Changelog
Version history for the CSE specification and registry. All notable changes are documented here.
Versioning: CSE uses semantic versioning. Major versions indicate breaking changes, minor versions add new features, and patch versions are for fixes and clarifications.
v1.0.0 - Initial Release
Released: December 2024
The initial public release of the Compliance Signal Enumeration specification and registry.
Registry
- 1,132 signals across 12 compliance domains
- 1,308 control mappings linking signals to framework controls
- Full coverage of major compliance frameworks including HIPAA, SOC 2, ISO 27001, PCI DSS, CMMC, GDPR, and more
Specification
- Signal format - Canonical structure for defining compliance-relevant technical conditions
- Registry format - Manifest and directory structure for the signal registry
- Mapping format - Structure for linking signals to framework controls
- Finding format - Standardized structure for recording signal observations
- Artifact format - Evidence format for supporting findings
API
- RESTful API for programmatic registry access
- Signal listing, filtering, and search endpoints
- Control mapping retrieval
- Domain and statistics endpoints
- Community tier with 10,000 requests/day
Documentation
- Complete specification documentation
- API reference with examples
- Integration guides for security tools, compliance platforms, GRC systems, and CI/CD pipelines
- Web-based registry browser
Domains Included
| Domain | Signals |
|---|---|
| FEDRAMP | 145 |
| CMMC | 134 |
| HITRUST | 126 |
| CIS | 120 |
| NISTCSF | 106 |
| ISO27001 | 93 |
| GDPR | 80 |
| HIPAA | 75 |
| CCPA | 70 |
| PCIDSS | 64 |
| SOC2 | 64 |
| GEN | 55 |
Upcoming
Features and improvements planned for future releases:
Registry Expansion
- Additional signals for cloud-native security patterns
- Expanded coverage for container and Kubernetes security
- More detailed detection conditions and artifact specifications
New Frameworks
- NIST 800-53 mappings
- StateRAMP mappings
- Industry-specific frameworks based on community requests
API Enhancements
- Webhook notifications for registry updates
- Bulk export endpoints
- GraphQL API (under consideration)
Tooling
- Official SDKs for Python, JavaScript, and Go
- CLI tool for signal lookup and validation
- IDE extensions for signal reference
Contributing
Want to contribute to CSE? Here's how:
- Report issues: Open an issue for bugs, inaccuracies, or suggestions
- Propose signals: Submit new signal proposals via GitHub
- Expand mappings: Contribute mappings to additional frameworks
- Improve docs: Submit pull requests for documentation improvements
See the contribution guidelines for more details.
Subscribing to Updates
Stay informed about CSE updates:
- GitHub: Watch the repository for releases and discussions
- API: Check the
/statsendpoint for registry version