Python class to validate, convert and manage OSCAL content.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for brianruf from gravatar.com brianruf

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Brian Ruf
  • Tags oscal , nist , security , compliance , ssp , fedramp , csf
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

OSCAL Python Library

This is a collection of python modules for OSCAL XML, JSON and YAML content. It provides classes for OSCAL content. The classes are able to perform validation, format conversion and some content manipulation.

It handles all published OSCAL versions, and can "learn" new versions as they are published by NIST.

Please submit feedback, bug reports and enhancement requests as GitHub issues. Bug fixes and backward-compatible code contributions are welcome. Please consider collaborating on any breaking enhancements.

Designed for Air Gapped Environments

The OSCAL_support class includes an OSCAL Support Module. This is a single SQLite3 database file that contains the NIST-published support files for all OSCAL formats, versions and models. The module enables support functionality in an air gapped environment.

When a new version of OSCAL is published, the support module can be updated on an Internet-connected computer and conveyed into an air gapped environment for use.

Inspection

Inspection of the OSCAL Support Module is possible using any SQLite database viewer. Note that the suport files are ZIP compressed within the database; however, no encryption is used in order to facilitate inspection.

For more information see the Support Module documentation.

Setup

The Python OSCAL Class is intended to be used as a library for your OSCAL python projects.

Add the following to your requirements.txt file or pyproject.toml file:

  • Latest published verson use: oscal

  • Most up-to-date, unpublished version use: git+https://github.com/brian-ruf/oscal-class.git@develop#egg=oscal

Please see the Setup documentation for setup instructions and related details.

Usage: Quick Start

Installation

pip install oscal

To use the OSCAL class in your code, import the oscal_content_class module from the oscal library:

from oscal import oscal_content_class as oscal_content

# Create a new OCAL catalog object
oscal_catalog_obj = oscal_content.create_new_oscal_content(
                     model_name="catalog", 
                     title="My Catalog", 
                     version="DRAFT-1.0", 
                     published="2026-03-02T00:00:00Z")

oscal_catalog_obj.create_control_group("", "ac", "Access Control", 
                                       props=[{"name":"label", "value": "AC"}, 
                                              {"name":"sort-id", "value": "001"}])

oscal_catalog_obj.create_control("ac", "ac-1", "Access Control Policy and Procedures",
                                       props=[{"name":"label", "value": "AC-1"}, 
                                              {"name":"sort-id", "value": "001-001"}],
                                              statements=["The organization develops, documents, and disseminates an access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance."],
                                              )

oscal_catalog_obj.create_control("ac", "ac-2", "Access Control Enforcement",
                                       props=[{"name":"label", "value": "AC-2"}, 
                                              {"name":"sort-id", "value": "001-002"}],
                                              statements=["The organization enforces access control policies through technical and administrative mechanisms."],
                                              )

if oscal_catalog_obj:
    oscal_catalog_obj.save("test_catalog.json", format="json", pretty_print=True)
    oscal_catalog_obj.save("test_catalog.xml", format="xml", pretty_print=True)
    oscal_catalog_obj.save("test_catalog.yaml", format="yaml", pretty_print=True)

Instantiate the OSCAL class

Open OSCAL content directly from a file:

from oscal import oscal_content_class as oscal_content

oscal_catalog_obj = oscal_content_class.OSCAL(filename="./catalog.xml")

if oscal_catalog_obj:
    oscal_catalog_obj.save("test_catalog.json", format="json", pretty_print=True)
    oscal_catalog_obj.save("test_catalog.xml", format="xml", pretty_print=True)
    oscal_catalog_obj.save("test_catalog.yaml", format="yaml", pretty_print=True)

Use an existing OSCAL string:

oscal_content = """
<?xml version="1.0" encoding="UTF-8"?>
<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="8e38fb28-f88e-4c3b-ac72-c39511a51f65">
   <metadata>
      <title>Control Catalog Template</title>
      <published>2025-09-10T12:00:00-04:00</published>
      <last-modified>2025-09-10T12:00:00-04:00</last-modified>
      <version>DRAFT</version>
      <oscal-version>1.1.3</oscal-version>
   </metadata>

</catalog>
"""

oscal_catalog_obj = oscal_content_class.OSCAL(content=oscal_content)

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for brianruf from gravatar.com brianruf

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Brian Ruf
  • Tags oscal , nist , security , compliance , ssp , fedramp , csf
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

1.0.3

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

oscal-1.0.3.tar.gz (8.4 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

oscal-1.0.3-py3-none-any.whl (8.4 MB view details)

Uploaded Python 3

File details

Details for the file oscal-1.0.3.tar.gz.

File metadata

  • Download URL: oscal-1.0.3.tar.gz
  • Upload date:
  • Size: 8.4 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for oscal-1.0.3.tar.gz
Algorithm Hash digest
SHA256 d8108f57233fcb2f8ea56e1832c7088124299759aebf5b63d109f0ac06ff0516
MD5 114109e4904e5274605707e7989fe629
BLAKE2b-256 cb1685a549e3b2b73169f64aece71db7651e51ab43d6cbbf58e92dafca41e62f

See more details on using hashes here.

Provenance

The following attestation bundles were made for oscal-1.0.3.tar.gz:

Publisher: publish.yml on brian-ruf/oscal-class

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file oscal-1.0.3-py3-none-any.whl.

File metadata

  • Download URL: oscal-1.0.3-py3-none-any.whl
  • Upload date:
  • Size: 8.4 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for oscal-1.0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 69b8aea862d78f2968043d3787aca9982cf86beba40f6159768e1f7b6467a4e2
MD5 90f67ae55bc038a3276ffecdf64efcf3
BLAKE2b-256 2f3767f3996ceea90e1541f7effa2f46de0ace149d3cf42f1aace2f5ec786fbb

See more details on using hashes here.

Provenance

The following attestation bundles were made for oscal-1.0.3-py3-none-any.whl:

Publisher: publish.yml on brian-ruf/oscal-class

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page