[Verse 1] Catalog holds the controls, the source of every rule Profile picks and chooses, builds a custom tool SSP takes that profile, plans how systems play Each one imports the last, in a structured way [Chorus] Six links in the chain, tracing back each claim Catalog to Profile to SSP's domain Assessment Plans connect, Results redirect POA and M completes the chain we can't neglect Machine-verified truth, no manual sleuth OSCAL's golden thread shows evidence and proof [Verse 2] Assessment Plan imports the SSP's design Assessment Results capture what assessors find Component Definition feeds the SSP's needs Plan of Action tackles what remediation feeds [Chorus] Six links in the chain, tracing back each claim Catalog to Profile to SSP's domain Assessment Plans connect, Results redirect POA and M completes the chain we can't neglect Machine-verified truth, no manual sleuth OSCAL's golden thread shows evidence and proof [Bridge] Every finding traces upstream to its birth From failed control back to catalog's worth Native mechanisms, no manual detection Automated lineage gives perfect inspection [Verse 3] Import mechanisms weave the fabric tight Each artifact depends on what came before in sight Machine-readable connections never break or fray Compliance storytelling in a structured way [Chorus] Six links in the chain, tracing back each claim Catalog to Profile to SSP's domain Assessment Plans connect, Results redirect POA and M completes the chain we can't neglect Machine-verified truth, no manual sleuth OSCAL's golden thread shows evidence and proof [Outro] From catalog to closure, every step belongs Traceability symphony, six artifacts strong
← 5 Common OSCAL Structure (All Models) | 1 Supported Formats →