API Endpoints
Complete reference for all CSE Registry API endpoints. All endpoints require authentication via API key.
Base URL: https://api.cseregistry.org/v1Endpoints by Tier
Signals
List Signals
GET /signalsReturns a paginated list of signals with optional filtering.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| domain | string | Filter by domain (e.g., HIPAA, SOC2) |
| category | string | Filter by category (e.g., TECH, ACCESS) |
| severity | string | Filter by severity (critical, high, medium, low, info) |
| tag | string | Filter by tag (can specify multiple) |
| page | integer | Page number (default: 1) |
| per_page | integer | Results per page (default: 20, max: 100) |
Requestbash
# List high-severity HIPAA signals
curl "https://api.cseregistry.org/v1/signals?domain=HIPAA&severity=high" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": [
{
"id": "CSE-HIPAA-TECH-ENCRYPT-REST-001",
"domain": "HIPAA",
"category": "TECH",
"title": "Data at Rest Encryption Not Enabled",
"description": "Storage resource does not have encryption at rest enabled...",
"severity": "high",
"tags": ["encryption", "storage", "data-protection"],
"version": "1.0.0"
}
],
"meta": {
"total": 42,
"page": 1,
"per_page": 20,
"total_pages": 3
}
}Get Signal
GET /signals/:idReturns the complete signal definition for a specific signal ID.
Path Parameters
| id | The signal ID (e.g., CSE-HIPAA-TECH-ENCRYPT-REST-001) |
Requestbash
curl "https://api.cseregistry.org/v1/signals/CSE-HIPAA-TECH-ENCRYPT-REST-001" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"id": "CSE-HIPAA-TECH-ENCRYPT-REST-001",
"domain": "HIPAA",
"category": "TECH",
"title": "Data at Rest Encryption Not Enabled",
"description": "Storage resource does not have encryption at rest enabled...",
"severity": "high",
"tags": ["encryption", "storage", "data-protection"],
"detection": {
"artifact_types": ["cloud_resource", "configuration"],
"conditions": ["encryption_enabled == false"]
},
"remediation_hint": "Enable server-side encryption on the storage resource",
"version": "1.0.0",
"created": "2024-01-15",
"updated": "2024-06-20"
}
}Get Signal Mappings
GET /signals/:id/mappingsReturns all framework control mappings for a specific signal.
Query Parameters
| framework | Filter mappings by framework (e.g., HIPAA, NIST-CSF) |
Requestbash
curl "https://api.cseregistry.org/v1/signals/CSE-HIPAA-TECH-ENCRYPT-REST-001/mappings" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"signal_id": "CSE-HIPAA-TECH-ENCRYPT-REST-001",
"mappings": [
{
"framework": "HIPAA",
"control_id": "§164.312(a)(2)(iv)",
"control_title": "Encryption and decryption",
"relationship": "primary",
"rationale": "Encryption at rest directly implements..."
},
{
"framework": "NIST-CSF",
"control_id": "PR.DS-1",
"control_title": "Data-at-rest is protected",
"relationship": "primary",
"rationale": "Signal detects absence of data-at-rest protection"
}
]
}
}Domains
List Domains
GET /domainsReturns all available compliance domains with metadata.
Requestbash
curl "https://api.cseregistry.org/v1/domains" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": [
{
"id": "CMMC",
"name": "Cybersecurity Maturity Model Certification",
"signal_count": 134,
"categories": ["ACCESS", "AUDIT", "COMMS", "CONFIG", "IDENTITY"]
},
{
"id": "HIPAA",
"name": "Health Insurance Portability and Accountability Act",
"signal_count": 75,
"categories": ["TECH", "ADMIN", "PHYS"]
}
],
"meta": {
"total": 12
}
}Get Domain
GET /domains/:idReturns detailed information about a specific domain including statistics by category and severity.
Requestbash
curl "https://api.cseregistry.org/v1/domains/HIPAA" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"id": "HIPAA",
"name": "Health Insurance Portability and Accountability Act",
"description": "U.S. regulation protecting sensitive patient health information",
"signal_count": 75,
"categories": ["TECH", "ADMIN", "PHYS"],
"stats": {
"by_category": {
"TECH": 45,
"ADMIN": 20,
"PHYS": 10
},
"by_severity": {
"critical": 5,
"high": 30,
"medium": 25,
"low": 10,
"info": 5
}
}
}
}Search
Search Signals
GET /searchFull-text search across signal titles, descriptions, and tags.
Query Parameters
| q | Search query (required) |
| domain | Limit search to specific domain |
| page | Page number (default: 1) |
| per_page | Results per page (default: 20, max: 100) |
Requestbash
curl "https://api.cseregistry.org/v1/search?q=encryption" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": [
{
"id": "CSE-HIPAA-TECH-ENCRYPT-REST-001",
"domain": "HIPAA",
"title": "Data at Rest Encryption Not Enabled",
"severity": "high",
"score": 0.95
},
{
"id": "CSE-HIPAA-TECH-ENCRYPT-TRANSIT-001",
"domain": "HIPAA",
"title": "Data in Transit Encryption Not Enabled",
"severity": "high",
"score": 0.92
}
],
"meta": {
"total": 45,
"query": "encryption",
"page": 1,
"per_page": 20
}
}Frameworks
List Frameworks
GET /frameworksReturns all supported compliance frameworks with metadata.
Query Parameters
| category | Filter by category (e.g., healthcare, financial, government) |
Requestbash
curl "https://api.cseregistry.org/v1/frameworks" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": [
{
"code": "HIPAA",
"name": "Health Insurance Portability and Accountability Act",
"version": "2013",
"category": "healthcare",
"control_count": 89,
"description": "U.S. healthcare data protection regulation"
},
{
"code": "SOC2",
"name": "SOC 2 Type II",
"version": "2017",
"category": "general",
"control_count": 64,
"description": "Service organization controls for security, availability..."
},
{
"code": "NIST-CSF",
"name": "NIST Cybersecurity Framework",
"version": "2.0",
"category": "general",
"control_count": 108,
"description": "Framework for improving critical infrastructure cybersecurity"
}
],
"meta": {
"total": 15
}
}Get Framework Controls
GET /frameworks/:code/controlsReturns all controls for a specific framework with their mapped signals.
Path Parameters
| code | Framework code (e.g., HIPAA, SOC2, NIST-CSF, CMMC) |
Query Parameters
| category | Filter by control category within the framework |
| page | Page number (default: 1) |
| per_page | Results per page (default: 50, max: 100) |
Requestbash
curl "https://api.cseregistry.org/v1/frameworks/HIPAA/controls" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"framework": {
"code": "HIPAA",
"name": "Health Insurance Portability and Accountability Act",
"version": "2013"
},
"controls": [
{
"id": "164.312(a)(1)",
"title": "Access Control",
"category": "Technical Safeguards",
"description": "Implement technical policies and procedures...",
"mapped_signals": 12,
"signal_ids": [
"CSE-HIPAA-TECH-ACCESS-001",
"CSE-HIPAA-TECH-ACCESS-002"
]
},
{
"id": "164.312(a)(2)(iv)",
"title": "Encryption and Decryption",
"category": "Technical Safeguards",
"description": "Implement mechanism to encrypt and decrypt ePHI",
"mapped_signals": 8,
"signal_ids": [
"CSE-HIPAA-TECH-ENCRYPT-REST-001",
"CSE-HIPAA-TECH-ENCRYPT-TRANSIT-001"
]
}
]
},
"meta": {
"total": 89,
"page": 1,
"per_page": 50
}
}Mappings
List Mappings
GET /mappingsReturns all signal-to-control mappings with optional filtering.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| framework | string | Filter by framework (e.g., HIPAA, SOC2, NIST-CSF) |
| signal_id | string | Filter by signal ID |
| control_id | string | Filter by control ID |
| min_confidence | number | Minimum confidence score (0-1, default: 0) |
| page | integer | Page number (default: 1) |
| per_page | integer | Results per page (default: 50, max: 100) |
Requestbash
# Get all HIPAA mappings with high confidence
curl "https://api.cseregistry.org/v1/mappings?framework=HIPAA&min_confidence=0.8" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": [
{
"id": "map-hipaa-001",
"signal_id": "CSE-HIPAA-TECH-ENCRYPT-REST-001",
"framework": "HIPAA",
"control_id": "164.312(a)(2)(iv)",
"control_title": "Encryption and Decryption",
"relationship": "primary",
"confidence": 0.95,
"rationale": "Signal directly detects absence of required encryption"
},
{
"id": "map-hipaa-002",
"signal_id": "CSE-HIPAA-TECH-ACCESS-001",
"framework": "HIPAA",
"control_id": "164.312(a)(1)",
"control_title": "Access Control",
"relationship": "primary",
"confidence": 0.92,
"rationale": "Signal detects unauthorized access configurations"
}
],
"meta": {
"total": 245,
"page": 1,
"per_page": 50,
"filters_applied": {
"framework": "HIPAA",
"min_confidence": 0.8
}
}
}Validation
Validate Object
POST /validateValidates a single object against a CSE schema (signal, finding, artifact, or mapping).
Request Body
| schema | Schema type: signal, finding, artifact, or mapping |
| data | The object to validate |
Requestbash
curl -X POST "https://api.cseregistry.org/v1/validate" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"schema": "signal",
"data": {
"id": "CSE-HIPAA-TECH-TEST-001",
"canonical_name": "Test Signal",
"domain": "HIPAA",
"category": "TECH",
"severity": "high"
}
}'Response200 OK
{
"data": {
"valid": true,
"schema_type": "signal",
"schema_version": "1.0.0"
}
}Response (invalid):
Response422 Unprocessable Entity
{
"data": {
"valid": false,
"schema_type": "signal",
"schema_version": "1.0.0",
"errors": [
{
"path": "/severity",
"message": "must be equal to one of the allowed values",
"keyword": "enum"
}
]
}
}Batch Validate
POST /validate/batchValidates multiple objects against a CSE schema in a single request. Maximum 100 items per request.
Request Body
| schema | Schema type: signal, finding, artifact, or mapping |
| items | Array of objects to validate (max 100) |
Requestbash
curl -X POST "https://api.cseregistry.org/v1/validate/batch" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"schema": "finding",
"items": [
{ "signal_id": "CSE-HIPAA-TECH-001", "status": "open" },
{ "signal_id": "CSE-HIPAA-TECH-002", "status": "invalid_status" }
]
}'Response200 OK
{
"data": {
"schema_type": "finding",
"schema_version": "1.0.0",
"results": [
{ "index": 0, "valid": true },
{
"index": 1,
"valid": false,
"errors": [{ "path": "/status", "message": "must be equal to one of the allowed values", "keyword": "enum" }]
}
],
"summary": {
"total": 2,
"valid": 1,
"invalid": 1
}
}
}Bulk Operations
Bulk Signal Lookup
POST /signals/bulkLook up multiple signals by ID in a single request. Maximum 100 IDs per request.
Request Body
| ids | Array of signal IDs to look up (max 100) |
Requestbash
curl -X POST "https://api.cseregistry.org/v1/signals/bulk" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"ids": [
"CSE-CMMC-COMMS-UNRESTRICTED-SSH-001",
"CSE-HIPAA-TECH-ENCRYPT-REST-001",
"CSE-INVALID-001"
]
}'Response200 OK
{
"data": {
"results": [
{
"id": "CSE-CMMC-COMMS-UNRESTRICTED-SSH-001",
"status": "found",
"signal": {
"id": "CSE-CMMC-COMMS-UNRESTRICTED-SSH-001",
"canonical_name": "Unrestricted SSH Access from Internet",
"severity": "high",
"domain": "CMMC"
}
},
{
"id": "CSE-HIPAA-TECH-ENCRYPT-REST-001",
"status": "found",
"signal": {
"id": "CSE-HIPAA-TECH-ENCRYPT-REST-001",
"canonical_name": "Encryption at Rest Not Enabled",
"severity": "high",
"domain": "HIPAA"
}
},
{
"id": "CSE-INVALID-001",
"status": "not_found"
}
],
"summary": {
"total": 3,
"found": 2,
"not_found": 1
}
}
}Bulk Mappings Lookup
POST /mappings/bulkGet framework mappings for multiple signals in a single request. Maximum 100 signal IDs per request.
Request Body
| signal_ids | Array of signal IDs (max 100) |
| framework | (Optional) Filter mappings by framework |
| min_confidence | (Optional) Minimum confidence score (0-1) |
Requestbash
curl -X POST "https://api.cseregistry.org/v1/mappings/bulk" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"signal_ids": [
"CSE-CMMC-COMMS-UNRESTRICTED-SSH-001",
"CSE-HIPAA-TECH-ENCRYPT-REST-001"
],
"framework": "NIST SP 800-53",
"min_confidence": 0.8
}'Response200 OK
{
"data": {
"results": [
{
"signal_id": "CSE-CMMC-COMMS-UNRESTRICTED-SSH-001",
"mappings": [
{
"framework": "NIST SP 800-53",
"control_id": "SC-7",
"control_name": "Boundary Protection",
"confidence": 0.92
}
]
},
{
"signal_id": "CSE-HIPAA-TECH-ENCRYPT-REST-001",
"mappings": [
{
"framework": "NIST SP 800-53",
"control_id": "SC-28",
"control_name": "Protection of Information at Rest",
"confidence": 0.95
}
]
}
],
"summary": {
"total_signals": 2,
"total_mappings": 2
}
}
}Statistics
Get Registry Statistics
GET /statsReturns aggregate statistics about the registry.
Requestbash
curl "https://api.cseregistry.org/v1/stats" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"registry_version": "1.0.0",
"spec_version": "1.0.0",
"last_updated": "2024-12-28T00:00:00Z",
"total_signals": 1132,
"total_mappings": 1308,
"domains": 12,
"categories": 12,
"by_domain": {
"CMMC": 134,
"FEDRAMP": 145,
"HITRUST": 126
},
"by_severity": {
"critical": 89,
"high": 423,
"medium": 398,
"low": 167,
"info": 55
}
}
}Controls Pro
List Controls
GET /controlsProReturns framework controls with their signal mappings. Requires Pro subscription or higher.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| framework | string | Filter by framework code (e.g., HIPAA, SOC2, NIST-CSF, CMMC) |
| category | string | Filter by control category |
| page | integer | Page number (default: 1) |
| per_page | integer | Results per page (default: 50, max: 100) |
Requestbash
curl "https://api.cseregistry.org/v1/controls?framework=HIPAA&per_page=10" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": [
{
"id": "164.312(a)(1)",
"framework": "HIPAA",
"title": "Access Control",
"category": "Technical Safeguards",
"description": "Implement technical policies and procedures for electronic information systems...",
"level": "required",
"mapped_signals": [
{
"signal_id": "CSE-HIPAA-TECH-ACCESS-001",
"confidence": 0.95,
"relationship": "primary"
},
{
"signal_id": "CSE-HIPAA-TECH-ACCESS-002",
"confidence": 0.88,
"relationship": "supporting"
}
]
},
{
"id": "164.312(a)(2)(iv)",
"framework": "HIPAA",
"title": "Encryption and Decryption",
"category": "Technical Safeguards",
"description": "Implement mechanism to encrypt and decrypt electronic protected health information",
"level": "addressable",
"mapped_signals": [
{
"signal_id": "CSE-HIPAA-TECH-ENCRYPT-REST-001",
"confidence": 0.98,
"relationship": "primary"
}
]
}
],
"meta": {
"total": 89,
"page": 1,
"per_page": 10,
"total_pages": 9
}
}Get Control
GET /controls/:idProReturns detailed information about a specific control including all mapped signals.
Path Parameters
| id | Control ID (e.g., 164.312(a)(1) for HIPAA, AC-2 for NIST) |
Query Parameters
| framework | Framework code (required when control ID is ambiguous across frameworks) |
Requestbash
curl "https://api.cseregistry.org/v1/controls/164.312(a)(2)(iv)?framework=HIPAA" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"id": "164.312(a)(2)(iv)",
"framework": "HIPAA",
"title": "Encryption and Decryption",
"category": "Technical Safeguards",
"description": "Implement mechanism to encrypt and decrypt electronic protected health information",
"level": "addressable",
"guidance": "Organizations must implement encryption and decryption mechanisms...",
"mapped_signals": [
{
"signal_id": "CSE-HIPAA-TECH-ENCRYPT-REST-001",
"title": "Data at Rest Encryption Not Enabled",
"severity": "high",
"confidence": 0.98,
"relationship": "primary",
"rationale": "Signal directly detects absence of encryption at rest"
},
{
"signal_id": "CSE-HIPAA-TECH-ENCRYPT-TRANSIT-001",
"title": "Data in Transit Encryption Not Enabled",
"severity": "high",
"confidence": 0.95,
"relationship": "primary",
"rationale": "Signal detects unencrypted data transmission"
}
],
"related_controls": [
{ "framework": "NIST-CSF", "control_id": "PR.DS-1", "title": "Data-at-rest is protected" },
{ "framework": "SOC2", "control_id": "CC6.1", "title": "Logical access security software" }
]
}
}Gap Analysis Pro
Create Gap Analysis
POST /gap-analysisProAnalyze security findings against compliance frameworks to identify gaps in your security posture. Requires Pro subscription or higher.
Request Body
| Field | Type | Description |
|---|---|---|
| findings | array | Array of finding objects (required) |
| frameworks | array | Framework codes to analyze against (e.g., ["HIPAA", "SOC2"]) |
| options.include_remediation | boolean | Include remediation guidance (default: true) |
| options.include_cross_framework | boolean | Include cross-framework analysis (default: true) |
Finding Object Schema
| id | Unique finding identifier (required) |
| signal_id | CSE signal ID (required, e.g., CSE-HIPAA-TECH-ENCRYPT-001) |
| status | Finding status: open, in_progress, resolved, false_positive, accepted |
| observed_at | ISO 8601 timestamp when finding was observed |
| severity.level | Severity: critical, high, medium, low, info |
Requestbash
curl -X POST "https://api.cseregistry.org/v1/gap-analysis" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"findings": [
{
"id": "FND-001",
"signal_id": "CSE-HIPAA-TECH-ENCRYPT-REST-001",
"status": "open",
"observed_at": "2025-01-15T10:30:00Z",
"severity": { "level": "high" }
},
{
"id": "FND-002",
"signal_id": "CSE-HIPAA-TECH-ACCESS-001",
"status": "in_progress",
"observed_at": "2025-01-14T08:00:00Z",
"severity": { "level": "critical" }
}
],
"frameworks": ["HIPAA", "SOC2"],
"options": {
"include_remediation": true,
"include_cross_framework": true
}
}'Response200 OK
{
"data": {
"id": "GAP-2025-01-15-abc123",
"created_at": "2025-01-15T10:35:00Z",
"posture": {
"status": "at_risk",
"score": 65.5
},
"by_framework": {
"HIPAA": {
"posture": {
"status": "at_risk",
"score": 62.0,
"controls_total": 89,
"controls_compliant": 55,
"controls_partial": 12,
"controls_non_compliant": 8,
"controls_not_assessed": 14
},
"gaps": [
{
"control": {
"id": "164.312(a)(2)(iv)",
"title": "Encryption and Decryption",
"category": "Technical Safeguards"
},
"status": "non_compliant",
"severity": "high",
"confidence": 0.95,
"findings": [
{
"signal_id": "CSE-HIPAA-TECH-ENCRYPT-REST-001",
"finding_status": "open",
"confidence": 0.95
}
],
"remediation": {
"priority": "high",
"effort": "medium",
"guidance": "Enable encryption at rest for all storage containing ePHI...",
"steps": [
"Enable server-side encryption on S3 buckets",
"Configure KMS key rotation",
"Update data classification policies"
]
}
}
],
"compliant": [
{
"control": {
"id": "164.312(b)",
"title": "Audit Controls",
"category": "Technical Safeguards"
},
"status": "compliant",
"confidence": 0.92,
"validated_by": [
{ "signal_id": "CSE-HIPAA-TECH-AUDIT-001", "finding_status": "resolved" }
]
}
]
},
"SOC2": {
"posture": {
"status": "compliant",
"score": 78.0
}
}
},
"cross_framework": {
"common_gaps": [
{
"description": "Encryption at rest not enabled",
"affects_frameworks": ["HIPAA", "SOC2"],
"controls_affected": [
{ "framework": "HIPAA", "control_id": "164.312(a)(2)(iv)" },
{ "framework": "SOC2", "control_id": "CC6.1" }
],
"remediation_overlap": "Single remediation addresses both frameworks"
}
],
"framework_synergies": [
{
"primary_framework": "HIPAA",
"synergy_with": "SOC2",
"overlap_percentage": 68,
"note": "HIPAA implementation provides strong SOC2 coverage"
}
]
}
}
}Get Gap Analysis
GET /gap-analysis/:idProRetrieve a previously created gap analysis result by ID.
Path Parameters
| id | Gap analysis ID (e.g., GAP-2025-01-15-abc123) |
Requestbash
curl "https://api.cseregistry.org/v1/gap-analysis/GAP-2025-01-15-abc123" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"id": "GAP-2025-01-15-abc123",
"created_at": "2025-01-15T10:35:00Z",
"posture": {
"status": "at_risk",
"score": 65.5
},
"by_framework": {
"HIPAA": {
"posture": {
"status": "at_risk",
"score": 62.0
}
}
},
"cross_framework": {
"common_gaps": []
}
}
}Gap Analysis Summary
GET /gap-analysis/summaryProGet a summary of recent gap analyses for your organization.
Query Parameters
| limit | Number of recent analyses to return (default: 10, max: 50) |
Requestbash
curl "https://api.cseregistry.org/v1/gap-analysis/summary?limit=5" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"analyses": [
{
"id": "GAP-2025-01-15-abc123",
"created_at": "2025-01-15T10:35:00Z",
"frameworks": ["HIPAA", "SOC2"],
"posture_score": 65.5,
"status": "at_risk",
"critical_gaps": 2,
"high_gaps": 5
},
{
"id": "GAP-2025-01-10-def456",
"created_at": "2025-01-10T14:00:00Z",
"frameworks": ["HIPAA"],
"posture_score": 58.0,
"status": "non_compliant",
"critical_gaps": 4,
"high_gaps": 8
}
],
"trend": {
"direction": "improving",
"score_change": 7.5
}
}
}Export Gap Analysis Teams
GET /gap-analysis/:id/exportTeamsExport a gap analysis in various formats for reporting and auditing purposes. Requires Teams subscription or higher.
Path Parameters
| id | Gap analysis ID |
Query Parameters
| format | Export format: json, csv, pdf, xlsx (default: json) |
| include_evidence | Include evidence details (default: false) |
Requestbash
# Export as PDF for audit documentation
curl "https://api.cseregistry.org/v1/gap-analysis/GAP-2025-01-15-abc123/export?format=pdf" \
-H "Authorization: Bearer YOUR_API_KEY" \
-o gap-analysis-report.pdf
# Export as CSV for spreadsheet analysis
curl "https://api.cseregistry.org/v1/gap-analysis/GAP-2025-01-15-abc123/export?format=csv" \
-H "Authorization: Bearer YOUR_API_KEY" \
-o gap-analysis.csvCompare Gap Analyses Teams
POST /gap-analysis/compareTeamsCompare two gap analysis results to track compliance progress over time. Requires Teams subscription or higher.
Request Body
| baseline_id | Gap analysis ID to use as baseline (earlier analysis) |
| current_id | Gap analysis ID to compare against baseline (later analysis) |
Requestbash
curl -X POST "https://api.cseregistry.org/v1/gap-analysis/compare" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"baseline_id": "GAP-2025-01-01-baseline",
"current_id": "GAP-2025-01-15-current"
}'Response200 OK
{
"data": {
"comparison": {
"baseline": {
"id": "GAP-2025-01-01-baseline",
"created_at": "2025-01-01T00:00:00Z",
"posture_score": 58.0
},
"current": {
"id": "GAP-2025-01-15-current",
"created_at": "2025-01-15T10:35:00Z",
"posture_score": 65.5
},
"trend": {
"direction": "improving",
"score_change": 7.5,
"percentage_change": 12.9
},
"gaps_resolved": [
{
"control_id": "164.312(c)(1)",
"framework": "HIPAA",
"title": "Integrity Controls",
"resolved_at": "2025-01-08T14:00:00Z"
}
],
"gaps_added": [],
"gaps_unchanged": [
{
"control_id": "164.312(a)(2)(iv)",
"framework": "HIPAA",
"title": "Encryption and Decryption",
"days_open": 15
}
],
"by_framework": {
"HIPAA": {
"baseline_score": 58.0,
"current_score": 65.5,
"controls_improved": 3,
"controls_regressed": 0
}
}
}
}
}Artifact Types (OCSF) Teams
The Artifact Types API provides an OCSF-aligned taxonomy for cloud, endpoint, and security artifacts. Use these endpoints to normalize your asset inventory to a vendor-neutral schema and map provider-specific resource types to standardized categories.
List Artifact Types
GET /artifact-typesTeamsList OCSF-aligned artifact types with filtering by category, subcategory, or cloud provider. Returns paginated results with provider mappings for each artifact type.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| category | string | Filter by category: cloud, endpoint, network, application, data, identity |
| subcategory | string | Filter by subcategory (e.g., compute, storage, iam) |
| provider | string | Filter by cloud provider: aws, azure, gcp, oci, alibaba |
| q | string | Search by ID, name, or description |
| page | integer | Page number (default: 1) |
| per_page | integer | Results per page (default: 50, max: 100) |
Requestbash
# List all cloud compute artifact types
curl "https://api.cseregistry.org/v1/artifact-types?category=cloud&subcategory=compute" \
-H "Authorization: Bearer YOUR_API_KEY"
# Filter by AWS provider
curl "https://api.cseregistry.org/v1/artifact-types?provider=aws" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": [
{
"id": "cloud.compute.virtual_machine",
"name": "Virtual Machine",
"description": "Virtual machine instances including EC2, Azure VMs, and GCE instances",
"category": "cloud",
"subcategory": "compute",
"ocsf": {
"object": "device",
"profile": "cloud"
},
"security_attributes": {
"has_network_interface": true,
"has_storage": true,
"has_iam_role": true,
"can_be_public": true
},
"provider_mappings": [
{
"provider": "aws",
"resource_type": "AWS::EC2::Instance",
"arn_format": "arn:aws:ec2:{region}:{account}:instance/{instance-id}"
},
{
"provider": "azure",
"resource_type": "Microsoft.Compute/virtualMachines"
},
{
"provider": "gcp",
"resource_type": "compute.googleapis.com/Instance"
}
],
"status": "active"
}
],
"meta": {
"version": "1.0.0",
"generated_at": "2025-01-02T12:00:00Z",
"total": 46,
"page": 1,
"per_page": 50,
"ocsf_version": "1.2.0"
}
}Get Artifact Type
GET /artifact-types/{id}TeamsGet detailed information about a specific artifact type by its ID. Returns the full artifact type definition including all provider mappings.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| id | string | Artifact type ID (e.g., cloud.compute.virtual_machine) |
Requestbash
# Get a specific artifact type
curl "https://api.cseregistry.org/v1/artifact-types/cloud.storage.object_storage" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"id": "cloud.storage.object_storage",
"name": "Object Storage",
"description": "Cloud object storage services like S3, Azure Blob, and GCS",
"category": "cloud",
"subcategory": "storage",
"ocsf": {
"object": "file",
"profile": "cloud"
},
"security_attributes": {
"has_encryption": true,
"has_access_policy": true,
"can_be_public": true,
"has_versioning": true
},
"provider_mappings": [
{
"provider": "aws",
"resource_type": "AWS::S3::Bucket",
"arn_format": "arn:aws:s3:::{bucket-name}",
"documentation_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/"
},
{
"provider": "azure",
"resource_type": "Microsoft.Storage/storageAccounts/blobServices",
"documentation_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/"
},
{
"provider": "gcp",
"resource_type": "storage.googleapis.com/Bucket",
"documentation_url": "https://cloud.google.com/storage/docs"
}
],
"status": "active",
"version": "1.0.0"
},
"meta": {
"version": "1.0.0",
"generated_at": "2025-01-02T12:00:00Z",
"ocsf_version": "1.2.0"
}
}Resolve Provider Resources
POST /artifact-types/resolveTeamsResolve provider-specific resource types to CSE artifact types. Useful for normalizing cloud inventory from multiple providers to OCSF-aligned types. Supports batch resolution of up to 100 resources per request.
Request Body
| Field | Type | Description |
|---|---|---|
| resources | array | Array of resources to resolve (max 100) |
| resources[].provider | string | Cloud provider: aws, azure, gcp, oci, alibaba |
| resources[].resource_type | string | Provider-specific resource type (e.g., AWS::EC2::Instance) |
Requestbash
# Resolve provider resources to artifact types
curl -X POST "https://api.cseregistry.org/v1/artifact-types/resolve" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"resources": [
{"provider": "aws", "resource_type": "AWS::EC2::Instance"},
{"provider": "aws", "resource_type": "AWS::S3::Bucket"},
{"provider": "azure", "resource_type": "Microsoft.Compute/virtualMachines"},
{"provider": "gcp", "resource_type": "compute.googleapis.com/Instance"}
]
}'Response200 OK
{
"data": [
{
"provider": "aws",
"resource_type": "AWS::EC2::Instance",
"artifact_type": {
"id": "cloud.compute.virtual_machine",
"name": "Virtual Machine",
"category": "cloud",
"subcategory": "compute"
},
"matched": true
},
{
"provider": "aws",
"resource_type": "AWS::S3::Bucket",
"artifact_type": {
"id": "cloud.storage.object_storage",
"name": "Object Storage",
"category": "cloud",
"subcategory": "storage"
},
"matched": true
},
{
"provider": "azure",
"resource_type": "Microsoft.Compute/virtualMachines",
"artifact_type": {
"id": "cloud.compute.virtual_machine",
"name": "Virtual Machine",
"category": "cloud",
"subcategory": "compute"
},
"matched": true
},
{
"provider": "gcp",
"resource_type": "compute.googleapis.com/Instance",
"artifact_type": {
"id": "cloud.compute.virtual_machine",
"name": "Virtual Machine",
"category": "cloud",
"subcategory": "compute"
},
"matched": true
}
],
"meta": {
"version": "1.0.0",
"generated_at": "2025-01-02T12:00:00Z",
"total_requested": 4,
"total_matched": 4
}
}Framework Crosswalks Pro
Framework crosswalks reveal how compliance controls map to each other across different frameworks via shared signals. Use these endpoints to quantify multi-framework coverage and identify compliance synergies.
Get Framework Overlaps
GET /crosswalksProGet framework overlap data showing how controls map across frameworks via shared signals. Returns quantified overlap percentages to help prioritize multi-framework compliance efforts.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| framework_a | string | Source framework code (e.g., HIPAA, SOC2) |
| framework_b | string | Target framework code (requires framework_a) |
| include_controls | boolean | Include control-level crosswalk details (default: false) |
| limit | integer | Max results for overlaps (default: 20, max: 100) |
Requestbash
# Get all framework overlaps
curl "https://api.cseregistry.org/v1/crosswalks" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"overlaps": [
{
"framework_a": "HIPAA",
"framework_b": "SOC2",
"shared_signals": 45,
"crosswalk_count": 128,
"overlap_percentage": 68.5
},
{
"framework_a": "SOC2",
"framework_b": "ISO27001",
"shared_signals": 52,
"crosswalk_count": 156,
"overlap_percentage": 72.3
}
],
"stats": {
"total_crosswalks": 1524,
"frameworks_analyzed": 12,
"average_overlap": 45.2
}
},
"meta": {
"version": "1.0.0",
"generated_at": "2025-01-15T10:30:00Z"
}
}Get specific framework pair overlap:
Requestbash
curl "https://api.cseregistry.org/v1/crosswalks?framework_a=HIPAA&framework_b=SOC2" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"overlap": {
"framework_a": "HIPAA",
"framework_b": "SOC2",
"shared_signals": 45,
"crosswalk_count": 128,
"overlap_percentage": 68.5
}
},
"meta": {
"version": "1.0.0"
}
}Get Control Crosswalks
GET /crosswalks/controlsProGet control-level crosswalk mappings between two frameworks. Shows which controls in one framework relate to controls in another via shared signals.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| framework_a | string | Source framework code (required) |
| framework_b | string | Target framework code (required) |
| control_id | string | Specific control ID to find related controls for |
| min_strength | number | Minimum crosswalk strength (0-1, default: 0) |
| relationship | string | Filter by relationship: equivalent, related, partial |
| limit | integer | Max results (default: 50, max: 200) |
| offset | integer | Pagination offset (default: 0) |
Requestbash
# Get control crosswalks between HIPAA and SOC2
curl "https://api.cseregistry.org/v1/crosswalks/controls?framework_a=HIPAA&framework_b=SOC2" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"crosswalks": [
{
"control_a": {
"framework": "HIPAA",
"control_id": "164.312(a)(2)(iv)",
"title": "Encryption and Decryption"
},
"control_b": {
"framework": "SOC2",
"control_id": "CC6.1",
"title": "Logical and Physical Access Controls"
},
"shared_signals": [
"CSE-GEN-TECH-ENCRYPT-REST-001",
"CSE-GEN-TECH-ENCRYPT-TRANSIT-001"
],
"strength": 0.85,
"relationship": "equivalent"
},
{
"control_a": {
"framework": "HIPAA",
"control_id": "164.312(b)",
"title": "Audit Controls"
},
"control_b": {
"framework": "SOC2",
"control_id": "CC7.2",
"title": "System Monitoring"
},
"shared_signals": ["CSE-GEN-AUDIT-LOGGING-001"],
"strength": 0.72,
"relationship": "related"
}
],
"summary": {
"total_crosswalks": 128,
"relationship_breakdown": {
"equivalent": 23,
"related": 85,
"partial": 20
}
}
},
"meta": {
"total": 128,
"limit": 50,
"offset": 0,
"has_more": true
}
}Find controls related to a specific HIPAA control:
Requestbash
curl "https://api.cseregistry.org/v1/crosswalks/controls?framework_a=HIPAA&framework_b=SOC2&control_id=164.312(a)(2)(iv)" \
-H "Authorization: Bearer YOUR_API_KEY"Get Signal Coverage
GET /crosswalks/signalsProGet signals that map to multiple frameworks. These multi-framework signals enable efficient cross-framework compliance - addressing one signal can satisfy requirements across multiple frameworks.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| signal_id | string | Specific signal ID to get coverage for |
| framework | string | Filter to signals that include this framework |
| min_frameworks | integer | Minimum number of frameworks (default: 2) |
| limit | integer | Max results (default: 50, max: 200) |
| offset | integer | Pagination offset (default: 0) |
Requestbash
# Get signals that map to 3+ frameworks
curl "https://api.cseregistry.org/v1/crosswalks/signals?min_frameworks=3" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"signals": [
{
"signal_id": "CSE-GEN-TECH-ENCRYPT-REST-001",
"frameworks": ["HIPAA", "SOC2", "ISO27001", "PCIDSS"],
"framework_count": 4,
"controls_by_framework": {
"HIPAA": ["164.312(a)(2)(iv)"],
"SOC2": ["CC6.1", "CC6.7"],
"ISO27001": ["A.10.1.1"],
"PCIDSS": ["3.4", "3.5"]
}
},
{
"signal_id": "CSE-GEN-ACCESS-MFA-001",
"frameworks": ["HIPAA", "SOC2", "CMMC"],
"framework_count": 3,
"controls_by_framework": {
"HIPAA": ["164.312(d)"],
"SOC2": ["CC6.1"],
"CMMC": ["IA.L2-3.5.3"]
}
}
],
"summary": {
"total_multi_framework_signals": 156,
"by_framework_count": {
"2_frameworks": 89,
"3_frameworks": 45,
"4_plus_frameworks": 22
}
}
},
"meta": {
"total": 156,
"limit": 50,
"offset": 0,
"has_more": true
}
}Get coverage for a specific signal:
Requestbash
curl "https://api.cseregistry.org/v1/crosswalks/signals?signal_id=CSE-GEN-TECH-ENCRYPT-REST-001" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"signal_id": "CSE-GEN-TECH-ENCRYPT-REST-001",
"frameworks": ["HIPAA", "SOC2", "ISO27001", "PCIDSS"],
"controls_by_framework": {
"HIPAA": ["164.312(a)(2)(iv)"],
"SOC2": ["CC6.1", "CC6.7"],
"ISO27001": ["A.10.1.1"],
"PCIDSS": ["3.4", "3.5"]
},
"is_multi_framework": true,
"framework_count": 4
},
"meta": {
"version": "1.0.0"
}
}Finding Templates Teams
The Finding Templates API provides access to standardized security finding definitions. Each template describes a specific security issue with severity, detection criteria, and remediation guidance.
List Finding Templates
GET /finding-templatesTeamsReturns a paginated list of finding templates with optional filtering.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| signal_id | string | Filter by signal ID |
| category | string | Filter by category (e.g., encryption, access) |
| severity | string | Filter by severity (critical, high, medium, low, info) |
| status | string | Filter by status (ACTIVE, DRAFT, DEPRECATED) |
| domain | string | Filter by compliance domain (e.g., HIPAA, SOC2) |
| q | string | Search in ID, title, and description |
| page | integer | Page number (default: 1) |
| per_page | integer | Results per page (default: 50, max: 100) |
Requestbash
curl "https://api.cseregistry.org/v1/finding-templates?severity=high&category=encryption" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": [
{
"id": "CFT-HIPAA-TECH-ENCRYPTION-001-001",
"signal_id": "CSE-HIPAA-TECH-ENCRYPTION-001",
"version": "1.0.0",
"status": "ACTIVE",
"title": "Data at Rest Encryption Not Enabled",
"description": "Storage resource lacks encryption at rest protection...",
"severity": "high",
"category": "encryption",
"applicable_artifacts": ["cloud.storage.object_storage", "cloud.database"],
"detection": {
"method": "configuration_check",
"criteria": ["encryption.at_rest.enabled == false"]
},
"remediation": {
"description": "Enable encryption at rest for the storage resource",
"steps": ["Enable server-side encryption", "Verify encryption key management"]
}
}
],
"meta": {
"version": "1.0.0",
"generated_at": "2025-01-02T12:00:00Z",
"total": 42,
"page": 1,
"per_page": 50
}
}Get Finding Template
GET /finding-templates/{id}TeamsReturns the complete finding template definition including associated signal and tool mappings.
Path Parameters
| id | The finding template ID (e.g., CFT-HIPAA-TECH-ENCRYPTION-001-001) |
Requestbash
curl "https://api.cseregistry.org/v1/finding-templates/CFT-HIPAA-TECH-ENCRYPTION-001-001" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": {
"id": "CFT-HIPAA-TECH-ENCRYPTION-001-001",
"signal_id": "CSE-HIPAA-TECH-ENCRYPTION-001",
"version": "1.0.0",
"status": "ACTIVE",
"title": "Data at Rest Encryption Not Enabled",
"description": "Storage resource lacks encryption at rest protection...",
"severity": "high",
"category": "encryption",
"signal": {
"id": "CSE-HIPAA-TECH-ENCRYPTION-001",
"name": "Encryption at Rest Required",
"domain": "HIPAA",
"category": "TECH"
},
"tool_mappings": [
{
"tool_id": "prowler",
"tool_name": "Prowler",
"rule_id": "s3_bucket_default_encryption",
"confidence": "HIGH"
}
]
},
"meta": {
"version": "1.0.0",
"generated_at": "2025-01-02T12:00:00Z"
}
}Tool Mappings Teams
The Tool Mappings API maps security scanner rules to finding templates, enabling automatic correlation of scan results with standardized compliance findings.
List Tool Mappings
GET /tool-mappingsTeamsReturns a paginated list of tool mappings with optional filtering.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| tool_id | string | Filter by tool ID (e.g., prowler, checkov) |
| finding_template_id | string | Filter by finding template ID |
| confidence | string | Filter by confidence (HIGH, MEDIUM, LOW) |
| q | string | Search in rule ID and rule name |
| page | integer | Page number (default: 1) |
| per_page | integer | Results per page (default: 50, max: 100) |
Requestbash
curl "https://api.cseregistry.org/v1/tool-mappings?tool_id=prowler&confidence=HIGH" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": [
{
"id": "tm-prowler-s3-001",
"tool_id": "prowler",
"tool_name": "Prowler",
"finding_template_id": "CFT-HIPAA-TECH-ENCRYPTION-001-001",
"rule_id": "s3_bucket_default_encryption",
"rule_name": "S3 Bucket Default Encryption",
"confidence": "HIGH"
}
],
"meta": {
"version": "1.0.0",
"generated_at": "2025-01-02T12:00:00Z",
"total": 213,
"page": 1,
"per_page": 50
}
}Lookup Tool Mapping
GET /tool-mappings/lookupTeamsLookup finding templates by tool and rule ID. Use this to map scanner output to compliance findings.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| tool_id | string | Required. The security tool ID |
| rule_id | string | Required. The tool's rule/check ID |
Requestbash
curl "https://api.cseregistry.org/v1/tool-mappings/lookup?tool_id=prowler&rule_id=s3_bucket_default_encryption" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": [
{
"tool_id": "prowler",
"tool_name": "Prowler",
"rule_id": "s3_bucket_default_encryption",
"confidence": "HIGH",
"finding_template": {
"id": "CFT-HIPAA-TECH-ENCRYPTION-001-001",
"title": "Data at Rest Encryption Not Enabled",
"description": "Storage resource lacks encryption at rest protection...",
"severity": "high",
"category": "encryption",
"signal_id": "CSE-HIPAA-TECH-ENCRYPTION-001"
}
}
],
"meta": {
"version": "1.0.0",
"generated_at": "2025-01-02T12:00:00Z",
"total": 1
}
}Security Tools Teams
The Security Tools API provides information about supported security scanning tools and their rule mappings.
List Security Tools
GET /security-toolsTeamsReturns a list of all supported security scanning tools with mapping counts.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| category | string | Filter by category (e.g., cloud, container, sast) |
| q | string | Search in name, vendor, and description |
Requestbash
curl "https://api.cseregistry.org/v1/security-tools" \
-H "Authorization: Bearer YOUR_API_KEY"Response200 OK
{
"data": [
{
"id": "prowler",
"name": "Prowler",
"vendor": "Prowler Inc",
"category": "cloud",
"description": "AWS, Azure, GCP, and Kubernetes security scanning",
"website": "https://prowler.pro",
"supported_platforms": ["aws", "azure", "gcp", "kubernetes"],
"output_formats": ["json", "csv", "html"],
"mapping_count": 213
},
{
"id": "checkov",
"name": "Checkov",
"vendor": "Prisma Cloud",
"category": "iac",
"description": "Infrastructure as Code security scanning",
"website": "https://www.checkov.io",
"supported_platforms": ["terraform", "cloudformation", "kubernetes"],
"output_formats": ["json", "sarif"],
"mapping_count": 137
}
],
"meta": {
"version": "1.0.0",
"generated_at": "2025-01-02T12:00:00Z",
"total": 19
}
}Error Responses
All endpoints return consistent error responses:
Response401 Unauthorized
{
"error": {
"code": "unauthorized",
"message": "Invalid or missing API key"
}
}Response404 Not Found
{
"error": {
"code": "not_found",
"message": "Signal 'CSE-INVALID-001' not found"
}
}Response400 Bad Request
{
"error": {
"code": "invalid_parameter",
"message": "Invalid domain: 'INVALID'",
"details": {
"parameter": "domain",
"value": "INVALID",
"valid_values": ["CMMC", "HIPAA", "SOC2"]
}
}
}Response429 Too Many Requests
{
"error": {
"code": "rate_limited",
"message": "Rate limit exceeded. Try again in 60 seconds.",
"details": {
"limit": 1000,
"remaining": 0,
"reset_at": "2024-12-28T15:00:00Z"
}
}
}