Skill

code-to-control-mapper

Maps IaC files (Terraform, Kubernetes, CloudFormation, Pulumi, Ansible) to compliance controls (SOC 2, ISO 27001, NIST 800-53) and generates markdown evidence reports with status and recommendations.

Terraform

Kubernetes

Install

npx claudepluginhub grcengclub/claude-grc-engineering --plugin grc-engineer

Tool Access

This skill is limited to using the following tools:

BashReadGlobWriteEdit

Preview

Maps infrastructure-as-code (IaC) files to specific compliance framework controls. Translates technical implementations into audit-ready compliance evidence.

SKILL.md

Similar Skills

ui-ux-pro-max

Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.

ui-ux-pro-max

57.6k

context7-mcp

Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.

context7-plugin

51.8k

market-sizing-analysis

2 files

Calculates TAM/SAM/SOM using top-down, bottom-up, and value theory methodologies for market sizing, revenue estimation, and startup validation.

startup-business-analyst

32.9k

Stats

Parent Repo Stars21

Parent Repo Forks4

Last CommitApr 13, 2026

Actions

View Source View Plugin View on GitHub View README

Code-to-Control Mapper

Maps infrastructure-as-code (IaC) files to specific compliance framework controls. Translates technical implementations into audit-ready compliance evidence.

Quick Commands

Map a Terraform file to SOC 2:

node scripts/map-control.js main.tf SOC2

Map Kubernetes manifests to ISO 27001:

node scripts/map-control.js k8s/deployment.yaml ISO27001

Map CloudFormation template to NIST 800-53:

node scripts/map-control.js template.yaml NIST80053

Supported Frameworks

SOC2 - Service Organization Control 2 (CC6.1, CC7.2, etc.)
ISO27001 - ISO/IEC 27001 (Annex A controls)
NIST80053 - NIST Special Publication 800-53
PCIDSS - Payment Card Industry Data Security Standard
HIPAA - Health Insurance Portability and Accountability Act
GDPR - General Data Protection Regulation

Supported IaC Formats

Terraform (.tf, .tfvars)
Kubernetes (.yaml, .yml)
CloudFormation (.yaml, .json)
Ansible (.yml)
Pulumi (.ts, .js, .py)

Output Format

Generates markdown reports with:

Control ID and description
Evidence location (file:line)
Compliance status (Satisfied/Partial/Not Satisfied)
Recommendations for improvement

Example Output

# Compliance Mapping Report

## SOC 2 - CC6.1: Logical and Physical Access Controls

**Status:** ✅ Satisfied

**Evidence:**
- `main.tf:45` - `aws_db_instance` with `storage_encrypted = true`
- `main.tf:52` - IAM role with least privilege policy

**Mapping:** Data at rest encryption via AWS KMS satisfies encryption requirements.

Prerequisites

IaC file to analyze
Optional: Framework name (defaults to SOC2)