bmad-plus 0.7.5 â 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +450 -425
- package/LICENSE +21 -21
- package/README.md +555 -447
- package/osint-agent-package/README.md +88 -88
- package/osint-agent-package/SETUP_KEYS.md +108 -108
- package/osint-agent-package/agents/osint-investigator.md +80 -80
- package/osint-agent-package/install.ps1 +87 -87
- package/osint-agent-package/install.sh +76 -76
- package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
- package/osint-agent-package/skills/bmad-osint-investigate/osint/SKILL.md +452 -452
- package/osint-agent-package/skills/bmad-osint-investigate/osint/assets/dossier-template.md +116 -116
- package/osint-agent-package/skills/bmad-osint-investigate/osint/references/content-extraction.md +100 -100
- package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
- package/osint-agent-package/skills/bmad-osint-investigate/osint/references/platforms.md +130 -130
- package/osint-agent-package/skills/bmad-osint-investigate/osint/references/psychoprofile.md +69 -69
- package/osint-agent-package/skills/bmad-osint-investigate/osint/references/tools.md +281 -281
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -260
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/mcp-client.py +136 -136
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
- package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
- package/package.json +62 -57
- package/readme-international/README.de.md +576 -426
- package/readme-international/README.es.md +578 -518
- package/readme-international/README.fr.md +576 -516
- package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
- package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
- package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
- package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
- package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
- package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
- package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/pack-animated/animated-website-agent.md +325 -325
- package/src/bmad-plus/agents/pack-animated/templates/animated-website-workflow.md +55 -55
- package/src/bmad-plus/agents/pack-backup/backup-agent.md +71 -71
- package/src/bmad-plus/agents/pack-backup/templates/backup-workflow.md +51 -51
- package/src/bmad-plus/agents/pack-seo/SKILL.md +171 -171
- package/src/bmad-plus/agents/pack-seo/checklist.md +140 -140
- package/src/bmad-plus/agents/pack-seo/pagespeed-playbook.md +320 -320
- package/src/bmad-plus/agents/pack-seo/ref/audit-schema.json +187 -187
- package/src/bmad-plus/agents/pack-seo/ref/cwv-thresholds.md +87 -87
- package/src/bmad-plus/agents/pack-seo/ref/eeat-criteria.md +123 -123
- package/src/bmad-plus/agents/pack-seo/ref/geo-signals.md +167 -167
- package/src/bmad-plus/agents/pack-seo/ref/hreflang-rules.md +153 -153
- package/src/bmad-plus/agents/pack-seo/ref/quality-gates.md +133 -133
- package/src/bmad-plus/agents/pack-seo/ref/schema-catalog.md +91 -91
- package/src/bmad-plus/agents/pack-seo/ref/schema-templates.json +356 -356
- package/src/bmad-plus/agents/pack-seo/seo-chief.md +294 -294
- package/src/bmad-plus/agents/pack-seo/seo-judge.md +241 -241
- package/src/bmad-plus/agents/pack-seo/seo-scout.md +171 -171
- package/src/bmad-plus/agents/pack-seo/templates/seo-audit-workflow.md +241 -241
- package/src/bmad-plus/data/role-triggers.yaml +209 -209
- package/src/bmad-plus/module-help.csv +10 -10
- package/src/bmad-plus/module.yaml +283 -280
- package/src/bmad-plus/packs/pack-animated/animated-website-agent.md +325 -0
- package/src/bmad-plus/packs/pack-animated/templates/animated-website-workflow.md +55 -0
- package/src/bmad-plus/packs/pack-backup/backup-agent.md +71 -0
- package/src/bmad-plus/packs/pack-backup/templates/backup-workflow.md +51 -0
- package/src/bmad-plus/packs/pack-dev-studio/README.md +162 -162
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/analyst-agent.md +73 -73
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/document-project.md +61 -61
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/domain-research.md +95 -95
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/market-research.md +95 -95
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/prfaq.md +134 -134
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/product-brief.md +80 -80
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/tech-writer-agent.md +73 -73
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/technical-research.md +95 -95
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/architect-agent.md +73 -73
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-architecture.md +73 -73
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-epics-stories.md +92 -92
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/generate-project-context.md +80 -80
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/implementation-readiness.md +90 -90
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01-init.md +153 -153
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01b-continue.md +173 -173
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-02-context.md +224 -224
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-03-starter.md +329 -329
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-04-decisions.md +318 -318
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-05-patterns.md +359 -359
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-06-structure.md +379 -379
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-07-validation.md +361 -361
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-08-complete.md +81 -81
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/checkpoint-preview.md +67 -67
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-01-gather-context.md +85 -85
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-02-review.md +35 -35
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-03-triage.md +49 -49
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-04-present.md +131 -131
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review.md +89 -89
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/correct-course.md +300 -300
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/create-story.md +428 -428
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-agent.md +73 -73
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story-checklist.md +80 -80
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story.md +484 -484
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/investigate.md +193 -193
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/qa-e2e-tests.md +175 -175
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/quick-dev.md +110 -110
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/retrospective.md +1511 -1511
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-planning.md +298 -298
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-status.md +296 -296
- package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-prd.md +29 -29
- package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-ux-design.md +74 -74
- package/src/bmad-plus/packs/pack-dev-studio/categories/planning/edit-prd.md +29 -29
- package/src/bmad-plus/packs/pack-dev-studio/categories/planning/pm-agent.md +73 -73
- package/src/bmad-plus/packs/pack-dev-studio/categories/planning/prd.md +89 -89
- package/src/bmad-plus/packs/pack-dev-studio/categories/planning/ux-designer-agent.md +73 -73
- package/src/bmad-plus/packs/pack-dev-studio/categories/planning/validate-prd.md +29 -29
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/advanced-elicitation.md +141 -141
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/adversarial-review.md +37 -37
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/bmad-help.md +75 -75
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/brainstorming.md +6 -6
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/customize.md +110 -110
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/distillator.md +176 -176
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/edge-case-hunter.md +67 -67
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-prose.md +86 -86
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-structure.md +179 -179
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/index-docs.md +66 -66
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/party-mode.md +127 -127
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/shard-doc.md +105 -105
- package/src/bmad-plus/packs/pack-dev-studio/dev-studio-orchestrator.md +120 -120
- package/src/bmad-plus/packs/pack-dev-studio/shared/architecture-decision-template.md +12 -12
- package/src/bmad-plus/packs/pack-dev-studio/shared/bwml-spec.md +328 -328
- package/src/bmad-plus/packs/pack-dev-studio/shared/module-help.csv +32 -32
- package/src/bmad-plus/packs/pack-dev-studio/upstream-sync.yaml +81 -81
- package/src/bmad-plus/packs/pack-memory/README.md +106 -106
- package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
- package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
- package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
- package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
- package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
- package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
- package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
- package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
- package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
- package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
- package/src/bmad-plus/packs/pack-seo/SKILL.md +171 -0
- package/src/bmad-plus/packs/pack-seo/checklist.md +140 -0
- package/src/bmad-plus/packs/pack-seo/pagespeed-playbook.md +320 -0
- package/src/bmad-plus/packs/pack-seo/ref/audit-schema.json +187 -0
- package/src/bmad-plus/packs/pack-seo/ref/cwv-thresholds.md +87 -0
- package/src/bmad-plus/packs/pack-seo/ref/eeat-criteria.md +123 -0
- package/src/bmad-plus/packs/pack-seo/ref/geo-signals.md +167 -0
- package/src/bmad-plus/packs/pack-seo/ref/hreflang-rules.md +153 -0
- package/src/bmad-plus/packs/pack-seo/ref/quality-gates.md +133 -0
- package/src/bmad-plus/packs/pack-seo/ref/schema-catalog.md +91 -0
- package/src/bmad-plus/packs/pack-seo/ref/schema-templates.json +356 -0
- package/src/bmad-plus/packs/pack-seo/seo-chief.md +294 -0
- package/src/bmad-plus/packs/pack-seo/seo-judge.md +241 -0
- package/src/bmad-plus/packs/pack-seo/seo-scout.md +171 -0
- package/src/bmad-plus/packs/pack-seo/templates/seo-audit-workflow.md +241 -0
- package/src/bmad-plus/packs/pack-shield/README.md +110 -110
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +262 -262
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +179 -179
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +201 -201
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +97 -97
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +251 -251
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +133 -133
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +221 -221
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +150 -150
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +167 -167
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +83 -83
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +250 -250
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +218 -218
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +127 -127
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +272 -272
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +202 -202
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +367 -367
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +510 -510
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +247 -247
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +173 -173
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +239 -239
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +266 -266
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +164 -164
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
- package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
- package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
- package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
- package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
- package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
- package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
- package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
- package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
- package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
- package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
- package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
- package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
- package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
- package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
- package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
- package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
- package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
- package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
- package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
- package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
- package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
- package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
- package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
- package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
- package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
- package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
- package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
- package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
- package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
- package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
- package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
- package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
- package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
- package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
- package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
- package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
- package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
- package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
- package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
- package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
- package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
- package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
- package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
- package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
- package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
- package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
- package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
- package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
- package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
- package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
- package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
- package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
- package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
- package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
- package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
- package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
- package/tools/cli/commands/autoconfig.js +498 -489
- package/tools/cli/commands/doctor.js +222 -222
- package/tools/cli/commands/install.js +739 -739
- package/tools/cli/commands/memory.js +194 -194
- package/tools/cli/commands/scan.js +360 -350
- package/tools/cli/commands/uninstall.js +96 -96
- package/tools/cli/commands/update.js +174 -174
- package/tools/cli/i18n.js +763 -763
|
@@ -1,103 +1,103 @@
|
|
|
1
|
-
# đ Audit Report Template
|
|
2
|
-
|
|
3
|
-
> **Pack:** Shield (GRC Audit) â Shared Templates
|
|
4
|
-
> **Purpose:** Standardized compliance audit report format
|
|
5
|
-
> **Version:** 1.0.0
|
|
6
|
-
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
## Compliance Audit Report
|
|
10
|
-
|
|
11
|
-
### Cover Page
|
|
12
|
-
|
|
13
|
-
| Field | Value |
|
|
14
|
-
|-------|-------|
|
|
15
|
-
| **Report Title** | [Framework] Compliance Audit Report |
|
|
16
|
-
| **Organization** | [NAME] |
|
|
17
|
-
| **Framework(s)** | [FRAMEWORK VERSION] |
|
|
18
|
-
| **Audit Type** | Internal / External / AI-Assisted |
|
|
19
|
-
| **Scope** | [Description of audit scope] |
|
|
20
|
-
| **Period** | [Start Date] to [End Date] |
|
|
21
|
-
| **Report Date** | [DATE] |
|
|
22
|
-
| **Prepared by** | [NAME] |
|
|
23
|
-
| **Classification** | Confidential |
|
|
24
|
-
|
|
25
|
-
---
|
|
26
|
-
|
|
27
|
-
### 1. Executive Summary
|
|
28
|
-
|
|
29
|
-
**Overall Compliance Posture:** đ´ Non-Compliant / đĄ Partially Compliant / đ˘ Compliant
|
|
30
|
-
|
|
31
|
-
**Key Findings:**
|
|
32
|
-
- X critical findings requiring immediate action
|
|
33
|
-
- X high-priority gaps requiring remediation within 30 days
|
|
34
|
-
- X medium-priority improvements recommended
|
|
35
|
-
- X low-priority best-practice suggestions
|
|
36
|
-
|
|
37
|
-
---
|
|
38
|
-
|
|
39
|
-
### 2. Scope & Methodology
|
|
40
|
-
|
|
41
|
-
**In Scope:**
|
|
42
|
-
- [Systems, applications, data stores]
|
|
43
|
-
- [Processes, departments, locations]
|
|
44
|
-
- [Data types covered]
|
|
45
|
-
|
|
46
|
-
**Out of Scope:**
|
|
47
|
-
- [Excluded items with justification]
|
|
48
|
-
|
|
49
|
-
**Methodology:**
|
|
50
|
-
- [Audit standard used]
|
|
51
|
-
- [Evidence collection methods]
|
|
52
|
-
- [Sampling approach if applicable]
|
|
53
|
-
|
|
54
|
-
---
|
|
55
|
-
|
|
56
|
-
### 3. Findings
|
|
57
|
-
|
|
58
|
-
| # | Severity | Reference | Finding | Risk | Recommendation | Owner | Due Date |
|
|
59
|
-
|---|----------|-----------|---------|------|----------------|-------|----------|
|
|
60
|
-
| 1 | đ´ Critical | [Art./Cl.] | [Description] | [Risk] | [Action] | [Name] | [Date] |
|
|
61
|
-
| 2 | đĄ High | [Art./Cl.] | [Description] | [Risk] | [Action] | [Name] | [Date] |
|
|
62
|
-
| 3 | đ˘ Medium | [Art./Cl.] | [Description] | [Risk] | [Action] | [Name] | [Date] |
|
|
63
|
-
|
|
64
|
-
**Severity Definitions:**
|
|
65
|
-
- đ´ **Critical**: Direct regulatory violation, immediate penalty risk
|
|
66
|
-
- đĄ **High**: Significant compliance gap, requires near-term remediation
|
|
67
|
-
- đ˘ **Medium**: Best practice improvement, no immediate violation risk
|
|
68
|
-
- ⪠**Low**: Enhancement opportunity, industry best practice
|
|
69
|
-
|
|
70
|
-
---
|
|
71
|
-
|
|
72
|
-
### 4. Compliance Summary by Domain
|
|
73
|
-
|
|
74
|
-
| Domain | Controls Tested | Compliant | Partial | Non-Compliant | Score |
|
|
75
|
-
|--------|----------------|-----------|---------|---------------|-------|
|
|
76
|
-
| [Domain 1] | X | X | X | X | X% |
|
|
77
|
-
| [Domain 2] | X | X | X | X | X% |
|
|
78
|
-
| **Total** | **X** | **X** | **X** | **X** | **X%** |
|
|
79
|
-
|
|
80
|
-
---
|
|
81
|
-
|
|
82
|
-
### 5. Recommendations & Remediation Plan
|
|
83
|
-
|
|
84
|
-
| Priority | Action | Framework Ref | Effort | Timeline | Dependencies |
|
|
85
|
-
|----------|--------|--------------|--------|----------|-------------|
|
|
86
|
-
| 1 | [Action] | [Ref] | [Est.] | [When] | [What] |
|
|
87
|
-
|
|
88
|
-
---
|
|
89
|
-
|
|
90
|
-
### 6. Appendices
|
|
91
|
-
|
|
92
|
-
- **A**: Evidence inventory
|
|
93
|
-
- **B**: Detailed control testing results
|
|
94
|
-
- **C**: Interview/assessment notes
|
|
95
|
-
- **D**: Previous audit comparison (if applicable)
|
|
96
|
-
|
|
97
|
-
---
|
|
98
|
-
|
|
99
|
-
### Document Control
|
|
100
|
-
|
|
101
|
-
| Version | Date | Author | Changes |
|
|
102
|
-
|---------|------|--------|---------|
|
|
103
|
-
| 1.0 | [Date] | [Name] | Initial audit report |
|
|
1
|
+
# đ Audit Report Template
|
|
2
|
+
|
|
3
|
+
> **Pack:** Shield (GRC Audit) â Shared Templates
|
|
4
|
+
> **Purpose:** Standardized compliance audit report format
|
|
5
|
+
> **Version:** 1.0.0
|
|
6
|
+
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
## Compliance Audit Report
|
|
10
|
+
|
|
11
|
+
### Cover Page
|
|
12
|
+
|
|
13
|
+
| Field | Value |
|
|
14
|
+
|-------|-------|
|
|
15
|
+
| **Report Title** | [Framework] Compliance Audit Report |
|
|
16
|
+
| **Organization** | [NAME] |
|
|
17
|
+
| **Framework(s)** | [FRAMEWORK VERSION] |
|
|
18
|
+
| **Audit Type** | Internal / External / AI-Assisted |
|
|
19
|
+
| **Scope** | [Description of audit scope] |
|
|
20
|
+
| **Period** | [Start Date] to [End Date] |
|
|
21
|
+
| **Report Date** | [DATE] |
|
|
22
|
+
| **Prepared by** | [NAME] |
|
|
23
|
+
| **Classification** | Confidential |
|
|
24
|
+
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
### 1. Executive Summary
|
|
28
|
+
|
|
29
|
+
**Overall Compliance Posture:** đ´ Non-Compliant / đĄ Partially Compliant / đ˘ Compliant
|
|
30
|
+
|
|
31
|
+
**Key Findings:**
|
|
32
|
+
- X critical findings requiring immediate action
|
|
33
|
+
- X high-priority gaps requiring remediation within 30 days
|
|
34
|
+
- X medium-priority improvements recommended
|
|
35
|
+
- X low-priority best-practice suggestions
|
|
36
|
+
|
|
37
|
+
---
|
|
38
|
+
|
|
39
|
+
### 2. Scope & Methodology
|
|
40
|
+
|
|
41
|
+
**In Scope:**
|
|
42
|
+
- [Systems, applications, data stores]
|
|
43
|
+
- [Processes, departments, locations]
|
|
44
|
+
- [Data types covered]
|
|
45
|
+
|
|
46
|
+
**Out of Scope:**
|
|
47
|
+
- [Excluded items with justification]
|
|
48
|
+
|
|
49
|
+
**Methodology:**
|
|
50
|
+
- [Audit standard used]
|
|
51
|
+
- [Evidence collection methods]
|
|
52
|
+
- [Sampling approach if applicable]
|
|
53
|
+
|
|
54
|
+
---
|
|
55
|
+
|
|
56
|
+
### 3. Findings
|
|
57
|
+
|
|
58
|
+
| # | Severity | Reference | Finding | Risk | Recommendation | Owner | Due Date |
|
|
59
|
+
|---|----------|-----------|---------|------|----------------|-------|----------|
|
|
60
|
+
| 1 | đ´ Critical | [Art./Cl.] | [Description] | [Risk] | [Action] | [Name] | [Date] |
|
|
61
|
+
| 2 | đĄ High | [Art./Cl.] | [Description] | [Risk] | [Action] | [Name] | [Date] |
|
|
62
|
+
| 3 | đ˘ Medium | [Art./Cl.] | [Description] | [Risk] | [Action] | [Name] | [Date] |
|
|
63
|
+
|
|
64
|
+
**Severity Definitions:**
|
|
65
|
+
- đ´ **Critical**: Direct regulatory violation, immediate penalty risk
|
|
66
|
+
- đĄ **High**: Significant compliance gap, requires near-term remediation
|
|
67
|
+
- đ˘ **Medium**: Best practice improvement, no immediate violation risk
|
|
68
|
+
- ⪠**Low**: Enhancement opportunity, industry best practice
|
|
69
|
+
|
|
70
|
+
---
|
|
71
|
+
|
|
72
|
+
### 4. Compliance Summary by Domain
|
|
73
|
+
|
|
74
|
+
| Domain | Controls Tested | Compliant | Partial | Non-Compliant | Score |
|
|
75
|
+
|--------|----------------|-----------|---------|---------------|-------|
|
|
76
|
+
| [Domain 1] | X | X | X | X | X% |
|
|
77
|
+
| [Domain 2] | X | X | X | X | X% |
|
|
78
|
+
| **Total** | **X** | **X** | **X** | **X** | **X%** |
|
|
79
|
+
|
|
80
|
+
---
|
|
81
|
+
|
|
82
|
+
### 5. Recommendations & Remediation Plan
|
|
83
|
+
|
|
84
|
+
| Priority | Action | Framework Ref | Effort | Timeline | Dependencies |
|
|
85
|
+
|----------|--------|--------------|--------|----------|-------------|
|
|
86
|
+
| 1 | [Action] | [Ref] | [Est.] | [When] | [What] |
|
|
87
|
+
|
|
88
|
+
---
|
|
89
|
+
|
|
90
|
+
### 6. Appendices
|
|
91
|
+
|
|
92
|
+
- **A**: Evidence inventory
|
|
93
|
+
- **B**: Detailed control testing results
|
|
94
|
+
- **C**: Interview/assessment notes
|
|
95
|
+
- **D**: Previous audit comparison (if applicable)
|
|
96
|
+
|
|
97
|
+
---
|
|
98
|
+
|
|
99
|
+
### Document Control
|
|
100
|
+
|
|
101
|
+
| Version | Date | Author | Changes |
|
|
102
|
+
|---------|------|--------|---------|
|
|
103
|
+
| 1.0 | [Date] | [Name] | Initial audit report |
|
|
@@ -1,103 +1,103 @@
|
|
|
1
|
-
# đ Cross-Framework Control Mapper
|
|
2
|
-
|
|
3
|
-
> **Pack:** Shield (GRC Audit) â Shared Templates
|
|
4
|
-
> **Purpose:** Map controls between compliance frameworks to identify overlaps and gaps
|
|
5
|
-
> **Version:** 1.0.0
|
|
6
|
-
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
## How to Use
|
|
10
|
-
|
|
11
|
-
When performing a multi-framework compliance analysis, use this template to create a unified control mapping. This reveals:
|
|
12
|
-
- **Common controls** â implement once, satisfy multiple frameworks
|
|
13
|
-
- **Framework-specific requirements** â unique obligations per standard
|
|
14
|
-
- **Gap areas** â controls required by one framework but absent from another
|
|
15
|
-
|
|
16
|
-
---
|
|
17
|
-
|
|
18
|
-
## Common Framework Pairings
|
|
19
|
-
|
|
20
|
-
### Privacy Alignment Matrix
|
|
21
|
-
| Control Area | GDPR | CCPA/CPRA | LGPD | DPDPA | ISO 27701 |
|
|
22
|
-
|-------------|------|-----------|------|-------|-----------|
|
|
23
|
-
| Lawful basis | Art. 6 | N/A (no basis concept) | Art. 7 (10 bases) | Sec. 6-7 (2 bases) | Cl. 6.1 |
|
|
24
|
-
| Privacy notice | Art. 13-14 | §1798.100 | Art. 9 | Sec. 5 / Rule 3 | A.1.3.3 |
|
|
25
|
-
| Consent | Art. 7 | Opt-out model | Art. 8 | Sec. 6 | A.1.3.1 |
|
|
26
|
-
| Data subject rights | Art. 15-22 | §1798.100-125 | Art. 17-22 | Sec. 11-14 | A.1.3.5-11 |
|
|
27
|
-
| DPO/responsible | Art. 37-39 | N/A | Art. 41 | Sec. 10 (SDF only) | Cl. 5 |
|
|
28
|
-
| Breach notification | Art. 33-34 (72h) | §1798.150 (breach only) | Art. 48 (3 days) | Sec. 8 (72h) | A.3.11-12 |
|
|
29
|
-
| International transfer | Art. 44-49 | N/A | Art. 33-36 | Sec. 16 (blacklist) | A.1.5.2-5 |
|
|
30
|
-
| DPIA | Art. 35 | N/A (risk assessment CPRA) | Art. 38 | Sec. 10 (SDF) | A.1.2.6 |
|
|
31
|
-
| Penalties max | âŹ20M / 4% | $7,500/violation | R$50M / 2% | âš250 crore | N/A (cert) |
|
|
32
|
-
|
|
33
|
-
### Cybersecurity Triad
|
|
34
|
-
| Control Area | ISO 27001 (2022) | NIST CSF 2.0 | CIS Controls v8 |
|
|
35
|
-
|-------------|-----------------|-------------|-----------------|
|
|
36
|
-
| Risk assessment | Cl. 6.1 | GV.RM | IG1: 1.1 |
|
|
37
|
-
| Asset management | A.5.9-5.14 | ID.AM | CIS 1, 2 |
|
|
38
|
-
| Access control | A.5.15-5.18, A.8.2-8.5 | PR.AA | CIS 5, 6 |
|
|
39
|
-
| Awareness training | Cl. 7.2-7.3 | PR.AT | CIS 14 |
|
|
40
|
-
| Incident response | A.5.24-5.28 | RS.MA | CIS 17 |
|
|
41
|
-
| Logging/monitoring | A.8.15-8.16 | DE.CM | CIS 8 |
|
|
42
|
-
| Vulnerability management | A.8.8 | ID.RA | CIS 7 |
|
|
43
|
-
| Data protection | A.8.10-8.12 | PR.DS | CIS 3 |
|
|
44
|
-
| Configuration | A.8.9 | PR.PS | CIS 4 |
|
|
45
|
-
| Business continuity | A.5.29-5.30 | RC.RP | CIS 11 |
|
|
46
|
-
|
|
47
|
-
### US Federal Alignment
|
|
48
|
-
| Control Area | NIST 800-53 | FedRAMP | CMMC 2.0 |
|
|
49
|
-
|-------------|-------------|---------|----------|
|
|
50
|
-
| Access Control | AC family | AC (enhanced) | AC domain |
|
|
51
|
-
| Audit & Accountability | AU family | AU (enhanced) | AU domain |
|
|
52
|
-
| Configuration Management | CM family | CM (enhanced) | CM domain |
|
|
53
|
-
| Identification & Auth | IA family | IA (enhanced) | IA domain |
|
|
54
|
-
| Incident Response | IR family | IR (enhanced) | IR domain |
|
|
55
|
-
| Risk Assessment | RA family | RA (enhanced) | RA domain |
|
|
56
|
-
| System & Comms Protection | SC family | SC (enhanced) | SC domain |
|
|
57
|
-
| System & Info Integrity | SI family | SI (enhanced) | SI domain |
|
|
58
|
-
|
|
59
|
-
### AI Governance Triad
|
|
60
|
-
| Control Area | EU AI Act | ISO 42001 | NIST AI RMF |
|
|
61
|
-
|-------------|-----------|-----------|-------------|
|
|
62
|
-
| Risk classification | Art. 6, Annex III | Cl. 6.1 | MAP function |
|
|
63
|
-
| Data governance | Art. 10 | A.6.2.4 | MAP 2.3 |
|
|
64
|
-
| Transparency | Art. 13 | A.6.2.6 | GOVERN 1.7 |
|
|
65
|
-
| Human oversight | Art. 14 | A.6.2.5 | GOVERN 1.3 |
|
|
66
|
-
| Accuracy/robustness | Art. 15 | A.6.2.7 | MEASURE 2.x |
|
|
67
|
-
| Technical documentation | Art. 11, Annex IV | Cl. 7.5 | GOVERN 1.5 |
|
|
68
|
-
| Conformity assessment | Art. 43 | Certification | MANAGE function |
|
|
69
|
-
| Incident reporting | Art. 73 | A.6.2.8 | MANAGE 4.x |
|
|
70
|
-
|
|
71
|
-
---
|
|
72
|
-
|
|
73
|
-
## Mapping Output Format
|
|
74
|
-
|
|
75
|
-
When generating a cross-framework mapping, use this structure:
|
|
76
|
-
|
|
77
|
-
```markdown
|
|
78
|
-
## Cross-Framework Compliance Map
|
|
79
|
-
|
|
80
|
-
### Frameworks Analyzed
|
|
81
|
-
[List all frameworks with versions]
|
|
82
|
-
|
|
83
|
-
### Unified Control Matrix
|
|
84
|
-
|
|
85
|
-
| # | Control Area | [Framework A] | [Framework B] | [Framework C] | Implementation Status |
|
|
86
|
-
|---|-------------|--------------|--------------|--------------|----------------------|
|
|
87
|
-
| 1 | [Area] | [Ref] | [Ref] | [Ref] | â
/ đĄ / â |
|
|
88
|
-
|
|
89
|
-
### Common Controls (Implement Once)
|
|
90
|
-
[List controls that satisfy 2+ frameworks simultaneously]
|
|
91
|
-
|
|
92
|
-
### Framework-Specific Requirements
|
|
93
|
-
[List unique requirements per framework]
|
|
94
|
-
|
|
95
|
-
### Recommended Implementation Order
|
|
96
|
-
[Priority-ranked list considering overlap maximization]
|
|
97
|
-
```
|
|
98
|
-
|
|
99
|
-
---
|
|
100
|
-
|
|
101
|
-
## Escalation
|
|
102
|
-
|
|
103
|
-
> When mapping complex multi-framework environments, recommend engaging a qualified compliance consultant who can validate the mappings against the organization's specific context.
|
|
1
|
+
# đ Cross-Framework Control Mapper
|
|
2
|
+
|
|
3
|
+
> **Pack:** Shield (GRC Audit) â Shared Templates
|
|
4
|
+
> **Purpose:** Map controls between compliance frameworks to identify overlaps and gaps
|
|
5
|
+
> **Version:** 1.0.0
|
|
6
|
+
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
## How to Use
|
|
10
|
+
|
|
11
|
+
When performing a multi-framework compliance analysis, use this template to create a unified control mapping. This reveals:
|
|
12
|
+
- **Common controls** â implement once, satisfy multiple frameworks
|
|
13
|
+
- **Framework-specific requirements** â unique obligations per standard
|
|
14
|
+
- **Gap areas** â controls required by one framework but absent from another
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## Common Framework Pairings
|
|
19
|
+
|
|
20
|
+
### Privacy Alignment Matrix
|
|
21
|
+
| Control Area | GDPR | CCPA/CPRA | LGPD | DPDPA | ISO 27701 |
|
|
22
|
+
|-------------|------|-----------|------|-------|-----------|
|
|
23
|
+
| Lawful basis | Art. 6 | N/A (no basis concept) | Art. 7 (10 bases) | Sec. 6-7 (2 bases) | Cl. 6.1 |
|
|
24
|
+
| Privacy notice | Art. 13-14 | §1798.100 | Art. 9 | Sec. 5 / Rule 3 | A.1.3.3 |
|
|
25
|
+
| Consent | Art. 7 | Opt-out model | Art. 8 | Sec. 6 | A.1.3.1 |
|
|
26
|
+
| Data subject rights | Art. 15-22 | §1798.100-125 | Art. 17-22 | Sec. 11-14 | A.1.3.5-11 |
|
|
27
|
+
| DPO/responsible | Art. 37-39 | N/A | Art. 41 | Sec. 10 (SDF only) | Cl. 5 |
|
|
28
|
+
| Breach notification | Art. 33-34 (72h) | §1798.150 (breach only) | Art. 48 (3 days) | Sec. 8 (72h) | A.3.11-12 |
|
|
29
|
+
| International transfer | Art. 44-49 | N/A | Art. 33-36 | Sec. 16 (blacklist) | A.1.5.2-5 |
|
|
30
|
+
| DPIA | Art. 35 | N/A (risk assessment CPRA) | Art. 38 | Sec. 10 (SDF) | A.1.2.6 |
|
|
31
|
+
| Penalties max | âŹ20M / 4% | $7,500/violation | R$50M / 2% | âš250 crore | N/A (cert) |
|
|
32
|
+
|
|
33
|
+
### Cybersecurity Triad
|
|
34
|
+
| Control Area | ISO 27001 (2022) | NIST CSF 2.0 | CIS Controls v8 |
|
|
35
|
+
|-------------|-----------------|-------------|-----------------|
|
|
36
|
+
| Risk assessment | Cl. 6.1 | GV.RM | IG1: 1.1 |
|
|
37
|
+
| Asset management | A.5.9-5.14 | ID.AM | CIS 1, 2 |
|
|
38
|
+
| Access control | A.5.15-5.18, A.8.2-8.5 | PR.AA | CIS 5, 6 |
|
|
39
|
+
| Awareness training | Cl. 7.2-7.3 | PR.AT | CIS 14 |
|
|
40
|
+
| Incident response | A.5.24-5.28 | RS.MA | CIS 17 |
|
|
41
|
+
| Logging/monitoring | A.8.15-8.16 | DE.CM | CIS 8 |
|
|
42
|
+
| Vulnerability management | A.8.8 | ID.RA | CIS 7 |
|
|
43
|
+
| Data protection | A.8.10-8.12 | PR.DS | CIS 3 |
|
|
44
|
+
| Configuration | A.8.9 | PR.PS | CIS 4 |
|
|
45
|
+
| Business continuity | A.5.29-5.30 | RC.RP | CIS 11 |
|
|
46
|
+
|
|
47
|
+
### US Federal Alignment
|
|
48
|
+
| Control Area | NIST 800-53 | FedRAMP | CMMC 2.0 |
|
|
49
|
+
|-------------|-------------|---------|----------|
|
|
50
|
+
| Access Control | AC family | AC (enhanced) | AC domain |
|
|
51
|
+
| Audit & Accountability | AU family | AU (enhanced) | AU domain |
|
|
52
|
+
| Configuration Management | CM family | CM (enhanced) | CM domain |
|
|
53
|
+
| Identification & Auth | IA family | IA (enhanced) | IA domain |
|
|
54
|
+
| Incident Response | IR family | IR (enhanced) | IR domain |
|
|
55
|
+
| Risk Assessment | RA family | RA (enhanced) | RA domain |
|
|
56
|
+
| System & Comms Protection | SC family | SC (enhanced) | SC domain |
|
|
57
|
+
| System & Info Integrity | SI family | SI (enhanced) | SI domain |
|
|
58
|
+
|
|
59
|
+
### AI Governance Triad
|
|
60
|
+
| Control Area | EU AI Act | ISO 42001 | NIST AI RMF |
|
|
61
|
+
|-------------|-----------|-----------|-------------|
|
|
62
|
+
| Risk classification | Art. 6, Annex III | Cl. 6.1 | MAP function |
|
|
63
|
+
| Data governance | Art. 10 | A.6.2.4 | MAP 2.3 |
|
|
64
|
+
| Transparency | Art. 13 | A.6.2.6 | GOVERN 1.7 |
|
|
65
|
+
| Human oversight | Art. 14 | A.6.2.5 | GOVERN 1.3 |
|
|
66
|
+
| Accuracy/robustness | Art. 15 | A.6.2.7 | MEASURE 2.x |
|
|
67
|
+
| Technical documentation | Art. 11, Annex IV | Cl. 7.5 | GOVERN 1.5 |
|
|
68
|
+
| Conformity assessment | Art. 43 | Certification | MANAGE function |
|
|
69
|
+
| Incident reporting | Art. 73 | A.6.2.8 | MANAGE 4.x |
|
|
70
|
+
|
|
71
|
+
---
|
|
72
|
+
|
|
73
|
+
## Mapping Output Format
|
|
74
|
+
|
|
75
|
+
When generating a cross-framework mapping, use this structure:
|
|
76
|
+
|
|
77
|
+
```markdown
|
|
78
|
+
## Cross-Framework Compliance Map
|
|
79
|
+
|
|
80
|
+
### Frameworks Analyzed
|
|
81
|
+
[List all frameworks with versions]
|
|
82
|
+
|
|
83
|
+
### Unified Control Matrix
|
|
84
|
+
|
|
85
|
+
| # | Control Area | [Framework A] | [Framework B] | [Framework C] | Implementation Status |
|
|
86
|
+
|---|-------------|--------------|--------------|--------------|----------------------|
|
|
87
|
+
| 1 | [Area] | [Ref] | [Ref] | [Ref] | â
/ đĄ / â |
|
|
88
|
+
|
|
89
|
+
### Common Controls (Implement Once)
|
|
90
|
+
[List controls that satisfy 2+ frameworks simultaneously]
|
|
91
|
+
|
|
92
|
+
### Framework-Specific Requirements
|
|
93
|
+
[List unique requirements per framework]
|
|
94
|
+
|
|
95
|
+
### Recommended Implementation Order
|
|
96
|
+
[Priority-ranked list considering overlap maximization]
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
---
|
|
100
|
+
|
|
101
|
+
## Escalation
|
|
102
|
+
|
|
103
|
+
> When mapping complex multi-framework environments, recommend engaging a qualified compliance consultant who can validate the mappings against the organization's specific context.
|
|
@@ -1,83 +1,83 @@
|
|
|
1
|
-
# đ Gap Analysis Template
|
|
2
|
-
|
|
3
|
-
> **Pack:** Shield (GRC Audit) â Shared Templates
|
|
4
|
-
> **Purpose:** Standardized gap analysis format for any compliance framework
|
|
5
|
-
> **Version:** 1.0.0
|
|
6
|
-
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
## Gap Analysis Report
|
|
10
|
-
|
|
11
|
-
### 1. Executive Summary
|
|
12
|
-
|
|
13
|
-
| Item | Detail |
|
|
14
|
-
|------|--------|
|
|
15
|
-
| **Organization** | [NAME] |
|
|
16
|
-
| **Framework(s)** | [FRAMEWORK VERSION] |
|
|
17
|
-
| **Scope** | [Systems, processes, departments covered] |
|
|
18
|
-
| **Assessment Date** | [DATE] |
|
|
19
|
-
| **Assessor** | [NAME / AI-assisted] |
|
|
20
|
-
| **Overall Maturity** | đ´ Critical / đĄ Developing / đ˘ Mature |
|
|
21
|
-
|
|
22
|
-
### 2. Maturity Scoring
|
|
23
|
-
|
|
24
|
-
| Level | Score | Description |
|
|
25
|
-
|-------|-------|-------------|
|
|
26
|
-
| **Non-existent** | 0 | No awareness, no controls |
|
|
27
|
-
| **Ad-hoc** | 1 | Informal, reactive, person-dependent |
|
|
28
|
-
| **Repeatable** | 2 | Documented but inconsistently applied |
|
|
29
|
-
| **Defined** | 3 | Standardized processes, consistently applied |
|
|
30
|
-
| **Managed** | 4 | Measured, monitored, continuously improved |
|
|
31
|
-
| **Optimized** | 5 | Automated, integrated, industry-leading |
|
|
32
|
-
|
|
33
|
-
### 3. Detailed Gap Analysis
|
|
34
|
-
|
|
35
|
-
| # | Requirement | Reference | Status | Current Evidence | Gap | Priority | Remediation |
|
|
36
|
-
|---|------------|-----------|--------|-----------------|-----|----------|-------------|
|
|
37
|
-
| 1 | [Requirement] | [Art./Cl.] | â
/đĄ/â | [Evidence] | [Gap description] | đ´/đĄ/đ˘ | [Action needed] |
|
|
38
|
-
|
|
39
|
-
**Status definitions:**
|
|
40
|
-
- â
**Implemented** â fully in place with documented evidence
|
|
41
|
-
- đĄ **Partial** â some evidence exists but gaps remain
|
|
42
|
-
- â **Not Implemented** â no evidence of implementation
|
|
43
|
-
- **N/A** â documented exclusion with justification
|
|
44
|
-
|
|
45
|
-
**Priority definitions:**
|
|
46
|
-
- đ´ **Critical** â direct violation risk, regulatory penalty exposure
|
|
47
|
-
- đĄ **High** â significant gap requiring near-term remediation
|
|
48
|
-
- đ˘ **Medium** â improvement opportunity, best practice
|
|
49
|
-
|
|
50
|
-
### 4. Summary Statistics
|
|
51
|
-
|
|
52
|
-
| Status | Count | Percentage |
|
|
53
|
-
|--------|-------|------------|
|
|
54
|
-
| â
Implemented | X | X% |
|
|
55
|
-
| đĄ Partial | X | X% |
|
|
56
|
-
| â Not Implemented | X | X% |
|
|
57
|
-
| N/A | X | X% |
|
|
58
|
-
| **Total** | **X** | **100%** |
|
|
59
|
-
|
|
60
|
-
### 5. Remediation Roadmap
|
|
61
|
-
|
|
62
|
-
| Phase | Timeline | Actions | Resources | Dependencies |
|
|
63
|
-
|-------|----------|---------|-----------|-------------|
|
|
64
|
-
| Quick Wins | 0-30 days | [Actions] | [Resources] | [None] |
|
|
65
|
-
| Short-term | 1-3 months | [Actions] | [Resources] | [Dependencies] |
|
|
66
|
-
| Medium-term | 3-6 months | [Actions] | [Resources] | [Dependencies] |
|
|
67
|
-
| Long-term | 6-12 months | [Actions] | [Resources] | [Dependencies] |
|
|
68
|
-
|
|
69
|
-
### 6. Risk Register (from gaps)
|
|
70
|
-
|
|
71
|
-
| # | Gap | Likelihood | Impact | Risk Score | Treatment |
|
|
72
|
-
|---|-----|-----------|--------|------------|-----------|
|
|
73
|
-
| 1 | [Gap] | 1-5 | 1-5 | LĂI | Accept/Avoid/Transfer/Mitigate |
|
|
74
|
-
|
|
75
|
-
---
|
|
76
|
-
|
|
77
|
-
## Usage Notes
|
|
78
|
-
|
|
79
|
-
- Adapt the requirement rows to the specific framework being assessed
|
|
80
|
-
- For multi-framework assessments, add a "Framework" column
|
|
81
|
-
- Always include the specific article/clause/control reference
|
|
82
|
-
- Document evidence sources for implemented controls
|
|
83
|
-
- For partial implementations, specify what is missing
|
|
1
|
+
# đ Gap Analysis Template
|
|
2
|
+
|
|
3
|
+
> **Pack:** Shield (GRC Audit) â Shared Templates
|
|
4
|
+
> **Purpose:** Standardized gap analysis format for any compliance framework
|
|
5
|
+
> **Version:** 1.0.0
|
|
6
|
+
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
## Gap Analysis Report
|
|
10
|
+
|
|
11
|
+
### 1. Executive Summary
|
|
12
|
+
|
|
13
|
+
| Item | Detail |
|
|
14
|
+
|------|--------|
|
|
15
|
+
| **Organization** | [NAME] |
|
|
16
|
+
| **Framework(s)** | [FRAMEWORK VERSION] |
|
|
17
|
+
| **Scope** | [Systems, processes, departments covered] |
|
|
18
|
+
| **Assessment Date** | [DATE] |
|
|
19
|
+
| **Assessor** | [NAME / AI-assisted] |
|
|
20
|
+
| **Overall Maturity** | đ´ Critical / đĄ Developing / đ˘ Mature |
|
|
21
|
+
|
|
22
|
+
### 2. Maturity Scoring
|
|
23
|
+
|
|
24
|
+
| Level | Score | Description |
|
|
25
|
+
|-------|-------|-------------|
|
|
26
|
+
| **Non-existent** | 0 | No awareness, no controls |
|
|
27
|
+
| **Ad-hoc** | 1 | Informal, reactive, person-dependent |
|
|
28
|
+
| **Repeatable** | 2 | Documented but inconsistently applied |
|
|
29
|
+
| **Defined** | 3 | Standardized processes, consistently applied |
|
|
30
|
+
| **Managed** | 4 | Measured, monitored, continuously improved |
|
|
31
|
+
| **Optimized** | 5 | Automated, integrated, industry-leading |
|
|
32
|
+
|
|
33
|
+
### 3. Detailed Gap Analysis
|
|
34
|
+
|
|
35
|
+
| # | Requirement | Reference | Status | Current Evidence | Gap | Priority | Remediation |
|
|
36
|
+
|---|------------|-----------|--------|-----------------|-----|----------|-------------|
|
|
37
|
+
| 1 | [Requirement] | [Art./Cl.] | â
/đĄ/â | [Evidence] | [Gap description] | đ´/đĄ/đ˘ | [Action needed] |
|
|
38
|
+
|
|
39
|
+
**Status definitions:**
|
|
40
|
+
- â
**Implemented** â fully in place with documented evidence
|
|
41
|
+
- đĄ **Partial** â some evidence exists but gaps remain
|
|
42
|
+
- â **Not Implemented** â no evidence of implementation
|
|
43
|
+
- **N/A** â documented exclusion with justification
|
|
44
|
+
|
|
45
|
+
**Priority definitions:**
|
|
46
|
+
- đ´ **Critical** â direct violation risk, regulatory penalty exposure
|
|
47
|
+
- đĄ **High** â significant gap requiring near-term remediation
|
|
48
|
+
- đ˘ **Medium** â improvement opportunity, best practice
|
|
49
|
+
|
|
50
|
+
### 4. Summary Statistics
|
|
51
|
+
|
|
52
|
+
| Status | Count | Percentage |
|
|
53
|
+
|--------|-------|------------|
|
|
54
|
+
| â
Implemented | X | X% |
|
|
55
|
+
| đĄ Partial | X | X% |
|
|
56
|
+
| â Not Implemented | X | X% |
|
|
57
|
+
| N/A | X | X% |
|
|
58
|
+
| **Total** | **X** | **100%** |
|
|
59
|
+
|
|
60
|
+
### 5. Remediation Roadmap
|
|
61
|
+
|
|
62
|
+
| Phase | Timeline | Actions | Resources | Dependencies |
|
|
63
|
+
|-------|----------|---------|-----------|-------------|
|
|
64
|
+
| Quick Wins | 0-30 days | [Actions] | [Resources] | [None] |
|
|
65
|
+
| Short-term | 1-3 months | [Actions] | [Resources] | [Dependencies] |
|
|
66
|
+
| Medium-term | 3-6 months | [Actions] | [Resources] | [Dependencies] |
|
|
67
|
+
| Long-term | 6-12 months | [Actions] | [Resources] | [Dependencies] |
|
|
68
|
+
|
|
69
|
+
### 6. Risk Register (from gaps)
|
|
70
|
+
|
|
71
|
+
| # | Gap | Likelihood | Impact | Risk Score | Treatment |
|
|
72
|
+
|---|-----|-----------|--------|------------|-----------|
|
|
73
|
+
| 1 | [Gap] | 1-5 | 1-5 | LĂI | Accept/Avoid/Transfer/Mitigate |
|
|
74
|
+
|
|
75
|
+
---
|
|
76
|
+
|
|
77
|
+
## Usage Notes
|
|
78
|
+
|
|
79
|
+
- Adapt the requirement rows to the specific framework being assessed
|
|
80
|
+
- For multi-framework assessments, add a "Framework" column
|
|
81
|
+
- Always include the specific article/clause/control reference
|
|
82
|
+
- Document evidence sources for implemented controls
|
|
83
|
+
- For partial implementations, specify what is missing
|