I am currently looking for a way to map controls automatically and also to be able to define variants of existing controls myself so that we can also map our own framework with NIST SP 800.53 and CIS v8. After researching, I came across NIST OSCAL, but I'm not sure if it's worth taking the time to familiarize myself with it. I am looking for a way to automate compliance. There are probably other tools like Cloud Custodian. My questions are: What would be the best current solution to automate compliance in public clouds? Is OSCAL suitable for this project? What tools are already available that rely on OSCAL?
I tried to follow tutorials with Neo4J that created a Graph-DB based on NIST SP 800.53 Rev5. Unfortunately, I need better knowledge of OSCAL first and wonder if this technology is suitable. I would not spend the time to learn until this question is clear