Overview AegisShield provides machine-readable control mappings that integrate seamlessly with enterprise Governance, Risk, and Compliance (GRC) tools. The nist-sp-800-53-controls-mapping.json file enables automated import of control implementations, evidence, and assessment data.
Format : JSON with comprehensive control metadataCompatibility : ServiceNow, RSA Archer, and custom GRC platformsAutomation : Fully automated control import and compliance reporting
Machine-Readable Control Mapping The control mapping file provides structured data for each implemented control:
{ "metadata" : { "application" : "AegisShield Threat Modeler" , "framework" : "NIST SP 800-53 Rev. 5" , "version" : "1.0" , "total_controls" : 15 , "control_families" : 6 }, "controls" : [ { "control_id" : "AC-3" , "control_name" : "Access Enforcement" , "control_family" : "Access Control" , "implementation_status" : "implemented" , "primary_file" : "api_key_handler.py" , "evidence" : "Password-type input validation, session state management" , "assessment_methods" : [ "examine" , "interview" , "test" ], "compliance_frameworks" : [ "FedRAMP" , "FISMA" ] } ], "assessment_summary" : { "total_controls_implemented" : 15 , "implementation_coverage" : "100%" , "compliance_frameworks_supported" : [ "FedRAMP" , "FISMA" ] } }
ServiceNow Integration Import Controls via REST API Integrate AegisShield controls directly into ServiceNow GRC:
# Import NIST controls into ServiceNow curl -X POST "https://your-instance.servicenow.com/api/now/table/sn_grc_control" \ -H "Authorization: Bearer $SERVICENOW_TOKEN " \ -H "Content-Type: application/json" \ -d @nist-sp-800-53-controls-mapping.json
ServiceNow Import Script For batch import with transformation:
// ServiceNow Import Script var AegisShieldImporter = Class . create (); AegisShieldImporter . prototype = { initialize : function () { this . controlsData = this . loadControlsData (); }, loadControlsData : function () { // Load from attachment or external source var jsonData = gs . getProperty ( 'aegisshield.controls.json' ); return JSON . parse ( jsonData ); }, importControls : function () { var controls = this . controlsData . controls ; for ( var i = 0 ; i < controls . length ; i ++ ) { var control = controls [ i ]; // Create or update control record var grControl = new GlideRecord ( 'sn_grc_control' ); grControl . addQuery ( 'control_id' , control . control_id ); grControl . query (); if ( ! grControl . next ()) { grControl . initialize (); } // Map AegisShield data to ServiceNow fields grControl . setValue ( 'control_id' , control . control_id ); grControl . setValue ( 'name' , control . control_name ); grControl . setValue ( 'family' , control . control_family ); grControl . setValue ( 'implementation_status' , control . implementation_status ); grControl . setValue ( 'evidence' , control . evidence ); grControl . setValue ( 'framework' , 'NIST SP 800-53 Rev. 5' ); // Save the record if ( grControl . isNewRecord ()) { grControl . insert (); } else { grControl . update (); } gs . info ( 'Imported control: ' + control . control_id ); } }, type: 'AegisShieldImporter' };
ServiceNow Configuration
Create Integration User
Create a ServiceNow user with GRC Admin role for API access
Configure REST API
Enable Table API for sn_grc_control table
Map Fields
Map AegisShield control attributes to ServiceNow GRC fields
Import Data
Run import script or REST API calls to load controls
Validate
Verify control records created with correct evidence and status
RSA Archer Integration Python Integration Script Integrate AegisShield controls with RSA Archer GRC platform:
import json import requests class ArcherIntegration : def __init__ ( self , instance_url , session_token ): self .base_url = instance_url self .session_token = session_token self .headers = { 'Authorization' : f 'Archer session-id= { session_token } ' , 'Content-Type' : 'application/json' } def load_aegisshield_controls ( self , filepath = 'nist-sp-800-53-controls-mapping.json' ): """Load AegisShield control mappings""" with open (filepath, 'r' ) as f: return json.load(f) def transform_control_for_archer ( self , control ): """Transform AegisShield control to Archer format""" return { 'ControlID' : control[ 'control_id' ], 'ControlName' : control[ 'control_name' ], 'ControlFamily' : control[ 'control_family' ], 'ImplementationStatus' : self .map_status(control[ 'implementation_status' ]), 'Evidence' : control[ 'evidence' ], 'PrimaryFile' : control[ 'primary_file' ], 'AssessmentMethods' : ', ' .join(control[ 'assessment_methods' ]), 'ComplianceFrameworks' : ', ' .join(control[ 'compliance_frameworks' ]), 'Description' : control[ 'description' ], 'ImplementationDetails' : control[ 'implementation_details' ] } def map_status ( self , aegis_status ): """Map AegisShield status to Archer values""" status_map = { 'implemented' : 'Implemented' , 'partial' : 'Partially Implemented' , 'planned' : 'Planned' , 'not_applicable' : 'Not Applicable' } return status_map.get(aegis_status, 'Unknown' ) def create_or_update_control ( self , control_data ): """Create or update control in Archer""" endpoint = f " { self .base_url } /api/core/content" # Check if control exists search_payload = { 'applicationId' : 123 , # Your Archer app ID 'fieldId' : 456 , # Control ID field 'value' : control_data[ 'ControlID' ] } search_response = requests.post( f " { self .base_url } /api/core/content/search" , headers = self .headers, json = search_payload ) existing_records = search_response.json() if existing_records: # Update existing record record_id = existing_records[ 0 ][ 'contentId' ] response = requests.put( f " { endpoint } / { record_id } " , headers = self .headers, json = control_data ) else : # Create new record response = requests.post( endpoint, headers = self .headers, json = control_data ) return response.json() def import_all_controls ( self ): """Import all AegisShield controls into Archer""" controls_data = self .load_aegisshield_controls() results = [] for control in controls_data[ 'controls' ]: archer_control = self .transform_control_for_archer(control) result = self .create_or_update_control(archer_control) results.append({ 'control_id' : control[ 'control_id' ], 'status' : 'success' if result else 'failed' , 'result' : result }) print ( f "Imported { control[ 'control_id' ] } : { result } " ) return results # Usage example if __name__ == "__main__" : archer = ArcherIntegration( instance_url = "https://your-archer-instance.com" , session_token = "your-session-token" ) results = archer.import_all_controls() print ( f "Import complete: { len (results) } controls processed" )
Archer Field Mapping Maps to control_id (e.g., “AC-3”)
Maps to control_name (e.g., “Access Enforcement”)
Maps to control_family (e.g., “Access Control”)
Maps to implementation_status - Implemented, Partially Implemented, Planned, Not Applicable
Maps to evidence - Implementation evidence and artifacts
Maps to primary_file - Source code location
Custom Dashboard Integration JavaScript/React Integration Load AegisShield compliance data into custom dashboards:
// Load into compliance dashboard fetch ( 'nist-sp-800-53-controls-mapping.json' ) . then ( response => response . json ()) . then ( data => { // Display summary metrics console . log ( `Implemented Controls: ${ data . assessment_summary . total_controls_implemented } ` ); console . log ( `Compliance Coverage: ${ data . assessment_summary . implementation_coverage } ` ); // Build control family breakdown const familyBreakdown = Object . entries ( data . control_families ). map (([ key , family ]) => ({ abbreviation: key , name: family . name , count: family . controls_count , coverage: family . implementation_percentage })); // Render dashboard renderComplianceDashboard ( familyBreakdown , data . controls ); }); function renderComplianceDashboard ( families , controls ) { // Example: Render control family cards families . forEach ( family => { const card = ` <div class="compliance-card"> <h3> ${ family . abbreviation } - ${ family . name } </h3> <p>Controls: ${ family . count } </p> <p>Coverage: ${ family . coverage } %</p> </div> ` ; document . getElementById ( 'dashboard' ). innerHTML += card ; }); // Example: Render control details table const table = controls . map ( control => ` <tr> <td> ${ control . control_id } </td> <td> ${ control . control_name } </td> <td><span class="badge-implemented"> ${ control . implementation_status } </span></td> <td> ${ control . primary_file } </td> </tr> ` ). join ( '' ); document . getElementById ( 'controls-table' ). innerHTML = table ; }
PowerBI Integration Import AegisShield compliance data into PowerBI:
Import JSON Data
Use PowerBI Web connector to load nist-sp-800-53-controls-mapping.json
Transform Data
Expand nested controls array and control_families object
Create Relationships
Link controls to families using control_family_abbreviation
Build Visualizations
Create charts for control coverage, family breakdown, and framework compliance
Automated Compliance Queries Using jq for JSON Processing Extract specific compliance data using jq:
Find All Access Control Implementations
Extract Evidence for Specific Control
Generate Control Implementation Matrix
List Enhancement Controls
Export Control Family Summary
Filter by Compliance Framework
Generate Assessment Summary
Export to CSV Format
# Find all Access Control implementations jq '.controls[] | select(.control_family_abbreviation == "AC")' \ nist-sp-800-53-controls-mapping.json # Output: # { # "control_id": "AC-3", # "control_name": "Access Enforcement", # "control_family": "Access Control", # "implementation_status": "implemented", # ... # }
Python Query Examples Query AegisShield controls using Python:
import json class ControlQueryEngine : def __init__ ( self , mapping_file = 'nist-sp-800-53-controls-mapping.json' ): with open (mapping_file, 'r' ) as f: self .data = json.load(f) def get_controls_by_family ( self , family_abbr ): """Get all controls for a specific family""" return [ c for c in self .data[ 'controls' ] if c[ 'control_family_abbreviation' ] == family_abbr ] def get_control_evidence ( self , control_id ): """Get implementation evidence for specific control""" for control in self .data[ 'controls' ]: if control[ 'control_id' ] == control_id: return { 'evidence' : control[ 'evidence' ], 'locations' : control[ 'implementation_locations' ], 'details' : control[ 'implementation_details' ] } return None def get_enhancement_controls ( self ): """Get all controls with enhancements implemented""" return [ { 'control_id' : c[ 'control_id' ], 'enhancement' : c[ 'enhancement_implemented' ] } for c in self .data[ 'controls' ] if 'enhancement_implemented' in c ] def get_compliance_summary ( self , framework = 'FedRAMP' ): """Get compliance summary for specific framework""" applicable_controls = [ c for c in self .data[ 'controls' ] if framework in c[ 'compliance_frameworks' ] ] return { 'framework' : framework, 'total_controls' : len (applicable_controls), 'implemented' : len ([c for c in applicable_controls if c[ 'implementation_status' ] == 'implemented' ]), 'coverage_percentage' : 100 * len ([c for c in applicable_controls if c[ 'implementation_status' ] == 'implemented' ]) / len (applicable_controls) } def export_to_grc_format ( self , output_format = 'servicenow' ): """Export to GRC tool format""" if output_format == 'servicenow' : return self ._format_for_servicenow() elif output_format == 'archer' : return self ._format_for_archer() else : return self .data def _format_for_servicenow ( self ): return [ { 'control_id' : c[ 'control_id' ], 'name' : c[ 'control_name' ], 'family' : c[ 'control_family' ], 'status' : c[ 'implementation_status' ], 'evidence' : c[ 'evidence' ], 'framework' : 'NIST SP 800-53 Rev. 5' } for c in self .data[ 'controls' ] ] # Usage query = ControlQueryEngine() # Get all audit controls audit_controls = query.get_controls_by_family( 'AU' ) print ( f "Found { len (audit_controls) } audit controls" ) # Get evidence for specific control evidence = query.get_control_evidence( 'AC-3' ) print ( f "AC-3 Evidence: { evidence[ 'evidence' ] } " ) # Get FedRAMP compliance summary fedramp_summary = query.get_compliance_summary( 'FedRAMP' ) print ( f "FedRAMP Coverage: { fedramp_summary[ 'coverage_percentage' ] } %" )
Integration Workflows Weekly Compliance Sync Automate weekly synchronization of AegisShield controls to GRC platform:
Extract Latest Controls
Pull latest nist-sp-800-53-controls-mapping.json from repository
Transform Data
Convert to target GRC platform format
Sync to GRC
Push updates via API (ServiceNow, Archer, etc.)
Validate
Verify all controls synchronized correctly
Report
Generate sync report with any errors or warnings
Automated Assessment Reporting Generate compliance reports automatically:
#!/bin/bash # generate-compliance-report.sh echo "AegisShield Compliance Report" > report.txt echo "Generated: $( date )" >> report.txt echo "" >> report.txt echo "=== Assessment Summary ===" >> report.txt jq '.assessment_summary' nist-sp-800-53-controls-mapping.json >> report.txt echo "" >> report.txt echo "=== Control Families ===" >> report.txt jq '.control_families' nist-sp-800-53-controls-mapping.json >> report.txt echo "" >> report.txt echo "=== FedRAMP Controls ===" >> report.txt jq '.controls[] | select(.compliance_frameworks[] == "FedRAMP") | {control_id, control_name, status: .implementation_status}' \ nist-sp-800-53-controls-mapping.json >> report.txt echo "Report generated: report.txt"
Best Practices
Store control mappings in version control
Track changes to control implementations
Tag releases with compliance milestones
Maintain audit trail of all modifications
Validate JSON schema before import
Test GRC integration in staging environment
Verify data integrity after synchronization
Monitor for failed imports or API errors
Document field mappings for each GRC platform
Maintain runbooks for integration procedures
Record API credentials securely
Keep integration scripts updated
Use service accounts for API access
Rotate API tokens regularly
Encrypt credentials in transit and at rest
Audit all integration activities
Additional Resources
NIST SP 800-53 Controls View detailed control implementations
FedRAMP Readiness Learn about FedRAMP compliance
ServiceNow GRC ServiceNow GRC platform documentation
RSA Archer RSA Archer GRC suite information