[Verse 1] Clone the repo, let's dive inside OSCAL content where frameworks hide Navigate to NIST eight hundred fifty-three Revision five in JSON, let's see Open the catalog, find your way To AC seventeen dash two today Control structure laid out so clear Statements, parameters, guidance here [Chorus] Clone, Open, Find, Tailor, Implement Five steps to OSCAL's document From catalog to profile to plan Understanding OSCAL's master hand Structure flows from top to bottom Framework layers, learn and spot them [Verse 2] Remote access with cryptographic protection That's what AC seventeen two's direction Statements tell you what to do Parameters let you configure too Guidance gives the how and why Implementation details to rely [Chorus] Clone, Open, Find, Tailor, Implement Five steps to OSCAL's document From catalog to profile to plan Understanding OSCAL's master hand Structure flows from top to bottom Framework layers, learn and spot them [Verse 3] FedRAMP High profile next in line Find where imports are defined Look for AC seventeen two inside See how tailoring is applied Modifications and additions clear Baseline adjustments appear [Bridge] Three layers working hand in hand Catalog gives the master plan Profile tailors what you need SSP shows how you succeed [Verse 4] SSP template, final piece Implementation descriptions release AC seventeen two lives here too Shows exactly what to do Response text fills in the blank System-specific, frank and frank [Chorus] Clone, Open, Find, Tailor, Implement Five steps to OSCAL's document From catalog to profile to plan Understanding OSCAL's master hand Structure flows from top to bottom Framework layers, learn and spot them [Outro] From NIST controls to system plans OSCAL connects with steady hands Three documents, one flowing stream Living the compliance dream
← Lab 2: Running a SCAP Scan | Lab 4: Tracing a STIG Rule to an OSCAL Control →