[Verse 1] In the world of compliance there's a bridge we need Between the STIG rules and controls that we read DISA built a system to connect the dots Control Correlation Identifiers tie up loose knots Each CCI maps to one control statement clean While STIG rules reference what the numbers mean Multiple products can share the same code When they implement controls on the same road [Chorus] CCI is the Rosetta Stone Translation key we've always known From STIG to NIST it shows the way One identifier lights the pathway CCI one four five three tells the tale How encryption keeps our systems safe and well The bridge between compliance worlds so wide CCI is our trusty guide [Verse 2] Take RHEL zero eight zero one zero four zero zero DOD approved encryption is the hero Maps to CCI one thousand four five three Which points to AC seventeen part two you see Protection of confidentiality and integrity Using encryption for our network security The chain connects from rule to control clean OSCAL SSP shows what it all means [Chorus] CCI is the Rosetta Stone Translation key we've always known From STIG to NIST it shows the way One identifier lights the pathway CCI one four five three tells the tale How encryption keeps our systems safe and well The bridge between compliance worlds so wide CCI is our trusty guide [Bridge] Component RHEL eight server in the frame Implementation status plays the game Evidence provided through the STIG requirement FIPS validated crypto shows compliance achievement One CCI to many STIG rules can relate When products implement controls at the same rate The identifier shows which statement applies No more guessing no more compliance lies [Chorus] CCI is the Rosetta Stone Translation key we've always known From STIG to NIST it shows the way One identifier lights the pathway CCI one four five three tells the tale How encryption keeps our systems safe and well The bridge between compliance worlds so wide CCI is our trusty guide [Outro] When STIG meets OSCAL and the mapping's unclear Just find the CCI and the path will appear DISA's gift to compliance teams everywhere The Rosetta Stone that shows us how to care
← 4 Practical Integration Patterns | 1 STIG/SCAP Format Stack →