Compliance Signal Enumeration

A neutral, machine-readable registry of compliance-relevant technical signals for interoperability across security tools, compliance platforms, and GRC systems.

Get StartedBrowse RegistryGet Community API Key
1,132
Signals
12
Domains
1,308
Mappings
100%
Coverage

The Interoperability Gap

Security tools report findings using proprietary identifiers. Without a shared vocabulary, correlation requires manual effort at every boundary.

!Without CSE

Tool A: "SSH_OPEN_TO_INTERNET"
Tool B: "public-ssh-access-detected"
Tool C: "Finding: SSH port 22 exposed"
Organization: "Which control does this violate?"

With CSE

CSE-CMMC-COMMS-UNRESTRICTED-SSH-001
High
Unrestricted SSH Access from Internet
networksshaccess-controlperimeter
Framework Mappings
CMMC SC.L2-3.13.1NIST SP 800-53 SC-7ISO 27001 A.13.1.1
Unified identifier across all security tools
Instant mapping to compliance controls
Machine-readable for automation
Audit-ready documentation

More Than a Catalog

CSE provides standardized infrastructure for compliance data exchange.

Signal Registry

1,132 canonical definitions for compliance-relevant technical conditions across 12 frameworks.

Mapping Dataset

1,308 pre-built relationships linking signals to framework controls with confidence scores.

Finding Format

Standardized structure for findings that enables cross-tool interoperability and unified audit trails.

Artifact Format

Immutable evidence records with cryptographic integrity for audit-ready compliance documentation.

Validation API

Validate signals, findings, artifacts, and mappings against CSE schemas via simple API calls.

Community API

RESTful API with search, bulk operations, and validation. No setup required.

Supported Frameworks

CSE covers signals across major compliance frameworks with complete control mappings.

CMMC
Defense contractors
134 signals
HIPAA
Healthcare
75 signals
GDPR
Data privacy
80 signals
PCI DSS
Payment cards
64 signals
SOC 2
Service orgs
64 signals
ISO 27001
InfoSec mgmt
93 signals
HITRUST
Healthcare IT
126 signals
FedRAMP
Federal cloud
145 signals
NIST CSF
Cyber risk
106 signals
CIS Controls
Security benchmarks
120 signals
CCPA
CA privacy
70 signals
General
Cross-framework
55 signals

Quick API Examples

Query the registry programmatically. Click on examples to see live responses.

API Examples

Click to explore

GEThttps://cseregistry.org/api/v1/signals?domain=HIPAA&category=TECH
200 OK
{
  "data": [
    {
      "id": "CSE-HIPAA-TECH-NO-ENCRYPTION-004",
      "canonical_name": "Unencrypted PHI Storage",
      "description": "Protected Health Information stored without encryption at rest",
      "domain": "HIPAA",
      "category": "TECH",
      "severity": "critical",
      "status": "active"
    },
    {
      "id": "CSE-HIPAA-TECH-WEAK-AUTH-002",
      "canonical_name": "Weak Authentication for PHI Access",
      "description": "Systems containing PHI lack multi-factor authentication",
      "domain": "HIPAA",
      "category": "TECH",
      "severity": "high",
      "status": "active"
    }
  ],
  "meta": {
    "total": 12,
    "page": 1,
    "per_page": 50
  }
}
View Full API Documentation

CSE is open infrastructure

The specification is public. The adoption is voluntary. The value compounds as more tools and platforms participate.

Report an Issue

Found a bug, inaccuracy, or have a suggestion? Open an issue to help us improve.

Contribute

Add new signals, expand framework mappings, or improve documentation via pull request.

Join the Discussion

Share feedback, ask questions, or discuss the future direction of the CSE specification.

Read the DocumentationView API PricingStar on GitHub