@zerothreatai/vulnerability-registry 4.0.0 → 6.0.0

package/dist/compliance-codes.js

@@ -0,0 +1,213 @@
+export var ComplianceCode;
+(function (ComplianceCode) {
+    // --- OWASP (ComplianceId: 1) ---
+    ComplianceCode["OWASP_A1_BROKEN_ACCESS_CONTROL"] = "OWASP_A1_BROKEN_ACCESS_CONTROL";
+    ComplianceCode["OWASP_A2_CRYPTOGRAPHIC_FAILURES"] = "OWASP_A2_CRYPTOGRAPHIC_FAILURES";
+    ComplianceCode["OWASP_A3_INJECTION_FLAWS"] = "OWASP_A3_INJECTION_FLAWS";
+    ComplianceCode["OWASP_A4_INSECURE_DESIGN"] = "OWASP_A4_INSECURE_DESIGN";
+    ComplianceCode["OWASP_A5_SECURITY_MISCONFIGURATION"] = "OWASP_A5_SECURITY_MISCONFIGURATION";
+    ComplianceCode["OWASP_A6_VULNERABLE_OUTDATED_COMPONENTS"] = "OWASP_A6_VULNERABLE_OUTDATED_COMPONENTS";
+    ComplianceCode["OWASP_A7_IDENTIFICATION_AUTH_FAILURE"] = "OWASP_A7_IDENTIFICATION_AUTH_FAILURE";
+    ComplianceCode["OWASP_A8_SOFTWARE_DATA_INTEGRITY_FAILURE"] = "OWASP_A8_SOFTWARE_DATA_INTEGRITY_FAILURE";
+    ComplianceCode["OWASP_A9_LOGGING_MONITORING_FAILURES"] = "OWASP_A9_LOGGING_MONITORING_FAILURES";
+    ComplianceCode["OWASP_A10_SSRF"] = "OWASP_A10_SSRF";
+    // --- HIPAA (ComplianceId: 2) ---
+    ComplianceCode["HIPAA_164_105_PROTECT_PRIVATE_HEALTH_INFO"] = "HIPAA_164_105_PROTECT_PRIVATE_HEALTH_INFO";
+    ComplianceCode["HIPAA_164_306_A_1_KEEP_INFO_SAFE"] = "HIPAA_164_306_A_1_KEEP_INFO_SAFE";
+    ComplianceCode["HIPAA_164_306_A_2_PROTECT_AGAINST_THREATS"] = "HIPAA_164_306_A_2_PROTECT_AGAINST_THREATS";
+    ComplianceCode["HIPAA_164_306_A_3_STOP_UNAUTHORIZED_ACCESS"] = "HIPAA_164_306_A_3_STOP_UNAUTHORIZED_ACCESS";
+    ComplianceCode["HIPAA_164_308_A_1_I_PREVENT_FIX_PROBLEMS"] = "HIPAA_164_308_A_1_I_PREVENT_FIX_PROBLEMS";
+    ComplianceCode["HIPAA_164_308_A_1_II_B_LOWER_SECURITY_RISKS"] = "HIPAA_164_308_A_1_II_B_LOWER_SECURITY_RISKS";
+    ComplianceCode["HIPAA_164_308_A_5_II_B_BLOCK_MALWARE"] = "HIPAA_164_308_A_5_II_B_BLOCK_MALWARE";
+    ComplianceCode["HIPAA_164_308_A_5_II_C_WATCH_LOGINS"] = "HIPAA_164_308_A_5_II_C_WATCH_LOGINS";
+    ComplianceCode["HIPAA_164_308_A_5_II_D_PROTECT_PASSWORDS"] = "HIPAA_164_308_A_5_II_D_PROTECT_PASSWORDS";
+    ComplianceCode["HIPAA_164_308_A_7_I_PLAN_EMERGENCIES"] = "HIPAA_164_308_A_7_I_PLAN_EMERGENCIES";
+    ComplianceCode["HIPAA_164_312_A_1_CONTROL_ACCESS"] = "HIPAA_164_312_A_1_CONTROL_ACCESS";
+    ComplianceCode["HIPAA_164_312_C_1_PREVENT_CHANGES"] = "HIPAA_164_312_C_1_PREVENT_CHANGES";
+    ComplianceCode["HIPAA_164_312_D_VERIFY_IDENTITY"] = "HIPAA_164_312_D_VERIFY_IDENTITY";
+    ComplianceCode["HIPAA_164_312_E_1_PROTECT_ONLINE_INFO"] = "HIPAA_164_312_E_1_PROTECT_ONLINE_INFO";
+    ComplianceCode["HIPAA_164_312_E_2_I_PREVENT_UNAUTHORIZED_CHANGES"] = "HIPAA_164_312_E_2_I_PREVENT_UNAUTHORIZED_CHANGES";
+    ComplianceCode["HIPAA_164_312_E_2_II_USE_ENCRYPTION"] = "HIPAA_164_312_E_2_II_USE_ENCRYPTION";
+    ComplianceCode["HIPAA_164_530_C_2_I_KEEP_INFO_SHARED"] = "HIPAA_164_530_C_2_I_KEEP_INFO_SHARED";
+    // --- GDPR (ComplianceId: 3) ---
+    ComplianceCode["GDPR_A_10_1_1_DOCUMENTED_OPERATING_PROCEDURES"] = "GDPR_A_10_1_1_DOCUMENTED_OPERATING_PROCEDURES";
+    ComplianceCode["GDPR_A_10_1_2_CHANGE_MANAGEMENT"] = "GDPR_A_10_1_2_CHANGE_MANAGEMENT";
+    ComplianceCode["GDPR_A_10_1_3_SEGREGATION_OF_DUTIES"] = "GDPR_A_10_1_3_SEGREGATION_OF_DUTIES";
+    ComplianceCode["GDPR_A_10_1_4_SEPARATION_DEV_TEST_OPS"] = "GDPR_A_10_1_4_SEPARATION_DEV_TEST_OPS";
+    ComplianceCode["GDPR_A_10_2_1_SERVICE_DELIVERY"] = "GDPR_A_10_2_1_SERVICE_DELIVERY";
+    ComplianceCode["GDPR_A_10_2_2_MONITORING_THIRD_PARTY_SERVICES"] = "GDPR_A_10_2_2_MONITORING_THIRD_PARTY_SERVICES";
+    ComplianceCode["GDPR_A_10_2_3_MANAGING_CHANGES_THIRD_PARTY"] = "GDPR_A_10_2_3_MANAGING_CHANGES_THIRD_PARTY";
+    ComplianceCode["GDPR_A_10_3_1_CAPACITY_MANAGEMENT"] = "GDPR_A_10_3_1_CAPACITY_MANAGEMENT";
+    ComplianceCode["GDPR_A_10_3_2_SYSTEM_ACCEPTANCE"] = "GDPR_A_10_3_2_SYSTEM_ACCEPTANCE";
+    ComplianceCode["GDPR_A_10_4_1_CONTROLS_AGAINST_MALICIOUS_CODE"] = "GDPR_A_10_4_1_CONTROLS_AGAINST_MALICIOUS_CODE";
+    ComplianceCode["GDPR_A_10_4_2_CONTROLS_AGAINST_MOBILE_CODE"] = "GDPR_A_10_4_2_CONTROLS_AGAINST_MOBILE_CODE";
+    ComplianceCode["GDPR_A_10_5_1_INFORMATION_BACK_UP"] = "GDPR_A_10_5_1_INFORMATION_BACK_UP";
+    ComplianceCode["GDPR_A_10_6_1_NETWORK_CONTROLS"] = "GDPR_A_10_6_1_NETWORK_CONTROLS";
+    ComplianceCode["GDPR_A_10_6_2_SECURITY_OF_NETWORK_SERVICES"] = "GDPR_A_10_6_2_SECURITY_OF_NETWORK_SERVICES";
+    ComplianceCode["GDPR_A_10_7_1_MANAGEMENT_REMOVABLE_MEDIA"] = "GDPR_A_10_7_1_MANAGEMENT_REMOVABLE_MEDIA";
+    ComplianceCode["GDPR_A_10_7_2_DISPOSAL_OF_MEDIA"] = "GDPR_A_10_7_2_DISPOSAL_OF_MEDIA";
+    ComplianceCode["GDPR_A_10_7_3_INFORMATION_HANDLING_PROCEDURES"] = "GDPR_A_10_7_3_INFORMATION_HANDLING_PROCEDURES";
+    ComplianceCode["GDPR_A_10_7_4_SECURITY_SYSTEM_DOCUMENTATION"] = "GDPR_A_10_7_4_SECURITY_SYSTEM_DOCUMENTATION";
+    ComplianceCode["GDPR_A_10_8_1_INFO_EXCHANGE_POLICIES"] = "GDPR_A_10_8_1_INFO_EXCHANGE_POLICIES";
+    ComplianceCode["GDPR_A_10_8_2_EXCHANGE_AGREEMENTS"] = "GDPR_A_10_8_2_EXCHANGE_AGREEMENTS";
+    ComplianceCode["GDPR_A_10_8_3_PHYSICAL_MEDIA_IN_TRANSIT"] = "GDPR_A_10_8_3_PHYSICAL_MEDIA_IN_TRANSIT";
+    ComplianceCode["GDPR_A_10_8_4_ELECTRONIC_MESSAGING"] = "GDPR_A_10_8_4_ELECTRONIC_MESSAGING";
+    ComplianceCode["GDPR_A_10_8_5_BUSINESS_INFORMATION_SYSTEMS"] = "GDPR_A_10_8_5_BUSINESS_INFORMATION_SYSTEMS";
+    ComplianceCode["GDPR_A_10_9_1_ELECTRONIC_COMMERCE"] = "GDPR_A_10_9_1_ELECTRONIC_COMMERCE";
+    ComplianceCode["GDPR_A_10_9_2_ONLINE_TRANSACTIONS"] = "GDPR_A_10_9_2_ONLINE_TRANSACTIONS";
+    ComplianceCode["GDPR_A_10_9_3_PUBLICLY_AVAILABLE"] = "GDPR_A_10_9_3_PUBLICLY_AVAILABLE";
+    ComplianceCode["GDPR_A_10_10_1_AUDIT_LOGGING"] = "GDPR_A_10_10_1_AUDIT_LOGGING";
+    ComplianceCode["GDPR_A_10_10_2_MONITORING_SYSTEM_USE"] = "GDPR_A_10_10_2_MONITORING_SYSTEM_USE";
+    ComplianceCode["GDPR_A_10_10_3_PROTECTION_OF_LOG_INFORMATION"] = "GDPR_A_10_10_3_PROTECTION_OF_LOG_INFORMATION";
+    ComplianceCode["GDPR_A_10_10_4_ADMINISTRATOR_OPERATOR_LOGS"] = "GDPR_A_10_10_4_ADMINISTRATOR_OPERATOR_LOGS";
+    ComplianceCode["GDPR_A_10_10_5_FAULT_LOGGING"] = "GDPR_A_10_10_5_FAULT_LOGGING";
+    ComplianceCode["GDPR_A_10_10_6_CLOCK_SYNCHRONIZATION"] = "GDPR_A_10_10_6_CLOCK_SYNCHRONIZATION";
+    ComplianceCode["GDPR_A_11_1_1_ACCESS_CONTROL_POLICY"] = "GDPR_A_11_1_1_ACCESS_CONTROL_POLICY";
+    ComplianceCode["GDPR_A_11_2_1_USER_REGISTRATION"] = "GDPR_A_11_2_1_USER_REGISTRATION";
+    ComplianceCode["GDPR_A_11_2_2_PRIVILEGE_MANAGEMENT"] = "GDPR_A_11_2_2_PRIVILEGE_MANAGEMENT";
+    ComplianceCode["GDPR_A_11_2_3_USER_PASSWORD_MANAGEMENT"] = "GDPR_A_11_2_3_USER_PASSWORD_MANAGEMENT";
+    ComplianceCode["GDPR_A_11_2_4_REVIEW_USER_ACCESS_RIGHTS"] = "GDPR_A_11_2_4_REVIEW_USER_ACCESS_RIGHTS";
+    ComplianceCode["GDPR_A_11_3_1_PASSWORD_USE"] = "GDPR_A_11_3_1_PASSWORD_USE";
+    ComplianceCode["GDPR_A_11_3_2_UNATTENDED_USER_EQUIPMENT"] = "GDPR_A_11_3_2_UNATTENDED_USER_EQUIPMENT";
+    ComplianceCode["GDPR_A_11_3_3_CLEAR_DESK_SCREEN_POLICY"] = "GDPR_A_11_3_3_CLEAR_DESK_SCREEN_POLICY";
+    ComplianceCode["GDPR_A_11_4_1_POLICY_USE_NETWORK_SERVICES"] = "GDPR_A_11_4_1_POLICY_USE_NETWORK_SERVICES";
+    ComplianceCode["GDPR_A_11_4_2_USER_AUTH_EXTERNAL_CONNECTIONS"] = "GDPR_A_11_4_2_USER_AUTH_EXTERNAL_CONNECTIONS";
+    ComplianceCode["GDPR_A_11_4_3_EQUIPMENT_IDENTIFICATION"] = "GDPR_A_11_4_3_EQUIPMENT_IDENTIFICATION";
+    ComplianceCode["GDPR_A_11_4_4_REMOTE_DIAGNOSTIC_PORT_PROTECTION"] = "GDPR_A_11_4_4_REMOTE_DIAGNOSTIC_PORT_PROTECTION";
+    ComplianceCode["GDPR_A_11_4_5_SEGREGATION_IN_NETWORKS"] = "GDPR_A_11_4_5_SEGREGATION_IN_NETWORKS";
+    ComplianceCode["GDPR_A_11_4_6_NETWORK_CONNECTION_CONTROL"] = "GDPR_A_11_4_6_NETWORK_CONNECTION_CONTROL";
+    ComplianceCode["GDPR_A_11_4_7_NETWORK_ROUTING_CONTROL"] = "GDPR_A_11_4_7_NETWORK_ROUTING_CONTROL";
+    ComplianceCode["GDPR_A_11_5_1_SECURE_LOG_ON"] = "GDPR_A_11_5_1_SECURE_LOG_ON";
+    ComplianceCode["GDPR_A_11_5_2_USER_ID_AND_AUTH"] = "GDPR_A_11_5_2_USER_ID_AND_AUTH";
+    ComplianceCode["GDPR_A_11_5_3_PASSWORD_MANAGEMENT_SYSTEM"] = "GDPR_A_11_5_3_PASSWORD_MANAGEMENT_SYSTEM";
+    ComplianceCode["GDPR_A_11_5_4_USE_OF_SYSTEM_UTILITIES"] = "GDPR_A_11_5_4_USE_OF_SYSTEM_UTILITIES";
+    ComplianceCode["GDPR_A_11_5_5_SESSION_TIMEOUT"] = "GDPR_A_11_5_5_SESSION_TIMEOUT";
+    ComplianceCode["GDPR_A_11_5_6_LIMITATION_CONNECTION_TIME"] = "GDPR_A_11_5_6_LIMITATION_CONNECTION_TIME";
+    ComplianceCode["GDPR_A_11_6_1_INFORMATION_ACCESS_RESTRICTION"] = "GDPR_A_11_6_1_INFORMATION_ACCESS_RESTRICTION";
+    ComplianceCode["GDPR_A_11_6_2_SENSITIVE_SYSTEM_ISOLATION"] = "GDPR_A_11_6_2_SENSITIVE_SYSTEM_ISOLATION";
+    ComplianceCode["GDPR_A_11_7_1_MOBILE_COMPUTING"] = "GDPR_A_11_7_1_MOBILE_COMPUTING";
+    ComplianceCode["GDPR_A_11_7_2_TELEWORKING"] = "GDPR_A_11_7_2_TELEWORKING";
+    ComplianceCode["GDPR_A_12_1_1_SECURITY_REQUIREMENTS_ANALYSIS"] = "GDPR_A_12_1_1_SECURITY_REQUIREMENTS_ANALYSIS";
+    ComplianceCode["GDPR_A_12_2_1_INPUT_DATA_VALIDATION"] = "GDPR_A_12_2_1_INPUT_DATA_VALIDATION";
+    ComplianceCode["GDPR_A_12_2_2_CONTROL_INTERNAL_PROCESSING"] = "GDPR_A_12_2_2_CONTROL_INTERNAL_PROCESSING";
+    ComplianceCode["GDPR_A_12_2_3_MESSAGE_INTEGRITY"] = "GDPR_A_12_2_3_MESSAGE_INTEGRITY";
+    ComplianceCode["GDPR_A_12_2_4_OUTPUT_DATA_VALIDATION"] = "GDPR_A_12_2_4_OUTPUT_DATA_VALIDATION";
+    ComplianceCode["GDPR_A_12_3_1_POLICY_CRYPTOGRAPHIC_CONTROLS"] = "GDPR_A_12_3_1_POLICY_CRYPTOGRAPHIC_CONTROLS";
+    ComplianceCode["GDPR_A_12_3_2_KEY_MANAGEMENT"] = "GDPR_A_12_3_2_KEY_MANAGEMENT";
+    ComplianceCode["GDPR_A_12_4_1_CONTROL_OPERATIONAL_SOFTWARE"] = "GDPR_A_12_4_1_CONTROL_OPERATIONAL_SOFTWARE";
+    ComplianceCode["GDPR_A_12_4_2_PROTECTION_SYSTEM_TEST_DATA"] = "GDPR_A_12_4_2_PROTECTION_SYSTEM_TEST_DATA";
+    ComplianceCode["GDPR_A_12_4_3_ACCESS_CONTROL_SOURCE_CODE"] = "GDPR_A_12_4_3_ACCESS_CONTROL_SOURCE_CODE";
+    ComplianceCode["GDPR_A_12_5_1_CHANGE_CONTROL_PROCEDURES"] = "GDPR_A_12_5_1_CHANGE_CONTROL_PROCEDURES";
+    ComplianceCode["GDPR_A_12_5_2_TECHNICAL_REVIEW_APPS"] = "GDPR_A_12_5_2_TECHNICAL_REVIEW_APPS";
+    ComplianceCode["GDPR_A_12_5_3_RESTRICTIONS_CHANGES_SOFTWARE"] = "GDPR_A_12_5_3_RESTRICTIONS_CHANGES_SOFTWARE";
+    ComplianceCode["GDPR_A_12_5_4_INFORMATION_LEAKAGE"] = "GDPR_A_12_5_4_INFORMATION_LEAKAGE";
+    ComplianceCode["GDPR_A_12_5_5_OUTSOURCED_SOFTWARE_DEV"] = "GDPR_A_12_5_5_OUTSOURCED_SOFTWARE_DEV";
+    ComplianceCode["GDPR_A_12_6_1_CONTROL_TECHNICAL_VULNERABILITIES"] = "GDPR_A_12_6_1_CONTROL_TECHNICAL_VULNERABILITIES";
+    // --- PCI DSS (ComplianceId: 4) ---
+    ComplianceCode["PCI_REQ_1_INSTALL_FIREWALL"] = "PCI_REQ_1_INSTALL_FIREWALL";
+    ComplianceCode["PCI_REQ_2_1_CHANGE_DEFAULT_PASSWORDS"] = "PCI_REQ_2_1_CHANGE_DEFAULT_PASSWORDS";
+    ComplianceCode["PCI_REQ_2_2_1_ONE_PRIMARY_FUNCTION"] = "PCI_REQ_2_2_1_ONE_PRIMARY_FUNCTION";
+    ComplianceCode["PCI_REQ_2_2_2_ENABLE_NECESSARY_SERVICES"] = "PCI_REQ_2_2_2_ENABLE_NECESSARY_SERVICES";
+    ComplianceCode["PCI_REQ_2_2_3_SECURE_INSECURE_SERVICES"] = "PCI_REQ_2_2_3_SECURE_INSECURE_SERVICES";
+    ComplianceCode["PCI_REQ_2_2_4_CONFIGURE_SYSTEM_PARAMETERS"] = "PCI_REQ_2_2_4_CONFIGURE_SYSTEM_PARAMETERS";
+    ComplianceCode["PCI_REQ_2_2_5_STRENGTHEN_INSECURE_SERVICES"] = "PCI_REQ_2_2_5_STRENGTHEN_INSECURE_SERVICES";
+    ComplianceCode["PCI_REQ_2_3_ENCRYPT_NON_CONSOLE_ADMIN"] = "PCI_REQ_2_3_ENCRYPT_NON_CONSOLE_ADMIN";
+    ComplianceCode["PCI_REQ_A_1_1_ISOLATE_PROCESSES_CDE"] = "PCI_REQ_A_1_1_ISOLATE_PROCESSES_CDE";
+    ComplianceCode["PCI_REQ_A_1_2_RESTRICT_ENTITY_ACCESS"] = "PCI_REQ_A_1_2_RESTRICT_ENTITY_ACCESS";
+    ComplianceCode["PCI_REQ_A_1_3_ENABLE_UNIQUE_LOGGING"] = "PCI_REQ_A_1_3_ENABLE_UNIQUE_LOGGING";
+    ComplianceCode["PCI_REQ_A_1_4_ENABLE_FORENSIC_INVESTIGATION"] = "PCI_REQ_A_1_4_ENABLE_FORENSIC_INVESTIGATION";
+    ComplianceCode["PCI_REQ_3_1_MINIMIZE_DATA_STORAGE"] = "PCI_REQ_3_1_MINIMIZE_DATA_STORAGE";
+    ComplianceCode["PCI_REQ_3_2_1_NO_FULL_TRACK_DATA"] = "PCI_REQ_3_2_1_NO_FULL_TRACK_DATA";
+    ComplianceCode["PCI_REQ_3_2_2_NO_CVV_STORAGE"] = "PCI_REQ_3_2_2_NO_CVV_STORAGE";
+    ComplianceCode["PCI_REQ_3_2_3_NO_PIN_STORAGE"] = "PCI_REQ_3_2_3_NO_PIN_STORAGE";
+    ComplianceCode["PCI_REQ_3_3_MASK_PAN"] = "PCI_REQ_3_3_MASK_PAN";
+    ComplianceCode["PCI_REQ_3_4_RENDER_PAN_UNREADABLE"] = "PCI_REQ_3_4_RENDER_PAN_UNREADABLE";
+    ComplianceCode["PCI_REQ_3_5_PROTECT_ENCRYPTION_KEYS"] = "PCI_REQ_3_5_PROTECT_ENCRYPTION_KEYS";
+    ComplianceCode["PCI_REQ_3_6_KEY_MANAGEMENT_PROCESSES"] = "PCI_REQ_3_6_KEY_MANAGEMENT_PROCESSES";
+    ComplianceCode["PCI_REQ_3_7_DOCUMENT_POLICIES_STORED_DATA"] = "PCI_REQ_3_7_DOCUMENT_POLICIES_STORED_DATA";
+    ComplianceCode["PCI_REQ_4_1_STRONG_CRYPTO_TRANSMISSION"] = "PCI_REQ_4_1_STRONG_CRYPTO_TRANSMISSION";
+    ComplianceCode["PCI_REQ_4_2_NO_UNPROTECTED_PAN_MESSAGING"] = "PCI_REQ_4_2_NO_UNPROTECTED_PAN_MESSAGING";
+    ComplianceCode["PCI_REQ_4_3_ENCRYPTION_POLICIES_TRANSMISSION"] = "PCI_REQ_4_3_ENCRYPTION_POLICIES_TRANSMISSION";
+    ComplianceCode["PCI_REQ_5_PROTECT_MALWARE_ANTIVIRUS"] = "PCI_REQ_5_PROTECT_MALWARE_ANTIVIRUS";
+    ComplianceCode["PCI_REQ_6_1_IDENTIFY_RANK_VULNERABILITIES"] = "PCI_REQ_6_1_IDENTIFY_RANK_VULNERABILITIES";
+    ComplianceCode["PCI_REQ_6_2_INSTALL_SECURITY_PATCHES"] = "PCI_REQ_6_2_INSTALL_SECURITY_PATCHES";
+    ComplianceCode["PCI_REQ_6_3_1_SECURE_SOFTWARE_DEVELOPMENT"] = "PCI_REQ_6_3_1_SECURE_SOFTWARE_DEVELOPMENT";
+    ComplianceCode["PCI_REQ_6_3_2_CODE_REVIEW"] = "PCI_REQ_6_3_2_CODE_REVIEW";
+    ComplianceCode["PCI_REQ_6_4_1_SEPARATE_DEV_PROD"] = "PCI_REQ_6_4_1_SEPARATE_DEV_PROD";
+    ComplianceCode["PCI_REQ_6_4_2_SEPARATION_OF_DUTIES"] = "PCI_REQ_6_4_2_SEPARATION_OF_DUTIES";
+    ComplianceCode["PCI_REQ_6_4_3_NO_LIVE_DATA_TESTING"] = "PCI_REQ_6_4_3_NO_LIVE_DATA_TESTING";
+    ComplianceCode["PCI_REQ_6_4_4_REMOVE_TEST_DATA"] = "PCI_REQ_6_4_4_REMOVE_TEST_DATA";
+    ComplianceCode["PCI_REQ_6_5_1_PREVENT_INJECTION"] = "PCI_REQ_6_5_1_PREVENT_INJECTION";
+    ComplianceCode["PCI_REQ_6_5_2_PREVENT_BUFFER_OVERFLOW"] = "PCI_REQ_6_5_2_PREVENT_BUFFER_OVERFLOW";
+    ComplianceCode["PCI_REQ_6_5_3_SECURE_CRYPTOGRAPHIC_STORAGE"] = "PCI_REQ_6_5_3_SECURE_CRYPTOGRAPHIC_STORAGE";
+    ComplianceCode["PCI_REQ_6_5_4_SECURE_COMM_CHANNELS"] = "PCI_REQ_6_5_4_SECURE_COMM_CHANNELS";
+    ComplianceCode["PCI_REQ_6_5_5_PROPER_ERROR_HANDLING"] = "PCI_REQ_6_5_5_PROPER_ERROR_HANDLING";
+    ComplianceCode["PCI_REQ_6_5_6_ADDRESS_HIGH_RISK_VULNS"] = "PCI_REQ_6_5_6_ADDRESS_HIGH_RISK_VULNS";
+    ComplianceCode["PCI_REQ_6_5_7_PREVENT_XSS"] = "PCI_REQ_6_5_7_PREVENT_XSS";
+    ComplianceCode["PCI_REQ_6_5_8_PREVENT_ACCESS_CONTROL_VULNS"] = "PCI_REQ_6_5_8_PREVENT_ACCESS_CONTROL_VULNS";
+    ComplianceCode["PCI_REQ_6_5_9_PREVENT_CSRF"] = "PCI_REQ_6_5_9_PREVENT_CSRF";
+    ComplianceCode["PCI_REQ_6_5_10_PREVENT_BROKEN_AUTH"] = "PCI_REQ_6_5_10_PREVENT_BROKEN_AUTH";
+    ComplianceCode["PCI_REQ_6_6_PROTECT_PUBLIC_WEB_APPS"] = "PCI_REQ_6_6_PROTECT_PUBLIC_WEB_APPS";
+    ComplianceCode["PCI_REQ_6_7_DOCUMENT_POLICIES_SECURE_SYSTEMS"] = "PCI_REQ_6_7_DOCUMENT_POLICIES_SECURE_SYSTEMS";
+    ComplianceCode["PCI_REQ_7_RESTRICT_ACCESS_NEED_TO_KNOW"] = "PCI_REQ_7_RESTRICT_ACCESS_NEED_TO_KNOW";
+    ComplianceCode["PCI_REQ_7_1_1_DEFINE_ROLE_BASED_ACCESS"] = "PCI_REQ_7_1_1_DEFINE_ROLE_BASED_ACCESS";
+    ComplianceCode["PCI_REQ_7_1_2_RESTRICT_PRIVILEGED_USER"] = "PCI_REQ_7_1_2_RESTRICT_PRIVILEGED_USER";
+    ComplianceCode["PCI_REQ_7_1_3_ASSIGN_ACCESS_BY_ROLE"] = "PCI_REQ_7_1_3_ASSIGN_ACCESS_BY_ROLE";
+    ComplianceCode["PCI_REQ_7_1_4_DOCUMENTED_APPROVAL"] = "PCI_REQ_7_1_4_DOCUMENTED_APPROVAL";
+    ComplianceCode["PCI_REQ_7_2_ACCESS_CONTROL_NEED_TO_KNOW"] = "PCI_REQ_7_2_ACCESS_CONTROL_NEED_TO_KNOW";
+    ComplianceCode["PCI_REQ_7_3_DOCUMENT_POLICIES_CARDHOLDER_DATA"] = "PCI_REQ_7_3_DOCUMENT_POLICIES_CARDHOLDER_DATA";
+    ComplianceCode["PCI_REQ_8_1_1_ASSIGN_UNIQUE_IDS"] = "PCI_REQ_8_1_1_ASSIGN_UNIQUE_IDS";
+    ComplianceCode["PCI_REQ_8_1_2_CONTROL_USER_ID_MANAGEMENT"] = "PCI_REQ_8_1_2_CONTROL_USER_ID_MANAGEMENT";
+    ComplianceCode["PCI_REQ_8_1_3_REVOKE_TERMINATED_USERS"] = "PCI_REQ_8_1_3_REVOKE_TERMINATED_USERS";
+    ComplianceCode["PCI_REQ_8_1_4_REMOVE_INACTIVE_ACCOUNTS"] = "PCI_REQ_8_1_4_REMOVE_INACTIVE_ACCOUNTS";
+    ComplianceCode["PCI_REQ_8_1_5_MANAGE_THIRD_PARTY_IDS"] = "PCI_REQ_8_1_5_MANAGE_THIRD_PARTY_IDS";
+    ComplianceCode["PCI_REQ_8_1_6_LIMIT_REPEATED_ACCESS_ATTEMPTS"] = "PCI_REQ_8_1_6_LIMIT_REPEATED_ACCESS_ATTEMPTS";
+    ComplianceCode["PCI_REQ_8_1_7_ACCOUNT_LOCKOUT_DURATION"] = "PCI_REQ_8_1_7_ACCOUNT_LOCKOUT_DURATION";
+    ComplianceCode["PCI_REQ_8_1_8_SESSION_RE_AUTH_IDLE"] = "PCI_REQ_8_1_8_SESSION_RE_AUTH_IDLE";
+    ComplianceCode["PCI_REQ_8_2_1_ENCRYPT_CREDENTIALS"] = "PCI_REQ_8_2_1_ENCRYPT_CREDENTIALS";
+    ComplianceCode["PCI_REQ_8_2_2_VERIFY_IDENTITY_BEFORE_CHANGE"] = "PCI_REQ_8_2_2_VERIFY_IDENTITY_BEFORE_CHANGE";
+    ComplianceCode["PCI_REQ_8_2_3_PASSWORD_STRENGTH"] = "PCI_REQ_8_2_3_PASSWORD_STRENGTH";
+    ComplianceCode["PCI_REQ_8_2_4_PASSWORD_EXPIRATION"] = "PCI_REQ_8_2_4_PASSWORD_EXPIRATION";
+    ComplianceCode["PCI_REQ_8_2_5_PASSWORD_REUSE"] = "PCI_REQ_8_2_5_PASSWORD_REUSE";
+    ComplianceCode["PCI_REQ_8_2_6_UNIQUE_INITIAL_PASSWORD"] = "PCI_REQ_8_2_6_UNIQUE_INITIAL_PASSWORD";
+    ComplianceCode["PCI_REQ_8_3_SECURE_REMOTE_ACCESS_MFA"] = "PCI_REQ_8_3_SECURE_REMOTE_ACCESS_MFA";
+    ComplianceCode["PCI_REQ_8_4_DOCUMENT_AUTH_POLICIES"] = "PCI_REQ_8_4_DOCUMENT_AUTH_POLICIES";
+    ComplianceCode["PCI_REQ_8_5_1_UNIQUE_CREDS_SERVICE_PROVIDERS"] = "PCI_REQ_8_5_1_UNIQUE_CREDS_SERVICE_PROVIDERS";
+    ComplianceCode["PCI_REQ_8_6_AUTH_MECHANISMS_INDIVIDUAL"] = "PCI_REQ_8_6_AUTH_MECHANISMS_INDIVIDUAL";
+    ComplianceCode["PCI_REQ_8_7_RESTRICT_DB_ACCESS"] = "PCI_REQ_8_7_RESTRICT_DB_ACCESS";
+    ComplianceCode["PCI_REQ_8_8_DOCUMENT_AUTH_POLICIES_COMM"] = "PCI_REQ_8_8_DOCUMENT_AUTH_POLICIES_COMM";
+    ComplianceCode["PCI_REQ_9_RESTRICT_PHYSICAL_ACCESS"] = "PCI_REQ_9_RESTRICT_PHYSICAL_ACCESS";
+    ComplianceCode["PCI_REQ_10_4_SYNCHRONIZE_CLOCKS"] = "PCI_REQ_10_4_SYNCHRONIZE_CLOCKS";
+    ComplianceCode["PCI_REQ_10_5_SECURE_AUDIT_TRAILS"] = "PCI_REQ_10_5_SECURE_AUDIT_TRAILS";
+    ComplianceCode["PCI_REQ_10_6_REVIEW_LOGS"] = "PCI_REQ_10_6_REVIEW_LOGS";
+    ComplianceCode["PCI_REQ_10_7_RETAIN_AUDIT_TRAIL"] = "PCI_REQ_10_7_RETAIN_AUDIT_TRAIL";
+    ComplianceCode["PCI_REQ_10_9_DOCUMENT_ACCESS_MONITORING"] = "PCI_REQ_10_9_DOCUMENT_ACCESS_MONITORING";
+    ComplianceCode["PCI_REQ_11_REGULAR_TESTING"] = "PCI_REQ_11_REGULAR_TESTING";
+    ComplianceCode["PCI_REQ_12_INFO_SEC_POLICY"] = "PCI_REQ_12_INFO_SEC_POLICY";
+    // --- SANS/CWE Top 25 (ComplianceId: 5) ---
+    ComplianceCode["SANS_TOP_25_CWE_79_XSS"] = "SANS_TOP_25_CWE_79_XSS";
+    ComplianceCode["SANS_TOP_25_CWE_787_OOB_WRITE"] = "SANS_TOP_25_CWE_787_OOB_WRITE";
+    ComplianceCode["SANS_TOP_25_CWE_89_SQLI"] = "SANS_TOP_25_CWE_89_SQLI";
+    ComplianceCode["SANS_TOP_25_CWE_352_CSRF"] = "SANS_TOP_25_CWE_352_CSRF";
+    ComplianceCode["SANS_TOP_25_CWE_22_PATH_TRAVERSAL"] = "SANS_TOP_25_CWE_22_PATH_TRAVERSAL";
+    ComplianceCode["SANS_TOP_25_CWE_125_OOB_READ"] = "SANS_TOP_25_CWE_125_OOB_READ";
+    ComplianceCode["SANS_TOP_25_CWE_78_OS_COMMAND_INJECTION"] = "SANS_TOP_25_CWE_78_OS_COMMAND_INJECTION";
+    ComplianceCode["SANS_TOP_25_CWE_416_USE_AFTER_FREE"] = "SANS_TOP_25_CWE_416_USE_AFTER_FREE";
+    ComplianceCode["SANS_TOP_25_CWE_862_MISSING_AUTHZ"] = "SANS_TOP_25_CWE_862_MISSING_AUTHZ";
+    ComplianceCode["SANS_TOP_25_CWE_434_UNRESTRICTED_UPLOAD"] = "SANS_TOP_25_CWE_434_UNRESTRICTED_UPLOAD";
+    ComplianceCode["SANS_TOP_25_CWE_94_CODE_INJECTION"] = "SANS_TOP_25_CWE_94_CODE_INJECTION";
+    ComplianceCode["SANS_TOP_25_CWE_20_INPUT_VALIDATION"] = "SANS_TOP_25_CWE_20_INPUT_VALIDATION";
+    ComplianceCode["SANS_TOP_25_CWE_77_COMMAND_INJECTION"] = "SANS_TOP_25_CWE_77_COMMAND_INJECTION";
+    ComplianceCode["SANS_TOP_25_CWE_287_IMPROPER_AUTH"] = "SANS_TOP_25_CWE_287_IMPROPER_AUTH";
+    ComplianceCode["SANS_TOP_25_CWE_269_PRIVILEGE_MGMT"] = "SANS_TOP_25_CWE_269_PRIVILEGE_MGMT";
+    ComplianceCode["SANS_TOP_25_CWE_502_UNTRUSTED_DESER"] = "SANS_TOP_25_CWE_502_UNTRUSTED_DESER";
+    ComplianceCode["SANS_TOP_25_CWE_200_INFO_EXPOSURE"] = "SANS_TOP_25_CWE_200_INFO_EXPOSURE";
+    ComplianceCode["SANS_TOP_25_CWE_863_INCORRECT_AUTHZ"] = "SANS_TOP_25_CWE_863_INCORRECT_AUTHZ";
+    ComplianceCode["SANS_TOP_25_CWE_918_SSRF"] = "SANS_TOP_25_CWE_918_SSRF";
+    ComplianceCode["SANS_TOP_25_CWE_119_MEMORY_BOUNDS"] = "SANS_TOP_25_CWE_119_MEMORY_BOUNDS";
+    ComplianceCode["SANS_TOP_25_CWE_476_NULL_DEREF"] = "SANS_TOP_25_CWE_476_NULL_DEREF";
+    ComplianceCode["SANS_TOP_25_CWE_798_HARDCODED_CREDS"] = "SANS_TOP_25_CWE_798_HARDCODED_CREDS";
+    ComplianceCode["SANS_TOP_25_CWE_190_INTEGER_OVERFLOW"] = "SANS_TOP_25_CWE_190_INTEGER_OVERFLOW";
+    ComplianceCode["SANS_TOP_25_CWE_400_RESOURCE_CONSUMPTION"] = "SANS_TOP_25_CWE_400_RESOURCE_CONSUMPTION";
+    ComplianceCode["SANS_TOP_25_CWE_306_MISSING_AUTH"] = "SANS_TOP_25_CWE_306_MISSING_AUTH";
+})(ComplianceCode || (ComplianceCode = {}));

package/dist/compliances/gdpr.d.ts

@@ -0,0 +1,2 @@
+import { ComplianceRegistry } from '../types';
+export declare const GDPR_COMPLIANCE: ComplianceRegistry;

package/dist/compliances/gdpr.js

@@ -0,0 +1,252 @@
+import { ComplianceCode } from '../compliance-codes';
+import { ComplianceCategory } from '../types';
+import { idsByCategory, idsByCodes, idsByCodePrefix, mergeIds } from './helpers.js';
+const authIds = idsByCategory('authentication');
+const injectionIds = idsByCategory('injection');
+const xssIds = idsByCategory('xss');
+const ssrfIds = idsByCategory('ssrf');
+const configIds = idsByCategory('configuration');
+const disclosureIds = idsByCategory('information_disclosure');
+const cookieIds = idsByCodePrefix(['COOKIE_']);
+const dirbrowseIds = idsByCodePrefix(['DIRBROWSE_']);
+const jwtIds = idsByCodePrefix(['JWT_']);
+const hstsIds = idsByCodes([
+    'HEADER_MISSING_HSTS',
+    'HEADER_HSTS_BAD_MAX_AGE',
+    'HEADER_HSTS_SHORT_MAX_AGE',
+    'HEADER_HSTS_NO_INCLUDESUBDOMAINS',
+    'HEADER_HSTS_PRELOAD_LOW_MAX_AGE',
+    'HEADER_DRIFT_HSTS',
+]);
+const cookieSecureIds = idsByCodes([
+    'COOKIE_SAMESITE_NONE_WITHOUT_SECURE',
+    'COOKIE_SESSION_MISSING_SECURE',
+    'COOKIE_MISSING_SECURE',
+    'COOKIE_HOST_PREFIX_INVALID',
+    'COOKIE_SECURE_PREFIX_INVALID',
+]);
+const allAppSecIds = mergeIds(authIds, injectionIds, xssIds, ssrfIds, configIds, disclosureIds);
+const authAndCookieIds = mergeIds(authIds, cookieIds);
+const accessRestrictionIds = mergeIds(authIds, cookieIds, dirbrowseIds, disclosureIds);
+const cryptoPolicyIds = mergeIds(jwtIds, hstsIds, cookieSecureIds);
+const inputValidationIds = mergeIds(injectionIds, xssIds, ssrfIds);
+const outputValidationIds = mergeIds(injectionIds, xssIds);
+const infoLeakageIds = mergeIds(configIds, disclosureIds);
+export const GDPR_COMPLIANCE = {
+    [ComplianceCode.GDPR_A_10_1_1_DOCUMENTED_OPERATING_PROCEDURES]: {
+        id: 1,
+        code: ComplianceCode.GDPR_A_10_1_1_DOCUMENTED_OPERATING_PROCEDURES,
+        title: 'A.10.1.1 Documented Operating Procedures',
+        description: 'Clear instructions for how systems and processes work should be written down, kept up to date, and shared with anyone who needs them.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: [],
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_10_1_2_CHANGE_MANAGEMENT]: {
+        id: 2,
+        code: ComplianceCode.GDPR_A_10_1_2_CHANGE_MANAGEMENT,
+        title: 'A.10.1.2 Change Management',
+        description: 'Any updates or changes to systems and IT infrastructure should be carefully managed and monitored to avoid problems.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: [],
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_10_1_3_SEGREGATION_OF_DUTIES]: {
+        id: 3,
+        code: ComplianceCode.GDPR_A_10_1_3_SEGREGATION_OF_DUTIES,
+        title: 'A.10.1.3 Segregation of Duties',
+        description: 'Responsibilities should be divided among different people to prevent unauthorized actions or mistakes that could harm the organization.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: [],
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_10_1_4_SEPARATION_DEV_TEST_OPS]: {
+        id: 4,
+        code: ComplianceCode.GDPR_A_10_1_4_SEPARATION_DEV_TEST_OPS,
+        title: 'A.10.1.4  Separation of Development, Testing, and Operations',
+        description: 'The environments for creating, testing, and running software should be kept separate to minimize risks like unauthorized access or accidental changes to live systems.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: [],
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_10_2_1_SERVICE_DELIVERY]: {
+        id: 5,
+        code: ComplianceCode.GDPR_A_10_2_1_SERVICE_DELIVERY,
+        title: 'A.10.2.1 Service delivery',
+        description: 'Make sure that any security rules, service standards, and delivery expectations agreed with a third party are followed and maintained by them.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: [],
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_10_3_2_SYSTEM_ACCEPTANCE]: {
+        id: 9,
+        code: ComplianceCode.GDPR_A_10_3_2_SYSTEM_ACCEPTANCE,
+        title: 'A.10.3.2 System acceptance',
+        description: 'Before fully using updated systems, ensure they meet security and performance standards through thorough testing.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: allAppSecIds,
+        isNotApplicable: false,
+    },
+    [ComplianceCode.GDPR_A_11_2_3_USER_PASSWORD_MANAGEMENT]: {
+        id: 36,
+        code: ComplianceCode.GDPR_A_11_2_3_USER_PASSWORD_MANAGEMENT,
+        title: 'A.11.2.3 User Password Management',
+        description: 'Manage password distribution securely through a formal process.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: authAndCookieIds,
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_11_3_1_PASSWORD_USE]: {
+        id: 38,
+        code: ComplianceCode.GDPR_A_11_3_1_PASSWORD_USE,
+        title: 'A.11.3.1 Password Use',
+        description: 'Users must follow strong security practices when creating and using passwords.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: authAndCookieIds,
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_11_4_4_REMOTE_DIAGNOSTIC_PORT_PROTECTION]: {
+        id: 44,
+        code: ComplianceCode.GDPR_A_11_4_4_REMOTE_DIAGNOSTIC_PORT_PROTECTION,
+        title: 'A.11.4.4 Remote Diagnostic and Configuration Port Protection',
+        description: 'Control both physical and logical access to ports used for remote diagnostics and system configuration.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: disclosureIds,
+        isNotApplicable: false,
+    },
+    [ComplianceCode.GDPR_A_11_5_3_PASSWORD_MANAGEMENT_SYSTEM]: {
+        id: 50,
+        code: ComplianceCode.GDPR_A_11_5_3_PASSWORD_MANAGEMENT_SYSTEM,
+        title: 'A.11.5.3 Password Management System',
+        description: 'Use an interactive system to manage passwords, ensuring they are strong and meet security standards.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: authAndCookieIds,
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_11_5_4_USE_OF_SYSTEM_UTILITIES]: {
+        id: 51,
+        code: ComplianceCode.GDPR_A_11_5_4_USE_OF_SYSTEM_UTILITIES,
+        title: 'A.11.5.4 Use of System Utilities',
+        description: 'Restrict and control the use of utility programs that can bypass system or application security.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: accessRestrictionIds,
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_11_5_5_SESSION_TIMEOUT]: {
+        id: 52,
+        code: ComplianceCode.GDPR_A_11_5_5_SESSION_TIMEOUT,
+        title: 'A.11.5.5 Session Time-out',
+        description: 'Automatically log users out after a period of inactivity to protect the system.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: authAndCookieIds,
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_11_5_6_LIMITATION_CONNECTION_TIME]: {
+        id: 53,
+        code: ComplianceCode.GDPR_A_11_5_6_LIMITATION_CONNECTION_TIME,
+        title: 'A.11.5.6 Limitation of Connection Time',
+        description: 'Limit connection times, especially for high-risk applications, to enhance security.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: authAndCookieIds,
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_11_6_1_INFORMATION_ACCESS_RESTRICTION]: {
+        id: 54,
+        code: ComplianceCode.GDPR_A_11_6_1_INFORMATION_ACCESS_RESTRICTION,
+        title: 'A.11.6.1 Information Access Restriction',
+        description: 'Limit access to information and system functions based on the access control policy for users and support staff.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: accessRestrictionIds,
+        isNotApplicable: false,
+    },
+    [ComplianceCode.GDPR_A_12_1_1_SECURITY_REQUIREMENTS_ANALYSIS]: {
+        id: 58,
+        code: ComplianceCode.GDPR_A_12_1_1_SECURITY_REQUIREMENTS_ANALYSIS,
+        title: 'A.12.1.1 Security Requirements Analysis and Specification',
+        description: 'When defining business requirements for new or updated information systems, include specific security control requirements to ensure protection.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: [],
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_12_2_1_INPUT_DATA_VALIDATION]: {
+        id: 59,
+        code: ComplianceCode.GDPR_A_12_2_1_INPUT_DATA_VALIDATION,
+        title: 'A.12.2.1 Input Data Validation',
+        description: 'Validate all data entered into applications to ensure it\'s accurate and appropriate.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: inputValidationIds,
+        isNotApplicable: false,
+    },
+    [ComplianceCode.GDPR_A_12_2_4_OUTPUT_DATA_VALIDATION]: {
+        id: 62,
+        code: ComplianceCode.GDPR_A_12_2_4_OUTPUT_DATA_VALIDATION,
+        title: 'A.12.2.4 Output Data Validation',
+        description: 'Validate the data output from applications to confirm that the processed information is correct and relevant.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: outputValidationIds,
+        isNotApplicable: false,
+    },
+    [ComplianceCode.GDPR_A_12_3_1_POLICY_CRYPTOGRAPHIC_CONTROLS]: {
+        id: 63,
+        code: ComplianceCode.GDPR_A_12_3_1_POLICY_CRYPTOGRAPHIC_CONTROLS,
+        title: 'A.12.3.1 Policy on the Use of Cryptographic Controls',
+        description: 'Develop and implement a policy for using cryptographic methods to protect information.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: cryptoPolicyIds,
+        isNotApplicable: false,
+    },
+    [ComplianceCode.GDPR_A_12_3_2_KEY_MANAGEMENT]: {
+        id: 64,
+        code: ComplianceCode.GDPR_A_12_3_2_KEY_MANAGEMENT,
+        title: 'A.12.3.2 Key Management',
+        description: 'Establish a key management system to support the organization\'s use of encryption and cryptographic techniques.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: cryptoPolicyIds,
+        isNotApplicable: false,
+    },
+    [ComplianceCode.GDPR_A_12_4_3_ACCESS_CONTROL_SOURCE_CODE]: {
+        id: 67,
+        code: ComplianceCode.GDPR_A_12_4_3_ACCESS_CONTROL_SOURCE_CODE,
+        title: 'A.12.4.3 Access Control to Program Source Code',
+        description: 'Restrict access to the source code of programs to authorized personnel only.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: accessRestrictionIds,
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_12_5_3_RESTRICTIONS_CHANGES_SOFTWARE]: {
+        id: 70,
+        code: ComplianceCode.GDPR_A_12_5_3_RESTRICTIONS_CHANGES_SOFTWARE,
+        title: 'A.12.5.3 Restrictions on Changes to Software Packages',
+        description: 'Limit modifications to software packages to necessary changes only, and tightly control all adjustments.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: accessRestrictionIds,
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_12_5_4_INFORMATION_LEAKAGE]: {
+        id: 71,
+        code: ComplianceCode.GDPR_A_12_5_4_INFORMATION_LEAKAGE,
+        title: 'A.12.5.4  Information Leakage',
+        description: 'Prevent any opportunities that could lead to unauthorized information leakage.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: infoLeakageIds,
+        isNotApplicable: true,
+    },
+    [ComplianceCode.GDPR_A_12_5_5_OUTSOURCED_SOFTWARE_DEV]: {
+        id: 72,
+        code: ComplianceCode.GDPR_A_12_5_5_OUTSOURCED_SOFTWARE_DEV,
+        title: 'A.12.5.5 Outsourced Software Development',
+        description: 'Supervise and monitor outsourced software development activities to ensure they meet the organization s security and quality standards.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: [],
+        isNotApplicable: false,
+    },
+    [ComplianceCode.GDPR_A_12_6_1_CONTROL_TECHNICAL_VULNERABILITIES]: {
+        id: 73,
+        code: ComplianceCode.GDPR_A_12_6_1_CONTROL_TECHNICAL_VULNERABILITIES,
+        title: 'A.12.6.1 Control of Technical Vulnerabilities',
+        description: 'Stay informed about technical vulnerabilities in the systems being used, assess the organization\'s exposure to them, and take necessary actions to manage the associated risks.',
+        complianceStandard: ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: allAppSecIds,
+        isNotApplicable: true,
+    },
+};

package/dist/compliances/helpers.d.ts

@@ -0,0 +1,6 @@
+import type { VulnerabilityCategory } from '../types.js';
+export declare const allVulnerabilityIds: () => number[];
+export declare const idsByCategory: (category: VulnerabilityCategory) => number[];
+export declare const idsByCodes: (codes: string[]) => number[];
+export declare const idsByCodePrefix: (prefixes: string[]) => number[];
+export declare const mergeIds: (...lists: number[][]) => number[];

package/dist/compliances/helpers.js

@@ -0,0 +1,11 @@
+import { VULNERABILITY_REGISTRY } from '../index.js';
+const ALL_VULNERABILITIES = Object.values(VULNERABILITY_REGISTRY);
+const uniqueSorted = (ids) => Array.from(new Set(ids)).sort((a, b) => a - b);
+export const allVulnerabilityIds = () => uniqueSorted(ALL_VULNERABILITIES.map(v => v.id));
+export const idsByCategory = (category) => uniqueSorted(ALL_VULNERABILITIES.filter(v => v.category === category).map(v => v.id));
+export const idsByCodes = (codes) => uniqueSorted(codes
+    .map(code => VULNERABILITY_REGISTRY[code]?.id)
+    .filter((id) => typeof id === 'number'));
+export const idsByCodePrefix = (prefixes) => uniqueSorted(ALL_VULNERABILITIES.filter(v => prefixes.some(prefix => v.code.startsWith(prefix)))
+    .map(v => v.id));
+export const mergeIds = (...lists) => uniqueSorted(lists.flat());

package/dist/compliances/hipaa.d.ts

@@ -0,0 +1,2 @@
+import { ComplianceRegistry } from '../types';
+export declare const HIPAA_COMPLIANCE: ComplianceRegistry;