Cybersecurity Compliance Intelligence

Overview

Cybersecurity Compliance Intelligence is a structured mapping database for comparing cybersecurity standards, regulatory requirements, and threat-informed defense frameworks.

The project brings together compliance sources such as NIST Cybersecurity Framework, NIST SP 800-53, ISO 27001, MITRE ATT&CK, and MITRE D3FEND, then exposes the mapped data through query-oriented workflows.

Instead of treating each framework as a separate spreadsheet or reference document, the system organizes controls and mappings into a searchable data layer for compliance analysis and cross-framework discovery.

---

Compliance Mapping Gap

Compliance work often requires analysts to move between multiple frameworks, spreadsheets, and reference documents.

Each framework may describe controls, functions, techniques, or defensive concepts differently, even when they point to related security outcomes.

The project explores a practical question:

How can structured framework mappings make regulatory cross-referencing faster, more searchable, and easier to reuse?

By turning framework relationships into queryable data, the system reduces the manual effort required to compare standards and reason across compliance sources.

---

System Approach

The system combines structured framework data, mapping spreadsheets, and query interfaces into a compliance intelligence workflow.

Core responsibilities of the platform include:

• Regulatory framework data collection
• Cross-framework mapping normalization
• SQLite database design for compliance records
• GraphQL query access over mapped data
• Metabase-based exploration and joining
• Python workflows for retrieving and analyzing query results

---

Architecture

The backend follows a data-first compliance mapping flow:

1. Collect framework and mapping spreadsheets from public regulatory and security sources
2. Normalize framework identifiers, names, controls, techniques, and defensive concepts
3. Store the mapped compliance data in a SQLite database
4. Expose selected records through a GraphQL server for targeted lookup
5. Use Metabase for no-code joins, filtering, and exploratory analysis
6. Retrieve query results through Python scripts for downstream analysis

This design made the project useful as both a compliance reference database and an API-backed exploration workflow.

---

Data Sources

The project references five primary standards and security frameworks:

• NIST Cybersecurity Framework
• NIST SP 800-53
• MITRE ATT&CK
• MITRE D3FEND
• ISO 27001

To connect these sources, the project uses mapping references across:

• NIST CSF and NIST SP 800-53
• NIST SP 800-53 and ISO 27001
• NIST CSF and NIST SP 800-207
• NIST SP 800-53 and MITRE ATT&CK
• NIST SP 800-53 and MITRE D3FEND
• MITRE D3FEND and MITRE ATT&CK

---

My Contributions

I designed and implemented the compliance mapping workflow, from source framework research through database organization, query access, and analysis tooling.

My work included:

• Researching public cybersecurity standards, frameworks, and mapping references
• Organizing framework data into a structured compliance database
• Designing queryable relationships across controls, techniques, and defensive concepts
• Building a GraphQL server for searching mapped compliance records
• Using Metabase to support visual joins, filtering, and data exploration
• Writing Python workflows for retrieving Metabase query results through API access
• Documenting the setup so the workflow could be reused with other compliance databases

---

Technical Challenges

Framework Alignment

Compliance frameworks do not share a single vocabulary.

NIST CSF functions, NIST SP 800-53 controls, ISO 27001 requirements, MITRE ATT&CK techniques, and MITRE D3FEND defensive concepts each describe security from different perspectives.

The main modeling challenge was preserving those differences while still making related records searchable across frameworks.

---

Queryable Compliance Data

Spreadsheets are useful for source data, but they are difficult to reuse in analysis workflows.

The project turned static mapping documents into a queryable database, then exposed that data through GraphQL and Metabase so users could search, join, filter, and retrieve compliance relationships more efficiently.

---

Analyst-Friendly Exploration

Compliance analysis is often performed by people who need fast answers rather than raw database access.

Metabase provided a way to explore joins and filters visually, while the GraphQL and Python workflows supported more targeted technical access for repeatable analysis.

---

Results

The final system demonstrated:

• Cross-referencing across five cybersecurity standards and frameworks
• Structured mapping workflows for regulatory and security control data
• Searchable GraphQL access to compliance records
• Metabase-based joining, filtering, and visual exploration
• Python API retrieval for downstream analysis
• A reusable workflow for building compliance mapping databases

The database content was kept internal, so the public project focuses on the workflow, architecture, and integration approach rather than publishing the full mapped dataset.

---

Key Learnings

This project showed that compliance intelligence is largely a data modeling problem.

The most useful part of the system was not a single search interface, but the structured representation of relationships between frameworks that normally live in separate documents.

It also reinforced the value of pairing technical query layers with analyst-friendly exploration tools when building security governance systems.

---

Future Directions

Potential future improvements include:

• Adding more regulatory and industry frameworks
• Improving mapping confidence and provenance tracking
• Adding natural-language retrieval over mapped controls
• Supporting richer graph-style relationship exploration
• Building a dedicated analyst-facing compliance search interface
• Adding exportable reports for audit and governance workflows