An AI reference library for federal and commercial compliance work. Turns AI agents into senior GRC analysts with deep framework expertise.
15 frameworks · 9 cross-framework mappings · 22 workflow commands · OSCAL control catalogs
├── SKILL.md # How to use this knowledge base
├── GUIDE.md # Detailed usage guide by use case
├── frameworks/ # 15 framework references
│ ├── nist-800-53.md # NIST 800-53 Rev 5
│ ├── fedramp.md # FedRAMP
│ ├── cmmc.md # CMMC 2.0
│ ├── fisma.md # FISMA
│ ├── soc2.md # SOC 2
│ ├── iso-27001-27002.md # ISO 27001:2022
│ ├── pci-dss-v4.md # PCI DSS v4.0.1
│ ├── hipaa.md # HIPAA
│ ├── cis-controls-v8.md # CIS Controls v8.1
│ ├── cobit-2019.md # COBIT 2019
│ ├── csa-ccm-v4.md # CSA CCM v4
│ ├── gdpr.md # GDPR
│ ├── slsa.md # SLSA
│ ├── oscal-reference.md # OSCAL
│ └── nist-rev4-to-rev5.md # Rev 4→5 transition guide
├── mappings/ # Cross-framework control mappings (NIST as hub)
│ ├── cross-framework-matrix.md
│ ├── nist-to-cmmc.md
│ ├── nist-to-soc2.md
│ ├── nist-to-iso27001.md
│ ├── nist-to-pci-dss.md
│ ├── nist-to-hipaa.md
│ ├── nist-to-cis.md
│ ├── nist-to-cobit.md
│ └── nist-to-csa-ccm.md
├── audits/ # Audit procedures and assessment guidance
├── conmon/ # Continuous monitoring lifecycle
├── oscal/ # Structured OSCAL JSON control catalogs
│ ├── fedramp-moderate-rev5/
│ └── nist-800-53-rev5/
├── commands/ # 22 workflow command templates
└── agents/ # Agent role definitions
- Control lookups — "What does AC-2 require at FedRAMP Moderate?"
- Cross-framework mapping — "Map SOC 2 CC6.1 to NIST and CMMC"
- Document review — Feed SSP narratives, POA&Ms, policies for structural quality feedback
- Gap analysis — Identify missing controls against a target baseline
- Audit prep — Evidence checklists, readiness assessments, tabletop scenarios
- Continuous monitoring — POA&M management, compliance calendars, monthly/annual deliverables
MIT