The NIST 800-53 special publication provides guidelines for selecting and specifying security controls for information systems to meet the requirements of FIPS 200 (Minimum Security Requirements for Federal Information and Information Systems). A database of the NIST 800-53 Security Controls may be downloaded from here. This database makes it easy to get at the security controls data for use within another application. The (Windows-only) zipped application from the NIST website supports data export in a variety of formats.
I was interested in populating an ontology with the security controls, so it suited me to have the data available as raw XML. A simple export of all data was all that was necessary. I later used the Apache XMLBeans tool (inst2xsd) to generate a schema of the exported XML data, and to later read back the content through Java API generated from the schema through (scomp). This makes it quite easy to simply just extract parts of the document that were relevant within a Java application. Given the versatility of XML, other alternatives exist, such as XQuery or XPath.