[Verse 1] There's a bridge between the old and new way STIG meets OSCAL in the light of day ComplianceAsCode is the name we know Used to be called SSG, watch it grow Open source repository, community wide Red Hat and agencies working side by side Security content for every platform Converting compliance to a common form [Chorus] One source, many outputs, that's the key SCAP and OSCAL living in harmony ComplianceAsCode builds the bridge we need From legacy STIGs to modern feed Generate, translate, automate the way One source, many outputs, every day [Verse 2] From a single source it generates them all SCAP data streams that answer the call XCCDF and OVAL for the scanning phase Ansible playbooks for automated ways Bash scripts running remediation fast Puppet and Chef InSpec built to last IBM Trestle helps create the flow OSCAL components ready to go [Chorus] One source, many outputs, that's the key SCAP and OSCAL living in harmony ComplianceAsCode builds the bridge we need From legacy STIGs to modern feed Generate, translate, automate the way One source, many outputs, every day [Bridge] Dozens of platforms, all covered here Making compliance crystal clear The practical tool that makes it real Converting content with mass appeal Community driven, standards aligned Bridging the gap between old and refined [Chorus] One source, many outputs, that's the key SCAP and OSCAL living in harmony ComplianceAsCode builds the bridge we need From legacy STIGs to modern feed Generate, translate, automate the way One source, many outputs, every day [Outro] ComplianceAsCode, the bridge is built STIG to OSCAL, no more guilt One repository, formats for all Answering security's modern call
← 2 How STIG Evidence Flows Into OSCAL | 4 Practical Integration Patterns →