One platform for STIGs and cyber regulation
The public STIG catalog stays free for everyone. Upgrade when you are ready to act on it. Build custom lists, export to your toolchain, drive your own automation through the API, and track US cyber regulation alongside your STIGs.
Choose your plan
Every paid plan includes the Combined Role Library and full API access. Annual commitment, billed quarterly. The public STIG catalog remains free for everyone.
Not sure which plan? Start Free, no credit card, and upgrade anytime from your account page. Your org, teammates, and saved lists come with you.
Free
STIG library, Dashboard, O*NET, NICE, and default save lists. View everything, no credit card.
- STIG Library + Dashboard
- O*NET Role viewing
- NICE Work Role viewing
- Default save lists (My STIGs, My Roles)
- Org & teammate invites
- STIG-update email alerts
STIGViewer
STIG Library, custom lists, exports, and API access
- STIG Library
- Combined Role Library
- API Access
RegGenome US-Cyber
Cyber regulatory intelligence from US agencies
- RegGenome US-Cyber
- Combined Role Library
- API Access
OpenControls Complete
Everything: STIGs, RegGenome, and O*NET
- STIG Library
- RegGenome US-Cyber
- Combined Role Library
- API Access
What a paid plan unlocks
Free is for reading and saving. Paid is for acting: automating, exporting, and tracking regulation across your whole team.
Custom lists & collections
Group STIGs, roles, and controls into named, shareable lists with tags and color coding, beyond the default My STIGs / My Roles you get free.
Excel, JSON & CKLB exports
Take any STIG into your audit workpapers, POA&M templates, or GRC platform in the format your toolchain already speaks.
Full API access
Pull STIG, role, and regulatory data into your CI/CD pipelines, dashboards, and governance tools through documented endpoints with stable IDs.
US cyber regulatory feed
RegGenome ingests FedRAMP, CMMC, NIST, and CISA publications and surfaces the cyber-relevant passages your compliance team actually needs to read.
Framework & signpost mapping
Every regulatory item is cross-mapped to NIST CSF and other frameworks, so you can reconcile new rules against the controls you already run.
Combined Role Library
Map STIGs and regulations to O*NET occupational roles to identify who is responsible for each control before you assign the work.
Billing, access, and getting started
- Is the STIG catalog really free?
- Yes. Browsing the full DISA STIG library, viewing findings, the STIG Dashboard, O*NET and NICE role detail, and saving to your default lists are all free, no credit card required. Paid plans add custom lists, exports, the API, and RegGenome regulatory intelligence.
- How am I billed?
- Paid plans are an annual commitment, invoiced quarterly. The STIGViewer plan, for example, is $1,500/year billed as $375 each quarter. One invoice, one team, one set of credentials.
- What does "API access" unlock?
- Programmatic access to the same STIG, role, and regulatory data you see in the app (findings, severity, fix text, check content, role mappings) through documented REST endpoints with stable IDs, ready to wire into your pipelines and dashboards.
- Can I upgrade later without losing my work?
- Yes. Start Free, create your org, invite teammates, and save what you find. Upgrade anytime from your account page and everything you have built carries over. Nothing is lost on the way up.
- Why is OpenControls Complete the best value?
- Complete bundles the full STIGViewer plan and RegGenome US-Cyber into a single $3,500/year subscription. Bought separately the two plans total $4,000/year, so Complete saves $500 a year and consolidates everything onto one invoice.
Ready to get started?
Create your account, choose a plan, and start building your compliance library in minutes. Or keep browsing the catalog free, no sign-in required.