Compliance Data API
DISA STIG rules mapped to NIST 800-53 controls, and all 110 NIST 800-171 controls with their DoD SPRS weights. JSON, open CORS, an OpenAPI 3.1 spec, and no key required.
What this is
Two read-only compliance datasets as a versioned public API. It's the same kind of data plumbing we do on contract, shown on a live artifact you can call from your browser. All source material is public U.S. Government work; the cross-reference and compilation are ours, provided as-is (verify against authoritative DISA and NIST sources for accreditation use).
curl -s https://brandshyp.org/api/v1/stig-nist/control/AC-2
STIG → NIST 800-53 mapping
DISA STIG rules mapped through DoD CCIs to NIST 800-53 controls. The lookup answers the question people actually have: which STIG rules satisfy this control?
Enter a NIST 800-53 control and get every CCI and STIG rule mapped to it.
Discovery: coverage, provenance, license, and links.
307 NIST 800-53 controls, each with the number of STIG rules mapped to it.
The DISA STIG benchmarks covered (product, version, rule count).
The full STIG to CCI to 800-53 cube (large).
NIST SP 800-171 rev2 + DoD weights
All 110 controls with the DoD Assessment Methodology weight (5 / 3 / 1) used to compute a SPRS score from a start of 110. Reference data, not an assessment.
Discovery and the weighting method.
All 110 controls, grouped by family, with DoD weights and partial flags.
Part of a small API platform
This sits alongside our San Antonio crime data API
under one versioned namespace. See the developer portal
for everything, or the machine index at https://brandshyp.org/api/v1.
Need these controls mapped against your own systems?
Tell us what you are working with and we will show you how we would handle it. No spam.