NIST has developed the Open Security Controls Assessment Language, which is a multi-format framework that allows security professionals to automate security assessment, auditing, and continuous monitoring processes, making systems’ authorization-to
Source:: NIST