Exécutez n'importe quel Skill dans Manus
en un clic

Exécutez n'importe quel Skill dans Manus en un clic

$pwd:

compliance-checklist

Name: Compliance Checklist
Author: Hack23

// Unified compliance verification across ISO 27001, NIST CSF, CIS Controls, NIS2, EU CRA, GDPR, SOC 2, PCI DSS, and HIPAA for cybersecurity consulting

Exécuter dans Manus

$ git log --oneline --stat

stars:227

forks:55

updated:24 mai 2026 à 23:43

SKILL.md

readonly

name	compliance-checklist
description	Unified compliance verification across ISO 27001, NIST CSF, CIS Controls, NIS2, EU CRA, GDPR, SOC 2, PCI DSS, and HIPAA for cybersecurity consulting
license	Apache-2.0

Compliance Checklist Skill

Purpose

This skill provides comprehensive multi-framework compliance verification aligned with Hack23 AB's ISMS architecture. It enables systematic assessment of security controls across eight major frameworks simultaneously, demonstrating that robust ISMS design becomes a competitive advantage for cybersecurity consulting services.

When to Use This Skill

Apply this skill when:

✅ Conducting quarterly ISMS compliance reviews
✅ Preparing for ISO 27001 certification audits
✅ Responding to client due diligence requests
✅ Validating control implementation status
✅ Creating compliance evidence packages
✅ Mapping new controls to multiple frameworks
✅ Updating Statement of Applicability (SOA)
✅ Assessing regulatory readiness (NIS2, CRA, GDPR)

Do NOT use for:

❌ Specific technical vulnerability assessments (use vulnerability-management skill)
❌ Code security reviews (use secure-code-review skill)
❌ Incident response procedures (use incident-response skill)

Multi-Framework Alignment Architecture

mindmap
  root(("✅ ISMS Compliance"))
    ISO_27001_2022(("🔵 ISO 27001:2022"))
      A5_Organizational(("🟢 A.5 Organizational"))
      A6_People(("🟡 A.6 People"))
      A7_Physical(("🟢 A.7 Physical"))
      A8_Technological(("🟢 A.8 Technological"))
    NIST_CSF_2_0(("🔵 NIST CSF 2.0"))
      NIST_Govern(("🟢 Govern"))
      NIST_Protect(("🟢 Protect"))
      NIST_Detect(("🟢 Detect"))
      NIST_Respond(("🟢 Respond"))
    CIS_Controls_v8_1(("🔵 CIS Controls v8.1"))
      CIS_IG1(("🟢 IG1 Basic"))
      CIS_IG2(("🟢 IG2 Advanced"))
    NIS2(("🔵 NIS2 Directive"))
      NIS2_Art20(("🟢 Governance"))
      NIS2_Art21(("🟢 Risk Mgmt"))
    EU_CRA(("🔵 EU CRA"))
      CRA_Annex1(("🟢 Essential Reqs"))
    GDPR(("🔵 GDPR"))
      GDPR_Core(("🟢 Core Articles"))

ISO 27001:2022 Control Verification

A.5 Organizational Controls Priority Matrix

Control	Hack23 Policy/Evidence	Status	NIST CSF	CIS v8.1
A.5.1 Policies for information security	Information Security Policy	✅ Implemented	GV.PO-01	14.1
A.5.2 Roles & responsibilities	Information Security Policy § Roles	✅ Implemented	GV.RR-02	14.3
A.5.3 Segregation of duties	Segregation of Duties Policy	✅ Implemented	PR.AC-03	6.1
A.5.7 Threat intelligence	Risk Register • Threat Modeling	✅ Implemented	ID.RA-04	7.1
A.5.8 Security in project mgmt	Secure Development Policy • Change Management	✅ Implemented	PR.IP-01	16.1

Hack23 ISMS Policy References

Comprehensive Compliance Documentation:

Compliance Checklist - Complete multi-framework mapping
Information Security Policy - Master governance framework
Information Security Strategy - Strategic security planning

All Hack23 ISMS Policies: https://github.com/Hack23/ISMS-PUBLIC

related-skills.json

même dépôt

access-control-policy.md

from "Hack23/cia"

Identity and access management: RBAC, least privilege, MFA, quarterly reviews per ISO 27001 A.5.15, A.8.2, A.8.3

2026-05-24227

backup-recovery-policy.md

from "Hack23/cia"

Business continuity and disaster recovery: 30-day retention, quarterly restore tests, RTO/RPO targets per ISO 27001 A.17

2026-05-24227

behavioral-analysis.md

from "Hack23/cia"

Political psychology, cognitive biases, group dynamics, leadership analysis, decision-making patterns for Swedish political intelligence

2026-05-24227

classification-policy.md

from "Hack23/cia"

Risk-based data and asset classification framework: PUBLIC, INTERNAL, CONFIDENTIAL, RESTRICTED aligned with ISO 27001 A.5.12 and CIA triad

2026-05-24227

cryptography-policy.md

from "Hack23/cia"

Cryptographic controls implementation: TLS 1.3, AES-256-GCM, bcrypt, RSA-4096, key management per NIST FIPS 140-2 and ISO 27001 A.8.24

2026-05-24227

incident-response.md

from "Hack23/cia"

Security incident detection, analysis, containment, eradication, recovery, and lessons learned per NIST SP 800-61r2 and ISO 27035

2026-05-24227

package.json

"author": "Hack23"

"repository": "Hack23/cia"

Ouvrir le dépôt GitHub Voir les dépôts du créateur

$ install --global

$ download --local

Exécuter dans Manus

$ useful --forSOC

Agents de conformitéProfessions des affaires et des opérations financières13-1041L4

Compliance Checklist Skill

Purpose

When to Use This Skill

Apply this skill when:

✅ Conducting quarterly ISMS compliance reviews

✅ Preparing for ISO 27001 certification audits

✅ Responding to client due diligence requests

✅ Validating control implementation status

✅ Creating compliance evidence packages

✅ Mapping new controls to multiple frameworks

✅ Updating Statement of Applicability (SOA)

✅ Assessing regulatory readiness (NIS2, CRA, GDPR)

Do NOT use for:

❌ Specific technical vulnerability assessments (use vulnerability-management skill)

❌ Code security reviews (use secure-code-review skill)

❌ Incident response procedures (use incident-response skill)

Multi-Framework Alignment Architecture

mindmap root(("✅ ISMS Compliance")) ISO_27001_2022(("🔵 ISO 27001:2022")) A5_Organizational(("🟢 A.5 Organizational")) A6_People(("🟡 A.6 People")) A7_Physical(("🟢 A.7 Physical")) A8_Technological(("🟢 A.8 Technological")) NIST_CSF_2_0(("🔵 NIST CSF 2.0")) NIST_Govern(("🟢 Govern")) NIST_Protect(("🟢 Protect")) NIST_Detect(("🟢 Detect")) NIST_Respond(("🟢 Respond")) CIS_Controls_v8_1(("🔵 CIS Controls v8.1")) CIS_IG1(("🟢 IG1 Basic")) CIS_IG2(("🟢 IG2 Advanced")) NIS2(("🔵 NIS2 Directive")) NIS2_Art20(("🟢 Governance")) NIS2_Art21(("🟢 Risk Mgmt")) EU_CRA(("🔵 EU CRA")) CRA_Annex1(("🟢 Essential Reqs")) GDPR(("🔵 GDPR")) GDPR_Core(("🟢 Core Articles"))

ISO 27001:2022 Control Verification

A.5 Organizational Controls Priority Matrix

Control

Hack23 Policy/Evidence

Status

NIST CSF

CIS v8.1

A.5.1 Policies for information security

Information Security Policy

✅ Implemented

GV.PO-01

14.1

A.5.2 Roles & responsibilities

Information Security Policy § Roles

✅ Implemented

GV.RR-02

14.3

A.5.3 Segregation of duties

Segregation of Duties Policy

✅ Implemented

PR.AC-03

6.1

A.5.7 Threat intelligence

Risk Register • Threat Modeling

✅ Implemented

ID.RA-04

7.1

A.5.8 Security in project mgmt

Secure Development Policy • Change Management

✅ Implemented

PR.IP-01

16.1

Hack23 ISMS Policy References

Comprehensive Compliance Documentation:

compliance-checklist

Compliance Checklist Skill

Purpose

When to Use This Skill

Multi-Framework Alignment Architecture

ISO 27001:2022 Control Verification

A.5 Organizational Controls Priority Matrix

Hack23 ISMS Policy References

Plus depuis ce dépôt

Compliance Checklist Skill

Purpose

When to Use This Skill

Multi-Framework Alignment Architecture

ISO 27001:2022 Control Verification

A.5 Organizational Controls Priority Matrix

Hack23 ISMS Policy References

Plus depuis ce dépôt