Maintain a human-readable cross-reference showing CWE → STIG Finding → NIST 800-53 Control mappings as a standalone data asset. **Acceptance Criteria:** - [ ] Table: CWE ID → STIG Finding ID(s) → NIST 800-53 Control(s) → Severity → Mapping Confidence → Description - [ ] Clearly identify STIG findings that are procedural/organizational (not detectable by SAST) - [ ] Clearly identify partial vs. full coverage per STIG finding - [ ] Publish as Markdown in repo, downloadable CSV, and Excel - [ ] Include STIG version and mapping version in all outputs - [ ] Automated validation that all referenced STIG finding IDs exist in the source STIG data - [ ] Contribution guide for community submissions of new mappings
Maintain a human-readable cross-reference showing CWE → STIG Finding → NIST 800-53 Control mappings as a standalone data asset.
Acceptance Criteria: