[Verse 1] In the cloud where services dwell Controls cascade like water down a well Infrastructure holds the foundation tight While customers build upon that sight OSCAL maps this tangled web of care Through component definitions everywhere [Chorus] Service provider, customer, shared, inherited Four origination types to get it clear in your head S-C-S-I, remember the flow From bottom to top, that's how controls grow Component definitions bridge the gap between What CSPs manage and what customers glean [Verse 2] Your SSP declares who owns each piece Network security finds its release From underlying layers someone else maintains While application logic in your domain remains Mark each control with its proper source Let OSCAL track the responsibility course [Chorus] Service provider, customer, shared, inherited Four origination types to get it clear in your head S-C-S-I, remember the flow From bottom to top, that's how controls grow Component definitions bridge the gap between What CSPs manage and what customers glean [Bridge] Future versions promise more precision Customer responsibility matrices with clearer vision Enhanced documentation templates await To map the boundaries we navigate But today we work with what we've got Component defs connect each vital dot [Chorus] Service provider, customer, shared, inherited Four origination types to get it clear in your head S-C-S-I, remember the flow From bottom to top, that's how controls grow Component definitions bridge the gap between What CSPs manage and what customers glean [Outro] Inherited controls flow upstream Component definitions fulfill the scheme OSCAL's shared responsibility dream Makes cloud compliance more than it seems
← 3 OSCAL Across Other Frameworks | 1 NIST Tools and Resources →