VIEWER DOCS

Controls

The controls API exposes the three federal control catalogs that drive compliance work in stigviewer: NIST SP 800-53, NIST SP 800-171, and the legacy DoD 8500.2. Every endpoint is public — no SAMS token is required — and supports the same filter pattern so a single client can target all three.

NIST 800-53

List NIST 800-53 controls

GET /api/v1/controls/nist-800-53
  • Name
    search
    Type
    string
    Description

    Filter by identifier, title, or statement.

  • Name
    family
    Type
    string
    Description

    Filter by control family (e.g. Access Control).

  • Name
    baseline
    Type
    string
    Description

    Filter by FIPS 199 baseline: low, moderate, high, or privacy.

Response

{
  "framework": "nist-800-53",
  "version": "Rev 5.1.1",
  "total": 1087,
  "controls": [
    {
      "id": "ac-2-uuid",
      "identifier": "AC-2",
      "title": "Account Management",
      "family": "Access Control",
      "baselines": ["low", "moderate", "high"],
      "statement": "The organization manages information system accounts...",
      "guidance": "..."
    }
  ]
}

Get a NIST 800-53 control

GET /api/v1/controls/nist-800-53/{controlId}

Returns the full control record. Returns 404 if the identifier is not found.

NIST 800-171

List NIST 800-171 requirements

GET /api/v1/controls/nist-800-171
  • Name
    search
    Type
    string
    Description

    Filter by identifier, title, or statement.

  • Name
    family
    Type
    string
    Description

    Filter by family.

  • Name
    type
    Type
    string
    Description

    Filter by requirement type: basic or derived.

Response

{
  "framework": "nist-800-171",
  "version": "Rev 2",
  "total": 110,
  "controls": [
    {
      "id": "3-1-1-uuid",
      "identifier": "3.1.1",
      "family": "Access Control",
      "requirementType": "basic",
      "statement": "Limit information system access to authorized users...",
      "guidance": "..."
    }
  ]
}

Get a NIST 800-171 requirement

GET /api/v1/controls/nist-800-171/{controlId}

Returns 404 if the identifier is not found.

DoD 8500

List DoD 8500 controls

GET /api/v1/controls/dod-8500
  • Name
    search
    Type
    string
    Description

    Filter by identifier, title, or description.

  • Name
    family
    Type
    string
    Description

    Filter by subject area.

  • Name
    mac
    Type
    string
    Description

    Filter by MAC level (e.g. MAC 1).

  • Name
    impact
    Type
    string
    Description

    Filter by impact code: Low, Medium, or High.

Response

{
  "framework": "dod-8500",
  "version": "8500.2",
  "total": 157,
  "controls": [
    {
      "id": "sc-7-uuid",
      "identifier": "ECSC-1",
      "title": "Security Configuration Compliance",
      "subjectArea": "Enclave Computing Environment",
      "macLevels": ["MAC 1", "MAC 2"],
      "impactCode": "High",
      "statement": "...",
      "guidance": "...",
      "threat": "...",
      "resources": "..."
    }
  ]
}

Get a DoD 8500 control

GET /api/v1/controls/dod-8500/{controlId}

Returns 404 if the identifier is not found.

Controls playground

Controls API playground

List NIST 800-53 controls filtered by family and baseline.

Live playground

Request

curl "https://www.stigviewer.com/api/v1/controls/nist-800-53"
GET
Response

Send a request to see the live response here.