March 16, 2026 – OpenControls.ai today announced the general availability of the STIGViewer CLKB API, a structured data service that transforms raw DISA Security Technical Implementation Guides into machine-readable JSON accessible through standard REST endpoints. The API ships with full NIST 800-53 and DoD 8500 cross-referencing, quarterly auto-updates synchronized with DISA releases, and O*NET occupational data bundled at no additional cost.

The problem it solves isn't complicated. It's just expensive.

Every organization under STIG compliance builds some version of the same pipeline: download XML from DISA, parse it, normalize it, map it to control frameworks, store it, and then do it all over again every quarter when DISA publishes updates. That pipeline costs $15,000–$30,000 in engineering time to build and $5,000–$10,000 per year to maintain. The STIGViewer CLKB API eliminates it for $1,500 per year.

"The data has always been free," said the OpenControls.ai Product Team. "What hasn't been free is the engineering effort to make it usable. We've built the pipeline once so nobody else has to."

What Ships Today

The CLKB API delivers all ~500 DISA STIG profiles as structured JSON via REST endpoints. Every requirement is cross-referenced to its corresponding NIST 800-53 controls and DoD 8500 Information Assurance controls. When DISA publishes quarterly updates, the API reflects them automatically – no downloads, no parsing, no validation cycle.

O*NET occupational data from the Department of Labor is bundled free with every subscription, laying the groundwork for role-based compliance discovery.

Key capabilities:

• Structured STIG Data: All DISA STIGs normalized to JSON with consistent schemas, slug-based URLs, and full-text search
• Framework Cross-Referencing: Every STIG requirement mapped to NIST 800-53 and DoD 8500 controls
• Quarterly Auto-Updates: Synchronized with DISA release cycles – zero manual intervention required
• O*NET Integration: Department of Labor occupational data accessible through the same API
• Standard REST Interface: JSON responses, API key authentication, 1,000 requests per hour

Zero Switching Costs

The CLKB API isn't a platform. It's a data layer. It delivers structured compliance intelligence via standard REST endpoints that slot into whatever your team already uses – GRC platforms, SIEMs, automation scripts, custom dashboards. Ansible playbooks. ServiceNow workflows. It doesn't matter.

"We ask no one to switch anything," the team emphasized. "We ask them to consume structured compliance data that makes whatever they already use measurably smarter."

What's Coming: Semantic Compliance

The CLKB API is the foundation for something larger. OpenControls.ai is building a Semantic Enrichment Layer that will transform how STIG requirements are consumed – breaking verbose natural language mandates into atomically decomposed, independently testable units and mapping them to O*NET occupational roles.

This addresses what OpenControls.ai calls the "Compliance Defensibility Gap": the inability of organizations to prove why a specific role is responsible for a specific requirement, or to justify workforce allocation to auditors with anything better than tribal knowledge.

Planned capabilities include:

• Atomic Decomposition: Breaking compound STIG requirements into independent, testable mandates
• O*NET Role Mapping: Automatically linking controls to Standard Occupational Classification codes – so Network Administrators see network controls and Database Administrators see database controls
• Complexity Forecasting: Shannon entropy scoring to distinguish automatable configuration tasks from decisions requiring senior architectural expertise
• Bidirectional Discovery: Query by role ("What do I need to do?") or by asset ("What controls apply to this Cisco switch?")

Organizations that subscribe to the CLKB API now will receive the Semantic Enrichment Layer at their existing subscription price when it ships. Same API. Same integration. New intelligence.

Pricing and Availability

STIGViewer already serves 48,000 monthly active users who rely on STIG data for compliance workflows. The CLKB API is available immediately.

• $1,500 per year (billed quarterly at $375), per organization
• All STIG profiles, all cross-referencing, O*NET data included
• 2 API keys, 1,000 requests per hour
• Email support with 48-hour response SLA
• Annual subscription, quarterly billing

Organizations interested in reselling or embedding the API within their platforms can contact OpenControls.ai about the partner program.

---

About OpenControls.ai

OpenControls.ai builds compliance data infrastructure for organizations that need defensible, machine-readable security intelligence – without the pipeline tax. A product of MoxyWolf LLC.

Media Contact: Philm@moxywolf.com Partner Inquiries: Dorianc@moxywolf.com