{"name":"vantainc-grc-engineering-suite","owner":{"name":"ClaudePluginHub"},"plugins":[{"name":"vantainc-grc-engineer-plugins-grc-engineer","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/grc-engineer"},"description":"GRC Engineering Plugin - Maps IaC to compliance controls, generates policies, collects evidence, reviews PRs for compliance, and transforms risks to Jira tickets","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"vantainc-grc-auditor-plugins-grc-auditor","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/grc-auditor"},"description":"GRC Auditor Plugin - Evidence review, control validation, and audit workpaper generation for external auditors and assessors","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"vantainc-grc-internal-plugins-grc-internal","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/grc-internal"},"description":"GRC Internal Plugin - Policy management, risk registers, and compliance tracking for internal GRC teams","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"vantainc-grc-tprm-plugins-grc-tprm","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/grc-tprm"},"description":"GRC Third-Party Risk Management Plugin - Vendor assessments, questionnaire analysis, and risk scoring","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"vantainc-grc-reporter-plugins-grc-reporter","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/grc-reporter"},"description":"GRC Reporter - translate findings, risks, and metrics into narratives leadership actually reads. Reference implementation of the Reporting category from RFC #38.","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"vantainc-grc-loop-plugins-grc-loop","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/grc-loop"},"description":"Ralph-loop mechanism specialized for GRC iteration patterns: gap-remediation burndown and quarterly evidence sweeps. Each loop drives /grc-engineer:* commands until a completion criterion fires.","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"vantainc-gcp-docs-plugins-knowledge-sources-gcp-docs","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/knowledge-sources/gcp-docs"},"description":"Knowledge source for Google Developer Knowledge API: searches, cites, and answers from current Google developer documentation.","version":"0.1.0","strict":true,"keywords":["grc","google-cloud","documentation","knowledge-source","citations"],"category":"development"},{"name":"vantainc-teach-me-plugins-teach-me","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/teach-me"},"description":"Teach-me - get up to speed on a framework, control, or GRC role. Socratic primer + drill plugin built for new-to-GRC practitioners and career transitioners. Closes #61.","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"vantainc-grc-diagrams-plugins-grc-diagrams","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/grc-diagrams"},"description":"Editable draw.io diagram skills for GRC system boundaries, evidence flows, control maps, risks, audits, crosswalks, TPRM, POA&M, data flows, RACI, and operating models.","version":"0.1.0","strict":true,"keywords":["grc","drawio","diagrams","compliance","audit","risk","controls"],"category":"deployment"},{"name":"vantainc-soc2-plugins-frameworks-soc2","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/soc2"},"description":"SOC 2 Compliance Plugin - Trust Service Criteria expertise, Type I/II assessment support, and control mapping","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"vantainc-nist-800-53-plugins-frameworks-nist-800-53","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/nist-800-53"},"description":"NIST 800-53 Plugin - Control families, baseline selection (Low/Moderate/High), and FedRAMP alignment","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"vantainc-iso27001-plugins-frameworks-iso27001","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/iso27001"},"description":"ISO 27001 Plugin - Annex A controls, ISMS implementation guidance, and certification support","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"vantainc-fedramp-rev5-plugins-frameworks-fedramp-rev5","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/fedramp-rev5"},"description":"FedRAMP Rev 5 Plugin - Traditional authorization path with SSP/SAP/SAR/POA&M documentation and NIST 800-53 Rev 5 control mapping","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"vantainc-fedramp-20x-plugins-frameworks-fedramp-20x","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/fedramp-20x"},"description":"FedRAMP 20X Plugin - Modern automated authorization with Key Security Indicators (KSIs), continuous monitoring, and machine-readable policies synced from official FedRAMP docs","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"vantainc-pci-dss-plugins-frameworks-pci-dss","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/pci-dss"},"description":"PCI DSS v4.0.1 Plugin - Payment Card Industry compliance with ROC guidance, SAQ selection, and March 2025 mandatory requirements","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"vantainc-cmmc-plugins-frameworks-cmmc","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/cmmc"},"description":"CMMC v2.0 Plugin - Cybersecurity Maturity Model Certification for DoD contractors with 5 levels and C3PAO assessment prep","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"vantainc-hitrust-plugins-frameworks-hitrust","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/hitrust"},"description":"HITRUST CSF Plugin - Healthcare Information Trust Alliance Common Security Framework with i1/r2 assessments and 156 controls","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"vantainc-cis-controls-plugins-frameworks-cis-controls","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/cis-controls"},"description":"CIS Controls v8 Plugin - Center for Internet Security baseline with IG1/IG2/IG3 implementation groups and 153 safeguards","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"vantainc-gdpr-plugins-frameworks-gdpr","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/gdpr"},"description":"GDPR Plugin - EU General Data Protection Regulation with DPIA, data subject rights, and 72-hour breach notification","version":"0.1.0","strict":true,"keywords":[],"category":"data"},{"name":"vantainc-csa-ccm-plugins-frameworks-csa-ccm","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/csa-ccm"},"description":"CSA CCM Plugin - Cloud Security Alliance Cloud Controls Matrix with 197 controls and CAIQ support","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"vantainc-nydfs-plugins-frameworks-nydfs","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/nydfs"},"description":"NYDFS 23 NYCRR 500 Plugin - New York Department of Financial Services cybersecurity requirements with annual certification","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"vantainc-dora-plugins-frameworks-dora","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/dora"},"description":"DORA Plugin - EU Digital Operational Resilience Act for financial entities with ICT risk management (effective January 2025)","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"vantainc-stateramp-plugins-frameworks-stateramp","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/stateramp"},"description":"StateRAMP Plugin - State Risk and Authorization Management Program for state and local government cloud services","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"vantainc-essential8-plugins-frameworks-essential8","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/essential8"},"description":"Essential 8 Plugin - Australian Cyber Security Centre mitigation strategies with 3 maturity levels","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"vantainc-glba-plugins-frameworks-glba","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/glba"},"description":"GLBA Plugin - Gramm-Leach-Bliley Act for financial institutions with Safeguards Rule and Privacy Rule compliance","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"vantainc-us-export-plugins-frameworks-us-export","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/us-export"},"description":"US Export Controls Plugin - ITAR and EAR compliance for defense and dual-use technologies","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"vantainc-us-hipaa-security-plugins-frameworks-us-hipaa-security","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/us-hipaa-security"},"description":"HIPAA Security Rule compliance for ePHI protection with Administrative, Physical, and Technical Safeguards","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"vantainc-pbmm-plugins-frameworks-pbmm","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/pbmm"},"description":"Canadian PBMM (Protected B Medium Medium) with ITSG-33 controls","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"vantainc-ismap-plugins-frameworks-ismap","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/ismap"},"description":"Japanese ISMAP government cloud security (ISO 27001/27017/27018)","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"vantainc-irap-plugins-frameworks-irap","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/irap"},"description":"Australian IRAP (ISM + Essential Eight) for government cloud","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"vantainc-aws-inspector-plugins-connectors-aws-inspector","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/aws-inspector"},"description":"GRC connector for AWS: evaluates IAM, S3, CloudTrail, EBS, and RDS for compliance misconfigurations. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","aws","scf","soc2","fedramp","connector"],"category":"utilities"},{"name":"vantainc-github-inspector-plugins-connectors-github-inspector","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/github-inspector"},"description":"GRC connector for GitHub: evaluates repo protections, branch policies, Actions, secret scanning, Dependabot, and deploy keys. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","github","scf","soc2","connector"],"category":"deployment"},{"name":"vantainc-gcp-inspector-plugins-connectors-gcp-inspector","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/gcp-inspector"},"description":"GRC connector for Google Cloud: evaluates IAM, Cloud Storage, audit logs, KMS rotation, and Compute for compliance misconfigurations. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","gcp","google-cloud","scf","fedramp","connector"],"category":"utilities"},{"name":"vantainc-azure-inspector-plugins-connectors-azure-inspector","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/azure-inspector"},"description":"GRC connector for Microsoft Azure: evaluates Entra ID, Storage, Key Vault, Monitor, and Defender for Cloud. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","azure","entra","scf","fedramp","connector"],"category":"utilities"},{"name":"vantainc-slack-inspector-plugins-connectors-slack-inspector","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/slack-inspector"},"description":"GRC connector for Slack: evaluates workspace 2FA, SSO/session posture, retention, app approvals, and DLP visibility. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","slack","collaboration","scf","connector"],"category":"utilities"},{"name":"vantainc-datadog-inspector-plugins-connectors-datadog-inspector","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/datadog-inspector"},"description":"GRC connector for Datadog: evaluates log retention, audit log coverage, monitor coverage, SSO visibility, and RBAC roles. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","datadog","monitoring","logs","scf","connector"],"category":"data"},{"name":"vantainc-crowdstrike-inspector-plugins-connectors-crowdstrike-inspector","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/crowdstrike-inspector"},"description":"GRC connector for CrowdStrike Falcon: evaluates sensor coverage, detection/prevention policy visibility, and host-group scoping. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","crowdstrike","falcon","endpoint","scf","connector"],"category":"utilities"},{"name":"vantainc-drata-inspector-plugins-connectors-drata-inspector","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/drata-inspector"},"description":"GRC connector for Drata: wraps drata-cli curated workflows and normalizes compliance posture into schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","drata","drata-cli","scf","connector"],"category":"productivity"},{"name":"vantainc-splunk-inspector-plugins-connectors-splunk-inspector","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/splunk-inspector"},"description":"GRC connector for Splunk: evaluates index retention, RBAC roles, audit-source coverage, saved-search ACLs, and user authentication signals. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","splunk","logging","siem","scf","connector"],"category":"security"},{"name":"vantainc-tenable-inspector-plugins-connectors-tenable-inspector","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/tenable-inspector"},"description":"GRC connector for Tenable.io/Tenable.sc: evaluates scan coverage, credentialed scan signals, vulnerability age, and scan access visibility. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","tenable","vulnerability","scanner","scf","connector"],"category":"utilities"},{"name":"vantainc-snowflake-inspector-plugins-connectors-snowflake-inspector","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/snowflake-inspector"},"description":"GRC connector for Snowflake ACCOUNT_USAGE: evaluates MFA, network policies, masking/row access policies, session timeout, and data retention. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","snowflake","data","warehouse","scf","connector"],"category":"deployment"},{"name":"vantainc-wiz-inspector-plugins-connectors-wiz-inspector","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/wiz-inspector"},"description":"GRC connector for Wiz CNAPP: normalizes configuration findings, issues, vulnerabilities, and cloud resource inventory into v1 Findings.","version":"0.1.0","strict":true,"keywords":["grc","compliance","wiz","cnapp","cloud","vulnerability","scf","connector"],"category":"utilities"},{"name":"vantainc-testssl-inspector-plugins-connectors-testssl-inspector","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/testssl-inspector"},"description":"GRC connector wrapping testssl.sh. Scans HTTPS endpoints for protocol/cipher posture, certificate issues, and known TLS CVEs (Heartbleed, ROBOT, POODLE, FREAK, LOGJAM, SWEET32, ...). Emits findings conforming to schemas/finding.schema.json v1, anchored on SCF CRY-01/CRY-03/CRY-05/CRY-08/NET-09/VPM-01/VPM-06/WEB-03 and fanned out at scan time via SCF crosswalks to SOC 2 TSC 2017, NIST 800-53 r5, PCI DSS 4.0.1, and ISO 27002:2022.","version":"0.1.0","strict":true,"keywords":["grc","compliance","tls","ssl","testssl","vulnerability","scf","pci-dss","soc2","connector"],"category":"testing"},{"name":"vantainc-okta-inspector-plugins-connectors-okta-inspector","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/okta-inspector"},"description":"GRC connector for Okta: evaluates authentication policies, MFA enrollment, password policy, session management, and admin/privileged accounts. Emits findings conforming to schemas/finding.schema.json v1.","version":"0.1.0","strict":true,"keywords":["grc","compliance","okta","identity","iam","scf","fedramp","connector"],"category":"deployment"},{"name":"vantainc-oscal-plugins-oscal","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/oscal"},"description":"OSCAL (Open Security Controls Assessment Language) toolkit for Claude Code. Wraps ethanolivertroy/oscal-cli for validation and conversion of catalogs, profiles, SSPs, SAPs, SARs, POA&Ms, component definitions, and assessment results.","version":"0.1.0","strict":true,"keywords":["oscal","fedramp","grc","compliance","nist"],"category":"security"},{"name":"vantainc-fedramp-ssp-plugins-fedramp-ssp","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/fedramp-ssp"},"description":"Convert FedRAMP Rev 5 Moderate SSP DOCX templates to validated OSCAL 1.2.0 JSON. Wraps ethanolivertroy/frdocx-to-froscal-ssp — ready for oscal-cli, Compliance Trestle, eMASS, and FedRAMP 20X workflows.","version":"0.1.0","strict":true,"keywords":["fedramp","oscal","ssp","docx","compliance-as-code"],"category":"productivity"},{"name":"vantainc-singapore-pdpa-plugins-frameworks-singapore-pdpa","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/singapore-pdpa"},"description":"Singapore - Personal Data Protection Ac (PDPA) (2012) — Reference plugin with evidence checklist, scope determination, and SCF-backed gap assessment. Level up to Full by adding framework-specific workflow commands.","version":"0.1.0","strict":true,"keywords":[],"category":"productivity"},{"name":"vantainc-us-finra-plugins-frameworks-us-finra","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/us-finra"},"description":"FINRA Plugin - Broker-dealer cybersecurity guidance (builds on SEC Reg S-P, SEC 17a-4)","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"vantainc-cyber-essentials-plus-plugins-frameworks-cyber-essentials-plus","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/cyber-essentials-plus"},"description":"UK NCSC Cyber Essentials Plus (CE+) v3.3 Danzell — Reference plugin with evidence checklist, scope determination, and SCF-backed gap assessment. Five core controls: Firewalls, Secure Configuration, User Access Control, Malware Protection, and Patch Management.","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"vantainc-ch-fadp-plugins-frameworks-ch-fadp","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/ch-fadp"},"description":"Swiss Federal Act on Data Protection (nFADP) plugin - data protection compliance with voluntary DSO, risk-based breach notification, and Swiss transfer mechanisms","version":"0.1.0","strict":true,"keywords":[],"category":"data"},{"name":"vantainc-ind-dpdpa-plugins-frameworks-ind-dpdpa","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/ind-dpdpa"},"description":"India DPDPA 2023 + DPDP Rules 2025 — Reference-depth plugin: scope, evidence checklist, breach process, and sectoral overlap (RBI / SEBI / IRDAI / TRAI) for Data Fiduciaries operating in India.","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"vantainc-poam-automation-plugins-connectors-poam-automation","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/connectors/poam-automation"},"description":"FedRAMP POA&M lifecycle management and VDR generation. Converts Nessus, Tenable, Qualys, and Wiz scanner exports into a FedRAMP-compliant POA&M, manages the full finding lifecycle, generates FedRAMP 20x VDR reports with live CISA KEV and EPSS enrichment, and produces per-release Product Vulnerability Disclosure Reports.","version":"0.1.0","strict":true,"keywords":["fedramp","poam","vdr","grc","vulnerability-management","cisa-kev","epss","fedramp-20x"],"category":"deployment"},{"name":"vantainc-eu-nis2-plugins-frameworks-eu-nis2","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/eu-nis2"},"description":"EU NIS2 Directive (Directive (EU) 2022/2555) — Reference plugin: scope determination across essential vs important entities, Article 21 risk-management measure evidence checklist, and the 24h/72h/1mo incident-reporting runbook. SCF-backed gap assessment via the crosswalk.","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"vantainc-nist-csf-20-plugins-frameworks-nist-csf-20","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/nist-csf-20"},"description":"NIST Cybersecurity Framework (v2.0) — Reference plugin with scope determination, evidence checklist, and SCF-backed gap assessment across the six Functions (GV/ID/PR/DE/RS/RC).","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"vantainc-us-sox-plugins-frameworks-us-sox","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/us-sox"},"description":"Sarbanes-Oxley Act of 2002 (SOX) — Reference-depth plugin for ICFR scoping, IT General Control (ITGC) testing, and §302/§404/§906 evidence preparation. Frames SOX as the governance layer over ICFR; security work flows in via ITGCs and SOC 1 reliance on vendor systems.","version":"0.1.0","strict":true,"keywords":[],"category":"testing"},{"name":"vantainc-us-ccpa-plugins-frameworks-us-ccpa","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/us-ccpa"},"description":"California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) compliance for businesses subject to California Civil Code §1798.100 et seq., enforced by the California Privacy Protection Agency (CPPA) and the California Attorney General.","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"vantainc-compliance-posture-dashboard-plugins-dashboards-compliance-posture","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/dashboards/compliance-posture"},"description":"Localhost compliance posture dashboard for monitor-continuous JSON output. Reference implementation of the Dashboards category from RFC #38.","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"vantainc-jp-appi-plugins-frameworks-jp-appi","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/jp-appi"},"description":"Japan APPI - Reference plugin with evidence checklist, scope determination, and SCF-backed gap assessment. Level up to Full by adding framework-specific workflow commands.","version":"0.1.0","strict":true,"keywords":[],"category":"productivity"},{"name":"vantainc-sg-mas-trm-plugins-frameworks-sg-mas-trm","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/sg-mas-trm"},"description":"Singapore MAS TRM - Reference plugin with scope determination, evidence checklist, and SCF-backed gap assessment for technology risk management.","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"vantainc-au-apra-cps-234-plugins-frameworks-au-apra-cps-234","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/au-apra-cps-234"},"description":"APRA CPS 234 - Reference plugin with scope determination, evidence checklist, and SCF-backed gap assessment for information security.","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"vantainc-us-nerc-cip-plugins-frameworks-us-nerc-cip","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/frameworks/us-nerc-cip"},"description":"NERC CIP - Reference plugin with scope determination, evidence checklist, and SCF-backed gap assessment for BES Cyber Systems.","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"vantainc-grc-portfolio-plugins-grc-portfolio","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/grc-portfolio"},"description":"Build and deploy a professional portfolio website for GRC engineers — certifications, frameworks, audit experience, and AWS hosting included.","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"vantainc-trust-center-plugins-trust-center","source":{"source":"git-subdir","url":"https://github.com/vantainc/claude-grc-engineering","path":"plugins/trust-center"},"description":"Build and deploy a serverless trust center — public compliance posture, gated access to SOC 2/policy documents with optional NDA e-signature, and an admin dashboard. Deploys to AWS (S3, CloudFront, WAF, API Gateway, Lambda, DynamoDB, Cognito).","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"}]}