Skip to content

sbomify/OSCAL

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
catalogs/cyber-essentials/danzell-v16
catalogs/cyber-essentials/danzell-v16
 
 
tools
tools
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

OSCAL Catalogs

Machine-readable OSCAL (Open Security Controls Assessment Language) representations of security and compliance frameworks.

Catalogs

UK Cyber Essentials

The Cyber Essentials scheme is the UK government's minimum standard for cyber security, managed by IASME on behalf of the NCSC. It covers five technical controls:

  1. Firewalls (A4)
  2. Secure Configuration (A5)
  3. Security Update Management (A6)
  4. User Access Control (A7)
  5. Malware Protection (A8)

Plus organisational sections for Organisation (A1), Scope (A2), and Insurance (A3).

Version Codename Effective OSCAL Catalog Source
16 Danzell April 2026 catalogs/cyber-essentials/danzell-v16/catalog.json Danzell-Willow Comparison

Danzell v16 Highlights

OSCAL Structure

Each catalog follows the OSCAL 1.1.2 Catalog Model:

catalog
├── metadata          # Title, version, parties (IASME, NCSC), roles
├── groups[]          # Sections (A1-A8)
│   ├── parts[]       # Section overview prose
│   ├── controls[]    # Individual questions/requirements
│   │   ├── props[]   # label, sort-id, response-type, auto-fail
│   │   └── parts[]   # statement, guidance (with nested CE requirements)
│   └── groups[]      # Sub-sections (e.g. Admin Accounts, Password Auth)
└── back-matter       # References to NCSC/IASME source documents

Custom Namespace

CE-specific properties use the namespace https://iasme.co.uk/ns/cyber-essentials:

Property Description
response-type Expected answer format (Yes/No, Notes, Multiple choice, etc.)
auto-fail true if a non-compliant answer results in automatic assessment failure

Control Classes

Class Sections Description
organisational A1, A2, A3 Organisation details, scope, and insurance
technical-control A4, A5, A6, A7, A8 The five Cyber Essentials technical controls

Regenerating

The catalog is generated from the source spreadsheet using the tools/generate_oscal.py script:

uv run --with 'oscal-pydantic-v2,openpyxl' python3 tools/generate_oscal.py

References

License

Apache 2.0 — see LICENSE.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages