API Operations
The cyber.trackr.live API provides comprehensive access to cybersecurity compliance data including DISA STIGs, SRGs, RMF controls, CCIs, and SCAP documents.
🚀 Quick Links
- Getting Started Guide - Make your first API call in 30 seconds
- Base URL:
https://cyber.trackr.live/api - Authentication: None required (public API)
- Response Format: JSON
Common Endpoints
Most Used
GET /stig # List all STIGs/SRGs
GET /stig/{title}/{version}/{release} # Get specific STIG
GET /rmf/5 # List RMF Rev 5 controls
GET /cci # List all CCIsEndpoint Categories
📋 STIG & SRG Documents
- List Documents: Get all available STIGs and SRGs
- Document Summary: Get document metadata and requirement list
- Requirement Details: Get full requirement specification with check/fix text
🔒 RMF Controls
- RMF Rev 4 & 5: Access NIST RMF control families and individual controls
- Control Details: Full control text, implementation guidance, and relationships
🎯 CCI References
- CCI List: Browse Common Control Identifiers
- CCI Details: Get detailed CCI information and RMF mappings
📊 SCAP Content
- SCAP Documents: Security Content Automation Protocol documents
- SCAP Requirements: Individual SCAP requirement details
Rate Limits & Performance
- No Authentication Required: All endpoints are publicly accessible
- Rate Limits: Please be respectful with request frequency
- Response Format: All responses are JSON
- CORS Enabled: Safe for browser-based applications
Interactive Documentation
The interactive API documentation below allows you to:
- ✅ Try requests directly from your browser
- ✅ See real response data from the live API
- ✅ Explore all endpoints with full parameter details
- ✅ Copy working code examples in multiple languages
Complete OpenAPI 3.1.1 specification for cyber.trackr.live API.
This API provides access to DISA STIGs, SRGs, RMF controls, CCIs, and SCAP data.
DISA Cybersecurity Ecosystem Hierarchy
NIST RMF Controls (high-level policy framework)
↓ (decomposed into atomic, testable statements)
CCIs (Control Correlation Identifiers - bridge policy to implementation)
↓ (grouped by technology class into generic requirements)
SRGs (Security Requirements Guides - technology class "what" to do)
↓ (implemented as vendor-specific "how" to do it)
STIGs (Security Technical Implementation Guides - vendor/product specific)
↓ (automated versions for scanning tools)
SCAP (Security Content Automation Protocol documents)
Critical Relationships
- RMF Controls contain assessment procedures that reference CCIs
- CCIs map back to RMF Controls and forward to STIG/SRG requirements
- SRGs define generic technology requirements that STIGs implement specifically
- V-IDs can appear in both SRG and corresponding STIG (same requirement, different specificity)
- SV-IDs are XCCDF rule identifiers with revision tracking across document releases
Contact
License
Apache-2.0Servers
List all STIGs and SRGs
Returns complete list of Security Technical Implementation Guides (STIGs) and
Security Requirements Guides (SRGs). Note: These are mixed in one endpoint.
Responses
Complete list of STIGs and SRGs grouped by document name
Get STIG or SRG document details
Returns complete document with all requirements
Parameters
Path Parameters
Document title exactly as it appears in the list endpoint
"Juniper_SRX_Services_Gateway_ALG"1200Major version number of the document
"3""^\\d+$"Release number within the version
"3""^\\d+(\\.\\d+)?$"Responses
Complete document details with all requirements
Get individual STIG/SRG requirement details
Returns complete details for a specific requirement
Parameters
Path Parameters
Document title exactly as it appears in the list endpoint
"Juniper_SRX_Services_Gateway_ALG"1200Major version number of the document
"3""^\\d+$"Release number within the version
"3""^\\d+(\\.\\d+)?$"Vulnerability/Requirement ID (V-XXXXXX format)
"V-214518""^V-\\d{6}$"Responses
Complete requirement details
List RMF revision 4 controls
List RMF revision 5 controls
Get RMF revision 4 control details
Returns complete RMF control details including CCI mappings
Parameters
Path Parameters
RMF control identifier (family-number format)
"AC-1""^[A-Z]+-\\d+$"Responses
Complete RMF control details with CCI mappings
Get RMF revision 5 control details
Returns complete RMF control details including CCI mappings
Parameters
Path Parameters
RMF control identifier (family-number format)
"AC-1""^[A-Z]+-\\d+$"Responses
Complete RMF control details with CCI mappings
List all SCAP documents
Get SCAP document details
Returns complete SCAP document with all requirements (same structure as STIG)
Parameters
Path Parameters
Document title exactly as it appears in the list endpoint
"U_MS_Windows_10_V3R2_STIG_SCAP_1-2_Benchmark"1200Major version number of the document
"3""^\\d+$"Release number within the version
"2""^\\d+(\\.\\d+)?$"Responses
Complete SCAP document details
Get individual SCAP requirement details
Returns complete details for specific SCAP requirement (same structure as STIG requirement)
Parameters
Path Parameters
Document title exactly as it appears in the list endpoint
"U_MS_Windows_10_V3R2_STIG_SCAP_1-2_Benchmark"1200Major version number of the document
"3""^\\d+$"Release number within the version
"2""^\\d+(\\.\\d+)?$"Vulnerability/Requirement ID (V-XXXXXX format)
"V-220697""^V-\\d{6}$"Responses
Complete SCAP requirement details
List all Control Correlation Identifiers
Get CCI details with RMF mapping
Returns complete CCI details including RMF control mapping
Parameters
Path Parameters
Control Correlation Identifier (CCI-XXXXXX format)
"CCI-000001""^CCI-\\d{6}$"Responses
Complete CCI details with RMF control mapping