[Verse 1] Start by cloning the repo down ComplianceAsCode is what we've found Git pull the latest source today Security frameworks on display Build your product with one command Build underscore product in your hand RHEL nine target, watch it compile SCAP content in XML style [Chorus] Clone, build, examine, generate, validate Five steps to bridge the compliance gate STIG to OSCAL, we're building the way ComplianceAsCode lights up the day Clone, build, examine, generate, validate Security standards we translate [Verse 2] Examine the data stream we made SCAP XML structure displayed Rules and checks all organized Security controls itemized Now we'll bridge the format gap OSCAL component definition map Builder script will do the work Converting STIG with expert quirk [Chorus] Clone, build, examine, generate, validate Five steps to bridge the compliance gate STIG to OSCAL, we're building the way ComplianceAsCode lights up the day Clone, build, examine, generate, validate Security standards we translate [Bridge] From legacy STIG to modern OSCAL flow Component definitions help us grow Automated tools make the transformation Cross-platform security information [Verse 3] Run the builder script with care OSCAL component definition there Generated from the STIG profile Machine-readable, versatile Final step is validation time Schema check to make it shine Ensure the format meets the spec Quality control, we inspect [Chorus] Clone, build, examine, generate, validate Five steps to bridge the compliance gate STIG to OSCAL, we're building the way ComplianceAsCode lights up the day Clone, build, examine, generate, validate Security standards we translate [Outro] From source code to SCAP to OSCAL gold Compliance stories now retold The bridge is built, the gap is crossed No security context ever lost
← Lab 4: Tracing a STIG Rule to an OSCAL Control | Lab 6: SCAP Results → OSCAL Assessment Evidence →