Stats
Actions
Tags
From grc-engineer
Maps infrastructure code (Terraform, Kubernetes, CloudFormation) to compliance controls (ISO 27001, SOC 2, NIST 800-53). Analyzes IaC files and generates compliance evidence mappings showing which controls are satisfied.
How this skill is triggered — by the user, by Claude, or both
Slash command
/grc-engineer:code-to-control-mapperThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Maps infrastructure-as-code (IaC) files to specific compliance framework controls. Translates technical implementations into audit-ready compliance evidence.
Maps infrastructure-as-code (IaC) files to specific compliance framework controls. Translates technical implementations into audit-ready compliance evidence.
Map a Terraform file to SOC 2:
node scripts/map-control.js main.tf SOC2
Map Kubernetes manifests to ISO 27001:
node scripts/map-control.js k8s/deployment.yaml ISO27001
Map CloudFormation template to NIST 800-53:
node scripts/map-control.js template.yaml NIST80053
Generates markdown reports with:
# Compliance Mapping Report
## SOC 2 - CC6.1: Logical and Physical Access Controls
**Status:** ✅ Satisfied
**Evidence:**
- `main.tf:45` - `aws_db_instance` with `storage_encrypted = true`
- `main.tf:52` - IAM role with least privilege policy
**Mapping:** Data at rest encryption via AWS KMS satisfies encryption requirements.
Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.
npx claudepluginhub abnejllc/grc --plugin grc-engineer