en un clic
compliance-as-code
compliance-as-code contient 3 skills collectées depuis grcwarlock, avec une couverture métier par dépôt et des pages de détail sur le site.
Skills dans ce dépôt
Use when the user asks about ISO/IEC 27001:2022 from an engineering perspective — building an ISMS that runs on systems and code rather than spreadsheets, instrumenting Annex A controls, designing risk registers as data, and producing evidence pipelines that hold up to a certification audit. Engineer-voice, not auditor-voice.
Use when the user asks about NIST SP 800-53 Rev. 5 from an engineering perspective — selecting baselines, tailoring controls, modeling control inheritance from cloud providers and shared services, emitting OSCAL artifacts, or implementing controls in IaC and code rather than running them as a documentation exercise. Engineer-voice, not auditor-voice.
Use when the user asks about SOC 2 from an engineering perspective — Trust Services Criteria (TSC) implementation, evidence-as-code, continuous monitoring patterns, instrumenting controls, or designing systems that produce audit-ready evidence by default. Engineer-voice, not auditor-voice.