Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From hitrust
Maps HITRUST CSF control ID (e.g., 01.a) to equivalent controls in source frameworks like HIPAA, NIST, ISO27001, PCI-DSS. Optional target framework.
npx claudepluginhub grcengclub/claude-grc-engineering --plugin hitrustHow this command is triggered — by the user, by Claude, or both
Slash command
/hitrust:control-mapThe summary Claude sees in its command listing — used to decide when to auto-load this command
# HITRUST Control Mapping Maps HITRUST CSF control requirements to underlying source frameworks (HIPAA, NIST, ISO, PCI-DSS, etc.). ## Arguments - `$1` - HITRUST control ID (required, e.g., 01.a, 09.ab) - `$2` - Target framework (optional: HIPAA, NIST, ISO27001, PCIDSS, all) ## HITRUST Control ID Format **Structure**: `[Domain].[Control][Subcontrol]` - **Domain**: 01-19 (two digits) - **Control**: Single letter (a-z) - **Subcontrol**: Optional second letter or number **Examples**: - `01.a` - Information Security Management Program, control (a) - `09.ab` - Physical and Environmental Secu...
/control-lookupLooks up compliance controls by framework (e.g., NIST, SOC2, ISO27001) and ID or keyword, retrieving statements, parameters, guidance, and assessment details from OSCAL JSON.
/map-frameworkMaps a CSA CCM control ID (e.g., CEK-01) to equivalent controls in frameworks like ISO 27001, SOC 2, PCI-DSS, NIST, HIPAA, GDPR. Specify ID and optional target.
/map-controls-unifiedMaps a security control across compliance frameworks (NIST, ISO, SOC2, PCI-DSS, CIS, CMMC, FedRAMP), showing equivalents, common requirements, conflicts, multi-cloud implementations (AWS, Azure, GCP, Kubernetes), and optimizations.
/assessAssesses compliance with NIST 800-53 controls for a specified control family (e.g., AC) or baseline (low, moderate, high), with optional revision (r4 or r5).
/control-checkVerifies CIS Control v8 implementation for specified control (1-18 or name) at optional IG1-3 level, providing safeguards, guidance, steps, and common tools.
/map-controlsMaps controls from a document or IaC file to SOC 2 Trust Service Criteria, producing a mapping matrix, coverage analysis, gap identification, and evidence mapping.
Share bugs, ideas, or general feedback.
Maps HITRUST CSF control requirements to underlying source frameworks (HIPAA, NIST, ISO, PCI-DSS, etc.).
$1 - HITRUST control ID (required, e.g., 01.a, 09.ab)$2 - Target framework (optional: HIPAA, NIST, ISO27001, PCIDSS, all)Structure: [Domain].[Control][Subcontrol]
Examples:
01.a - Information Security Management Program, control (a)09.ab - Physical and Environmental Security, subcontrol (ab)02.d - Access Control, control (d)| Domain | Name | Control Count |
|---|---|---|
| 01 | Information Security Management Program | 12 |
| 02 | Access Control | 14 |
| 03 | Human Resources Security | 8 |
| 04 | Risk Management | 5 |
| 05 | Security Policy | 3 |
| 06 | Organization of Information Security | 8 |
| 07 | Compliance | 6 |
| 08 | Asset Management | 7 |
| 09 | Physical and Environmental Security | 11 |
| 10 | Communications and Operations Management | 23 |
| 11 | Information Systems Acquisition, Development and Maintenance | 15 |
| 12 | Information Security Incident Management | 6 |
| 13 | Business Continuity Management | 5 |
| 14 | Network Protection | 7 |
| 15 | Password Management | 6 |
| 16 | Education, Training and Awareness | 4 |
| 17 | Third Party Assurance | 6 |
| 18 | Mobile Device Security | 5 |
| 19 | Incident Detection and Response | 5 |
HITRUST CSF harmonizes 40+ frameworks including:
02.d: Automated Central Audit Log
10.k: Encryption of ePHI at Rest
12.a: Incident Response Plan
17.a: Business Associate Agreements
Controls have different implementation requirements based on:
# Map encryption control to all frameworks
/hitrust:control-map 10.k all
# Show HIPAA mapping for access control
/hitrust:control-map 02.d HIPAA
# View incident response NIST alignment
/hitrust:control-map 12.a NIST
# Check BAA requirements against ISO
/hitrust:control-map 17.a ISO27001