[Verse 1]
When security standards need to be clear
Four artifacts help us engineer
STIG Manual leads the way today
XCCDF benchmark shows us how to stay
Safe and sound with rules defined
Machine and human both aligned
[Chorus]
STIG formats, four to know
Manual, Benchmark, Checklist, SRG flow
XCCDF XML shows the way
OVAL checks what systems say
Status codes tell the story true
Open findings, not reviewed
[Verse 2]
STIG Benchmark takes it further still
XCCDF plus OVAL gives the skill
Data streams for automated checks
SCAP content that interconnects
Machine readable, precise and clean
Best security you've ever seen
[Chorus]
STIG formats, four to know
Manual, Benchmark, Checklist, SRG flow
XCCDF XML shows the way
OVAL checks what systems say
Status codes tell the story true
Open findings, not reviewed
[Bridge]
Checklist files in CKL we find
XML structure, well designed
Per system evidence we trace
Not a Finding, Not Applicable
Not Reviewed or Open case
Each rule status has its place
[Verse 3]
SRG stands above them all
Security Requirements Guide stands tall
Higher level, bridges the gap
DoD policy to product map
Documents that pave the way
For STIGs we use today
[Final Chorus]
STIG formats, four to know
Manual, Benchmark, Checklist, SRG flow
XCCDF XML shows the way
OVAL checks what systems say
Four artifacts working as one
Security compliance, job well done
[Outro]
From requirements down to code
STIG artifacts light the road
Manual, Benchmark, Checklist, Guide
Security standards, verified