From grc-engineer
Maps infrastructure code (Terraform, Kubernetes, CloudFormation) to compliance controls (ISO 27001, SOC 2, NIST 800-53). Analyzes IaC files and generates compliance evidence mappings showing which controls are satisfied.
npx claudepluginhub abnejllc/grc --plugin grc-engineerThis skill is limited to using the following tools:
Maps infrastructure-as-code (IaC) files to specific compliance framework controls. Translates technical implementations into audit-ready compliance evidence.
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
Maps infrastructure-as-code (IaC) files to specific compliance framework controls. Translates technical implementations into audit-ready compliance evidence.
Map a Terraform file to SOC 2:
node scripts/map-control.js main.tf SOC2
Map Kubernetes manifests to ISO 27001:
node scripts/map-control.js k8s/deployment.yaml ISO27001
Map CloudFormation template to NIST 800-53:
node scripts/map-control.js template.yaml NIST80053
Generates markdown reports with:
# Compliance Mapping Report
## SOC 2 - CC6.1: Logical and Physical Access Controls
**Status:** ✅ Satisfied
**Evidence:**
- `main.tf:45` - `aws_db_instance` with `storage_encrypted = true`
- `main.tf:52` - IAM role with least privilege policy
**Mapping:** Data at rest encryption via AWS KMS satisfies encryption requirements.