[Verse 1]
In the federal space where security reigns
NIST RMF sets the governing chains
Eight hundred thirty seven shows the way
How to manage risk every single day
OSCAL models all the documentation
Structured data for the entire nation
[Chorus]
RMF governs, OSCAL models the flow
STIGs and benchmarks tell us what to know
Agencies demanding structured artifacts
FISMA compliance, these are all the facts
Document it right, automate the game
Federal security will never be the same
[Verse 2]
STIGs from DISA bring the hardening guide
Technical baselines that we can't hide
CIS Benchmarks offer another path
Both give us standards to avoid security's wrath
Choose your baseline, make it crystal clear
Technical controls that agencies hold dear
[Chorus]
RMF governs, OSCAL models the flow
STIGs and benchmarks tell us what to know
Agencies demanding structured artifacts
FISMA compliance, these are all the facts
Document it right, automate the game
Federal security will never be the same
[Bridge]
Gone are the days of Word docs and PDFs
Machine readable formats reduce the stress
JSON and YAML in OSCAL's embrace
Automation flowing at government pace
Components and catalogs, profiles defined
Structured security for peace of mind
[Verse 3]
Federal agencies now expect the change
OSCAL artifacts across the range
Assessment plans and system security plans
Implementation guides in structured hands
The future is here, no turning back
OSCAL compliance keeps you on track
[Final Chorus]
RMF governs, OSCAL models the flow
STIGs and benchmarks tell us what to know
Agencies requiring structured artifacts
FISMA compliance, now those are the facts
Document it right, automate the game
Federal security has changed the game
[Outro]
NIST and DISA working hand in hand
OSCAL transformation across the land