OSCAL and the Certification Lifecycle: Machine-Readable Compliance for Common Criteria (C30c)
As EUCC, US Cyber Trust Mark, and global regulatory frameworks demand faster, more consistent certifications, the Common Criteria community faces mounting documentation burdens. OSCAL, the Open Security Controls Assessment Language, addresses this by enabling machine-readable, automatable compliance artifacts. This talk introduces OSCAL’s models, demonstrates practical applications to CC evaluation workflows, and shows how national schemes, labs, and product developers can reduce manual effort while producing richer, more auditable certification evidence.