[Verse 1] Security Technical Implementation Guides define the way Rules and checks with severity grades to keep the threats at bay Fix text tells you how to solve, check text shows what's wrong CAT One, Two, and Three findings help you sing security's song [Chorus] STIG it up, lock it down, automate the compliance round CAT One critical must be fixed, CAT Two and Three can wait around Document every deviation, risk acceptance or control STIG hardening keeps us safe, security is our goal [Verse 2] Kubernetes STIG protects your pods and API server calls RBAC policies, network rules, and secrets behind the walls Operating systems need their guides, RHEL Eight and Nine Ubuntu runs with CIS Benchmarks, keeping systems fine [Chorus] STIG it up, lock it down, automate the compliance round CAT One critical must be fixed, CAT Two and Three can wait around Document every deviation, risk acceptance or control STIG hardening keeps us safe, security is our goal [Bridge] OSCAP scans your system state Ansible roles automate InSpec tests and Cinc Auditor Make compliance so much greater [Verse 3] Application STIGs secure your code and web server stack Database configs, SSL certs, preventing each attack When you cannot fix a finding, document the reason why Compensating controls might work, or accept the risk and try [Chorus] STIG it up, lock it down, automate the compliance round CAT One critical must be fixed, CAT Two and Three can wait around Document every deviation, risk acceptance or control STIG hardening keeps us safe, security is our goal [Outro] Category One means fix it now Category Two and Three allow Some flexibility in timing Keep your infrastructure climbing STIG compliance, stay secure Defense infrastructure stays pure
← 2 CPCSC (Canadian Program for Cyber Security Certification) | 4 FIPS 140-2/140-3 Cryptography →