) for government regulators, federal agencies, cloud service providers, and other organizations using the Open Security Controls Assessment Language (OSCAL) standardized framework for information systems. The OSCAL Hub was unveiled this week at OSCAL Plugfest, a hands-on event bringing together OSCAL practitioners, industry, regulators, and the broader community to collaborate on real-world technical challenges and workstreams.

Federal agencies and contractors spend thousands of hours on manual compliance work. As cyber threats to national security escalate in speed and sophistication, the need to automate cybersecurity risk management has become a priority across the public and private sectors to speed innovative technology solutions into production to support government missions and citizen services.

To meet this mission need, the OSCAL Hub was created as a free, open-source, and comprehensive platform for security compliance teams working with OSCAL documents. It enables government regulators and any Authorizing Officials to review and approve packages, and industry technology providers to submit their Risk Management Framework (RMF) documents in an OSCAL format—resulting in up to 85 percent time savings, due to machine-readable artifacts that can be reviewed and audited with automated approaches.

“We built the OSCAL hub toward the vision of ‘hyper automation’ for risk and compliance management,” said OSCAL Foundation Founding Member and RegScale Co-Founder and CEO, Travis Howerton. “OSCAL is the leading machine-readable compliance as code language and the best way to get to real-time continuous monitoring, moving from manual, periodic audits to continuous, automated validation and compliance as code. This is the path to modernize legacy risk and compliance processes and transform how the industry approaches risk and compliance at scale. The need to modernize RMF processes to support a more Agile government has never been more urgent, and we strongly believe that OSCAL will play a major role in accelerating technology deployment across government.”

RegScale also announced today that it is donating the OSCAL Hub source code as both free and open source to the OSCAL Foundation to advance the use of the application in the community, across both commercial and federal applications.

“OSCAL has always been driven by its community and by collaboration,” said John Banghart, Coordinator of the OSCAL Foundation. “We are thrilled to expand on this mission by working to take ownership of the OSCAL Hub and offering the community what is needed to accelerate OSCAL’s adoption across the globe.”

The OSCAL Hub features templates and visual tools and can be run as a modern web application for supporting simple, rapid, and robust authorization processes and content sharing. It can be deployed to Google Cloud, Azure, AWS, locally, or even as a command line tool inside of customer data pipelines. The OSCAL Hub allows:

• Federal Agencies to maintain RMF packages and their associated ATOs
• Technology vendors to share component definitions for easy ingestion into their OSCAL tooling
• Regulators to publish and share OSCAL catalogs and profiles that can serve as a foundation for modern GRC tooling
• Security Engineers to validate OSCAL in CI/CD pipelines, convert between formats automatically, and integrate into workflows via REST APIs
• AOs to review validated packages and track conditions of approval and Plans of Action and Milestones (POAMs) over time

Learn more about the OSCAL Hub here or access the Hub in this link.

About RegScale

RegScale is a Continuous Controls Monitoring (CCM) platform designed to be the operational risk tool for the CISO. Built on a compliance as code foundation, RegScale enables extreme automation with our API-first strategy, self-updating paperwork, and powerful AI agents that all but eliminate manual labor and make your program more proactive. Heavily regulated organizations, including Fortune 500 enterprises and the federal government, report achieving compliance certifications 90% faster and trimming audit preparation efforts by 60% with RegScale. Save money, strengthen security, accelerate time to market, and reduce risk in your operational environment.

View source version on businesswire.com: https://www.businesswire.com/news/home/20251216876546/en/