[Verse 1] SOC 2 Trust Services map to catalogs clean Controls for security, availability's sheen Privacy and processing integrity too Confidentiality rounds out the crew HIPAA safeguards patient data tight Administrative, physical, technical sight [Chorus] OSCAL weaves through every framework's maze SOC to HIPAA, PCI's ways ISO twenty-seven oh-oh-one StateRAMP and DoD until we're done Machine-readable assessments flow Cross-framework harmony, watch it grow [Verse 2] Payment Card Industry demands their due Twelve requirements structured through and through Network security and access control Vulnerability management takes its toll Regular monitoring, testing the scene Information security policies pristine [Chorus] OSCAL weaves through every framework's maze SOC to HIPAA, PCI's ways ISO twenty-seven oh-oh-one StateRAMP and DoD until we're done Machine-readable assessments flow Cross-framework harmony, watch it grow [Bridge] Gramm-Leach-Bliley guards financial doors Sarbanes-Oxley compliance never ignores International standards crossing seas OSCAL catalogs bring harmonies StateRAMP for states, DoD CC for defense Common Control inheritance makes sense [Verse 3] ISO framework spreads across the globe Risk management wrapped in OSCAL's robe Annex A controls in structured form Information security weathering each storm Financial sector adoption takes the stage OSCAL translation turns the compliance page [Chorus] OSCAL weaves through every framework's maze SOC to HIPAA, PCI's ways ISO twenty-seven oh-oh-one StateRAMP and DoD until we're done Machine-readable assessments flow Cross-framework harmony, watch it grow [Outro] Every standard finds its OSCAL home Structured data wherever you may roam Frameworks unified in common tongue The compliance revolution has begun
← 2 OSCAL and CMMC | 4 The Shared Responsibility Model in OSCAL →