RegScale has donated the OSCAL Hub as free and open source software to the OSCAL Foundation.
RegScale has donated the OSCAL Hub as free and open source software to the OSCAL Foundation, transferring ownership and stewardship of the platform to the community to accelerate adoption across commercial and federal use cases. The move transforms the OSCAL Hub into a foundation-led, community-owned platform for automating security compliance at scale.
The OSCAL Hub is an open-source industry platform designed to accelerate Authority to Operate (ATO) approvals using the Open Security Controls Assessment Language (OSCAL) framework. It targets government regulators, federal agencies, cloud service providers, and private-sector organisations that rely on Risk Management Framework (RMF) processes.
The announcement was made at OSCAL Plugfest, a hands-on event bringing together OSCAL practitioners, regulators, industry participants, and the broader community to collaborate on real-world technical challenges and workstreams.
Federal agencies and contractors currently spend thousands of hours on manual compliance activities. As cyber threats to national security increase in speed and sophistication, automating cybersecurity risk management has become a priority across both public and private sectors.
The OSCAL Hub enables submission and review of RMF documents in machine-readable OSCAL format, supporting automated review and auditing and delivering up to 85% time savings in compliance and authorisation workflows. The platform is free, open source, and deployable on Google Cloud, Microsoft Azure, AWS, local environments, or as command-line tools within data pipelines, and runs as a modern web application.
“We built the OSCAL hub toward the vision of ‘hyper automation’ for risk and compliance management,” said Travis Howerton, OSCAL Foundation Founding Member and RegScale Co-Founder and CEO. “OSCAL is the leading machine-readable compliance as code language and the best way to get to real-time continuous monitoring, moving from manual, periodic audits to continuous, automated validation and compliance as code.”
“OSCAL has always been driven by its community and by collaboration,” said John Banghart, Coordinator of the OSCAL Foundation. “We are thrilled to expand on this mission by working to take ownership of the OSCAL Hub and offering the community what is needed to accelerate OSCAL’s adoption across the globe.”
