{"name":"fianulabs-grc-engineering-suite","owner":{"name":"ClaudePluginHub"},"plugins":[{"name":"fianulabs-grc-engineer-plugins-grc-engineer","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/grc-engineer"},"description":"GRC Engineering Plugin - Maps IaC to compliance controls, generates policies, collects evidence, reviews PRs for compliance, and transforms risks to Jira tickets","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"fianulabs-grc-auditor-plugins-grc-auditor","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/grc-auditor"},"description":"GRC Auditor Plugin - Evidence review, control validation, and audit workpaper generation for external auditors and assessors","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"fianulabs-grc-internal-plugins-grc-internal","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/grc-internal"},"description":"GRC Internal Plugin - Policy management, risk registers, and compliance tracking for internal GRC teams","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"fianulabs-grc-tprm-plugins-grc-tprm","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/grc-tprm"},"description":"GRC Third-Party Risk Management Plugin - Vendor assessments, questionnaire analysis, and risk scoring","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"fianulabs-grc-reporter-plugins-grc-reporter","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/grc-reporter"},"description":"GRC Reporter - translate findings, risks, and metrics into narratives leadership actually reads. Reference implementation of the Reporting category from RFC #38.","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"fianulabs-teach-me-plugins-teach-me","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/teach-me"},"description":"Teach-me - get up to speed on a framework, control, or GRC role. Socratic primer + drill plugin built for new-to-GRC practitioners and career transitioners. Closes #61.","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"fianulabs-soc2-plugins-frameworks-soc2","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/soc2"},"description":"SOC 2 Compliance Plugin - Trust Service Criteria expertise, Type I/II assessment support, and control mapping","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"fianulabs-nist-800-53-plugins-frameworks-nist-800-53","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/nist-800-53"},"description":"NIST 800-53 Plugin - Control families, baseline selection (Low/Moderate/High), and FedRAMP alignment","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"fianulabs-iso27001-plugins-frameworks-iso27001","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/iso27001"},"description":"ISO 27001 Plugin - Annex A controls, ISMS implementation guidance, and certification support","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"fianulabs-fedramp-rev5-plugins-frameworks-fedramp-rev5","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/fedramp-rev5"},"description":"FedRAMP Rev 5 Plugin - Traditional authorization path with SSP/SAP/SAR/POA&M documentation and NIST 800-53 Rev 5 control mapping","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"fianulabs-fedramp-20x-plugins-frameworks-fedramp-20x","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/fedramp-20x"},"description":"FedRAMP 20X Plugin - Modern automated authorization with Key Security Indicators (KSIs), continuous monitoring, and machine-readable policies synced from official FedRAMP docs","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"fianulabs-pci-dss-plugins-frameworks-pci-dss","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/pci-dss"},"description":"PCI DSS v4.0.1 Plugin - Payment Card Industry compliance with ROC guidance, SAQ selection, and March 2025 mandatory requirements","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"fianulabs-cmmc-plugins-frameworks-cmmc","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/cmmc"},"description":"CMMC v2.0 Plugin - Cybersecurity Maturity Model Certification for DoD contractors with 5 levels and C3PAO assessment prep","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"fianulabs-hitrust-plugins-frameworks-hitrust","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/hitrust"},"description":"HITRUST CSF Plugin - Healthcare Information Trust Alliance Common Security Framework with i1/r2 assessments and 156 controls","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"fianulabs-cis-controls-plugins-frameworks-cis-controls","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/cis-controls"},"description":"CIS Controls v8 Plugin - Center for Internet Security baseline with IG1/IG2/IG3 implementation groups and 153 safeguards","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"fianulabs-gdpr-plugins-frameworks-gdpr","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/gdpr"},"description":"GDPR Plugin - EU General Data Protection Regulation with DPIA, data subject rights, and 72-hour breach notification","version":"0.1.0","strict":true,"keywords":[],"category":"data"},{"name":"fianulabs-csa-ccm-plugins-frameworks-csa-ccm","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/csa-ccm"},"description":"CSA CCM Plugin - Cloud Security Alliance Cloud Controls Matrix with 197 controls and CAIQ support","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"fianulabs-nydfs-plugins-frameworks-nydfs","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/nydfs"},"description":"NYDFS 23 NYCRR 500 Plugin - New York Department of Financial Services cybersecurity requirements with annual certification","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"fianulabs-dora-plugins-frameworks-dora","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/dora"},"description":"DORA Plugin - EU Digital Operational Resilience Act for financial entities with ICT risk management (effective January 2025)","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"fianulabs-stateramp-plugins-frameworks-stateramp","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/stateramp"},"description":"StateRAMP Plugin - State Risk and Authorization Management Program for state and local government cloud services","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"fianulabs-essential8-plugins-frameworks-essential8","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/essential8"},"description":"Essential 8 Plugin - Australian Cyber Security Centre mitigation strategies with 3 maturity levels","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"fianulabs-glba-plugins-frameworks-glba","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/glba"},"description":"GLBA Plugin - Gramm-Leach-Bliley Act for financial institutions with Safeguards Rule and Privacy Rule compliance","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"fianulabs-us-export-plugins-frameworks-us-export","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/us-export"},"description":"US Export Controls Plugin - ITAR and EAR compliance for defense and dual-use technologies","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"fianulabs-pbmm-plugins-frameworks-pbmm","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/pbmm"},"description":"Canadian PBMM (Protected B Medium Medium) with ITSG-33 controls","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"fianulabs-ismap-plugins-frameworks-ismap","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/ismap"},"description":"Japanese ISMAP government cloud security (ISO 27001/27017/27018)","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"fianulabs-irap-plugins-frameworks-irap","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/irap"},"description":"Australian IRAP (ISM + Essential Eight) for government cloud","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"fianulabs-aws-inspector-plugins-connectors-aws-inspector","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/connectors/aws-inspector"},"description":"GRC connector for AWS: evaluates IAM, S3, CloudTrail, EBS, and RDS for compliance misconfigurations. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","aws","scf","soc2","fedramp","connector"],"category":"utilities"},{"name":"fianulabs-github-inspector-plugins-connectors-github-inspector","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/connectors/github-inspector"},"description":"GRC connector for GitHub: evaluates repo protections, branch policies, Actions, secret scanning, Dependabot, and deploy keys. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","github","scf","soc2","connector"],"category":"deployment"},{"name":"fianulabs-gcp-inspector-plugins-connectors-gcp-inspector","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/connectors/gcp-inspector"},"description":"GRC connector for Google Cloud: evaluates IAM, Cloud Storage, audit logs, KMS rotation, and Compute for compliance misconfigurations. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","gcp","google-cloud","scf","fedramp","connector"],"category":"utilities"},{"name":"fianulabs-okta-inspector-plugins-connectors-okta-inspector","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/connectors/okta-inspector"},"description":"GRC connector for Okta: evaluates authentication policies, MFA enrollment, password policy, session management, and admin/privileged accounts. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","okta","identity","iam","scf","fedramp","connector"],"category":"deployment"},{"name":"fianulabs-oscal-plugins-oscal","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/oscal"},"description":"OSCAL (Open Security Controls Assessment Language) toolkit for Claude Code. Wraps ethanolivertroy/oscal-cli for validation and conversion of catalogs, profiles, SSPs, SAPs, SARs, POA&Ms, component definitions, and assessment results.","version":"0.1.0","strict":true,"keywords":["oscal","fedramp","grc","compliance","nist"],"category":"security"},{"name":"fianulabs-fedramp-ssp-plugins-fedramp-ssp","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/fedramp-ssp"},"description":"Convert FedRAMP Rev 5 Moderate SSP DOCX templates to validated OSCAL 1.2.0 JSON. Wraps ethanolivertroy/frdocx-to-froscal-ssp — ready for oscal-cli, Compliance Trestle, eMASS, and FedRAMP 20X workflows.","version":"0.1.0","strict":true,"keywords":["fedramp","oscal","ssp","docx","compliance-as-code"],"category":"productivity"},{"name":"fianulabs-singapore-pdpa-plugins-frameworks-singapore-pdpa","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/singapore-pdpa"},"description":"Singapore - Personal Data Protection Ac (PDPA) (2012) — Reference plugin with evidence checklist, scope determination, and SCF-backed gap assessment. Level up to Full by adding framework-specific workflow commands.","version":"0.1.0","strict":true,"keywords":[],"category":"productivity"},{"name":"fianulabs-us-finra-plugins-frameworks-us-finra","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/us-finra"},"description":"FINRA Plugin - Broker-dealer cybersecurity guidance (builds on SEC Reg S-P, SEC 17a-4)","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"fianulabs-cyber-essentials-plus-plugins-frameworks-cyber-essentials-plus","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/cyber-essentials-plus"},"description":"UK NCSC Cyber Essentials Plus (CE+) v3.3 Danzell — Reference plugin with evidence checklist, scope determination, and SCF-backed gap assessment. Five core controls: Firewalls, Secure Configuration, User Access Control, Malware Protection, and Patch Management.","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"fianulabs-ind-dpdpa-plugins-frameworks-ind-dpdpa","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/frameworks/ind-dpdpa"},"description":"India DPDPA 2023 + DPDP Rules 2025 — Reference-depth plugin: scope, evidence checklist, breach process, and sectoral overlap (RBI / SEBI / IRDAI / TRAI) for Data Fiduciaries operating in India.","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"fianulabs-poam-automation-plugins-connectors-poam-automation","source":{"source":"git-subdir","url":"https://github.com/fianulabs/claude-grc-engineering","path":"plugins/connectors/poam-automation"},"description":"FedRAMP POA&M lifecycle management and VDR generation. Converts Nessus, Tenable, Qualys, and Wiz scanner exports into a FedRAMP-compliant POA&M, manages the full finding lifecycle, generates FedRAMP 20x VDR reports with live CISA KEV and EPSS enrichment, and produces per-release Product Vulnerability Disclosure Reports.","version":"0.1.0","strict":true,"keywords":["fedramp","poam","vdr","grc","vulnerability-management","cisa-kev","epss","fedramp-20x"],"category":"deployment"}]}