Skill

map-frameworks

Install

Install the plugin

npx claudepluginhub melodic-software/claude-code-plugins --plugin compliance-planning

Want just this skill?

Add to a custom plugin, then install with one command.

Description

Map controls across multiple security frameworks (ISO 27001, SOC 2, NIST CSF, CIS).

Tool Access

This skill is limited to using the following tools:

TaskSkill

Skill Content

Security Framework Mapping

Create a cross-framework control mapping for unified compliance.

Workflow

Step 1: Load Required Skills

Load the skill:

security-frameworks - Framework requirements and mappings

Step 2: Parse Frameworks

Parse the requested frameworks from: $ARGUMENTS

Supported frameworks:

ISO 27001:2022
SOC 2 (Trust Services Criteria)
NIST CSF 2.0
CIS Controls v8
NIST 800-53
COBIT

Step 3: Spawn Security Auditor Agent

Spawn the security-auditor agent with the following prompt:

Create a comprehensive control mapping across these frameworks: $ARGUMENTS

For each control area, provide:

1. Control Mapping Matrix
   - Map equivalent controls across frameworks
   - Identify gaps where frameworks differ
   - Note framework-specific requirements

2. Unified Control Set
   - Create consolidated control list
   - One control satisfying multiple frameworks
   - Highlight additional requirements per framework

3. Evidence Mapping
   - Common evidence types
   - Framework-specific evidence needs
   - Evidence collection strategy

4. Implementation Guidance
   - Priority order for implementation
   - Effort estimation per control
   - Dependencies between controls

5. Gap Analysis
   - Controls in one framework but not others
   - Varying requirements across frameworks
   - Reconciliation approach

Provide mappings for these control domains:
- Access Control
- Asset Management
- Cryptography/Data Protection
- Operations Security
- Logging and Monitoring
- Incident Response
- Business Continuity
- Vendor Management
- Security Awareness
- Change Management

Step 4: Generate Mapping Report

Ensure the report includes:

Executive summary of framework coverage
Detailed control mapping matrix
Unified control set with evidence requirements
Implementation roadmap

Example Usage

# Map ISO 27001 to SOC 2
/compliance-planning:map-frameworks "ISO 27001, SOC 2"

# Map multiple frameworks
/compliance-planning:map-frameworks "ISO 27001, SOC 2, NIST CSF, CIS Controls"

# Focus on specific area
/compliance-planning:map-frameworks "ISO 27001, SOC 2" --scope "Access Control"

Output Format

# Security Framework Mapping

## Frameworks Included
- [Framework 1]
- [Framework 2]
- [Framework 3]

---

## Executive Summary

| Framework | Total Controls | Mapped | Unique | Coverage |
|-----------|----------------|--------|--------|----------|
| [Framework] | [N] | [N] | [N] | [%] |

### Key Insights
- [Insight 1]
- [Insight 2]

---

## Control Mapping Matrix

### Access Control

| Control | ISO 27001 | SOC 2 | NIST CSF | CIS v8 |
|---------|-----------|-------|----------|--------|
| User Access Management | A.5.15 | CC6.1 | PR.AA-01 | 5.1 |
| Privileged Access | A.8.2 | CC6.1 | PR.AA-05 | 5.4 |
| Multi-Factor Auth | A.8.5 | CC6.1 | PR.AA-03 | 6.3 |

### Data Protection

| Control | ISO 27001 | SOC 2 | NIST CSF | CIS v8 |
|---------|-----------|-------|----------|--------|
| Encryption at Rest | A.8.24 | CC6.1 | PR.DS-01 | 3.6 |
| Encryption in Transit | A.8.24 | CC6.7 | PR.DS-02 | 3.10 |

[Continue for all domains]

---

## Unified Control Set

### UC-001: User Access Management

**Satisfies:**
- ISO 27001: A.5.15, A.5.16
- SOC 2: CC6.1, CC6.2
- NIST CSF: PR.AA-01, PR.AA-02
- CIS v8: 5.1, 5.2

**Requirements:**
| Framework | Specific Requirement |
|-----------|---------------------|
| ISO 27001 | [Requirement] |
| SOC 2 | [Requirement] |
| NIST CSF | [Requirement] |
| CIS v8 | [Requirement] |

**Evidence Required:**
- Access management policy
- Access request/approval records
- Periodic access reviews
- Termination procedures

[Continue for all unified controls]

---

## Gap Analysis

### Framework-Specific Requirements

| Control Area | Framework | Unique Requirement |
|--------------|-----------|-------------------|
| [Area] | [Framework] | [Requirement] |

### Reconciliation

| Gap | Impact | Recommendation |
|-----|--------|----------------|

---

## Implementation Roadmap

### Phase 1: Foundation (Common Controls)
| Control | Frameworks Covered | Effort | Priority |
|---------|-------------------|--------|----------|

### Phase 2: Framework-Specific
| Control | Framework | Effort | Priority |
|---------|-----------|--------|----------|

---

## Evidence Collection Strategy

| Evidence Type | Controls Covered | Collection Method | Frequency |
|---------------|------------------|-------------------|-----------|
| Access logs | UC-001, UC-005 | SIEM export | Continuous |
| Policy docs | UC-001, UC-010 | Document repository | Annual review |

---

## Audit Efficiency Gains

### Shared Evidence
- [Evidence type] satisfies [N] frameworks
- Estimated time savings: [X]%

### Consolidated Testing
- [Testing approach] covers [frameworks]

Links

Stats

Stars40

Forks6

Last CommitFeb 15, 2026

Actions

Similar Skills

skill-lookup

Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.

153.8k

prompt-lookup

Activates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.

153.8k

algorithmic-art

3 files

Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.

99.3k