[Verse 1]
From pre-Milestone A conception through sustainment's final year
Every phase demands attention as new vulnerabilities appear
Components flowing through the pipeline carry secrets in disguise
Adversaries plant their malice where we least expect surprise
[Chorus]
Gates we pass, risks we find
Taxonomy guides the searching mind
Register every threat exposure
Categorize with full disclosure
Mitigation libraries unlock the keys
To shield our systems, guard dependencies
[Verse 2]
Build your risk register workshop-style, each entry gets its place
Hardware tampering, software corruption, each threat earns its space
Counterfeit components masquerading as legitimate supply
Insider access, vendor compromise, the dangers multiply
[Chorus]
Gates we pass, risks we find
Taxonomy guides the searching mind
Register every threat exposure
Categorize with full disclosure
Mitigation libraries unlock the keys
To shield our systems, guard dependencies
[Bridge]
Five identified vulnerabilities require mitigation plans
Selection and justification guided by experienced hands
Program Protection Plan documentation captures every measure
SCRM section comprehensive, our defensive treasure
[Verse 3]
Lifecycle exercise completion demonstrates mastery earned
Taxonomy-based categorization, lessons truly learned
From initial acquisition through operational years ahead
Supply chain risk management keeps our programs from the red
[Final Chorus]
Gates we pass, risks we find
Taxonomy guides the searching mind
Register every threat exposure
Categorize with full disclosure
Mitigation libraries unlock the keys
To shield our systems, guard dependencies
SCRM forever guarantees security