What to build
Add a fourth compliance framework file mapping all current rules
to SOC 2 Type II trust service criteria. This makes OpenShield
relevant to a much wider audience including SaaS companies
preparing for SOC 2 audits.
Files to create
- compliance/frameworks/soc2.json
Format
Follow the exact same structure as cis_azure_benchmark.json.
Map each rule ID to the relevant SOC 2 trust service criterion.
Key SOC 2 criteria to map to
CC6.1, CC6.6, CC6.7 — Logical access controls
CC7.1, CC7.2 — System monitoring
CC8.1 — Change management
A1.1, A1.2 — Availability
Also update
- api/models/finding.py — add soc2 to FRAMEWORK_FILE_MAP
- api/routes/compliance.py — add soc2 to SUPPORTED_FRAMEWORKS
How to get started
- Fork the repo, create branch docs/soc2-framework
- Create the JSON file following existing framework structure
- Update the two Python files listed above
- Open a PR to dev
Acceptance Criteria
What to build
Add a fourth compliance framework file mapping all current rules
to SOC 2 Type II trust service criteria. This makes OpenShield
relevant to a much wider audience including SaaS companies
preparing for SOC 2 audits.
Files to create
Format
Follow the exact same structure as cis_azure_benchmark.json.
Map each rule ID to the relevant SOC 2 trust service criterion.
Key SOC 2 criteria to map to
CC6.1, CC6.6, CC6.7 — Logical access controls
CC7.1, CC7.2 — System monitoring
CC8.1 — Change management
A1.1, A1.2 — Availability
Also update
How to get started
Acceptance Criteria