API reference

A read-only JSON API over the full NIST 800-53 catalog and CSF 2.0 crosswalk. No authentication for public reads; supply a key for higher rate limits.

The API is not yet functional. Everything on this page is static sample documentation — no request is issued and no live endpoint exists. It previews the shape of a future public JSON API.
Base URL
https://api.nistcontrols.io/v1
Authentication
Authorization: Bearer <key>
Endpoints
GET/controlsList controls with optional filters & pagination
GET/controls/{id}Retrieve a single control by ID (e.g. AC-2)
GET/controls/{id}/crosswalkCSF 2.0 mappings for a control
GET/familiesList the 20 control families
GET/csf/functionsList CSF 2.0 functions & subcategories
Example request
curl https://api.nistcontrols.io/v1/controls \
  -H "Authorization: Bearer $KEY" \
  -G \
  -d family=AC \
  -d baseline=moderate \
  -d csf=PR
200 response
{
  "count": 3,
  "results": [
    {
      "id": "AC-2",
      "title": "Account Management",
      "family": "AC",
      "baselines": ["low","mod","high"],
      "csf": ["PR"]
    }
  ],
  "next": null
}
Query parameters
familystringTwo-letter family code, e.g. AC, AU, SC
baselinestringOne of: low, moderate, high
csfstringCSF function code: GV, ID, PR, DE, RS, RC
limitintegerPage size, 1–100 (default 25)