[Verse 1] Ten findings marked as "Not Reviewed" wait From Lab Two's automated sweep we made Now human eyes must scrutinize each case Where scanners cannot venture or deduce Check Content guides our manual detective work Registry keys and config files lurk [Chorus] Manual STIG assessment, sleuth by sleuth Document the evidence, capture the proof Status and details for assessors' eyes No automation where the human mind applies Ten by ten, we verify each claim Manual STIG assessment, detective's game [Verse 2] Registry editor reveals the hidden state Does HKEY match what policies dictate? Screenshot the values, timestamp every find Leave breadcrumbs for the auditor's mind File permissions tell their silent story Document permissions in all their glory [Chorus] Manual STIG assessment, sleuth by sleuth Document the evidence, capture the proof Status and details for assessors' eyes No automation where the human mind applies Ten by ten, we verify each claim Manual STIG assessment, detective's game [Bridge] Open findings become closed or not a finding Evidence determines the final binding Checklist entries must tell the tale complete Make your documentation concrete [Verse 3] Service configurations whisper their secrets Group Policy objects hold their edicts Command line outputs speak their measured truth Each finding needs its documented proof Satisfactory details pass the test Assessors judge if you've done your best [Chorus] Manual STIG assessment, sleuth by sleuth Document the evidence, capture the proof Status and details for assessors' eyes No automation where the human mind applies Ten by ten, we verify each claim Manual STIG assessment, detective's game [Outro] Ten findings down, the manual work complete Evidence gathered makes the audit sweet
← 2 Lab 2 — Automated SCAP Scanning | 4 Lab 4 — STIG Remediation →