{"name":"grcengclub-grc-engineering-suite","owner":{"name":"ClaudePluginHub"},"plugins":[{"name":"grcengclub-grc-engineer-plugins-grc-engineer","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"GRC Engineering Plugin - Maps IaC to compliance controls, generates policies, collects evidence, reviews PRs for compliance, and transforms risks to Jira tickets","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"grcengclub-grc-auditor-plugins-grc-auditor","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"GRC Auditor Plugin - Evidence review, control validation, and audit workpaper generation for external auditors and assessors","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"grcengclub-grc-internal-plugins-grc-internal","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"GRC Internal Plugin - Policy management, risk registers, and compliance tracking for internal GRC teams","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"grcengclub-grc-tprm-plugins-grc-tprm","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"GRC Third-Party Risk Management Plugin - Vendor assessments, questionnaire analysis, and risk scoring","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"grcengclub-soc2-plugins-frameworks-soc2","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"SOC 2 Compliance Plugin - Trust Service Criteria expertise, Type I/II assessment support, and control mapping","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"grcengclub-nist-800-53-plugins-frameworks-nist-800-53","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"NIST 800-53 Plugin - Control families, baseline selection (Low/Moderate/High), and FedRAMP alignment","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"grcengclub-iso27001-plugins-frameworks-iso27001","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"ISO 27001 Plugin - Annex A controls, ISMS implementation guidance, and certification support","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"grcengclub-fedramp-rev5-plugins-frameworks-fedramp-rev5","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"FedRAMP Rev 5 Plugin - Traditional authorization path with SSP/SAP/SAR/POA&M documentation and NIST 800-53 Rev 5 control mapping","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"grcengclub-fedramp-20x-plugins-frameworks-fedramp-20x","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"FedRAMP 20X Plugin - Modern automated authorization with Key Security Indicators (KSIs), continuous monitoring, and machine-readable policies synced from official FedRAMP docs","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"grcengclub-pci-dss-plugins-frameworks-pci-dss","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"PCI DSS v4.0.1 Plugin - Payment Card Industry compliance with ROC guidance, SAQ selection, and March 2025 mandatory requirements","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"grcengclub-cmmc-plugins-frameworks-cmmc","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"CMMC v2.0 Plugin - Cybersecurity Maturity Model Certification for DoD contractors with 5 levels and C3PAO assessment prep","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"grcengclub-hitrust-plugins-frameworks-hitrust","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"HITRUST CSF Plugin - Healthcare Information Trust Alliance Common Security Framework with i1/r2 assessments and 156 controls","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"grcengclub-cis-controls-plugins-frameworks-cis-controls","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"CIS Controls v8 Plugin - Center for Internet Security baseline with IG1/IG2/IG3 implementation groups and 153 safeguards","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"grcengclub-gdpr-plugins-frameworks-gdpr","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"GDPR Plugin - EU General Data Protection Regulation with DPIA, data subject rights, and 72-hour breach notification","version":"0.1.0","strict":true,"keywords":[],"category":"data"},{"name":"grcengclub-csa-ccm-plugins-frameworks-csa-ccm","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"CSA CCM Plugin - Cloud Security Alliance Cloud Controls Matrix with 197 controls and CAIQ support","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"grcengclub-nydfs-plugins-frameworks-nydfs","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"NYDFS 23 NYCRR 500 Plugin - New York Department of Financial Services cybersecurity requirements with annual certification","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"grcengclub-dora-plugins-frameworks-dora","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"DORA Plugin - EU Digital Operational Resilience Act for financial entities with ICT risk management (effective January 2025)","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"grcengclub-stateramp-plugins-frameworks-stateramp","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"StateRAMP Plugin - State Risk and Authorization Management Program for state and local government cloud services","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"grcengclub-essential8-plugins-frameworks-essential8","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"Essential 8 Plugin - Australian Cyber Security Centre mitigation strategies with 3 maturity levels","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"grcengclub-glba-plugins-frameworks-glba","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"GLBA Plugin - Gramm-Leach-Bliley Act for financial institutions with Safeguards Rule and Privacy Rule compliance","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"grcengclub-us-export-plugins-frameworks-us-export","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"US Export Controls Plugin - ITAR and EAR compliance for defense and dual-use technologies","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"grcengclub-pbmm-plugins-frameworks-pbmm","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"Canadian PBMM (Protected B Medium Medium) with ITSG-33 controls","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"grcengclub-ismap-plugins-frameworks-ismap","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"Japanese ISMAP government cloud security (ISO 27001/27017/27018)","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"grcengclub-irap-plugins-frameworks-irap","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"Australian IRAP (ISM + Essential Eight) for government cloud","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"grcengclub-aws-inspector-plugins-connectors-aws-inspector","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"GRC connector for AWS: evaluates IAM, S3, CloudTrail, EBS, and RDS for compliance misconfigurations. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","aws","scf","soc2","fedramp","connector"],"category":"utilities"},{"name":"grcengclub-github-inspector-plugins-connectors-github-inspector","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"GRC connector for GitHub: evaluates repo protections, branch policies, Actions, secret scanning, Dependabot, and deploy keys. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","github","scf","soc2","connector"],"category":"deployment"},{"name":"grcengclub-gcp-inspector-plugins-connectors-gcp-inspector","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"GRC connector for Google Cloud: evaluates IAM, Cloud Storage, audit logs, KMS rotation, and Compute for compliance misconfigurations. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","gcp","google-cloud","scf","fedramp","connector"],"category":"utilities"},{"name":"grcengclub-okta-inspector-plugins-connectors-okta-inspector","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"GRC connector for Okta: evaluates authentication policies, MFA enrollment, password policy, session management, and admin/privileged accounts. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","okta","identity","iam","scf","fedramp","connector"],"category":"deployment"},{"name":"grcengclub-oscal-plugins-oscal","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"OSCAL (Open Security Controls Assessment Language) toolkit for Claude Code. Wraps ethanolivertroy/oscal-cli for validation and conversion of catalogs, profiles, SSPs, SAPs, SARs, POA&Ms, component definitions, and assessment results.","version":"0.1.0","strict":true,"keywords":["oscal","fedramp","grc","compliance","nist"],"category":"security"},{"name":"grcengclub-fedramp-ssp-plugins-fedramp-ssp","source":{"source":"github","repo":"grcengclub/claude-grc-engineering"},"description":"Convert FedRAMP Rev 5 Moderate SSP DOCX templates to validated OSCAL 1.2.0 JSON. Wraps ethanolivertroy/frdocx-to-froscal-ssp — ready for oscal-cli, Compliance Trestle, eMASS, and FedRAMP 20X workflows.","version":"0.1.0","strict":true,"keywords":["fedramp","oscal","ssp","docx","compliance-as-code"],"category":"productivity"}]}