[Verse 1] In the private sector world, defense STIGs don't reign CIS Benchmarks take the lead when security's the game Defense contractors know the drill, but most companies choose Industry standard frameworks that better fit their use [Chorus] CIS leads the way, when STIGs fade away OSCAL grows each day, multi-framework play Assess once report many, saves time and money Private sector's calling, compliance is sprawling [Verse 2] SOC 2 for your service trust, HIPAA for your health PCI DSS guards the cards, regulatory wealth Juggling all these frameworks used to be a pain Until OSCAL came along to break the compliance chain [Chorus] CIS leads the way, when STIGs fade away OSCAL grows each day, multi-framework play Assess once report many, saves time and money Private sector's calling, compliance is sprawling [Bridge] One assessment feeds them all Common format breaks the wall JSON structures hold the key Cross-framework harmony [Verse 3] Enterprise organizations with complex compliance needs See OSCAL as the answer when efficiency succeeds Map your controls once and then deploy across the board Multi-framework paradise, efficiency restored [Chorus] CIS leads the way, when STIGs fade away OSCAL grows each day, multi-framework play Assess once report many, saves time and money Private sector's calling, compliance is sprawling [Outro] From defense to private ground OSCAL's benefits are found Assess once report many The future's here for any
← 3 Civilian Federal / FISMA Context | 5 Canadian Defence / CPCSC Context →