Over the years, there’s been a push to “liberate the data” within risk management documentation. We’ve seen a move from scanned-in PDF files to modern PDF files, to Excel spreadsheets, to some JSON-readable formats. This progress has been fantastic, but we’re still seeing most organizations use custom-made, non-standard spreadsheets to manage their risk.

TCAnnex has seen and helped organizations use many different documents to manage risk, and most organizations are facing steep learning curve challenges when integrating these documents into their business processes. As we all know, spreadsheets are where most of the work gets done. We’ve seen countless businesses creating bespoke spreadsheets from documents (in whatever data format they can get their hands on). However, these spreadsheets usually become unwieldy over time, with lots of inconsistencies and the need for periodic manual reviews and updates, especially as risk management documents are revised.

To mitigate the inconsistency risk, TCAnnex is proud to announce the alpha version of our risk management document API! This API allows users to access the data within 11 major NIST documents with direct, repeatable calls. This API solves the problem of not having a single source of ground truth. Furthermore, the API creates a platform on which to innovate and bring these documents into further alignment and create powerful new tools.

TCAnnex has painstakingly curated each of the 11 documents (listed below) into a common format, a single database, and a common programmatic way of accessing them. It is now possible to tie together disparate NIST documents into your own risk management processes and tools with confidence, knowing that you will always have consistent, high-integrity data. We hope to spur innovation in this space by lowering the barrier to entry for using these documents.

The API is now available for TCAnnex founding members at no additional cost. Message info@tcannex.com to get your founder discount coupon. The API is available to everyone else for the remainder of 2025 for $75 (USD).

We’re excited to deliver this platform to you and are deeply interested in your feedback (contact us at info@tcannex.com). We anticipate updating the list of available documents, relationships between those documents, and other features to make risk management guidance more usable.

• Artificial Intelligence Risk Management Framework (AI RMF 1.0)

• Framework for Improving Critical Infrastructure Cybersecurity 1.0 (CSF 1.0)

• Framework for Improving Critical Infrastructure Cybersecurity 1.1 (CSF 1.1)

• The NIST Cybersecurity Framework (CSF) 2.0

• National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2017)

• Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) Components 1.0.0

• Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) Components 2.0.0

• NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0

• Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF 1.0)

• Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities

• Information and Communications Technology (ICT) Risk Outcomes: Integrating ICT Risk Management Programs with the Enterprise Risk Portfolio