OpenControls
Create free account
Back to OpenControls

Whitepaper

The Multi-Lensatic Methodology

Translation, Not Conquest

9-page research paper 18 min read 16 cited sources January 2026

Compliance crosswalks fail on a predictable schedule: a mapping team launches, harmonizes frameworks, and goes quiet within two years, leaving behind a stale crosswalk that people still trust. The field's standing remedy – nominating a hub framework and mapping everything into it – repeats the same structural error, because no single authoritative standard will ever exist, just as no single human language ever has.

This paper proposes the multi-lensatic methodology, grounded in the epistemology of contradictory testimony rather than the search for a winner. The same unit of work is read through five lenses (regulatory mandate, technical control, workforce role, proficiency, and automation capability), with every framework kept sovereign and every classification backed by explicit provenance. The methodology is in active use at GRCSchema.org and STIGViewer.com.

Create a free account to read it The full essay and PDF unlock with a free account.

Cited sources

  1. Defense Information Systems Agency. Control Correlation Identifier (CCI) specification and CCI list. Fort Meade (MD): DISA.
  2. Cougias DJ, et al. Methods and systems for a compliance framework database schema. United States patent US 9,009,197 B2. 2015 Apr 14.
  3. Cougias DJ. Auditable compliance crosswalks: a rules-based approach to SKOS mapping in the era of LLM-based ontology matching. ResearchGate; 2026. doi:10.13140/RG.2.2.15866.45768
  4. Akutagawa R. In a grove (Yabu no naka). 1922. Reprinted in: Rashomon and other stories. New York: Liveright; 1952.
  5. Polanyi M. The tacit dimension. London: Routledge & Kegan Paul; 1966.
  6. Adams D. The hitchhiker's guide to the galaxy. London: Pan Books; 1979.
  7. Miles A, Bechhofer S, editors. SKOS Simple Knowledge Organization System reference. W3C Recommendation. World Wide Web Consortium; 2009 Aug 18.
  8. Anderson LW, Krathwohl DR, editors. A taxonomy for learning, teaching, and assessing: a revision of Bloom's taxonomy of educational objectives. New York: Longman; 2001.
  9. U.S. Department of Defense. DoD cyberspace workforce qualification and management program. Washington (DC): DoD; 2023. DoD Manual 8140.03.
  10. National Institute of Standards and Technology. Workforce framework for cybersecurity (NICE framework). Gaithersburg (MD): NIST; 2020. Special Publication 800-181 Rev. 1.
  11. Dreyfus SE, Dreyfus HL. A five-stage model of the mental activities involved in directed skill acquisition. Berkeley (CA): University of California, Operations Research Center; 1980. Report No.: ORC 80-2.
  12. Association for Computing Machinery. Computing-verb classification used in computing curricula guidance. [Full citation to be confirmed by the author.]
  13. National Center for O*NET Development. O*NET OnLine.
  14. Secure Controls Framework Council. Secure Controls Framework (SCF).
  15. RegGenome. Machine-readable regulatory content.
  16. EC-Council. DoD 8140 and DoD Cyber Workforce Framework certification mappings.