[Verse 1] In twenty twenty-two the clouds began to shift AWS submitted something quite a gift First OSCAL formatted SSP arrived At FedRAMP PMO, automation came alive Baselines now published as profiles we can read Machine-readable standards, that's exactly what we need [Chorus] FedRAMP twenty-x is pushing toward the goal Automated continuous authorization on a roll SSP SAP SAR and POA&M too OSCAL templates waiting there for you High baselines need STIG beneath the surface still Infrastructure compliance, that's the underlying drill [Verse 2] Remember the four letters that matter most today System Security Plan leads the compliance way Security Assessment Plan comes next in line Security Assessment Report shows if you're doing fine Plan of Action and Milestones rounds out the set OSCAL format makes them easier to get [Chorus] FedRAMP twenty-x is pushing toward the goal Automated continuous authorization on a roll SSP SAP SAR and POA&M too OSCAL templates waiting there for you High baselines need STIG beneath the surface still Infrastructure compliance, that's the underlying drill [Bridge] Profiles define the baseline requirements clear Templates structure documents we hold dear Continuous monitoring through automation's lens Machine-readable compliance that never ends [Verse 3] When you're building systems for the federal space OSCAL and STIG work together face to face Profiles at the top and hardening below That's the modern way that compliance has to go [Chorus] FedRAMP twenty-x is pushing toward the goal Automated continuous authorization on a roll SSP SAP SAR and POA&M too OSCAL templates waiting there for you High baselines need STIG beneath the surface still Infrastructure compliance, that's the underlying drill [Outro] From AWS to everyone who follows suit OSCAL-based compliance is the modern route
← 1 DoD / CMMC Context | 3 Civilian Federal / FISMA Context →