Explore the critical aspects of policy enforcement and governance in cloud-native environments using OSCAL (Open Security Controls Assessment Language) in this 43-minute conference talk. Delve into 12 essential requirements for implementing effective policy-as-code practices in multi-cluster, multi-cloud settings. Discover how OSCAL, a NIST control assessment framework, provides standardized schemas for control catalogs, customization, and reporting. Learn about the architecture, practical implementation details, and operational strategies for managing control implementation, policy generation, and compliance reporting. Gain insights from a hands-on, live demo showcasing battle-tested use cases and techniques for achieving seamless traceability across technical configurations, organizational security standards, and external regulatory compliance requirements in highly dynamic Kubernetes and cloud-native applications.