[Verse 1] Head to DoD Cyber Exchange today Download RHEL or Windows Server way XCCDF benchmark XML in hand Open your text editor, take a stand Thousands of lines scroll down the screen Security rules in code machine [Chorus] STIG anatomy, let's break it down Rule ID, STIG ID spinning around Severity level, CCI reference too Check text and fix text, that's what we do X-C-C-D-F tells the story Security rules in all their glory [Verse 2] Find a single rule within the maze Rule ID numbers guide your gaze STIG ID follows close behind Severity shows what threats you'll find High or medium, low or none Each rule's importance weighs a ton [Chorus] STIG anatomy, let's break it down Rule ID, STIG ID spinning around Severity level, CCI reference too Check text and fix text, that's what we do X-C-C-D-F tells the story Security rules in all their glory [Bridge] CCI reference points the way To NIST eight hundred fifty-three Control Correlation Identifier Links compliance to the key Access Control, System Info Audit trails that help us know [Verse 3] Check text tells you what to find Fix text shows how to align Trace that CCI through NIST's list No control should be missed STIG Viewer makes it clean Best graphical tool I've seen [Chorus] STIG anatomy, let's break it down Rule ID, STIG ID spinning around Severity level, CCI reference too Check text and fix text, that's what we do X-C-C-D-F tells the story Security rules in all their glory [Outro] XML versus viewer display Both roads lead to compliance way STIG anatomy now you know Security standards help systems grow
← 3 Tools That Bridge Both Worlds | Lab 2: Running a SCAP Scan →