{"name":"tadthies-grc-skills","owner":{"name":"ClaudePluginHub"},"plugins":[{"name":"tadthies-iso27001-plugins-iso27001","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/iso27001"},"description":"Expert ISO 27001 gap analysis, policy writing, Annex A control guidance, SoA generation, and risk register creation for both 2013 and 2022 versions.","version":"1.6.2","strict":true,"keywords":["iso27001","isms","compliance","security","grc","gap-analysis","annex-a"],"category":"security"},{"name":"tadthies-soc2-plugins-soc2","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/soc2"},"description":"Expert SOC 2 compliance advisor covering all Trust Services Criteria — gap analysis, policy drafting, control documentation, audit evidence, and vendor risk.","version":"1.6.2","strict":true,"keywords":["soc2","aicpa","trust-services","audit","compliance","grc"],"category":"documentation"},{"name":"tadthies-fedramp-plugins-fedramp","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/fedramp"},"description":"End-to-end FedRAMP authorization guidance under CR26 — Certification Classes A-D, FedRAMP 20x pathway, readiness assessments, SSP narratives, POA&M management, NIST 800-53 Rev 5 control mapping, OSCAL mandate, and ConMon support.","version":"1.6.2","strict":true,"keywords":["fedramp","nist","ato","ssp","poam","federal","cloud-security","grc","cr26","fedramp-20x","oscal"],"category":"security"},{"name":"tadthies-gdpr-compliance-plugins-gdpr-compliance","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/gdpr-compliance"},"description":"GDPR compliance assistant — code and system audits, privacy notice drafting, DPAs, DPIAs, data flow reviews, and authoritative article-cited Q&A.","version":"1.6.2","strict":true,"keywords":["gdpr","privacy","data-protection","dpa","dpia","eu","grc"],"category":"deployment"},{"name":"tadthies-hipaa-compliance-plugins-hipaa-compliance","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/hipaa-compliance"},"description":"HIPAA compliance advisor covering Privacy Rule, Security Rule, and Breach Notification — document generation, technical safeguards for cloud, and breach response.","version":"1.6.2","strict":true,"keywords":["hipaa","phi","healthcare","baa","privacy-rule","security-rule","grc"],"category":"security"},{"name":"tadthies-nist-csf-plugins-nist-csf","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/nist-csf"},"description":"NIST Cybersecurity Framework (CSF 2.0 and 1.1) advisor — gap assessments, organisational profiles, implementation tiers, roadmaps, cross-framework mapping, and cybersecurity policy generation.","version":"1.6.2","strict":true,"keywords":["nist-csf","cybersecurity-framework","csf20","risk-management","cybersecurity","grc","gap-assessment","profiles","tiers"],"category":"security"},{"name":"tadthies-pci-compliance-plugins-pci-compliance","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/pci-compliance"},"description":"PCI DSS v4.0.1 compliance advisor — CDE scoping, SAQ selection, gap assessments, control implementation guidance, QSA audit preparation, and remediation planning.","version":"1.6.2","strict":true,"keywords":["pci-dss","pci-compliance","payment-security","cardholder-data","cde","saq","qsa","grc"],"category":"deployment"},{"name":"tadthies-tsa-compliance-plugins-tsa-compliance","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/tsa-compliance"},"description":"TSA cybersecurity compliance advisor for critical infrastructure — pipeline, freight rail, and transit Security Directive requirements including CIP/COIP, IRP, ADR, CAP, incident reporting, and OT/ICS security.","version":"1.6.2","strict":true,"keywords":["tsa","transportation-security","critical-infrastructure","pipeline-security","rail-security","ot-security","ics-security","grc"],"category":"deployment"},{"name":"tadthies-iso27701-plugins-iso27701","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/iso27701"},"description":"ISO 27701 Privacy Information Management System (PIMS) advisor — gap analysis, PIMS implementation, Annex A control guidance, SoA generation, privacy risk assessment, GDPR alignment, and certification readiness for ISO/IEC 27701:2025 (standalone PIMS) and 27701:2019.","version":"1.6.2","strict":true,"keywords":["iso27701","pims","privacy","pii","gdpr","data-protection","privacy-by-design","grc"],"category":"data"},{"name":"tadthies-iso42001-plugins-iso42001","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/iso42001"},"description":"ISO 42001 AI Management System (AIMS) advisor — gap analysis, AI risk assessment, AI system impact assessment (AISIA), Annex A control guidance, SoA generation, policy writing, and certification readiness for ISO/IEC 42001:2023.","version":"1.6.2","strict":true,"keywords":["iso42001","ai-management-system","aims","responsible-ai","ai-governance","ai-risk","aisia","grc"],"category":"utilities"},{"name":"tadthies-dpdpa-plugins-dpdpa","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/dpdpa"},"description":"India's Digital Personal Data Protection Act, 2023 (DPDPA) and DPDP Rules, 2025 compliance advisor — gap analysis, notice and consent requirements, Data Principal rights, breach notification, children's data, Significant Data Fiduciary obligations, cross-border transfers, Data Protection Board proceedings, and GDPR alignment for global organisations.","version":"1.6.2","strict":true,"keywords":["dpdpa","india-privacy","digital-personal-data-protection","data-fiduciary","data-principal","significant-data-fiduciary","data-protection-board","india-data-law","grc"],"category":"deployment"},{"name":"tadthies-dora-plugins-dora","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/dora"},"description":"DORA (Regulation (EU) 2022/2554) compliance advisor for EU financial entities — ICT risk management framework, incident classification and reporting, TLPT, ICT third-party risk, Register of Information, and all adopted RTS/ITS with article-level citations.","version":"1.6.2","strict":true,"keywords":["dora","eu-2022-2554","ict-risk","digital-operational-resilience","financial-entities","third-party-risk","tlpt","rts","its","grc"],"category":"deployment"},{"name":"tadthies-cmmc-plugins-cmmc","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/cmmc"},"description":"Expert CMMC 2.0 compliance advisor for US defense contractors — gap analysis, SSP drafting, POA&M management, SPRS scoring, CUI scoping, and C3PAO assessment readiness for Level 1, 2, and 3.","version":"1.6.2","strict":true,"keywords":["cmmc","nist-800-171","defense","dib","cui","compliance","grc","dfars","c3pao"],"category":"utilities"},{"name":"tadthies-nist-ai-rmf-plugins-nist-ai-rmf","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/nist-ai-rmf"},"description":"Expert NIST AI Risk Management Framework (AI RMF 1.0) advisor — gap assessments, organizational profiles, GOVERN/MAP/MEASURE/MANAGE function guidance, AI risk registers, trustworthiness evaluation, and cross-framework mapping to ISO 42001, EU AI Act, and NIST CSF.","version":"1.6.2","strict":true,"keywords":["nist-ai-rmf","ai-risk-management","ai-governance","responsible-ai","ai-trustworthiness","ai-bias","govern-map-measure-manage","grc"],"category":"utilities"},{"name":"tadthies-swift-csp-plugins-swift-csp","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/swift-csp"},"description":"SWIFT CSP / CSCF v2026 expert covering all 32 controls (25 mandatory + 7 advisory), including Control 2.4 now mandatory (back-office data flow security). Architecture types A1–A4/B, KYC-SA attestation (window July 1–Dec 31, 2026), independent assessment, gap analysis, fraud prevention, and cross-framework mapping.","version":"1.6.2","strict":true,"keywords":["swift","csp","cscf","swift-security","kyc-sa","payment-security","grc","v2026"],"category":"testing"},{"name":"tadthies-ism-plugins-ism","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/ism"},"description":"Expert Australian Information Security Manual (ISM) advisor for Australian government entities, contractors and supply chains. Gap analysis, system authorisation, IRAP preparation, control scoping, and ASD compliance guidance.","version":"1.6.2","strict":true,"keywords":["ism","australian-government","asd","irap","cybersecurity","compliance","grc","protected","essential-eight"],"category":"security"},{"name":"tadthies-ccpa-plugins-ccpa","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/ccpa"},"description":"California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) compliance advisor — business threshold analysis, consumer rights fulfillment, ADMT opt-out (Jan 2027 deadline), cybersecurity audits and risk assessments (live Jan 2026), enforcement precedents (Disney $2.75M record), privacy notice drafting, SPI handling, GPC opt-out, CPPA enforcement, and GDPR alignment.","version":"1.6.2","strict":true,"keywords":["ccpa","cpra","california-privacy","consumer-rights","do-not-sell","sensitive-personal-information","cppa","admt","grc"],"category":"security"},{"name":"tadthies-nis2-plugins-nis2","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/nis2"},"description":"EU NIS2 Directive (Directive (EU) 2022/2555) compliance advisor for essential and important entities — entity classification, Art. 21 risk management measures, Art. 23 incident reporting timelines (24h/72h/1 month), Art. 20 governance obligations, supply chain security (Art. 26), gap assessments, policy drafting, ISO 27001 alignment, and penalty exposure analysis.","version":"1.6.2","strict":true,"keywords":["nis2","eu-2022-2555","network-information-security","essential-entities","important-entities","incident-reporting","supply-chain-security","grc"],"category":"deployment"},{"name":"tadthies-itar-plugins-itar","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/itar"},"description":"Expert ITAR compliance advisor for US defense contractors, exporters, and manufacturers — USML classification, DDTC registration, export license applications (DSP-5/73/94), Technical Assistance Agreements (TAA), Manufacturing License Agreements (MLA), brokering regulations (Part 129), deemed export rules for foreign nationals, technology control plans, voluntary disclosures, violation mitigation, and Blue Lantern end-use checks. Use for any question about 22 CFR Parts 120-130, defense article/service classification, jurisdiction determination (ITAR vs EAR), or US Munitions List category scoping.","version":"1.6.2","strict":true,"keywords":["itar","usml","defense-export","ddtc","export-control","taa","mla","grc"],"category":"utilities"},{"name":"tadthies-lgpd-plugins-lgpd","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/lgpd"},"description":"Expert LGPD compliance advisor for Brazil's data protection law (Law 13,709/2018). Covers legal bases, data subject rights, ANPD obligations, DPO appointment, breach notification, DPIA, international transfers including Brazil-EU mutual adequacy (January 2026 — no SCCs/BCRs needed for EU transfers), penalties up to 2% revenue / R$50M, gap assessments, and GDPR comparison.","version":"1.6.2","strict":true,"keywords":["lgpd","brazil","data-protection","anpd","privacy","grc","brazil-eu-adequacy"],"category":"data"},{"name":"tadthies-csrd-plugins-csrd","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/csrd"},"description":"EU CSRD (Corporate Sustainability Reporting Directive, EU 2022/2464) compliance advisor — scope & threshold analysis (large PIEs, other large, listed SMEs, non-EU), double materiality assessment (DMA), ESRS gap assessment, ESRS E1–E5 environmental disclosures, ESRS S1–S4 social disclosures, ESRS G1 governance, Scope 1/2/3 GHG emissions, transition plan drafting, assurance readiness, XBRL tagging, value chain reporting, and CSRD vs GRI/TCFD/SASB comparison.","version":"1.6.2","strict":true,"keywords":["csrd","esrs","esg-reporting","sustainability-reporting","double-materiality","eu-compliance","grc"],"category":"deployment"},{"name":"tadthies-cis-controls-plugins-cis-controls","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/cis-controls"},"description":"CIS Controls v8 (CIS Top 18) advisor — Implementation Group scoping (IG1/IG2/IG3), gap assessments across all 153 safeguards, asset/software inventory, data protection, secure configuration, MFA and access control, vulnerability management, audit log management, malware defenses, incident response, penetration testing, and CIS Controls mapping to NIST CSF 2.0, ISO 27001:2022, SOC 2, PCI DSS, and CMMC 2.0. Use for any CIS Controls, CIS Benchmarks, or prioritized cyber hygiene question.","version":"1.6.2","strict":true,"keywords":["cis-controls","cis-top-18","cyber-hygiene","implementation-groups","cis-benchmarks","vulnerability-management","grc"],"category":"testing"},{"name":"tadthies-ear-plugins-ear","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/ear"},"description":"EAR compliance advisor — ECCN classification, EAR99 determination, EAR vs ITAR jurisdiction, license requirement analysis, all 14 license exceptions, restricted party screening, deemed exports, FDPR, de minimis, 10 General Prohibitions, SNAP-R licensing, VSD, civil/criminal penalties, and Export Compliance Programme (ECP) design.","version":"1.6.2","strict":true,"keywords":["ear","export-controls","eccn","bis","dual-use","export-compliance","grc"],"category":"deployment"},{"name":"tadthies-nist-800-53-plugins-nist-800-53","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/nist-800-53"},"description":"NIST SP 800-53 Rev 5 compliance advisor — all 20 control families, Low/Moderate/High baseline selection, FIPS 199/200 categorization, control tailoring, ODVs, overlays, privacy controls (PT family), supply chain (SR family), SSP narrative writing, assessment procedures (SP 800-53A), POA&M management, RMF steps (SP 800-37), continuous monitoring, OSCAL, and mapping to FedRAMP, FISMA, CMMC 2.0, and ISO 27001.","version":"1.6.2","strict":true,"keywords":["nist-800-53","fisma","rmf","federal-security","security-controls","fedramp","grc"],"category":"security"},{"name":"tadthies-eu-ai-act-plugins-eu-ai-act","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/eu-ai-act"},"description":"EU AI Act (Regulation (EU) 2024/1689) compliance advisor — risk classification across all four tiers, all 9 prohibited practices (Art. 5), Annex III high-risk use cases, provider and deployer obligations (Arts. 9–17, 26), GPAI model obligations and systemic risk (Arts. 51–55, enforcement Aug 2, 2026), conformity assessment and CE marking (Arts. 43–48), EU AI database registration, Art. 50 transparency (Aug 2, 2026), governance (AI Office, AI Board), penalties (Art. 99), Digital Omnibus adopted June 29, 2026 (Annex III deferred to Dec 2027, Annex I to Aug 2028), and cross-framework mapping to ISO 42001, NIST AI RMF, and GDPR.","version":"1.6.2","strict":true,"keywords":["eu-ai-act","artificial-intelligence","ai-regulation","ai-compliance","gpai","high-risk-ai","digital-omnibus","grc"],"category":"deployment"},{"name":"tadthies-section-508-plugins-section-508","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/section-508"},"description":"Expert Section 508 compliance advisor for US federal ICT accessibility — VPAT/ACR completion, WCAG 2.0 AA audits, remediation planning, PDF accessibility, procurement language, keyboard and screen reader testing, undue burden assessments, and agency compliance workflows.","version":"1.6.2","strict":true,"keywords":["section-508","accessibility","wcag","ict-accessibility","vpat","acr","ada","federal-compliance","grc"],"category":"productivity"},{"name":"tadthies-wcag-plugins-wcag","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/wcag"},"description":"Expert WCAG (Web Content Accessibility Guidelines) advisor covering WCAG 2.0, 2.1, and 2.2 — the W3C international accessibility standards. Covers all POUR principles, success criteria, conformance levels, accessibility audits, ARIA patterns, colour contrast, keyboard accessibility, screen reader compatibility, mobile accessibility, cognitive accessibility, legal mappings (EN 301 549, EAA, ADA, Section 508), and accessibility statements.","version":"1.6.2","strict":true,"keywords":["wcag","accessibility","web-accessibility","section-508","ada","aria","pour-principles","colour-contrast","screen-reader","grc"],"category":"deployment"},{"name":"tadthies-nzism-plugins-nzism","source":{"source":"git-subdir","url":"https://github.com/tadthies/claude-skills-governance-risk-and-compliance","path":"plugins/nzism"},"description":"Expert New Zealand Information Security Manual (NZISM) advisor for NZ government agencies. Gap analysis, system certification & accreditation, classification framework guidance, control implementation, and GCSB/NCSC NZ compliance.","version":"1.6.2","strict":true,"keywords":["nzism","new-zealand","gcsb","ncsc-nz","government-security","cybersecurity","compliance","grc","certification-accreditation","classification"],"category":"deployment"},{"name":"sushegaad-vn-pdpl-plugins-vn-pdpl","source":{"source":"git-subdir","url":"https://github.com/sushegaad/claude-skills-governance-risk-and-compliance","path":"plugins/vn-pdpl"},"description":"Expert Vietnam Personal Data Protection Law (PDPL) compliance advisor for Law No. 91/2025/QH15 and Decree 356/2025/ND-CP. Covers gap analysis, data subject rights fulfilment, cross-border transfer impact assessments, DPIA, breach notification, privacy notices, sector-specific rules (finance, AI, cloud, blockchain), and DPO qualification requirements. Effective January 1, 2026.","version":"1.6.2","strict":true,"keywords":["vietnam","vn-pdpl","personal-data-protection","privacy","data-protection","compliance","grc","gdpr","law-91-2025","decree-356","southeast-asia","apac"],"category":"deployment"},{"name":"sushegaad-eu-cra-plugins-eu-cra","source":{"source":"git-subdir","url":"https://github.com/sushegaad/claude-skills-governance-risk-and-compliance","path":"plugins/eu-cra"},"description":"Expert EU Cyber Resilience Act (CRA) advisor for Regulation (EU) 2024/2847. Covers product classification (Default/Class I/Class II), Annex I essential requirements gap analysis, conformity assessment (self-assessment vs Notified Body), CE marking, SBOM, vulnerability handling, 24/72-hour ENISA reporting, support period obligations, and manufacturer/importer/distributor duties. Full application: December 11, 2027.","version":"1.6.2","strict":true,"keywords":["eu-cra","cyber-resilience-act","cybersecurity","product-security","iot-security","ce-marking","sbom","vulnerability-management","pde","compliance","grc","eu","enisa"],"category":"security"}]}