[Verse 1]
North of the border, cyber rules are changing fast
CPCSC emerging from the lessons of the past
Drawing from CMMC concepts, building something new
Canadian defense contractors need compliance that rings true
[Chorus]
Map it once, comply twice, OSCAL makes it right
Single dataset, dual frameworks, shining bright
CPCSC and CMMC, STIG compliance too
Framework agnostic magic, one source pulls you through
[Verse 2]
When Canadian contractors touch US DoD space
STIG compliance matters for that interop embrace
Systems talking to each other across the friendly line
Need security controls that properly align
[Chorus]
Map it once, comply twice, OSCAL makes it right
Single dataset, dual frameworks, shining bright
CPCSC and CMMC, STIG compliance too
Framework agnostic magic, one source pulls you through
[Bridge]
Dual compliance scenarios, that's where OSCAL shines
Multi-framework mapping across national lines
One control catalog expressing both requirements
No duplicate effort, no compliance clearance
[Verse 3]
Assessment results flowing to both nations' needs
Component definitions planting compliance seeds
System security plans that speak multiple tongues
OSCAL automation keeps the process young
[Chorus]
Map it once, comply twice, OSCAL makes it right
Single dataset, dual frameworks, shining bright
CPCSC and CMMC, STIG compliance too
Framework agnostic magic, one source pulls you through
[Outro]
Canadian defense in the digital age
OSCAL writes the compliance page
Cross-border security, unified and strong
That's how we sing the OSCAL song