• Collaborate and join the Obsidian & Cyber Working Group
• 📫 Contact me via my Cal.com link at my website

Crosswalker

Tool Overview

A Python toolkit to translate tabular cybersecurity framework data into Obsidian-ready taxonomic folder structures and interconnected markdown notes.

Essentially, a Framework crosswalk engine — crosswalks/maps and translates NIST, CIS, ISO, etc., into linked Markdown pages so you can evidence-map, explore, and automate straight from plaintext notes. I'm already 1500 lines of Python code in on this one. Way harder than expected. So far, I've got MITRE ATT&CK + D3FEND + ENGAGE, NIST800-53, CSFv2, CISv8, and the CRI Profile started.

This tool can be extended to work with other knowledge platforms.

Below example of implementation and intent in Obsidian.

GRC involves a lot of knowledge work; keeping structured frameworks side-by-side with the knowledge we input, utilize, and share could change how we do that type of work.

🚀 Features

• Supports CRI, NIST CSF, NIST SP-800-53, MITRE ATT&CK, MITRE EngAGE, MITRE D3FEND, CIS Controls v8, and custom crosswalks.
• Configurable FrameworkConfig and LinkConfig for modular addition of new frameworks and link mappings.
• Generates hierarchical folders and .md files with YAML front-matter and optional body content.

💡 Philosophy, Approach, and Goals

• First Principles: treat frameworks as taxonomic hierarchies, mapping them to file-system folders and YAML metadata/frontmatter/properties(Obsidian).
• Config-Driven: minimal code changes are required to onboard new frameworks via FrameworkConfig and LinkConfig.
• Interoperable: leverages pandas and simple CSV/XLSX mapping tables, keeping data sources separate and extensible.
• Format-Agnostic: produces Markdown with YAML front-matter and relative wikilinks or markdown links for graph-based exploration. Plaintext files work in all sorts of places.
• The goal is to have a 2-way engine that can map frameworks to a hierarchical and related structure of notes useful for Knowledge Platforms (e.g. Obsidian, Notion), then be able to map from notes back to tabular framework files or other useful tabular reports that can be pivoted on in Excel.

If I was cringe cyber salesmen, then I would term this whole system as something like a COaPN (cybersecurity ontologies as plaintext notes) or CFaN (cyber frameworks as notes)

Motivation

Evidence mapping in GRC is rough. Often, you're forced to lock all of the data into one database-backed platform and managing the linking of evidence to that platform can be error-prone, non-intuitive, and not super extensible. My thought was, why not put the evidence right next to your knowledge work. If you take notes enough and essentially build a "2nd-brain" in digital format, then mapping the evidence in it to all your various frameworks could be done in the same place. Let's put the knowledge/evidence right next to the framework in a system where they link seamlessly, then build automations and systems around that knowledge platform (e.g. Obsidian, Notion).

🏗️ Architecture & Workflow

1. Load framework spreadsheets (CSV/XLSX) from the Frameworks/ directory into pandas DataFrames.
2. Clean & normalize columns (strip whitespace, unify casing, forward-fill hierarchies).
3. Build core framework tables and crosswalk/mapping tables with custom rename and cleaning logic.
4. Deduplicate each DataFrame so that each framework ID appears only once.
5. Export all raw and merged tables into a consolidated frameworks_export.xlsx workbook for inspection.
6. Define FrameworkConfig instances for each framework, specifying ID columns, hierarchy columns, folder and file naming conventions, and front-matter mappings.
7. (Optional) Define LinkConfig instances to inject inter-framework wikilinks based on mapping tables or matching rules.
8. Run the taxonomy builder to generate an Obsidian-compatible folder structure of .md files.
9. Drop the generated folders into your Obsidian vault and visualize the framework graph.

📦 Installation & Environment

1. Clone the repository:

   git clone https://github.com/cybersader/crosswalker
   cd frameworks_to_obsidian

2. Create and activate a virtual environment:

   python3 -m venv venv
   source venv/bin/activate   # macOS/Linux
   .\\venv\\Scripts\\activate  # Windows

3. Install dependencies:

   pip install -r requirements.txt

📁 Directory Structure

.
├── cri_mapper.py              # Example: CRI-specific mapper
├── frameworks_to_obsidian.py  # Generic, multi-framework mapper
├── Frameworks/                # Place CSV/XLSX framework files here
├── requirements.txt           # Python dependencies
├── LICENSE                    # Project license (MIT)
├── README.md                  # Project overview and docs
└── CONTRIBUTING.md            # Contribution guidelines

⚖️ Data Licensing

The raw CSV/XLSX framework data under Frameworks/ is not included in this repo and remains under its original licenses. Before running the scripts, download each framework from the official sources:

• NIST Cybersecurity Framework (CSF v2.0): https://www.nist.gov/cyberframework
• NIST SP-800-53 Rev.5: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
• MITRE ATT&CK & EngAGE: https://attack.mitre.org/, https://engage.mitre.org/
• MITRE D3FEND: https://d3fend.mitre.org/
• CIS Controls v8: https://www.cisecurity.org/controls/

📖 Usage

Generic Frameworks

python frameworks_to_obsidian.py

CRI Example

This was where it all started with trying to do all this "crosswalking" between frameworks. CRI is a "community profile" of the CSFv2 framework.

python cri_mapper.py

🤝 Contributing

Contributions are welcome! See CONTRIBUTING.md for guidelines.

📝 License

This project is licensed under the MIT License. See LICENSE for details.