Quick reference for the terms used across the explorer.
Entry status
live
Callable today. For most kinds this means a generated calculator exists; for compositions, the umbrella resolves at call time by walking its components. Available via the endpoint shown in the header.
candidate
The framework or control has been recognised by the classifier. Extraction is on the queue or under review. Not yet callable.
pending
Same as candidate for the sidebar's purposes. The entry is known but its callable form is not yet ready.
reference
Tracked for graph completeness only. Informational; not on the extraction path.
Entry kind
formula
A callable calculator. Inputs in, one or more numbers out, with full provenance. Endpoint: POST /v1/calculate/<id>.
dataset
A reference lookup table (control catalog, threshold table, attack technique index). Endpoint: POST /v1/lookup/<id> with a {"key": ...} body.
composition
An umbrella entry made of named components. Each component is itself an entry in the graph. Call the umbrella with what you have; the engine resolves the rest from its components. Endpoint: POST /v1/calculate/<id>.
framework
A control or reporting framework (ISO/IEC 27001, NIST CSF, SOC 2 TSC). Read, do not run. Endpoint: GET /v1/frameworks/<id>.
registry
A certification or attestation registry (FedRAMP marketplace, CSA STAR, HITRUST). Read, do not run. Endpoint: GET /v1/registries/<id>.
component
A sub-control or implementation guidance. Part of a parent control or framework family.
Integrity and cross-mapping standards. OSCAL, Secure Controls Framework, NIST OLIR.
L6
Procurement and buyer frameworks. CMMC, CSA CAIQ, DORA third-party risk, vendor assurance.
L7
Regulatory compliance regimes. GDPR, DORA, NIS2, EU AI Act, HIPAA, SOX, state privacy laws.
Relationships (dependency tree)
builds on
This framework or control depends on the other for its logical foundation (stored edge type imports). Removing it breaks this one. Shown as "built on by" from the other side.
uses values from
Consumes a normative value (threshold, baseline parameter, severity score) from the other (stored edge type uses_factor). Shown as "provides values to" from the other side.
references
Cites the other informationally, with no mechanical dependency (stored edge type references). Shown as "referenced by" from the other side.
is recognised by
A body, scheme, or regulator formally recognises this framework (stored edge type recognized_by). Shown as "recognises" from the other side.
supersedes
Replaces a previous version; the older version is retained for historical reference (stored edge type supersedes). Shown as "superseded by" from the other side.
Builds on / Used by
The two directions of the dependency tree. "Builds on" lists what this entry depends on, references, or is recognised by. "Used by" lists what builds on, references, or recognises this entry.
Select a framework from the sidebar
Every framework and control in the graph is callable via REST. Pick one to inspect its schema, see its cross-mappings, and run a query against the live API.