OSCAL Pocket Guide

OSCAL Pocket Guide is a comprehensive offline toolkit for cybersecurity professionals who need fast, structured access to NIST security and privacy frameworks—without the PDFs, spreadsheets, or fragmented portals.

Built for compliance officers, security engineers, system owners, assessors, and auditors, this app brings the complete NIST ecosystem into a single mobile-friendly experience—with real workflow support, not just passive reading.

Frameworks Included:

• SP 800-53 Rev 5 — Browse 1,000+ controls and enhancements by family, baseline (LOW, MODERATE, HIGH, PRIVACY), and control ID
• NIST CSF 2.0 — All 6 functions (Govern, Identify, Protect, Detect, Respond, Recover) with subcategories and 800-53 mappings
• SP 800-171 Rev 3 — CUI protection requirements with families, assessment objectives, and implementation guidance
• SSDF SP 800-218 — Secure Software Development Framework with practice groups, tasks, and reference materials
• SP 800-60 — 171 information types with sensitivity categorization to support system categorization workflows
• AI RMF Playbook — Full 4-function AI Risk Management Framework with subcategory guidance, actors, and references

Key Features:

• Complete offline access—no internet required
• Search and filter across any framework
• Parameter substitution for readable, org-specific control prose
• Favorites and personal notes on any control
• Recent items tracking across frameworks
• Customizable module visibility
• OSCAL-native data structure throughout

Assessment & Workflow Tools:

• 800-53A Assessment System — 1,193 controls with structured assessment objectives (Examine, Interview, Test), potential evidence suggestions, met/not-met tracking, and LLM-enhanced guidance derived from SP 800-53A Rev 5.1.1
• SP 800-171 Assessment Objectives — CUI requirement assessment procedures with implementation guidance, mapped to Rev 3 controls
• SSP Generator — Create and manage information systems, track control implementation status, set org-defined parameter values, and export OSCAL-aligned System Security Plans via a guided 10-step wizard or classic dashboard
• System Categorization Workflow — Use SP 800-60 information type sensitivity data to support FIPS 199 categorization decisions directly in the app
• Cross-Framework Mappings — CSF 2.0 subcategories mapped to SP 800-53 controls; view related controls across frameworks from a single screen
• Parameter Substitution — Replace organization-defined values throughout control prose for readable, implementation-ready statements

Pro Features:

Upgrade for access to:

• Advanced filtering dashboard
• Custom baseline creation
• SSP Generator and OSCAL export
• Self-Assessment Module with objective tracking and evidence notes
• Database encryption for secure local storage
• All future premium capabilities

Pro is available as a one-time purchase. Existing Pro users retain lifetime access to their current feature set.

Whether you're running a controls assessment, writing an SSP, categorizing a system, or mapping to the CSF—OSCAL Pocket Guide gives you the structured tools to work faster and smarter, right from your iPhone or iPad.

Formerly NIST Pocket Guide.