[Verse 1] Start with RHEL-08-010400, the rule we're gonna trace FIPS cryptography protection, keeping systems safe Every STIG rule has a number that connects the flow To a CCI identifier, that's how compliance goes [Chorus] From STIG to CCI to NIST control Map the path and play your role AC-17-2 in the catalog OSCAL components, build the bridge across Trace the rule from start to end Documentation is your friend [Verse 2] CCI-001453 is the bridge we need to find Links our STIG rule to the framework that's defined NIST 800-53 has the control we seek AC-17 parentheses 2, remote access technique [Chorus] From STIG to CCI to NIST control Map the path and play your role AC-17-2 in the catalog OSCAL components, build the bridge across Trace the rule from start to end Documentation is your friend [Bridge] Open up the 800-53 Rev 5 catalog file Find AC-17-2 in the JSON style FedRAMP profile shows us what's required Component definitions get us wired [Verse 3] Write the snippet that explains the how RHEL 8 configured, following STIG now Satisfies the control through proper implementation OSCAL format for the whole organization [Final Chorus] From STIG to CCI to NIST control Map the path and play your role AC-17-2 documented clear OSCAL tracing, year by year Trace the rule from start to end Compliance flows when standards blend [Outro] RHEL-08-010400 to AC-17-2 That's the tracing path for me and you
← Lab 3: Anatomy of OSCAL | Lab 5: Building the Bridge with ComplianceAsCode →