[Verse 1] First we import the profile, baseline in our grip Security controls cascade down like dominoes flip Define your boundary clearly, where the fortress walls extend Architecture mapped precisely from beginning to the end [Chorus] System Security Plan - Profile, Boundary, Inventory scan Implementation status - granular and vast Control origination - shared or inherited fast OSCAL links the pieces, cross-references dance Per-statement, per-component - nothing left to chance [Verse 2] Information types catalogued, sensitivity scores assigned Components and connections, data flows intertwined Every server, every switch needs documentation tight Inventory completeness brings the architecture to sight [Chorus] System Security Plan - Profile, Boundary, Inventory scan Implementation status - granular and vast Control origination - shared or inherited fast OSCAL links the pieces, cross-references dance Per-statement, per-component - nothing left to chance [Verse 3] Control implementation breaks down statement by statement Each component owns its piece, responsibility placement Status tags tell the story - implemented, partial, planned Alternative or not applicable, everything is scanned [Bridge] Component definitions pre-populate the frame Leveraging existing work, efficiency's the game Cross-instance references weave documents together OSCAL's linking architecture makes compliance weather [Chorus] System Security Plan - Profile, Boundary, Inventory scan Implementation status - granular and vast Control origination - shared or inherited fast OSCAL links the pieces, cross-references dance Per-statement, per-component - nothing left to chance [Outro] Responsible roles assigned to every control Service provider, customer, shared - defining the whole Inherited from elsewhere, documented with care System Security Planning, structured everywhere
← 3 Creating Component Definitions | 5 Assessment Planning and Results →