STIGs

Access Security Technical Implementation Guides (STIGs) programmatically.

List STIGs

List all available STIGs with metadata. This endpoint is public and requires no authentication.

GET /api/v1/stigs

Parameters

Name
search
Type
string
Description
Filter by title or slug (case-insensitive).
Name
page
Type
integer
Description
Page number (default: 1).
Name
limit
Type
integer
Description
Items per page (default: 100, max: 150).

Response

{
  "stigs": [
    {
      "slug": "active_directory_domain",
      "title": "Active Directory Domain STIG",
      "version": "3",
      "releaseDate": "2024-09-13",
      "findingCount": 75
    }
  ],
  "pagination": {
    "page": 1,
    "limit": 100,
    "total": 371,
    "totalPages": 4
  }
}

Download STIG

Download a complete STIG in JSON, CSV, or XML format. This endpoint requires a valid SAMS token.

GET /api/v1/stigs/{slug}/download

Parameters

Name
slug
Type
string
Description
The unique identifier for the STIG (e.g., windows-server-2022).
Name
format
Type
string
Description
Export format: json (default), csv, or xml.

Response

{
  "id": 123,
  "benchmarkId": "Windows_Server_2022",
  "slug": "windows-server-2022",
  "title": "Windows Server 2022 Security Technical Implementation Guide",
  "version": "1",
  "groups": [
    {
      "id": 456,
      "groupId": "V-254123",
      "ruleId": "SV-254123r123456_rule",
      "ruleSeverity": "high",
      "ruleTitle": "Windows Server 2022 must...",
      "ruleVulnDiscussion": "...",
      "ruleFixText": "...",
      "ruleCheckContent": "..."
    }
  ],
  "profiles": [...]
}

STIGs API playground

Experiment with listing and downloading STIGs using the API.

Live playground

Request

curl "https://www.stigviewer.com/api/v1/stigs?page=1&limit=10"

Method

GET

Endpoint

Access token (Authorization: Bearer)

Page

LimitMax: 150

Response

Send a request to see the live response here.