VIEWER DOCS

STIGs

Access Security Technical Implementation Guides (STIGs) programmatically.

List STIGs

List all available STIGs with metadata. This endpoint requires a valid SAMS token.

GET /api/v1/stigs

Parameters

  • Name
    search
    Type
    string
    Description

    Filter by title or slug (case-insensitive).

  • Name
    page
    Type
    integer
    Description

    Page number (default: 1).

  • Name
    limit
    Type
    integer
    Description

    Items per page (default: 100, max: 150).

Response

Response

{
  "stigs": [
    {
      "slug": "active_directory_domain",
      "title": "Active Directory Domain STIG",
      "version": "3",
      "releaseDate": "2024-09-13",
      "findingCount": 75
    }
  ],
  "pagination": {
    "page": 1,
    "limit": 100,
    "total": 371,
    "totalPages": 4
  }
}

Download STIG

Download a complete STIG in JSON, CSV, or XML format. This endpoint requires a valid SAMS token.

GET /api/v1/stigs/{slug}/download

Parameters

  • Name
    slug
    Type
    string
    Description

    The unique identifier for the STIG (e.g., windows-server-2022).

  • Name
    format
    Type
    string
    Description

    Export format: json (default), csv, or xml.

Response

{
  "id": 123,
  "benchmarkId": "Windows_Server_2022",
  "slug": "windows-server-2022",
  "title": "Windows Server 2022 Security Technical Implementation Guide",
  "version": "1",
  "groups": [
    {
      "id": 456,
      "groupId": "V-254123",
      "ruleId": "SV-254123r123456_rule",
      "ruleSeverity": "high",
      "ruleTitle": "Windows Server 2022 must...",
      "ruleVulnDiscussion": "...",
      "ruleFixText": "...",
      "ruleCheckContent": "..."
    }
  ],
  "profiles": [...]
}

Batch fetch STIGs

Fetch up to 50 STIGs (including their findings) in a single request. Requires a valid SAMS token.

POST /api/v1/stigs/batch

Request body

  • Name
    slugs
    Type
    array
    Description

    Array of STIG slugs (max: 50).

Response

Response

{
  "stigs": [
    {
      "slug": "rhel-08",
      "benchmarkId": "rhel-08-benchmarkId",
      "title": "RHEL 8 STIG",
      "description": "...",
      "version": "1.5.0",
      "status": "Accepted",
      "releaseDate": "2024-11-15",
      "findingCount": 342,
      "profiles": [
        { "profileId": "P-123", "title": "STIG Profile", "description": "..." }
      ],
      "findings": [
        {
          "groupId": "V-214010",
          "title": "Audit daemon must...",
          "severity": "high",
          "ruleId": "SV-214010r814063_rule",
          "ruleTitle": "The Audit daemon must...",
          "vulnDiscussion": "...",
          "fixText": "...",
          "checkContent": "..."
        }
      ]
    }
  ],
  "meta": {
    "requested": 2,
    "found": 1,
    "notFound": ["nonexistent-slug"]
  }
}

Returns 400 if slugs is missing, empty, or longer than 50.

STIG catalog stats

Return aggregate counts across the current-version STIG catalog. The response is cached for five minutes. Requires a valid SAMS token.

GET /api/v1/stigs/stats

Response

Response

{
  "catalog": {
    "totalBenchmarks": 456,
    "totalFindings": 87234,
    "totalProfiles": 1023
  },
  "severity": {
    "high": 12543,
    "medium": 45678,
    "low": 29013
  },
  "latestRelease": {
    "slug": "rhel-09",
    "title": "RHEL 9 STIG",
    "releaseDate": "2024-11-20"
  }
}

STIGs API playground

STIGs API playground

Experiment with listing and downloading STIGs using the API.

Live playground

Request

curl "https://www.stigviewer.com/api/v1/stigs?page=1&limit=10"
GET
Max: 150
Response

Send a request to see the live response here.