Methodology Brief

The Multi-Lensatic Methodology: translation, not conquest

The multi-lensatic methodology is a way of mapping compliance data so that one unit of work can be read through five different lenses — regulatory mandate, technical control, workforce role, proficiency, and automation capability — without forcing any framework to change its own language. It is a Babel-fish approach to compliance: every framework keeps its own vocabulary, and translation happens at the seam, on demand, with the evidence trail intact.

The Problem · One Unit of Work, Five Names

A single security task carries a different name in every framework. A regulation calls it an obligation. A STIG calls it a configuration. A workforce framework calls it someone's job. The work never changes — only the vocabulary does. Compliance crosswalks keep dying because nobody sustains the translation as the sources move. The method is the shape that doesn't go stale: it treats every framework as a witness, never a winner.

The Engine · Build-Time Harmonization

The slow, auditable foundation

Matching entities across vocabularies, classifying terms on shared axes, and arbitrating between conflicting testimony. Expensive up front. It buys the fast, cheap read-time payoff on the other side — done once, refreshed as sources move.

Curated Heuristics

Expert-written pattern rules over canonical forms. Versioned, citable, zero variance.

Algorithmic Heuristics

Morphological normalization and variant clustering. Deterministic and replayable.

Explicit AI

The idempotent rules engine. Only touches rows still flagged pending, so re-runs stay safe.

Generative AI

Handles the genuinely tacit cases. Returns structured calls with confidence and evidence.

No witness gets crowned. A rule firing at ≥0.9 wins outright. Between 0.6–0.9, both testify — the stronger side writes, the loser is preserved in provenance. No rule, unsure model? The row honestly stays Unknown and flags for the next pass.

The Five Lenses · Parallel Testimony

01The Obligation

Regulatory Mandate

Statutes · Regulations · Frameworks

What am I obligated to do?

The legal and framework requirement — the duty a statute, regulation, or control framework places on you, in its own language (NIST 800-53, CMMC, FedRAMP, RegGenome regulatory guidance).

02The Configuration

Technical Control

STIGs · Benchmarks · Hardening guides

What gets configured, and how is it graded?

The concrete setting that satisfies the obligation and the check that grades it — DISA STIGs for government work, CIS Benchmarks for everyone else.

03The Responsibility

Workforce Role

NICE · DCWF · 8140 · O*NET

Whose job is this?

The human accountable for the work — mapped to the NICE Framework, DCWF, DoD 8140, and O*NET occupations.

04The Demand

Proficiency

Cognitive levels · Literacy tiers · Dreyfus stages

How hard is it, and what does it demand?

The skill level the task requires — expressed in cognitive levels, literacy tiers, and Dreyfus stages so demand can be matched to capability.

05The Skill

Automation Capability

AI skills · Plugins · Agent tiers

Can software do this, and to what degree?

Whether and how far software can carry the task — scored across AI skills, plugins, and agent tiers. This is the horizon lens: Next, not Now.

Sovereignty Over Conquest

The Babel Fish Principle

No framework sits at the center

The method acts as a translator, never a judge. Each community keeps its own vocabulary, its own purpose, its own authority. The method never asks a standards body to change a word. Existing crosswalks aren't competitors — they're absorbed as one more witness, scored and sourced alongside the rest.

The Payoff · Read-Time Disambiguation

Enter through any door

A user arrives speaking exactly one vocabulary — a STIG, a job title, an AI plugin. The system resolves it to the canonical unit and re-renders it through every other lens. Fast and cheap, because harmonization already paid the toll.

Multi-framework efficiency: Implement controls once for CMMC. When the FedRAMP assessor calls, walk the mappings and report through the ones that hold — same work, claimed in both languages.

“Enter through any door, see the paths to all the rooms.”
Whether the surface is a viewer, a dashboard, or a raw GraphQL query.

The One-Sheet

The full methodology brief is also available as a printable visual one-sheet — view the infographic.

The method, as a product you can click

Enter through your door

Open a STIG and see the roles. Search your role and see your STIGs and regulations. The lenses are live on STIGViewer today.

Browse STIGs Explore Roles