framework-mcp 1.4.0 → 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -201,7 +201,19 @@ export class SafeguardManager {
201
201
  "For mobile end-user devices, MDM type tools can support this process, where appropriate"
202
202
  ],
203
203
  relatedSafeguards: ["1.2", "1.3", "1.4", "1.5", "2.1", "3.2", "4.1", "5.1"],
204
- keywords: ["asset", "inventory", "device", "network", "mobile", "IoT", "server", "detailed", "accurate", "up-to-date"]
204
+ keywords: ["asset", "inventory", "device", "network", "mobile", "IoT", "server", "detailed", "accurate", "up-to-date"],
205
+ systemPrompt: {
206
+ role: "asset_inventory_expert",
207
+ context: "You are evaluating enterprise asset inventory solutions against CIS Control 1.1 requirements for comprehensive asset tracking.",
208
+ objective: "Determine if a vendor solution provides complete, accurate, and up-to-date enterprise asset inventory capabilities.",
209
+ guidelines: [
210
+ "Verify coverage of all asset types: end-user devices, network devices, IoT, servers",
211
+ "Confirm data collection includes: network/hardware addresses, machine names, ownership, department approval",
212
+ "Validate inventory accuracy and real-time updating capabilities",
213
+ "Assess policy/process management and bi-annual review compliance"
214
+ ],
215
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
216
+ }
205
217
  },
206
218
  "5.1": {
207
219
  id: "5.1",
@@ -240,7 +252,21 @@ export class SafeguardManager {
240
252
  "Identity and Access Management Tool"
241
253
  ],
242
254
  relatedSafeguards: ["1.1", "2.1", "5.2", "5.3", "5.4", "5.5", "5.6", "6.1", "6.2", "6.7", "12.8"],
243
- keywords: ["establish", "maintain", "inventory", "accounts", "user", "administrator", "name", "username", "dates", "department", "quarterly", "validate", "authorized", "recurring"]
255
+ keywords: ["establish", "maintain", "inventory", "accounts", "user", "administrator", "name", "username", "dates", "department", "quarterly", "validate", "authorized", "recurring"],
256
+ systemPrompt: {
257
+ role: "account_inventory_specialist",
258
+ context: "You are evaluating account management solutions against CIS Control 5.1 requirements for comprehensive account inventory and validation.",
259
+ objective: "Determine if a vendor solution provides complete account inventory management with quarterly validation processes.",
260
+ guidelines: [
261
+ "Verify comprehensive account inventory for all user and administrator accounts",
262
+ "Confirm tracking of required metadata (name, username, start/stop dates, department)",
263
+ "Validate quarterly account authorization review processes",
264
+ "Assess automated account discovery and lifecycle management",
265
+ "Review unauthorized account detection and remediation",
266
+ "Check compliance reporting and audit trail capabilities"
267
+ ],
268
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
269
+ }
244
270
  },
245
271
  "6.3": {
246
272
  id: "6.3",
@@ -271,7 +297,21 @@ export class SafeguardManager {
271
297
  "Multi-Factor Authentication Tool"
272
298
  ],
273
299
  relatedSafeguards: ["2.1", "4.1"],
274
- keywords: ["require", "externally-exposed", "enterprise", "third-party", "applications", "enforce", "MFA", "supported", "directory", "service", "SSO", "provider"]
300
+ keywords: ["require", "externally-exposed", "enterprise", "third-party", "applications", "enforce", "MFA", "supported", "directory", "service", "SSO", "provider"],
301
+ systemPrompt: {
302
+ role: "multi_factor_authentication_expert",
303
+ context: "You are evaluating multi-factor authentication solutions against CIS Control 6.3 requirements for externally-exposed application protection.",
304
+ objective: "Determine if a vendor solution provides comprehensive MFA enforcement for externally-exposed enterprise and third-party applications.",
305
+ guidelines: [
306
+ "Verify MFA enforcement for all externally-exposed applications",
307
+ "Confirm support for enterprise and third-party application integration",
308
+ "Validate directory service and SSO provider MFA implementation",
309
+ "Assess MFA method variety and adaptive authentication",
310
+ "Review policy-based MFA enforcement and exception handling",
311
+ "Check compliance monitoring and MFA adoption reporting"
312
+ ],
313
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
314
+ }
275
315
  },
276
316
  "7.1": {
277
317
  id: "7.1",
@@ -313,7 +353,21 @@ export class SafeguardManager {
313
353
  "vulnerability management platforms"
314
354
  ],
315
355
  relatedSafeguards: ["1.1", "2.1", "7.2", "7.3", "7.4", "7.5", "7.6", "7.7"],
316
- keywords: ["vulnerability", "management", "process", "documented", "annual", "review", "enterprise", "assets"]
356
+ keywords: ["vulnerability", "management", "process", "documented", "annual", "review", "enterprise", "assets"],
357
+ systemPrompt: {
358
+ role: "vulnerability_management_process_expert",
359
+ context: "You are evaluating vulnerability management solutions against CIS Control 7.1 requirements for establishing documented vulnerability management processes.",
360
+ objective: "Determine if a vendor solution provides comprehensive vulnerability management process establishment and maintenance capabilities.",
361
+ guidelines: [
362
+ "Verify documented vulnerability management process creation",
363
+ "Confirm process maintenance and annual review capabilities",
364
+ "Validate enterprise asset scope coverage and procedures",
365
+ "Assess vulnerability identification and assessment workflows",
366
+ "Review process update mechanisms for enterprise changes",
367
+ "Check policy integration and governance framework alignment"
368
+ ],
369
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
370
+ }
317
371
  },
318
372
  "1.2": {
319
373
  id: "1.2",
@@ -336,7 +390,19 @@ export class SafeguardManager {
336
390
  "The enterprise may choose to remove the asset from the network, deny the asset from connecting remotely to the network, or quarantine the asset"
337
391
  ],
338
392
  relatedSafeguards: ["1.1", "1.3"],
339
- keywords: ["unauthorized", "assets", "weekly", "remove", "deny", "quarantine", "process"]
393
+ keywords: ["unauthorized", "assets", "weekly", "remove", "deny", "quarantine", "process"],
394
+ systemPrompt: {
395
+ role: "asset_inventory_expert",
396
+ context: "You are evaluating solutions for addressing unauthorized assets against CIS Control 1.2 requirements for weekly remediation processes.",
397
+ objective: "Determine if a vendor solution provides automated detection and remediation of unauthorized assets on the network.",
398
+ guidelines: [
399
+ "Verify automated detection of unauthorized assets connected to the network",
400
+ "Confirm weekly or more frequent remediation processes",
401
+ "Assess capabilities for asset removal, network denial, or quarantine actions",
402
+ "Validate integration with asset inventory systems for authorization checks"
403
+ ],
404
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
405
+ }
340
406
  },
341
407
  "1.3": {
342
408
  id: "1.3",
@@ -361,7 +427,19 @@ export class SafeguardManager {
361
427
  implementationSuggestions: [ // Gray - Implementation suggestions
362
428
  ],
363
429
  relatedSafeguards: ["1.1", "1.2", "1.4", "1.5"],
364
- keywords: ["active", "discovery", "tool", "identify", "assets", "network", "scanning", "mapping"]
430
+ keywords: ["active", "discovery", "tool", "identify", "assets", "network", "scanning", "mapping"],
431
+ systemPrompt: {
432
+ role: "asset_inventory_expert",
433
+ context: "You are evaluating active discovery tools against CIS Control 1.3 requirements for daily network asset identification.",
434
+ objective: "Determine if a vendor solution provides active discovery capabilities to automatically identify network-connected assets.",
435
+ guidelines: [
436
+ "Verify active network scanning and asset discovery capabilities",
437
+ "Confirm daily or more frequent execution scheduling",
438
+ "Assess accuracy of asset identification across network segments",
439
+ "Validate integration with asset inventory systems for automatic updates"
440
+ ],
441
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
442
+ }
365
443
  },
366
444
  "1.4": {
367
445
  id: "1.4",
@@ -388,7 +466,19 @@ export class SafeguardManager {
388
466
  implementationSuggestions: [ // Gray - Implementation suggestions
389
467
  ],
390
468
  relatedSafeguards: ["1.1", "1.2", "1.3", "1.5"],
391
- keywords: ["DHCP", "logging", "update", "asset", "inventory", "IP", "address", "network", "tracking"]
469
+ keywords: ["DHCP", "logging", "update", "asset", "inventory", "IP", "address", "network", "tracking"],
470
+ systemPrompt: {
471
+ role: "asset_inventory_expert",
472
+ context: "You are evaluating DHCP logging and IPAM solutions against CIS Control 1.4 requirements for network-based asset tracking.",
473
+ objective: "Determine if a vendor solution provides DHCP logging or IP address management capabilities to enhance asset inventory accuracy.",
474
+ guidelines: [
475
+ "Verify DHCP logging capabilities on all DHCP servers",
476
+ "Assess IP address management (IPAM) tool functionality",
477
+ "Confirm weekly or more frequent log review and asset inventory updates",
478
+ "Validate automatic correlation of IP assignments with asset records"
479
+ ],
480
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
481
+ }
392
482
  },
393
483
  "1.5": {
394
484
  id: "1.5",
@@ -414,7 +504,19 @@ export class SafeguardManager {
414
504
  implementationSuggestions: [ // Gray - Implementation suggestions
415
505
  ],
416
506
  relatedSafeguards: ["1.1", "1.2", "1.3", "1.4"],
417
- keywords: ["passive", "discovery", "tool", "identify", "assets", "network", "traffic", "monitoring", "non-intrusive"]
507
+ keywords: ["passive", "discovery", "tool", "identify", "assets", "network", "traffic", "monitoring", "non-intrusive"],
508
+ systemPrompt: {
509
+ role: "asset_inventory_expert",
510
+ context: "You are evaluating passive discovery tools against CIS Control 1.5 requirements for non-intrusive network asset identification.",
511
+ objective: "Determine if a vendor solution provides passive discovery capabilities to identify network assets without active scanning.",
512
+ guidelines: [
513
+ "Verify passive network monitoring and asset discovery capabilities",
514
+ "Assess non-intrusive traffic analysis for asset identification",
515
+ "Confirm weekly or more frequent scan review and inventory updates",
516
+ "Validate integration with asset inventory systems for comprehensive coverage"
517
+ ],
518
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
519
+ }
418
520
  },
419
521
  "2.1": {
420
522
  id: "2.1",
@@ -452,7 +554,19 @@ export class SafeguardManager {
452
554
  implementationSuggestions: [ // Gray - Implementation suggestions
453
555
  ],
454
556
  relatedSafeguards: ["1.1", "2.2", "2.3", "2.4", "2.5", "2.6", "2.7"],
455
- keywords: ["software", "inventory", "licensed", "detailed", "enterprise", "assets", "applications"]
557
+ keywords: ["software", "inventory", "licensed", "detailed", "enterprise", "assets", "applications"],
558
+ systemPrompt: {
559
+ role: "asset_inventory_expert",
560
+ context: "You are evaluating software inventory solutions against CIS Control 2.1 requirements for comprehensive licensed software tracking.",
561
+ objective: "Determine if a vendor solution provides complete software inventory capabilities for all licensed applications on enterprise assets.",
562
+ guidelines: [
563
+ "Verify detailed tracking of all licensed software installations",
564
+ "Confirm documentation includes: title, publisher, install date, business purpose, URL, versions, deployment mechanism",
565
+ "Assess bi-annual or more frequent inventory review capabilities",
566
+ "Validate integration with asset management systems for comprehensive coverage"
567
+ ],
568
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
569
+ }
456
570
  },
457
571
  "2.2": {
458
572
  id: "2.2",
@@ -482,7 +596,19 @@ export class SafeguardManager {
482
596
  implementationSuggestions: [ // Gray - Implementation suggestions
483
597
  ],
484
598
  relatedSafeguards: ["2.1", "2.3", "2.4", "2.5", "2.6", "2.7"],
485
- keywords: ["supported", "software", "authorized", "designated", "inventory", "lifecycle", "end-of-life"]
599
+ keywords: ["supported", "software", "authorized", "designated", "inventory", "lifecycle", "end-of-life"],
600
+ systemPrompt: {
601
+ role: "asset_inventory_expert",
602
+ context: "You are evaluating software lifecycle management solutions against CIS Control 2.2 requirements for ensuring only supported software is authorized.",
603
+ objective: "Determine if a vendor solution provides capabilities to track software support status and manage authorization based on vendor support lifecycle.",
604
+ guidelines: [
605
+ "Verify tracking of software vendor support status and end-of-life dates",
606
+ "Assess automated designation of supported software as authorized",
607
+ "Confirm exception documentation capabilities for necessary unsupported software",
608
+ "Validate monthly or more frequent review processes for software support status"
609
+ ],
610
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
611
+ }
486
612
  },
487
613
  "2.3": {
488
614
  id: "2.3",
@@ -508,7 +634,19 @@ export class SafeguardManager {
508
634
  implementationSuggestions: [ // Gray - Implementation suggestions
509
635
  ],
510
636
  relatedSafeguards: ["2.1", "2.2", "2.4", "2.5", "2.6", "2.7"],
511
- keywords: ["unauthorized", "software", "removed", "approved", "enterprise", "assets", "address"]
637
+ keywords: ["unauthorized", "software", "removed", "approved", "enterprise", "assets", "address"],
638
+ systemPrompt: {
639
+ role: "asset_inventory_expert",
640
+ context: "You are evaluating software remediation solutions against CIS Control 2.3 requirements for addressing unauthorized software on enterprise assets.",
641
+ objective: "Determine if a vendor solution provides capabilities to detect and remediate unauthorized software installations.",
642
+ guidelines: [
643
+ "Verify automated detection of unauthorized software on enterprise assets",
644
+ "Assess software removal and uninstallation capabilities",
645
+ "Confirm exception documentation and approval workflow features",
646
+ "Validate monthly or more frequent review and remediation processes"
647
+ ],
648
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
649
+ }
512
650
  },
513
651
  "2.4": {
514
652
  id: "2.4",
@@ -534,7 +672,19 @@ export class SafeguardManager {
534
672
  implementationSuggestions: [ // Gray - Implementation suggestions
535
673
  ],
536
674
  relatedSafeguards: ["2.1", "2.2", "2.3", "2.5", "2.6", "2.7"],
537
- keywords: ["automated", "software", "inventory", "tools", "enterprise", "deployment", "discovery"]
675
+ keywords: ["automated", "software", "inventory", "tools", "enterprise", "deployment", "discovery"],
676
+ systemPrompt: {
677
+ role: "asset_inventory_expert",
678
+ context: "You are evaluating automated software inventory tools against CIS Control 2.4 requirements for enterprise-wide software discovery and documentation.",
679
+ objective: "Determine if a vendor solution provides automated software discovery and inventory capabilities across the enterprise.",
680
+ guidelines: [
681
+ "Verify automated software discovery capabilities across all enterprise assets",
682
+ "Assess comprehensive documentation of installed software details",
683
+ "Confirm enterprise-wide deployment and coverage capabilities",
684
+ "Validate integration with centralized inventory management systems"
685
+ ],
686
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
687
+ }
538
688
  },
539
689
  "2.5": {
540
690
  id: "2.5",
@@ -565,7 +715,19 @@ export class SafeguardManager {
565
715
  "Application Allowlisting"
566
716
  ],
567
717
  relatedSafeguards: ["2.1", "2.2", "2.3", "2.4", "2.6", "2.7"],
568
- keywords: ["allowlist", "authorized", "software", "technical", "controls", "application", "execution"]
718
+ keywords: ["allowlist", "authorized", "software", "technical", "controls", "application", "execution"],
719
+ systemPrompt: {
720
+ role: "asset_inventory_expert",
721
+ context: "You are evaluating application allowlisting solutions against CIS Control 2.5 requirements for restricting software execution to authorized applications only.",
722
+ objective: "Determine if a vendor solution provides technical controls to allowlist authorized software and prevent unauthorized execution.",
723
+ guidelines: [
724
+ "Verify application allowlisting and execution control capabilities",
725
+ "Assess technical controls for software execution restriction",
726
+ "Confirm bi-annual or more frequent reassessment processes",
727
+ "Validate policy management and exception handling features"
728
+ ],
729
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
730
+ }
569
731
  },
570
732
  "2.6": {
571
733
  id: "2.6",
@@ -600,7 +762,19 @@ export class SafeguardManager {
600
762
  "Specific .so files"
601
763
  ],
602
764
  relatedSafeguards: ["2.1", "2.2", "2.3", "2.4", "2.5", "2.7"],
603
- keywords: ["allowlist", "authorized", "libraries", "dll", "ocx", "so", "system", "process", "technical"]
765
+ keywords: ["allowlist", "authorized", "libraries", "dll", "ocx", "so", "system", "process", "technical"],
766
+ systemPrompt: {
767
+ role: "asset_inventory_expert",
768
+ context: "You are evaluating library allowlisting solutions against CIS Control 2.6 requirements for restricting software library loading to authorized libraries only.",
769
+ objective: "Determine if a vendor solution provides technical controls to allowlist authorized software libraries and prevent unauthorized library loading.",
770
+ guidelines: [
771
+ "Verify software library allowlisting capabilities for .dll, .ocx, .so files",
772
+ "Assess technical controls for preventing unauthorized library loading",
773
+ "Confirm bi-annual or more frequent reassessment processes",
774
+ "Validate system process protection and library validation features"
775
+ ],
776
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
777
+ }
604
778
  },
605
779
  "2.7": {
606
780
  id: "2.7",
@@ -634,7 +808,19 @@ export class SafeguardManager {
634
808
  "Specific .py files"
635
809
  ],
636
810
  relatedSafeguards: ["2.1", "2.2", "2.3", "2.4", "2.5", "2.6"],
637
- keywords: ["allowlist", "authorized", "scripts", "digital", "signatures", "version", "control", "execution"]
811
+ keywords: ["allowlist", "authorized", "scripts", "digital", "signatures", "version", "control", "execution"],
812
+ systemPrompt: {
813
+ role: "asset_inventory_expert",
814
+ context: "You are evaluating script allowlisting solutions against CIS Control 2.7 requirements for restricting script execution to authorized scripts only.",
815
+ objective: "Determine if a vendor solution provides technical controls to allowlist authorized scripts and prevent unauthorized script execution.",
816
+ guidelines: [
817
+ "Verify script allowlisting capabilities for .ps1, .py, and other script files",
818
+ "Assess digital signature validation and version control integration",
819
+ "Confirm bi-annual or more frequent reassessment processes",
820
+ "Validate script blocking capabilities for unauthorized execution attempts"
821
+ ],
822
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
823
+ }
638
824
  },
639
825
  "3.1": {
640
826
  id: "3.1",
@@ -667,7 +853,21 @@ export class SafeguardManager {
667
853
  implementationSuggestions: [ // Gray - Implementation suggestions
668
854
  ],
669
855
  relatedSafeguards: ["3.2", "3.3", "3.4", "3.5", "3.6", "3.7", "3.8", "3.9", "3.10", "3.11", "3.12", "3.13", "3.14"],
670
- keywords: ["data", "management", "process", "establish", "maintain", "governance", "lifecycle"]
856
+ keywords: ["data", "management", "process", "establish", "maintain", "governance", "lifecycle"],
857
+ systemPrompt: {
858
+ role: "data_governance_expert",
859
+ context: "You are evaluating data management solutions against CIS Control 3.1 requirements for comprehensive data governance processes.",
860
+ objective: "Determine if a vendor solution provides documented data management processes covering sensitivity, ownership, handling, retention, and disposal.",
861
+ guidelines: [
862
+ "Verify comprehensive data management process documentation",
863
+ "Confirm coverage of data sensitivity classification and handling procedures",
864
+ "Validate data ownership assignment and accountability measures",
865
+ "Assess retention policies with both minimum and maximum limits",
866
+ "Review disposal requirements commensurate with data sensitivity",
867
+ "Check annual review processes and change management triggers"
868
+ ],
869
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
870
+ }
671
871
  },
672
872
  "3.2": {
673
873
  id: "3.2",
@@ -696,7 +896,21 @@ export class SafeguardManager {
696
896
  implementationSuggestions: [ // Gray - Implementation suggestions
697
897
  ],
698
898
  relatedSafeguards: ["1.1", "3.1", "3.3", "3.4", "3.5", "3.6", "3.7", "3.8", "3.9", "3.10", "3.11", "3.12", "3.13", "3.14"],
699
- keywords: ["data", "inventory", "enterprise", "management", "process", "identification", "tracking"]
899
+ keywords: ["data", "inventory", "enterprise", "management", "process", "identification", "tracking"],
900
+ systemPrompt: {
901
+ role: "data_inventory_specialist",
902
+ context: "You are evaluating data inventory solutions against CIS Control 3.2 requirements for comprehensive data asset tracking.",
903
+ objective: "Determine if a vendor solution provides complete data inventory capabilities based on enterprise data management processes.",
904
+ guidelines: [
905
+ "Verify comprehensive data inventory creation and maintenance",
906
+ "Confirm sensitive data identification and prioritization",
907
+ "Validate integration with enterprise data management processes",
908
+ "Assess annual review and update mechanisms",
909
+ "Check inventory accuracy and completeness coverage",
910
+ "Review automated discovery and classification capabilities"
911
+ ],
912
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
913
+ }
700
914
  },
701
915
  "3.3": {
702
916
  id: "3.3",
@@ -724,7 +938,21 @@ export class SafeguardManager {
724
938
  implementationSuggestions: [ // Gray - Implementation suggestions
725
939
  ],
726
940
  relatedSafeguards: ["3.1", "3.2", "3.4", "3.5", "3.6", "5.1", "6.1", "6.2"],
727
- keywords: ["data", "access", "control", "lists", "need", "know", "user", "permissions"]
941
+ keywords: ["data", "access", "control", "lists", "need", "know", "user", "permissions"],
942
+ systemPrompt: {
943
+ role: "access_control_specialist",
944
+ context: "You are evaluating data access control solutions against CIS Control 3.3 requirements for need-to-know access management.",
945
+ objective: "Determine if a vendor solution provides comprehensive data access control lists with need-to-know enforcement capabilities.",
946
+ guidelines: [
947
+ "Verify granular access control list configuration and management",
948
+ "Confirm need-to-know principle enforcement mechanisms",
949
+ "Validate coverage across local and remote file systems",
950
+ "Assess database and application access permission capabilities",
951
+ "Review user-based access control granularity",
952
+ "Check integration with identity and access management systems"
953
+ ],
954
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
955
+ }
728
956
  },
729
957
  "3.4": {
730
958
  id: "3.4",
@@ -751,7 +979,21 @@ export class SafeguardManager {
751
979
  implementationSuggestions: [ // Gray - Implementation suggestions
752
980
  ],
753
981
  relatedSafeguards: ["3.1", "3.2", "3.5", "3.6", "3.10"],
754
- keywords: ["data", "retention", "enterprise", "management", "process", "lifecycle", "schedule"]
982
+ keywords: ["data", "retention", "enterprise", "management", "process", "lifecycle", "schedule"],
983
+ systemPrompt: {
984
+ role: "data_retention_specialist",
985
+ context: "You are evaluating data retention solutions against CIS Control 3.4 requirements for enterprise data lifecycle management.",
986
+ objective: "Determine if a vendor solution provides comprehensive data retention enforcement with minimum and maximum timeline capabilities.",
987
+ guidelines: [
988
+ "Verify documented data retention policy implementation",
989
+ "Confirm minimum and maximum timeline enforcement mechanisms",
990
+ "Validate integration with enterprise data management processes",
991
+ "Assess automated retention schedule management",
992
+ "Review policy compliance monitoring and reporting",
993
+ "Check data lifecycle automation and enforcement capabilities"
994
+ ],
995
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
996
+ }
755
997
  },
756
998
  "3.5": {
757
999
  id: "3.5",
@@ -775,7 +1017,21 @@ export class SafeguardManager {
775
1017
  implementationSuggestions: [ // Gray - Implementation suggestions
776
1018
  ],
777
1019
  relatedSafeguards: ["3.1", "3.2", "3.4", "3.6", "3.10"],
778
- keywords: ["securely", "dispose", "data", "enterprise", "management", "process", "destruction"]
1020
+ keywords: ["securely", "dispose", "data", "enterprise", "management", "process", "destruction"],
1021
+ systemPrompt: {
1022
+ role: "data_disposal_expert",
1023
+ context: "You are evaluating secure data disposal solutions against CIS Control 3.5 requirements for enterprise data destruction.",
1024
+ objective: "Determine if a vendor solution provides secure data disposal capabilities commensurate with data sensitivity levels.",
1025
+ guidelines: [
1026
+ "Verify secure disposal method implementation and effectiveness",
1027
+ "Confirm data sensitivity-appropriate destruction techniques",
1028
+ "Validate integration with enterprise data management processes",
1029
+ "Assess destruction method documentation and verification",
1030
+ "Review disposal process automation and compliance tracking",
1031
+ "Check certification and audit trail capabilities"
1032
+ ],
1033
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1034
+ }
779
1035
  },
780
1036
  "3.6": {
781
1037
  id: "3.6",
@@ -800,7 +1056,21 @@ export class SafeguardManager {
800
1056
  "Linux dm-crypt"
801
1057
  ],
802
1058
  relatedSafeguards: ["1.1", "3.1", "3.2", "3.7", "3.8", "3.9", "3.11"],
803
- keywords: ["encrypt", "data", "end-user", "devices", "sensitive", "protection", "encryption"]
1059
+ keywords: ["encrypt", "data", "end-user", "devices", "sensitive", "protection", "encryption"],
1060
+ systemPrompt: {
1061
+ role: "endpoint_encryption_specialist",
1062
+ context: "You are evaluating endpoint encryption solutions against CIS Control 3.6 requirements for end-user device data protection.",
1063
+ objective: "Determine if a vendor solution provides comprehensive end-user device encryption for sensitive data protection.",
1064
+ guidelines: [
1065
+ "Verify full disk encryption implementation on end-user devices",
1066
+ "Confirm sensitive data encryption coverage and strength",
1067
+ "Validate encryption key management and recovery capabilities",
1068
+ "Assess cross-platform support (Windows, macOS, Linux)",
1069
+ "Review centralized encryption policy management",
1070
+ "Check compliance reporting and device encryption status monitoring"
1071
+ ],
1072
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1073
+ }
804
1074
  },
805
1075
  "3.7": {
806
1076
  id: "3.7",
@@ -831,7 +1101,21 @@ export class SafeguardManager {
831
1101
  "Public"
832
1102
  ],
833
1103
  relatedSafeguards: ["3.1", "3.2", "3.3", "3.8", "3.9", "3.10", "3.11", "3.12"],
834
- keywords: ["establish", "maintain", "data", "classification", "scheme", "sensitivity", "labeling"]
1104
+ keywords: ["establish", "maintain", "data", "classification", "scheme", "sensitivity", "labeling"],
1105
+ systemPrompt: {
1106
+ role: "data_classification_expert",
1107
+ context: "You are evaluating data classification solutions against CIS Control 3.7 requirements for enterprise data sensitivity management.",
1108
+ objective: "Determine if a vendor solution provides comprehensive data classification scheme establishment and maintenance capabilities.",
1109
+ guidelines: [
1110
+ "Verify data classification scheme creation and management",
1111
+ "Confirm sensitivity label implementation (Sensitive, Confidential, Public)",
1112
+ "Validate automated data classification and labeling capabilities",
1113
+ "Assess annual review and update processes",
1114
+ "Review integration with enterprise data management processes",
1115
+ "Check policy enforcement and compliance monitoring"
1116
+ ],
1117
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1118
+ }
835
1119
  },
836
1120
  "3.8": {
837
1121
  id: "3.8",
@@ -861,7 +1145,21 @@ export class SafeguardManager {
861
1145
  "Service provider documentation"
862
1146
  ],
863
1147
  relatedSafeguards: ["3.1", "3.2", "3.7", "3.9", "3.10", "3.11"],
864
- keywords: ["document", "data", "flows", "sensitive", "mapping", "tracking", "lineage"]
1148
+ keywords: ["document", "data", "flows", "sensitive", "mapping", "tracking", "lineage"],
1149
+ systemPrompt: {
1150
+ role: "data_flow_analyst",
1151
+ context: "You are evaluating data flow documentation solutions against CIS Control 3.8 requirements for enterprise data movement tracking.",
1152
+ objective: "Determine if a vendor solution provides comprehensive data flow documentation including service provider interactions.",
1153
+ guidelines: [
1154
+ "Verify comprehensive data flow mapping and documentation",
1155
+ "Confirm service provider data flow tracking capabilities",
1156
+ "Validate integration with enterprise data management processes",
1157
+ "Assess automated data lineage discovery and documentation",
1158
+ "Review annual update and change management processes",
1159
+ "Check visual mapping and reporting capabilities"
1160
+ ],
1161
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1162
+ }
865
1163
  },
866
1164
  "3.9": {
867
1165
  id: "3.9",
@@ -882,7 +1180,21 @@ export class SafeguardManager {
882
1180
  implementationSuggestions: [ // Gray - Implementation suggestions
883
1181
  ],
884
1182
  relatedSafeguards: ["3.1", "3.6", "3.7", "3.10", "3.11"],
885
- keywords: ["encrypt", "data", "removable", "media", "portable", "storage", "USB"]
1183
+ keywords: ["encrypt", "data", "removable", "media", "portable", "storage", "USB"],
1184
+ systemPrompt: {
1185
+ role: "removable_media_security_specialist",
1186
+ context: "You are evaluating removable media encryption solutions against CIS Control 3.9 requirements for portable storage protection.",
1187
+ objective: "Determine if a vendor solution provides comprehensive encryption for data on removable media devices.",
1188
+ guidelines: [
1189
+ "Verify encryption implementation for all removable media types",
1190
+ "Confirm automatic encryption enforcement on USB devices",
1191
+ "Validate encryption key management for portable storage",
1192
+ "Assess policy-based encryption controls and exceptions",
1193
+ "Review centralized management and monitoring capabilities",
1194
+ "Check compliance reporting and device access controls"
1195
+ ],
1196
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1197
+ }
886
1198
  },
887
1199
  "3.10": {
888
1200
  id: "3.10",
@@ -905,7 +1217,21 @@ export class SafeguardManager {
905
1217
  "OpenSSH"
906
1218
  ],
907
1219
  relatedSafeguards: ["3.1", "3.7", "3.8", "3.11", "13.1", "13.2"],
908
- keywords: ["encrypt", "sensitive", "data", "transit", "transmission", "TLS", "communication"]
1220
+ keywords: ["encrypt", "sensitive", "data", "transit", "transmission", "TLS", "communication"],
1221
+ systemPrompt: {
1222
+ role: "data_in_transit_encryption_expert",
1223
+ context: "You are evaluating data-in-transit encryption solutions against CIS Control 3.10 requirements for transmission protection.",
1224
+ objective: "Determine if a vendor solution provides comprehensive encryption for sensitive data during transmission.",
1225
+ guidelines: [
1226
+ "Verify encryption implementation for all data transmissions",
1227
+ "Confirm TLS/SSL protocol support and configuration",
1228
+ "Validate secure communication protocol enforcement",
1229
+ "Assess certificate management and PKI integration",
1230
+ "Review encryption strength and algorithm compliance",
1231
+ "Check monitoring and compliance reporting capabilities"
1232
+ ],
1233
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1234
+ }
909
1235
  },
910
1236
  "3.11": {
911
1237
  id: "3.11",
@@ -935,7 +1261,21 @@ export class SafeguardManager {
935
1261
  "Where access to the data storage device(s) does not permit access to the plain-text data"
936
1262
  ],
937
1263
  relatedSafeguards: ["3.1", "3.6", "3.7", "3.9", "3.10", "11.1"],
938
- keywords: ["encrypt", "sensitive", "data", "rest", "storage", "database", "persistent"]
1264
+ keywords: ["encrypt", "sensitive", "data", "rest", "storage", "database", "persistent"],
1265
+ systemPrompt: {
1266
+ role: "data_at_rest_encryption_specialist",
1267
+ context: "You are evaluating data-at-rest encryption solutions against CIS Control 3.11 requirements for stored data protection.",
1268
+ objective: "Determine if a vendor solution provides comprehensive encryption for sensitive data stored on servers, applications, and databases.",
1269
+ guidelines: [
1270
+ "Verify storage-layer encryption implementation on servers and databases",
1271
+ "Confirm application-layer encryption capabilities for sensitive data",
1272
+ "Validate encryption key management and protection mechanisms",
1273
+ "Assess transparent data encryption and file-level encryption",
1274
+ "Review encryption performance impact and optimization",
1275
+ "Check compliance reporting and encryption status monitoring"
1276
+ ],
1277
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1278
+ }
939
1279
  },
940
1280
  "3.12": {
941
1281
  id: "3.12",
@@ -959,7 +1299,21 @@ export class SafeguardManager {
959
1299
  implementationSuggestions: [ // Gray - Implementation suggestions
960
1300
  ],
961
1301
  relatedSafeguards: ["3.1", "3.7", "12.1", "12.2", "12.3"],
962
- keywords: ["segment", "data", "processing", "storage", "classification", "separation", "isolation"]
1302
+ keywords: ["segment", "data", "processing", "storage", "classification", "separation", "isolation"],
1303
+ systemPrompt: {
1304
+ role: "data_segmentation_architect",
1305
+ context: "You are evaluating data segmentation solutions against CIS Control 3.12 requirements for sensitivity-based data isolation.",
1306
+ objective: "Determine if a vendor solution provides comprehensive data processing and storage segmentation based on sensitivity levels.",
1307
+ guidelines: [
1308
+ "Verify data segmentation implementation based on classification",
1309
+ "Confirm isolation of sensitive data from lower sensitivity environments",
1310
+ "Validate network and storage separation capabilities",
1311
+ "Assess automated policy enforcement for data placement",
1312
+ "Review access control integration with segmentation",
1313
+ "Check monitoring and compliance reporting for data isolation"
1314
+ ],
1315
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1316
+ }
963
1317
  },
964
1318
  "3.13": {
965
1319
  id: "3.13",
@@ -989,7 +1343,21 @@ export class SafeguardManager {
989
1343
  "Host-based Data loss Prevention (DLP) tool"
990
1344
  ],
991
1345
  relatedSafeguards: ["3.1", "3.7", "3.8", "3.10", "3.11"],
992
- keywords: ["deploy", "data", "loss", "prevention", "solution", "sensitive", "DLP"]
1346
+ keywords: ["deploy", "data", "loss", "prevention", "solution", "sensitive", "DLP"],
1347
+ systemPrompt: {
1348
+ role: "data_loss_prevention_specialist",
1349
+ context: "You are evaluating Data Loss Prevention solutions against CIS Control 3.13 requirements for automated sensitive data identification and protection.",
1350
+ objective: "Determine if a vendor solution provides comprehensive DLP capabilities for identifying and protecting sensitive data across all enterprise assets.",
1351
+ guidelines: [
1352
+ "Verify automated sensitive data discovery and classification",
1353
+ "Confirm comprehensive coverage across onsite and remote assets",
1354
+ "Validate data inventory integration and updating capabilities",
1355
+ "Assess policy-based data protection and loss prevention",
1356
+ "Review monitoring, alerting, and incident response integration",
1357
+ "Check service provider data protection coverage"
1358
+ ],
1359
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1360
+ }
993
1361
  },
994
1362
  "3.14": {
995
1363
  id: "3.14",
@@ -1013,7 +1381,21 @@ export class SafeguardManager {
1013
1381
  implementationSuggestions: [ // Gray - Implementation suggestions
1014
1382
  ],
1015
1383
  relatedSafeguards: ["3.1", "3.7", "3.8", "8.1", "8.2"],
1016
- keywords: ["log", "sensitive", "data", "access", "modification", "disposal", "audit"]
1384
+ keywords: ["log", "sensitive", "data", "access", "modification", "disposal", "audit"],
1385
+ systemPrompt: {
1386
+ role: "data_access_auditing_expert",
1387
+ context: "You are evaluating data access logging solutions against CIS Control 3.14 requirements for sensitive data activity monitoring.",
1388
+ objective: "Determine if a vendor solution provides comprehensive logging of sensitive data access, modification, and disposal activities.",
1389
+ guidelines: [
1390
+ "Verify comprehensive logging of all sensitive data access events",
1391
+ "Confirm modification and disposal activity tracking",
1392
+ "Validate integration with audit log management systems",
1393
+ "Assess real-time monitoring and alerting capabilities",
1394
+ "Review log retention and analysis capabilities",
1395
+ "Check compliance reporting and forensic investigation support"
1396
+ ],
1397
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1398
+ }
1017
1399
  },
1018
1400
  "4.1": {
1019
1401
  id: "4.1",
@@ -1050,7 +1432,21 @@ export class SafeguardManager {
1050
1432
  "Configuration Management Tool"
1051
1433
  ],
1052
1434
  relatedSafeguards: ["1.1", "2.1", "4.2", "4.3", "4.4", "4.5", "4.6", "4.7", "4.8", "4.9", "4.10", "4.11", "4.12"],
1053
- keywords: ["establish", "maintain", "documented", "secure", "configuration", "process", "enterprise", "assets", "software", "review", "update"]
1435
+ keywords: ["establish", "maintain", "documented", "secure", "configuration", "process", "enterprise", "assets", "software", "review", "update"],
1436
+ systemPrompt: {
1437
+ role: "secure_configuration_expert",
1438
+ context: "You are evaluating secure configuration management solutions against CIS Control 4.1 requirements for enterprise asset hardening.",
1439
+ objective: "Determine if a vendor solution provides comprehensive secure configuration processes for enterprise assets and software.",
1440
+ guidelines: [
1441
+ "Verify documented secure configuration process establishment",
1442
+ "Confirm coverage of all enterprise assets and software types",
1443
+ "Validate configuration baseline management and enforcement",
1444
+ "Assess automated configuration monitoring and remediation",
1445
+ "Review annual process updates and change management",
1446
+ "Check integration with configuration management tools"
1447
+ ],
1448
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1449
+ }
1054
1450
  },
1055
1451
  "4.2": {
1056
1452
  id: "4.2",
@@ -1078,7 +1474,21 @@ export class SafeguardManager {
1078
1474
  "Configuration Management Tool"
1079
1475
  ],
1080
1476
  relatedSafeguards: ["1.1", "2.1", "3.10", "4.1", "6.4", "8.1", "12.1", "12.2", "12.3", "12.4", "12.5", "13.3", "13.4", "13.6", "13.8", "13.9", "13.10"],
1081
- keywords: ["establish", "maintain", "documented", "secure", "configuration", "network", "infrastructure", "process", "devices"]
1477
+ keywords: ["establish", "maintain", "documented", "secure", "configuration", "network", "infrastructure", "process", "devices"],
1478
+ systemPrompt: {
1479
+ role: "network_configuration_specialist",
1480
+ context: "You are evaluating network infrastructure configuration solutions against CIS Control 4.2 requirements for secure network device management.",
1481
+ objective: "Determine if a vendor solution provides comprehensive secure configuration processes for network infrastructure devices.",
1482
+ guidelines: [
1483
+ "Verify documented network configuration process establishment",
1484
+ "Confirm coverage of all network infrastructure device types",
1485
+ "Validate network security baseline management and enforcement",
1486
+ "Assess automated network configuration monitoring and compliance",
1487
+ "Review network change management and approval processes",
1488
+ "Check integration with network management and security tools"
1489
+ ],
1490
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1491
+ }
1082
1492
  },
1083
1493
  "4.3": {
1084
1494
  id: "4.3",
@@ -1107,7 +1517,21 @@ export class SafeguardManager {
1107
1517
  "Configuration Management Tool"
1108
1518
  ],
1109
1519
  relatedSafeguards: ["4.1"],
1110
- keywords: ["configure", "automatic", "session", "locking", "enterprise", "assets", "inactivity", "period", "minutes", "mobile", "operating", "systems"]
1520
+ keywords: ["configure", "automatic", "session", "locking", "enterprise", "assets", "inactivity", "period", "minutes", "mobile", "operating", "systems"],
1521
+ systemPrompt: {
1522
+ role: "session_security_specialist",
1523
+ context: "You are evaluating session management solutions against CIS Control 4.3 requirements for automatic session locking.",
1524
+ objective: "Determine if a vendor solution provides comprehensive automatic session locking capabilities for enterprise assets.",
1525
+ guidelines: [
1526
+ "Verify automatic session locking configuration and enforcement",
1527
+ "Confirm inactivity period customization and policy management",
1528
+ "Validate coverage across all enterprise asset types",
1529
+ "Assess mobile and desktop operating system support",
1530
+ "Review centralized policy deployment and monitoring",
1531
+ "Check user experience and security balance optimization"
1532
+ ],
1533
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1534
+ }
1111
1535
  },
1112
1536
  "4.4": {
1113
1537
  id: "4.4",
@@ -1135,7 +1559,21 @@ export class SafeguardManager {
1135
1559
  "Configuration Management Tool"
1136
1560
  ],
1137
1561
  relatedSafeguards: ["4.1"],
1138
- keywords: ["implement", "manage", "firewall", "servers", "virtual", "operating", "system", "third-party", "agent"]
1562
+ keywords: ["implement", "manage", "firewall", "servers", "virtual", "operating", "system", "third-party", "agent"],
1563
+ systemPrompt: {
1564
+ role: "server_firewall_expert",
1565
+ context: "You are evaluating server firewall solutions against CIS Control 4.4 requirements for host-based server protection.",
1566
+ objective: "Determine if a vendor solution provides comprehensive firewall implementation and management for servers.",
1567
+ guidelines: [
1568
+ "Verify host-based firewall implementation on all servers",
1569
+ "Confirm virtual environment and container firewall support",
1570
+ "Validate centralized firewall policy management",
1571
+ "Assess rule automation and threat-based configuration",
1572
+ "Review monitoring, alerting, and compliance reporting",
1573
+ "Check integration with security management platforms"
1574
+ ],
1575
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1576
+ }
1139
1577
  },
1140
1578
  "4.5": {
1141
1579
  id: "4.5",
@@ -1165,7 +1603,21 @@ export class SafeguardManager {
1165
1603
  "Configuration Management Tool"
1166
1604
  ],
1167
1605
  relatedSafeguards: ["4.1"],
1168
- keywords: ["implement", "manage", "host-based", "firewall", "port-filtering", "end-user", "devices", "default-deny", "explicitly", "allowed"]
1606
+ keywords: ["implement", "manage", "host-based", "firewall", "port-filtering", "end-user", "devices", "default-deny", "explicitly", "allowed"],
1607
+ systemPrompt: {
1608
+ role: "endpoint_firewall_specialist",
1609
+ context: "You are evaluating endpoint firewall solutions against CIS Control 4.5 requirements for end-user device protection.",
1610
+ objective: "Determine if a vendor solution provides comprehensive host-based firewall and port filtering for end-user devices.",
1611
+ guidelines: [
1612
+ "Verify host-based firewall implementation on all end-user devices",
1613
+ "Confirm default-deny policy with explicit allow configurations",
1614
+ "Validate port-filtering capabilities and rule management",
1615
+ "Assess centralized policy deployment and management",
1616
+ "Review monitoring, logging, and compliance reporting",
1617
+ "Check user experience and productivity impact minimization"
1618
+ ],
1619
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1620
+ }
1169
1621
  },
1170
1622
  "4.6": {
1171
1623
  id: "4.6",
@@ -1194,7 +1646,21 @@ export class SafeguardManager {
1194
1646
  "Configuration Management Tool"
1195
1647
  ],
1196
1648
  relatedSafeguards: ["4.1", "12.3"],
1197
- keywords: ["securely", "manage", "enterprise", "assets", "software", "infrastructure-as-code", "administrative", "interfaces", "SSH", "HTTPS", "protocols"]
1649
+ keywords: ["securely", "manage", "enterprise", "assets", "software", "infrastructure-as-code", "administrative", "interfaces", "SSH", "HTTPS", "protocols"],
1650
+ systemPrompt: {
1651
+ role: "secure_administration_expert",
1652
+ context: "You are evaluating secure administrative interface solutions against CIS Control 4.6 requirements for enterprise asset management.",
1653
+ objective: "Determine if a vendor solution provides secure management of enterprise assets and software administrative interfaces.",
1654
+ guidelines: [
1655
+ "Verify secure administrative interface implementation (SSH, HTTPS)",
1656
+ "Confirm infrastructure-as-code security management capabilities",
1657
+ "Validate encrypted administrative communication protocols",
1658
+ "Assess administrative access control and authentication",
1659
+ "Review privileged session monitoring and recording",
1660
+ "Check integration with privileged access management systems"
1661
+ ],
1662
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1663
+ }
1198
1664
  },
1199
1665
  "4.7": {
1200
1666
  id: "4.7",
@@ -1223,7 +1689,21 @@ export class SafeguardManager {
1223
1689
  "Configuration Management Tool"
1224
1690
  ],
1225
1691
  relatedSafeguards: ["4.1"],
1226
- keywords: ["manage", "default", "accounts", "enterprise", "assets", "software", "root", "administrator", "pre-configured", "vendor", "disabling", "unusable"]
1692
+ keywords: ["manage", "default", "accounts", "enterprise", "assets", "software", "root", "administrator", "pre-configured", "vendor", "disabling", "unusable"],
1693
+ systemPrompt: {
1694
+ role: "default_account_security_specialist",
1695
+ context: "You are evaluating default account management solutions against CIS Control 4.7 requirements for vendor account security.",
1696
+ objective: "Determine if a vendor solution provides comprehensive management of default accounts on enterprise assets and software.",
1697
+ guidelines: [
1698
+ "Verify identification and management of all default accounts",
1699
+ "Confirm default account disabling or secure configuration",
1700
+ "Validate vendor-supplied account discovery and remediation",
1701
+ "Assess automated default account detection and management",
1702
+ "Review policy enforcement and compliance monitoring",
1703
+ "Check integration with identity and access management systems"
1704
+ ],
1705
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1706
+ }
1227
1707
  },
1228
1708
  "4.8": {
1229
1709
  id: "4.8",
@@ -1251,7 +1731,21 @@ export class SafeguardManager {
1251
1731
  "Configuration Management Tool"
1252
1732
  ],
1253
1733
  relatedSafeguards: ["4.1"],
1254
- keywords: ["uninstall", "disable", "unnecessary", "services", "enterprise", "assets", "software", "unused", "file", "sharing", "web", "application", "module", "function"]
1734
+ keywords: ["uninstall", "disable", "unnecessary", "services", "enterprise", "assets", "software", "unused", "file", "sharing", "web", "application", "module", "function"],
1735
+ systemPrompt: {
1736
+ role: "service_hardening_expert",
1737
+ context: "You are evaluating service management solutions against CIS Control 4.8 requirements for unnecessary service removal.",
1738
+ objective: "Determine if a vendor solution provides comprehensive identification and management of unnecessary services on enterprise assets.",
1739
+ guidelines: [
1740
+ "Verify identification of all unnecessary services and functions",
1741
+ "Confirm automated service removal and disabling capabilities",
1742
+ "Validate coverage across all enterprise asset types",
1743
+ "Assess risk-based service evaluation and recommendation",
1744
+ "Review service dependency analysis and impact assessment",
1745
+ "Check ongoing monitoring and compliance enforcement"
1746
+ ],
1747
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1748
+ }
1255
1749
  },
1256
1750
  "4.9": {
1257
1751
  id: "4.9",
@@ -1276,7 +1770,21 @@ export class SafeguardManager {
1276
1770
  "Configuration Management Tool"
1277
1771
  ],
1278
1772
  relatedSafeguards: ["4.1", "8.6", "9.2"],
1279
- keywords: ["configure", "trusted", "DNS", "servers", "enterprise", "assets", "enterprise-controlled", "reputable", "externally", "accessible"]
1773
+ keywords: ["configure", "trusted", "DNS", "servers", "enterprise", "assets", "enterprise-controlled", "reputable", "externally", "accessible"],
1774
+ systemPrompt: {
1775
+ role: "dns_security_specialist",
1776
+ context: "You are evaluating DNS security solutions against CIS Control 4.9 requirements for trusted DNS server configuration.",
1777
+ objective: "Determine if a vendor solution provides comprehensive trusted DNS server configuration and management for enterprise assets.",
1778
+ guidelines: [
1779
+ "Verify trusted DNS server configuration on all enterprise assets",
1780
+ "Confirm enterprise-controlled or reputable DNS service usage",
1781
+ "Validate DNS security policy enforcement and monitoring",
1782
+ "Assess DNS filtering and threat protection capabilities",
1783
+ "Review centralized DNS configuration management",
1784
+ "Check DNS query logging and analysis capabilities"
1785
+ ],
1786
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1787
+ }
1280
1788
  },
1281
1789
  "4.10": {
1282
1790
  id: "4.10",
@@ -1307,7 +1815,21 @@ export class SafeguardManager {
1307
1815
  "Configuration Management Tool"
1308
1816
  ],
1309
1817
  relatedSafeguards: ["4.1"],
1310
- keywords: ["enforce", "automatic", "device", "lockout", "portable", "end-user", "devices", "failed", "authentication", "attempts", "laptops", "tablets", "smartphones", "InTune", "Apple"]
1818
+ keywords: ["enforce", "automatic", "device", "lockout", "portable", "end-user", "devices", "failed", "authentication", "attempts", "laptops", "tablets", "smartphones", "InTune", "Apple"],
1819
+ systemPrompt: {
1820
+ role: "device_lockout_security_expert",
1821
+ context: "You are evaluating device lockout solutions against CIS Control 4.10 requirements for failed authentication protection.",
1822
+ objective: "Determine if a vendor solution provides comprehensive automatic device lockout enforcement for portable end-user devices.",
1823
+ guidelines: [
1824
+ "Verify automatic device lockout after failed authentication attempts",
1825
+ "Confirm coverage across all portable device types (laptops, tablets, smartphones)",
1826
+ "Validate lockout policy customization and management",
1827
+ "Assess integration with mobile device management platforms",
1828
+ "Review unlock procedures and security recovery mechanisms",
1829
+ "Check compliance monitoring and reporting capabilities"
1830
+ ],
1831
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1832
+ }
1311
1833
  },
1312
1834
  "4.11": {
1313
1835
  id: "4.11",
@@ -1333,7 +1855,21 @@ export class SafeguardManager {
1333
1855
  "Configuration Management Tool"
1334
1856
  ],
1335
1857
  relatedSafeguards: ["4.1"],
1336
- keywords: ["remotely", "wipe", "enterprise", "data", "enterprise-owned", "portable", "end-user", "devices", "lost", "stolen", "individual", "no", "longer", "supports"]
1858
+ keywords: ["remotely", "wipe", "enterprise", "data", "enterprise-owned", "portable", "end-user", "devices", "lost", "stolen", "individual", "no", "longer", "supports"],
1859
+ systemPrompt: {
1860
+ role: "remote_wipe_specialist",
1861
+ context: "You are evaluating remote wipe solutions against CIS Control 4.11 requirements for enterprise data protection on portable devices.",
1862
+ objective: "Determine if a vendor solution provides comprehensive remote wipe capabilities for enterprise data on portable end-user devices.",
1863
+ guidelines: [
1864
+ "Verify remote wipe capability for all enterprise-owned portable devices",
1865
+ "Confirm selective enterprise data wiping without affecting personal data",
1866
+ "Validate real-time remote wipe execution and verification",
1867
+ "Assess integration with mobile device management platforms",
1868
+ "Review policy-based automated wiping triggers",
1869
+ "Check audit trails and compliance reporting for wipe operations"
1870
+ ],
1871
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1872
+ }
1337
1873
  },
1338
1874
  "4.12": {
1339
1875
  id: "4.12",
@@ -1363,7 +1899,21 @@ export class SafeguardManager {
1363
1899
  "Configuration Management Tool"
1364
1900
  ],
1365
1901
  relatedSafeguards: ["4.1"],
1366
- keywords: ["separate", "enterprise", "workspaces", "mobile", "end-user", "devices", "Apple", "Configuration", "Profile", "Android", "Work", "Profile", "applications", "data", "personal"]
1902
+ keywords: ["separate", "enterprise", "workspaces", "mobile", "end-user", "devices", "Apple", "Configuration", "Profile", "Android", "Work", "Profile", "applications", "data", "personal"],
1903
+ systemPrompt: {
1904
+ role: "mobile_workspace_security_expert",
1905
+ context: "You are evaluating mobile workspace separation solutions against CIS Control 4.12 requirements for enterprise and personal data isolation.",
1906
+ objective: "Determine if a vendor solution provides comprehensive enterprise workspace separation on mobile end-user devices.",
1907
+ guidelines: [
1908
+ "Verify enterprise workspace separation on mobile devices",
1909
+ "Confirm support for Apple Configuration Profiles and Android Work Profiles",
1910
+ "Validate application and data isolation between enterprise and personal spaces",
1911
+ "Assess policy enforcement and workspace management capabilities",
1912
+ "Review user experience and productivity optimization",
1913
+ "Check compliance monitoring and enterprise data protection"
1914
+ ],
1915
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1916
+ }
1367
1917
  },
1368
1918
  "5.2": {
1369
1919
  id: "5.2",
@@ -1391,7 +1941,21 @@ export class SafeguardManager {
1391
1941
  "Password Management Tool"
1392
1942
  ],
1393
1943
  relatedSafeguards: ["5.1"],
1394
- keywords: ["use", "unique", "passwords", "enterprise", "assets", "8-character", "14-character", "MFA", "minimum"]
1944
+ keywords: ["use", "unique", "passwords", "enterprise", "assets", "8-character", "14-character", "MFA", "minimum"],
1945
+ systemPrompt: {
1946
+ role: "password_security_expert",
1947
+ context: "You are evaluating password management solutions against CIS Control 5.2 requirements for unique password enforcement.",
1948
+ objective: "Determine if a vendor solution provides comprehensive unique password enforcement for enterprise assets.",
1949
+ guidelines: [
1950
+ "Verify unique password requirement enforcement across all assets",
1951
+ "Confirm minimum length requirements (8-character minimum, 14-character for non-MFA)",
1952
+ "Validate password complexity and uniqueness checking",
1953
+ "Assess integration with multi-factor authentication systems",
1954
+ "Review password policy management and enforcement capabilities",
1955
+ "Check compliance monitoring and password strength reporting"
1956
+ ],
1957
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1958
+ }
1395
1959
  },
1396
1960
  "5.3": {
1397
1961
  id: "5.3",
@@ -1417,7 +1981,21 @@ export class SafeguardManager {
1417
1981
  "Identity and Access Management Tool"
1418
1982
  ],
1419
1983
  relatedSafeguards: ["5.1"],
1420
- keywords: ["delete", "disable", "dormant", "accounts", "45", "days", "inactivity", "supported"]
1984
+ keywords: ["delete", "disable", "dormant", "accounts", "45", "days", "inactivity", "supported"],
1985
+ systemPrompt: {
1986
+ role: "dormant_account_management_specialist",
1987
+ context: "You are evaluating dormant account management solutions against CIS Control 5.3 requirements for inactive account cleanup.",
1988
+ objective: "Determine if a vendor solution provides comprehensive dormant account detection and management capabilities.",
1989
+ guidelines: [
1990
+ "Verify automated dormant account detection after 45 days inactivity",
1991
+ "Confirm account deletion or disabling capabilities",
1992
+ "Validate supported vs unsupported account handling",
1993
+ "Assess automated workflow and approval processes",
1994
+ "Review account activity monitoring and tracking",
1995
+ "Check compliance reporting and audit trail capabilities"
1996
+ ],
1997
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1998
+ }
1421
1999
  },
1422
2000
  "5.4": {
1423
2001
  id: "5.4",
@@ -1449,7 +2027,21 @@ export class SafeguardManager {
1449
2027
  "Productivity suite use"
1450
2028
  ],
1451
2029
  relatedSafeguards: ["4.1", "5.1"],
1452
- keywords: ["restrict", "administrator", "privileges", "dedicated", "accounts", "enterprise", "assets", "general", "computing", "browsing", "email", "productivity"]
2030
+ keywords: ["restrict", "administrator", "privileges", "dedicated", "accounts", "enterprise", "assets", "general", "computing", "browsing", "email", "productivity"],
2031
+ systemPrompt: {
2032
+ role: "privileged_access_specialist",
2033
+ context: "You are evaluating privileged access management solutions against CIS Control 5.4 requirements for administrator privilege restriction.",
2034
+ objective: "Determine if a vendor solution provides comprehensive administrator privilege restriction and dedicated account management.",
2035
+ guidelines: [
2036
+ "Verify administrator privilege restriction to dedicated accounts only",
2037
+ "Confirm separation of administrative and general computing activities",
2038
+ "Validate privileged access controls and session management",
2039
+ "Assess just-in-time privilege elevation capabilities",
2040
+ "Review privileged session monitoring and recording",
2041
+ "Check compliance with principle of least privilege enforcement"
2042
+ ],
2043
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2044
+ }
1453
2045
  },
1454
2046
  "5.5": {
1455
2047
  id: "5.5",
@@ -1484,7 +2076,21 @@ export class SafeguardManager {
1484
2076
  "Identity and Access Management Tool"
1485
2077
  ],
1486
2078
  relatedSafeguards: ["5.1"],
1487
- keywords: ["establish", "maintain", "inventory", "service", "accounts", "department", "owner", "review", "date", "purpose", "quarterly", "validate", "authorized"]
2079
+ keywords: ["establish", "maintain", "inventory", "service", "accounts", "department", "owner", "review", "date", "purpose", "quarterly", "validate", "authorized"],
2080
+ systemPrompt: {
2081
+ role: "service_account_management_expert",
2082
+ context: "You are evaluating service account management solutions against CIS Control 5.5 requirements for service account inventory and oversight.",
2083
+ objective: "Determine if a vendor solution provides comprehensive service account inventory management and quarterly validation processes.",
2084
+ guidelines: [
2085
+ "Verify comprehensive service account inventory establishment",
2086
+ "Confirm tracking of department, owner, purpose, and review dates",
2087
+ "Validate quarterly service account review and authorization processes",
2088
+ "Assess automated service account discovery and classification",
2089
+ "Review service account lifecycle management capabilities",
2090
+ "Check compliance monitoring and unauthorized account detection"
2091
+ ],
2092
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2093
+ }
1488
2094
  },
1489
2095
  "5.6": {
1490
2096
  id: "5.6",
@@ -1510,7 +2116,21 @@ export class SafeguardManager {
1510
2116
  "Identity and Access Management Tool"
1511
2117
  ],
1512
2118
  relatedSafeguards: ["5.1", "6.6", "6.7", "12.5"],
1513
- keywords: ["centralize", "account", "management", "directory", "service", "identity"]
2119
+ keywords: ["centralize", "account", "management", "directory", "service", "identity"],
2120
+ systemPrompt: {
2121
+ role: "centralized_identity_specialist",
2122
+ context: "You are evaluating centralized identity management solutions against CIS Control 5.6 requirements for directory service implementation.",
2123
+ objective: "Determine if a vendor solution provides comprehensive centralized account management through directory or identity services.",
2124
+ guidelines: [
2125
+ "Verify centralized account management implementation",
2126
+ "Confirm directory service or identity service capabilities",
2127
+ "Validate integration with enterprise authentication systems",
2128
+ "Assess single sign-on and identity federation support",
2129
+ "Review account provisioning and deprovisioning automation",
2130
+ "Check scalability and multi-domain support capabilities"
2131
+ ],
2132
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2133
+ }
1514
2134
  },
1515
2135
  "6.1": {
1516
2136
  id: "6.1",
@@ -1543,7 +2163,21 @@ export class SafeguardManager {
1543
2163
  "Account and Credential Management Policy/Process"
1544
2164
  ],
1545
2165
  relatedSafeguards: ["5.1", "6.7", "6.8"],
1546
- keywords: ["establish", "follow", "documented", "process", "automated", "granting", "access", "enterprise", "assets", "new", "hire", "role", "change"]
2166
+ keywords: ["establish", "follow", "documented", "process", "automated", "granting", "access", "enterprise", "assets", "new", "hire", "role", "change"],
2167
+ systemPrompt: {
2168
+ role: "access_granting_process_expert",
2169
+ context: "You are evaluating access granting solutions against CIS Control 6.1 requirements for establishing documented access provisioning processes.",
2170
+ objective: "Determine if a vendor solution provides comprehensive access granting processes for new hires and role changes.",
2171
+ guidelines: [
2172
+ "Verify existence of documented access granting procedures",
2173
+ "Confirm automation capabilities for access provisioning",
2174
+ "Validate coverage of new hire onboarding scenarios",
2175
+ "Assess role change access modification processes",
2176
+ "Review enterprise asset access management integration",
2177
+ "Check process documentation and governance compliance"
2178
+ ],
2179
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2180
+ }
1547
2181
  },
1548
2182
  "6.2": {
1549
2183
  id: "6.2",
@@ -1581,7 +2215,21 @@ export class SafeguardManager {
1581
2215
  "Account and Credential Management Policy/Process"
1582
2216
  ],
1583
2217
  relatedSafeguards: ["5.1", "6.7"],
1584
- keywords: ["establish", "follow", "process", "automated", "revoking", "access", "enterprise", "assets", "disabling", "accounts", "termination", "rights", "revocation", "role", "change", "audit", "trails"]
2218
+ keywords: ["establish", "follow", "process", "automated", "revoking", "access", "enterprise", "assets", "disabling", "accounts", "termination", "rights", "revocation", "role", "change", "audit", "trails"],
2219
+ systemPrompt: {
2220
+ role: "access_revocation_process_expert",
2221
+ context: "You are evaluating access revocation solutions against CIS Control 6.2 requirements for establishing documented access deprovisioning processes.",
2222
+ objective: "Determine if a vendor solution provides comprehensive access revocation processes for terminations, rights changes, and role modifications.",
2223
+ guidelines: [
2224
+ "Verify existence of documented access revocation procedures",
2225
+ "Confirm automation capabilities for access deprovisioning",
2226
+ "Validate immediate account disabling upon termination",
2227
+ "Assess role change access modification processes",
2228
+ "Review account preservation vs deletion for audit trail requirements",
2229
+ "Check process documentation and governance compliance"
2230
+ ],
2231
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2232
+ }
1585
2233
  },
1586
2234
  "6.4": {
1587
2235
  id: "6.4",
@@ -1607,7 +2255,21 @@ export class SafeguardManager {
1607
2255
  "Multi-Factor Authentication Tool"
1608
2256
  ],
1609
2257
  relatedSafeguards: ["4.2", "12.7"],
1610
- keywords: ["require", "MFA", "remote", "network", "access", "multi-factor", "authentication"]
2258
+ keywords: ["require", "MFA", "remote", "network", "access", "multi-factor", "authentication"],
2259
+ systemPrompt: {
2260
+ role: "remote_access_security_specialist",
2261
+ context: "You are evaluating remote access security solutions against CIS Control 6.4 requirements for MFA on remote network access.",
2262
+ objective: "Determine if a vendor solution provides comprehensive MFA enforcement for remote network access connections.",
2263
+ guidelines: [
2264
+ "Verify MFA requirement for all remote network access",
2265
+ "Confirm coverage of VPN, RDP, and other remote access methods",
2266
+ "Validate integration with network access control systems",
2267
+ "Assess conditional access and risk-based authentication",
2268
+ "Review remote access session monitoring and logging",
2269
+ "Check policy enforcement and compliance reporting"
2270
+ ],
2271
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2272
+ }
1611
2273
  },
1612
2274
  "6.5": {
1613
2275
  id: "6.5",
@@ -1639,7 +2301,21 @@ export class SafeguardManager {
1639
2301
  "Multi-Factor Authentication Tool"
1640
2302
  ],
1641
2303
  relatedSafeguards: ["4.1"],
1642
- keywords: ["require", "MFA", "administrative", "access", "accounts", "supported", "enterprise", "assets", "managed", "onsite", "service", "provider"]
2304
+ keywords: ["require", "MFA", "administrative", "access", "accounts", "supported", "enterprise", "assets", "managed", "onsite", "service", "provider"],
2305
+ systemPrompt: {
2306
+ role: "administrative_access_security_expert",
2307
+ context: "You are evaluating administrative access security solutions against CIS Control 6.5 requirements for MFA on administrative accounts.",
2308
+ objective: "Determine if a vendor solution provides comprehensive MFA enforcement for administrative access to enterprise assets.",
2309
+ guidelines: [
2310
+ "Verify MFA requirement for all administrative account access",
2311
+ "Confirm coverage of onsite and service provider managed assets",
2312
+ "Validate privileged access management integration",
2313
+ "Assess just-in-time access and session management",
2314
+ "Review administrative session monitoring and recording",
2315
+ "Check policy enforcement and administrative access compliance"
2316
+ ],
2317
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2318
+ }
1643
2319
  },
1644
2320
  "6.6": {
1645
2321
  id: "6.6",
@@ -1672,7 +2348,21 @@ export class SafeguardManager {
1672
2348
  "Account and Credential Management Policy/Process"
1673
2349
  ],
1674
2350
  relatedSafeguards: ["1.1", "2.1", "3.3", "5.6", "6.7"],
1675
- keywords: ["establish", "maintain", "inventory", "enterprise", "authentication", "authorization", "systems", "hosted", "onsite", "remote", "service", "provider", "review", "update", "annually"]
2351
+ keywords: ["establish", "maintain", "inventory", "enterprise", "authentication", "authorization", "systems", "hosted", "onsite", "remote", "service", "provider", "review", "update", "annually"],
2352
+ systemPrompt: {
2353
+ role: "authentication_authorization_inventory_expert",
2354
+ context: "You are evaluating authentication and authorization inventory solutions against CIS Control 6.6 requirements for comprehensive system tracking.",
2355
+ objective: "Determine if a vendor solution provides complete inventory capabilities for authentication and authorization systems across the enterprise.",
2356
+ guidelines: [
2357
+ "Verify comprehensive authentication system discovery and inventory",
2358
+ "Confirm authorization system tracking and documentation",
2359
+ "Validate coverage of on-site and remote service provider systems",
2360
+ "Assess inventory maintenance and annual review capabilities",
2361
+ "Review system classification and risk assessment features",
2362
+ "Check integration with identity governance platforms"
2363
+ ],
2364
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2365
+ }
1676
2366
  },
1677
2367
  "6.7": {
1678
2368
  id: "6.7",
@@ -1706,7 +2396,21 @@ export class SafeguardManager {
1706
2396
  "Identity and Access Management Tool"
1707
2397
  ],
1708
2398
  relatedSafeguards: ["4.1", "5.1", "5.6", "6.1", "6.2", "6.6", "12.5", "12.7"],
1709
- keywords: ["centralize", "access", "control", "enterprise", "assets", "directory", "service", "SSO", "provider", "supported"]
2399
+ keywords: ["centralize", "access", "control", "enterprise", "assets", "directory", "service", "SSO", "provider", "supported"],
2400
+ systemPrompt: {
2401
+ role: "centralized_access_control_expert",
2402
+ context: "You are evaluating centralized access control solutions against CIS Control 6.7 requirements for directory service and SSO-based access management.",
2403
+ objective: "Determine if a vendor solution provides comprehensive centralized access control for enterprise assets through directory services or SSO providers.",
2404
+ guidelines: [
2405
+ "Verify centralized access control implementation capabilities",
2406
+ "Confirm directory service integration and management",
2407
+ "Validate SSO provider connectivity and configuration",
2408
+ "Assess enterprise asset coverage and support levels",
2409
+ "Review access policy enforcement and administration",
2410
+ "Check scalability and performance of centralized systems"
2411
+ ],
2412
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2413
+ }
1710
2414
  },
1711
2415
  "6.8": {
1712
2416
  id: "6.8",
@@ -1744,7 +2448,21 @@ export class SafeguardManager {
1744
2448
  "Identity and Access management Tool"
1745
2449
  ],
1746
2450
  relatedSafeguards: ["3.3", "4.1", "6.1"],
1747
- keywords: ["define", "maintain", "role-based", "access", "control", "determining", "documenting", "rights", "necessary", "role", "enterprise", "duties", "perform", "reviews", "validate", "privileges", "authorized", "recurring", "annually"]
2451
+ keywords: ["define", "maintain", "role-based", "access", "control", "determining", "documenting", "rights", "necessary", "role", "enterprise", "duties", "perform", "reviews", "validate", "privileges", "authorized", "recurring", "annually"],
2452
+ systemPrompt: {
2453
+ role: "role_based_access_control_expert",
2454
+ context: "You are evaluating role-based access control solutions against CIS Control 6.8 requirements for defining, maintaining, and reviewing role-based permissions.",
2455
+ objective: "Determine if a vendor solution provides comprehensive RBAC capabilities including role definition, access rights documentation, and periodic reviews.",
2456
+ guidelines: [
2457
+ "Verify role definition and maintenance capabilities",
2458
+ "Confirm access rights documentation and mapping to roles",
2459
+ "Validate enterprise role modeling and assignment processes",
2460
+ "Assess access control review and validation features",
2461
+ "Review privilege authorization and least privilege enforcement",
2462
+ "Check annual review processes and compliance reporting"
2463
+ ],
2464
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2465
+ }
1748
2466
  },
1749
2467
  "7.2": {
1750
2468
  id: "7.2",
@@ -1782,7 +2500,21 @@ export class SafeguardManager {
1782
2500
  "risk scoring frameworks"
1783
2501
  ],
1784
2502
  relatedSafeguards: ["7.1", "7.3", "7.4", "7.5", "7.6", "7.7"],
1785
- keywords: ["establish", "maintain", "remediation", "process", "SLA", "security", "vulnerabilities"]
2503
+ keywords: ["establish", "maintain", "remediation", "process", "SLA", "security", "vulnerabilities"],
2504
+ systemPrompt: {
2505
+ role: "vulnerability_remediation_process_expert",
2506
+ context: "You are evaluating vulnerability remediation solutions against CIS Control 7.2 requirements for establishing remediation processes and SLAs.",
2507
+ objective: "Determine if a vendor solution provides comprehensive vulnerability remediation process management and SLA capabilities.",
2508
+ guidelines: [
2509
+ "Verify remediation process establishment and maintenance",
2510
+ "Confirm SLA definition and tracking for security vulnerabilities",
2511
+ "Validate vulnerability prioritization and timeline management",
2512
+ "Assess remediation workflow automation and escalation procedures",
2513
+ "Review patch management integration and coordination",
2514
+ "Check remediation verification and compliance reporting"
2515
+ ],
2516
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2517
+ }
1786
2518
  },
1787
2519
  "7.3": {
1788
2520
  id: "7.3",
@@ -1820,7 +2552,21 @@ export class SafeguardManager {
1820
2552
  "system center tools"
1821
2553
  ],
1822
2554
  relatedSafeguards: ["1.1", "4.1", "7.1", "7.2", "7.4", "7.5"],
1823
- keywords: ["perform", "automated", "operating", "system", "patch", "management", "enterprise", "assets"]
2555
+ keywords: ["perform", "automated", "operating", "system", "patch", "management", "enterprise", "assets"],
2556
+ systemPrompt: {
2557
+ role: "automated_os_patch_management_expert",
2558
+ context: "You are evaluating automated OS patch management solutions against CIS Control 7.3 requirements for automated operating system patching.",
2559
+ objective: "Determine if a vendor solution provides comprehensive automated operating system patch management for enterprise assets.",
2560
+ guidelines: [
2561
+ "Verify automated OS patch deployment capabilities",
2562
+ "Confirm enterprise asset coverage and compatibility",
2563
+ "Validate patch testing and approval workflows",
2564
+ "Assess patch scheduling and deployment automation",
2565
+ "Review rollback capabilities and failure recovery",
2566
+ "Check compliance monitoring and patch status reporting"
2567
+ ],
2568
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2569
+ }
1824
2570
  },
1825
2571
  "7.4": {
1826
2572
  id: "7.4",
@@ -1858,7 +2604,21 @@ export class SafeguardManager {
1858
2604
  "patch compliance scanners"
1859
2605
  ],
1860
2606
  relatedSafeguards: ["2.1", "2.2", "7.1", "7.2", "7.3", "7.5"],
1861
- keywords: ["perform", "automated", "application", "patch", "management", "enterprise", "assets", "updates"]
2607
+ keywords: ["perform", "automated", "application", "patch", "management", "enterprise", "assets", "updates"],
2608
+ systemPrompt: {
2609
+ role: "automated_application_patch_management_expert",
2610
+ context: "You are evaluating automated application patch management solutions against CIS Control 7.4 requirements for automated application patching.",
2611
+ objective: "Determine if a vendor solution provides comprehensive automated application patch management for enterprise assets.",
2612
+ guidelines: [
2613
+ "Verify automated application patch deployment capabilities",
2614
+ "Confirm enterprise application coverage and compatibility",
2615
+ "Validate third-party application update management",
2616
+ "Assess browser plugin and security update automation",
2617
+ "Review compatibility testing and rollback procedures",
2618
+ "Check vendor patch notification and prioritization systems"
2619
+ ],
2620
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2621
+ }
1862
2622
  },
1863
2623
  "7.5": {
1864
2624
  id: "7.5",
@@ -1896,7 +2656,21 @@ export class SafeguardManager {
1896
2656
  "vulnerability management systems"
1897
2657
  ],
1898
2658
  relatedSafeguards: ["1.1", "2.1", "7.1", "7.2", "7.3", "7.4", "7.6", "7.7"],
1899
- keywords: ["perform", "automated", "vulnerability", "scans", "internal", "enterprise", "assets", "quarterly"]
2659
+ keywords: ["perform", "automated", "vulnerability", "scans", "internal", "enterprise", "assets", "quarterly"],
2660
+ systemPrompt: {
2661
+ role: "internal_vulnerability_scanning_expert",
2662
+ context: "You are evaluating internal vulnerability scanning solutions against CIS Control 7.5 requirements for automated vulnerability scanning of internal enterprise assets.",
2663
+ objective: "Determine if a vendor solution provides comprehensive automated vulnerability scanning capabilities for internal enterprise assets.",
2664
+ guidelines: [
2665
+ "Verify automated vulnerability scanning capabilities for internal assets",
2666
+ "Confirm quarterly or more frequent scanning schedules",
2667
+ "Validate coverage of devices and applications",
2668
+ "Assess scan result analysis and false positive management",
2669
+ "Review vulnerability prioritization and reporting features",
2670
+ "Check integration with vulnerability management platforms"
2671
+ ],
2672
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2673
+ }
1900
2674
  },
1901
2675
  "7.6": {
1902
2676
  id: "7.6",
@@ -1934,7 +2708,21 @@ export class SafeguardManager {
1934
2708
  "third-party scanning services"
1935
2709
  ],
1936
2710
  relatedSafeguards: ["1.1", "2.1", "7.1", "7.2", "7.5", "7.7"],
1937
- keywords: ["perform", "automated", "vulnerability", "scans", "externally-exposed", "enterprise", "assets"]
2711
+ keywords: ["perform", "automated", "vulnerability", "scans", "externally-exposed", "enterprise", "assets"],
2712
+ systemPrompt: {
2713
+ role: "external_vulnerability_scanning_expert",
2714
+ context: "You are evaluating external vulnerability scanning solutions against CIS Control 7.6 requirements for automated vulnerability scanning of externally-exposed enterprise assets.",
2715
+ objective: "Determine if a vendor solution provides comprehensive automated vulnerability scanning capabilities for externally-exposed enterprise assets.",
2716
+ guidelines: [
2717
+ "Verify automated vulnerability scanning for externally-exposed assets",
2718
+ "Confirm internal or external scanning service capabilities",
2719
+ "Validate internet-facing asset discovery and inventory",
2720
+ "Assess web application and cloud security scanning",
2721
+ "Review external scan scheduling and result management",
2722
+ "Check integration with threat intelligence and attack surface monitoring"
2723
+ ],
2724
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2725
+ }
1938
2726
  },
1939
2727
  "7.7": {
1940
2728
  id: "7.7",
@@ -1972,7 +2760,21 @@ export class SafeguardManager {
1972
2760
  "risk assessment tools"
1973
2761
  ],
1974
2762
  relatedSafeguards: ["7.1", "7.2", "7.3", "7.4", "7.5", "7.6"],
1975
- keywords: ["remediate", "detected", "vulnerabilities", "software", "monthly", "processes", "tooling"]
2763
+ keywords: ["remediate", "detected", "vulnerabilities", "software", "monthly", "processes", "tooling"],
2764
+ systemPrompt: {
2765
+ role: "vulnerability_remediation_specialist",
2766
+ context: "You are evaluating vulnerability remediation solutions against CIS Control 7.7 requirements for monthly remediation of detected vulnerabilities.",
2767
+ objective: "Determine if a vendor solution provides comprehensive vulnerability remediation capabilities with monthly or more frequent cycles.",
2768
+ guidelines: [
2769
+ "Verify vulnerability remediation processes and automation",
2770
+ "Confirm monthly or more frequent remediation cycles",
2771
+ "Validate software vulnerability handling and patching",
2772
+ "Assess remediation workflow and tracking systems",
2773
+ "Review patch management integration and coordination",
2774
+ "Check remediation verification and compliance reporting"
2775
+ ],
2776
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2777
+ }
1976
2778
  },
1977
2779
  "8.1": {
1978
2780
  id: "8.1",
@@ -2004,7 +2806,21 @@ export class SafeguardManager {
2004
2806
  "documentation"
2005
2807
  ],
2006
2808
  relatedSafeguards: ["8.2", "8.3", "8.5", "8.6", "8.7", "8.8", "8.9", "8.10", "8.11", "8.12"],
2007
- keywords: ["audit log management", "logging requirements", "collection", "review", "retention", "process", "documented"]
2809
+ keywords: ["audit log management", "logging requirements", "collection", "review", "retention", "process", "documented"],
2810
+ systemPrompt: {
2811
+ role: "audit_log_management_process_expert",
2812
+ context: "You are evaluating audit log management solutions against CIS Control 8.1 requirements for establishing documented audit log management processes.",
2813
+ objective: "Determine if a vendor solution provides comprehensive audit log management process establishment and maintenance capabilities.",
2814
+ guidelines: [
2815
+ "Verify documented audit log management process creation",
2816
+ "Confirm enterprise logging requirements definition",
2817
+ "Validate audit log collection, review, and retention capabilities",
2818
+ "Assess process documentation and annual review procedures",
2819
+ "Review enterprise asset coverage and logging scope",
2820
+ "Check compliance with enterprise change management integration"
2821
+ ],
2822
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2823
+ }
2008
2824
  },
2009
2825
  "8.2": {
2010
2826
  id: "8.2",
@@ -2029,7 +2845,21 @@ export class SafeguardManager {
2029
2845
  "OS dependent"
2030
2846
  ],
2031
2847
  relatedSafeguards: ["8.1"],
2032
- keywords: ["collect", "audit logs", "logging", "enabled", "enterprise assets"]
2848
+ keywords: ["collect", "audit logs", "logging", "enabled", "enterprise assets"],
2849
+ systemPrompt: {
2850
+ role: "audit_log_collection_expert",
2851
+ context: "You are evaluating audit log collection solutions against CIS Control 8.2 requirements for comprehensive audit log collection across enterprise assets.",
2852
+ objective: "Determine if a vendor solution provides comprehensive audit log collection capabilities for enterprise assets.",
2853
+ guidelines: [
2854
+ "Verify audit log collection across all enterprise assets",
2855
+ "Confirm logging enablement per enterprise audit log management process",
2856
+ "Validate comprehensive log source coverage and integration",
2857
+ "Assess log collection tools and mechanisms",
2858
+ "Review OS-dependent and platform-specific logging capabilities",
2859
+ "Check log management tool integration and compatibility"
2860
+ ],
2861
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2862
+ }
2033
2863
  },
2034
2864
  "8.3": {
2035
2865
  id: "8.3",
@@ -2055,7 +2885,21 @@ export class SafeguardManager {
2055
2885
  "potentially OS dependent"
2056
2886
  ],
2057
2887
  relatedSafeguards: ["8.1", "8.9", "8.10"],
2058
- keywords: ["adequate storage", "logging destinations", "maintain", "comply"]
2888
+ keywords: ["adequate storage", "logging destinations", "maintain", "comply"],
2889
+ systemPrompt: {
2890
+ role: "audit_log_storage_expert",
2891
+ context: "You are evaluating audit log storage solutions against CIS Control 8.3 requirements for ensuring adequate audit log storage capacity.",
2892
+ objective: "Determine if a vendor solution provides adequate audit log storage to comply with enterprise audit log management processes.",
2893
+ guidelines: [
2894
+ "Verify adequate storage capacity for audit log retention",
2895
+ "Confirm logging destination storage management",
2896
+ "Validate compliance with enterprise audit log management processes",
2897
+ "Assess storage scalability and expansion capabilities",
2898
+ "Review storage performance and reliability features",
2899
+ "Check storage monitoring and capacity alerting systems"
2900
+ ],
2901
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2902
+ }
2059
2903
  },
2060
2904
  "8.4": {
2061
2905
  id: "8.4",
@@ -2083,7 +2927,21 @@ export class SafeguardManager {
2083
2927
  "potentially OS dependent"
2084
2928
  ],
2085
2929
  relatedSafeguards: ["4.1"],
2086
- keywords: ["time synchronization", "synchronized", "time sources", "configure", "standardize"]
2930
+ keywords: ["time synchronization", "synchronized", "time sources", "configure", "standardize"],
2931
+ systemPrompt: {
2932
+ role: "time_synchronization_expert",
2933
+ context: "You are evaluating time synchronization solutions against CIS Control 8.4 requirements for standardized time synchronization across enterprise assets.",
2934
+ objective: "Determine if a vendor solution provides comprehensive time synchronization capabilities for enterprise assets.",
2935
+ guidelines: [
2936
+ "Verify time synchronization standardization across enterprise assets",
2937
+ "Confirm configuration of at least two synchronized time sources",
2938
+ "Validate enterprise asset coverage where supported",
2939
+ "Assess secure configuration policy and process integration",
2940
+ "Review OS-dependent time synchronization capabilities",
2941
+ "Check time source reliability and redundancy features"
2942
+ ],
2943
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2944
+ }
2087
2945
  },
2088
2946
  "8.5": {
2089
2947
  id: "8.5",
@@ -2114,7 +2972,21 @@ export class SafeguardManager {
2114
2972
  "potentially OS dependent"
2115
2973
  ],
2116
2974
  relatedSafeguards: ["8.1", "1.1", "3.2"],
2117
- keywords: ["detailed audit logging", "sensitive data", "forensic investigation", "event source", "timestamp"]
2975
+ keywords: ["detailed audit logging", "sensitive data", "forensic investigation", "event source", "timestamp"],
2976
+ systemPrompt: {
2977
+ role: "detailed_audit_logging_expert",
2978
+ context: "You are evaluating detailed audit logging solutions against CIS Control 8.5 requirements for comprehensive audit logging of enterprise assets containing sensitive data.",
2979
+ objective: "Determine if a vendor solution provides detailed audit logging capabilities for forensic investigation support.",
2980
+ guidelines: [
2981
+ "Verify detailed audit logging configuration for sensitive data assets",
2982
+ "Confirm inclusion of event source, date, username, timestamp details",
2983
+ "Validate source and destination address logging capabilities",
2984
+ "Assess forensic investigation support and log detail completeness",
2985
+ "Review log management tool integration and policy compliance",
2986
+ "Check OS-dependent logging capabilities and platform coverage"
2987
+ ],
2988
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2989
+ }
2118
2990
  },
2119
2991
  "8.6": {
2120
2992
  id: "8.6",
@@ -2141,7 +3013,21 @@ export class SafeguardManager {
2141
3013
  "potentially OS dependent"
2142
3014
  ],
2143
3015
  relatedSafeguards: ["8.1", "4.9"],
2144
- keywords: ["DNS query", "audit logs", "collect", "DNS", "query logs"]
3016
+ keywords: ["DNS query", "audit logs", "collect", "DNS", "query logs"],
3017
+ systemPrompt: {
3018
+ role: "dns_audit_logging_expert",
3019
+ context: "You are evaluating DNS audit logging solutions against CIS Control 8.6 requirements for DNS query audit log collection.",
3020
+ objective: "Determine if a vendor solution provides comprehensive DNS query audit logging capabilities for enterprise assets.",
3021
+ guidelines: [
3022
+ "Verify DNS query audit log collection capabilities",
3023
+ "Confirm enterprise asset coverage where appropriate and supported",
3024
+ "Validate log management tool integration for DNS logging",
3025
+ "Assess secure configuration policy and process compliance",
3026
+ "Review OS-dependent DNS logging capabilities",
3027
+ "Check DNS query logging completeness and accuracy"
3028
+ ],
3029
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3030
+ }
2145
3031
  },
2146
3032
  "8.7": {
2147
3033
  id: "8.7",
@@ -2168,7 +3054,21 @@ export class SafeguardManager {
2168
3054
  "potentially OS dependent"
2169
3055
  ],
2170
3056
  relatedSafeguards: ["8.1"],
2171
- keywords: ["URL request", "audit logs", "collect", "URL", "web logs"]
3057
+ keywords: ["URL request", "audit logs", "collect", "URL", "web logs"],
3058
+ systemPrompt: {
3059
+ role: "url_request_audit_logging_expert",
3060
+ context: "You are evaluating URL request audit logging solutions against CIS Control 8.7 requirements for URL request audit log collection.",
3061
+ objective: "Determine if a vendor solution provides comprehensive URL request audit logging capabilities for enterprise assets.",
3062
+ guidelines: [
3063
+ "Verify URL request audit log collection capabilities",
3064
+ "Confirm enterprise asset coverage where appropriate and supported",
3065
+ "Validate web traffic logging and URL request capture",
3066
+ "Assess log management tool integration for web logs",
3067
+ "Review secure configuration policy and process compliance",
3068
+ "Check OS-dependent URL logging capabilities and browser coverage"
3069
+ ],
3070
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3071
+ }
2172
3072
  },
2173
3073
  "8.8": {
2174
3074
  id: "8.8",
@@ -2194,7 +3094,21 @@ export class SafeguardManager {
2194
3094
  "OS dependent"
2195
3095
  ],
2196
3096
  relatedSafeguards: ["8.1"],
2197
- keywords: ["command-line", "audit logs", "PowerShell", "BASH", "terminal", "administrative"]
3097
+ keywords: ["command-line", "audit logs", "PowerShell", "BASH", "terminal", "administrative"],
3098
+ systemPrompt: {
3099
+ role: "command_line_audit_logging_expert",
3100
+ context: "You are evaluating command-line audit logging solutions against CIS Control 8.8 requirements for command-line audit log collection.",
3101
+ objective: "Determine if a vendor solution provides comprehensive command-line audit logging capabilities including PowerShell, BASH, and remote terminals.",
3102
+ guidelines: [
3103
+ "Verify command-line audit log collection capabilities",
3104
+ "Confirm PowerShell, BASH, and remote terminal logging coverage",
3105
+ "Validate administrative terminal session logging",
3106
+ "Assess log management tool integration for command logs",
3107
+ "Review secure configuration policy and OS-dependent capabilities",
3108
+ "Check command execution tracking and security monitoring"
3109
+ ],
3110
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3111
+ }
2198
3112
  },
2199
3113
  "8.9": {
2200
3114
  id: "8.9",
@@ -2222,7 +3136,21 @@ export class SafeguardManager {
2222
3136
  "OS dependent"
2223
3137
  ],
2224
3138
  relatedSafeguards: ["8.1", "8.3", "12.5", "13.1"],
2225
- keywords: ["centralize", "audit logs", "collection", "retention", "SIEM", "log sources"]
3139
+ keywords: ["centralize", "audit logs", "collection", "retention", "SIEM", "log sources"],
3140
+ systemPrompt: {
3141
+ role: "centralized_audit_logging_expert",
3142
+ context: "You are evaluating centralized audit logging solutions against CIS Control 8.9 requirements for centralized audit log collection and retention.",
3143
+ objective: "Determine if a vendor solution provides comprehensive centralized audit log collection and retention capabilities for enterprise assets.",
3144
+ guidelines: [
3145
+ "Verify centralized audit log collection capabilities across enterprise assets",
3146
+ "Confirm compliance with documented audit log management processes",
3147
+ "Validate SIEM tool integration and multiple log source support",
3148
+ "Assess log analytics and centralization tool capabilities",
3149
+ "Review scalability and enterprise-wide log aggregation",
3150
+ "Check OS-dependent log collection and centralization features"
3151
+ ],
3152
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3153
+ }
2226
3154
  },
2227
3155
  "8.10": {
2228
3156
  id: "8.10",
@@ -2245,7 +3173,21 @@ export class SafeguardManager {
2245
3173
  "log analytics and centralization tool"
2246
3174
  ],
2247
3175
  relatedSafeguards: ["8.1", "8.3"],
2248
- keywords: ["retain", "audit logs", "90 days", "retention", "minimum"]
3176
+ keywords: ["retain", "audit logs", "90 days", "retention", "minimum"],
3177
+ systemPrompt: {
3178
+ role: "audit_log_retention_expert",
3179
+ context: "You are evaluating audit log retention solutions against CIS Control 8.10 requirements for 90-day minimum audit log retention.",
3180
+ objective: "Determine if a vendor solution provides adequate audit log retention capabilities for enterprise assets with minimum 90-day retention.",
3181
+ guidelines: [
3182
+ "Verify audit log retention capabilities for minimum 90 days",
3183
+ "Confirm enterprise asset coverage for retention policies",
3184
+ "Validate log analytics and centralization tool retention features",
3185
+ "Assess automated retention management and policy enforcement",
3186
+ "Review storage optimization and archival capabilities",
3187
+ "Check compliance monitoring and retention reporting features"
3188
+ ],
3189
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3190
+ }
2249
3191
  },
2250
3192
  "8.11": {
2251
3193
  id: "8.11",
@@ -2271,7 +3213,21 @@ export class SafeguardManager {
2271
3213
  "log analytics and centralization tool"
2272
3214
  ],
2273
3215
  relatedSafeguards: ["8.1", "8.12"],
2274
- keywords: ["audit log reviews", "anomalies", "abnormal events", "threat", "weekly", "reviews"]
3216
+ keywords: ["audit log reviews", "anomalies", "abnormal events", "threat", "weekly", "reviews"],
3217
+ systemPrompt: {
3218
+ role: "audit_log_review_expert",
3219
+ context: "You are evaluating audit log review solutions against CIS Control 8.11 requirements for weekly audit log reviews to detect anomalies and threats.",
3220
+ objective: "Determine if a vendor solution provides comprehensive audit log review capabilities for anomaly and threat detection.",
3221
+ guidelines: [
3222
+ "Verify audit log review capabilities for anomaly detection",
3223
+ "Confirm weekly or more frequent review scheduling",
3224
+ "Validate abnormal event detection and potential threat identification",
3225
+ "Assess log analytics and automated review capabilities",
3226
+ "Review threat detection algorithms and alert mechanisms",
3227
+ "Check review workflow integration and analyst productivity tools"
3228
+ ],
3229
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3230
+ }
2275
3231
  },
2276
3232
  "8.12": {
2277
3233
  id: "8.12",
@@ -2298,7 +3254,21 @@ export class SafeguardManager {
2298
3254
  "secure configuration policy/process"
2299
3255
  ],
2300
3256
  relatedSafeguards: ["8.1", "8.11", "15.1"],
2301
- keywords: ["service provider logs", "authentication", "authorization", "data creation", "disposal", "user management"]
3257
+ keywords: ["service provider logs", "authentication", "authorization", "data creation", "disposal", "user management"],
3258
+ systemPrompt: {
3259
+ role: "service_provider_log_collection_expert",
3260
+ context: "You are evaluating service provider log collection solutions against CIS Control 8.12 requirements for collecting service provider logs where supported.",
3261
+ objective: "Determine if a vendor solution provides comprehensive service provider log collection capabilities including authentication, authorization, and data events.",
3262
+ guidelines: [
3263
+ "Verify service provider log collection capabilities where supported",
3264
+ "Confirm authentication and authorization event logging",
3265
+ "Validate data creation, disposal, and user management event capture",
3266
+ "Assess log analytics and centralization tool integration",
3267
+ "Review secure configuration policy and process compliance",
3268
+ "Check third-party service provider log aggregation and API integration"
3269
+ ],
3270
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3271
+ }
2302
3272
  },
2303
3273
  "10.1": {
2304
3274
  id: "10.1",
@@ -2333,7 +3303,21 @@ export class SafeguardManager {
2333
3303
  "security software management"
2334
3304
  ],
2335
3305
  relatedSafeguards: ["4.1", "10.2", "10.4", "10.6", "10.7", "13.5"],
2336
- keywords: ["deploy", "maintain", "anti-malware", "software", "enterprise", "assets", "endpoint", "protection"]
3306
+ keywords: ["deploy", "maintain", "anti-malware", "software", "enterprise", "assets", "endpoint", "protection"],
3307
+ systemPrompt: {
3308
+ role: "endpoint_security_anti_malware_expert",
3309
+ context: "You are evaluating anti-malware solutions against CIS Control 10.1 requirements for deploying and maintaining anti-malware software on all enterprise assets.",
3310
+ objective: "Determine if a vendor solution provides comprehensive anti-malware software deployment and maintenance capabilities across all enterprise assets.",
3311
+ guidelines: [
3312
+ "Verify anti-malware software deployment capabilities and coverage",
3313
+ "Confirm maintenance and update management for anti-malware software",
3314
+ "Validate comprehensive enterprise asset protection and coverage",
3315
+ "Assess malware detection capabilities and effectiveness",
3316
+ "Review endpoint protection platform integration and management",
3317
+ "Check security software management and centralized administration"
3318
+ ],
3319
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3320
+ }
2337
3321
  },
2338
3322
  "10.2": {
2339
3323
  id: "10.2",
@@ -2367,7 +3351,21 @@ export class SafeguardManager {
2367
3351
  "update scheduling tools"
2368
3352
  ],
2369
3353
  relatedSafeguards: ["10.1"],
2370
- keywords: ["configure", "automatic", "updates", "signature", "files", "anti-malware", "enterprise", "assets"]
3354
+ keywords: ["configure", "automatic", "updates", "signature", "files", "anti-malware", "enterprise", "assets"],
3355
+ systemPrompt: {
3356
+ role: "anti_malware_signature_management_expert",
3357
+ context: "You are evaluating anti-malware signature update solutions against CIS Control 10.2 requirements for configuring automatic updates for anti-malware signature files on all enterprise assets.",
3358
+ objective: "Determine if a vendor solution provides comprehensive automatic anti-malware signature update capabilities across all enterprise assets.",
3359
+ guidelines: [
3360
+ "Verify automatic update configuration capabilities and reliability",
3361
+ "Confirm anti-malware signature file management and distribution",
3362
+ "Validate comprehensive enterprise asset coverage for updates",
3363
+ "Assess signature currency maintenance and update frequency",
3364
+ "Review centralized update management and scheduling systems",
3365
+ "Check signature distribution mechanisms and update verification"
3366
+ ],
3367
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3368
+ }
2371
3369
  },
2372
3370
  "10.3": {
2373
3371
  id: "10.3",
@@ -2402,7 +3400,21 @@ export class SafeguardManager {
2402
3400
  "secure configuration policy/process"
2403
3401
  ],
2404
3402
  relatedSafeguards: ["4.1"],
2405
- keywords: ["disable", "autorun", "autoplay", "auto-execute", "removable", "media", "configuration"]
3403
+ keywords: ["disable", "autorun", "autoplay", "auto-execute", "removable", "media", "configuration"],
3404
+ systemPrompt: {
3405
+ role: "removable_media_security_expert",
3406
+ context: "You are evaluating removable media security solutions against CIS Control 10.3 requirements for disabling autorun and autoplay auto-execute functionality for removable media.",
3407
+ objective: "Determine if a vendor solution provides comprehensive autorun and autoplay disabling capabilities to prevent auto-execute functionality on removable media.",
3408
+ guidelines: [
3409
+ "Verify autorun functionality disabling capabilities and enforcement",
3410
+ "Confirm autoplay functionality disabling and auto-execute prevention",
3411
+ "Validate comprehensive removable media security controls",
3412
+ "Assess configuration management and policy enforcement tools",
3413
+ "Review group policy settings and registry modification capabilities",
3414
+ "Check secure configuration policy implementation and process management"
3415
+ ],
3416
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3417
+ }
2406
3418
  },
2407
3419
  "10.4": {
2408
3420
  id: "10.4",
@@ -2436,7 +3448,21 @@ export class SafeguardManager {
2436
3448
  "automated threat detection"
2437
3449
  ],
2438
3450
  relatedSafeguards: ["10.1"],
2439
- keywords: ["configure", "anti-malware", "software", "automatically", "scan", "removable", "media"]
3451
+ keywords: ["configure", "anti-malware", "software", "automatically", "scan", "removable", "media"],
3452
+ systemPrompt: {
3453
+ role: "anti_malware_scanning_configuration_expert",
3454
+ context: "You are evaluating anti-malware scanning solutions against CIS Control 10.4 requirements for configuring anti-malware software to automatically scan removable media.",
3455
+ objective: "Determine if a vendor solution provides comprehensive anti-malware configuration capabilities for automatic removable media scanning.",
3456
+ guidelines: [
3457
+ "Verify anti-malware software configuration capabilities for removable media",
3458
+ "Confirm automatic scanning configuration and policy enforcement",
3459
+ "Validate comprehensive removable media protection and malware detection",
3460
+ "Assess scanning policy management and automated threat detection",
3461
+ "Review endpoint scanning policies and media scanning tools integration",
3462
+ "Check anti-malware software configuration policy and process effectiveness"
3463
+ ],
3464
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3465
+ }
2440
3466
  },
2441
3467
  "10.5": {
2442
3468
  id: "10.5",
@@ -2472,7 +3498,21 @@ export class SafeguardManager {
2472
3498
  "configuration management tool"
2473
3499
  ],
2474
3500
  relatedSafeguards: ["4.1"],
2475
- keywords: ["enable", "anti-exploitation", "features", "enterprise", "assets", "software", "DEP", "WDEG", "SIP", "gatekeeper"]
3501
+ keywords: ["enable", "anti-exploitation", "features", "enterprise", "assets", "software", "DEP", "WDEG", "SIP", "gatekeeper"],
3502
+ systemPrompt: {
3503
+ role: "anti_exploitation_security_expert",
3504
+ context: "You are evaluating anti-exploitation solutions against CIS Control 10.5 requirements for enabling anti-exploitation features on enterprise assets and software, including DEP, WDEG, SIP, and Gatekeeper.",
3505
+ objective: "Determine if a vendor solution provides comprehensive anti-exploitation feature enablement capabilities across enterprise assets and software platforms.",
3506
+ guidelines: [
3507
+ "Verify anti-exploitation feature enablement capabilities and coverage",
3508
+ "Confirm enterprise asset and software protection implementation",
3509
+ "Validate exploit prevention mechanisms and effectiveness",
3510
+ "Assess platform-specific anti-exploitation features (DEP, WDEG, SIP, Gatekeeper)",
3511
+ "Review configuration management tools and security policy enforcement",
3512
+ "Check compatibility and implementation feasibility across different platforms"
3513
+ ],
3514
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3515
+ }
2476
3516
  },
2477
3517
  "10.6": {
2478
3518
  id: "10.6",
@@ -2504,7 +3544,21 @@ export class SafeguardManager {
2504
3544
  "enterprise security tools"
2505
3545
  ],
2506
3546
  relatedSafeguards: ["10.1"],
2507
- keywords: ["centrally", "manage", "anti-malware", "software", "centralized", "management"]
3547
+ keywords: ["centrally", "manage", "anti-malware", "software", "centralized", "management"],
3548
+ systemPrompt: {
3549
+ role: "centralized_anti_malware_management_expert",
3550
+ context: "You are evaluating centralized anti-malware management solutions against CIS Control 10.6 requirements for centrally managing anti-malware software across the enterprise.",
3551
+ objective: "Determine if a vendor solution provides comprehensive centralized anti-malware software management capabilities with centralized control and governance.",
3552
+ guidelines: [
3553
+ "Verify centralized anti-malware management capabilities and infrastructure",
3554
+ "Confirm centralized management process implementation and effectiveness",
3555
+ "Validate anti-malware software governance and policy enforcement",
3556
+ "Assess management infrastructure scalability and reliability",
3557
+ "Review centralized management platforms and security management consoles",
3558
+ "Check enterprise security tools integration and centralized control features"
3559
+ ],
3560
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3561
+ }
2508
3562
  },
2509
3563
  "10.7": {
2510
3564
  id: "10.7",
@@ -2537,7 +3591,21 @@ export class SafeguardManager {
2537
3591
  "machine learning security"
2538
3592
  ],
2539
3593
  relatedSafeguards: ["10.1"],
2540
- keywords: ["use", "behavior-based", "anti-malware", "software", "behavioral", "analysis", "advanced", "detection"]
3594
+ keywords: ["use", "behavior-based", "anti-malware", "software", "behavioral", "analysis", "advanced", "detection"],
3595
+ systemPrompt: {
3596
+ role: "behavioral_anti_malware_analysis_expert",
3597
+ context: "You are evaluating behavior-based anti-malware solutions against CIS Control 10.7 requirements for using behavior-based anti-malware software with advanced threat detection capabilities.",
3598
+ objective: "Determine if a vendor solution provides comprehensive behavior-based anti-malware software capabilities with behavioral analysis and dynamic threat identification.",
3599
+ guidelines: [
3600
+ "Verify behavior-based anti-malware software implementation and effectiveness",
3601
+ "Confirm behavioral analysis capabilities and advanced threat detection",
3602
+ "Validate dynamic threat identification and behavior-based protection",
3603
+ "Assess advanced malware detection accuracy and false positive management",
3604
+ "Review behavioral analysis tools and machine learning security integration",
3605
+ "Check advanced endpoint detection capabilities and threat response mechanisms"
3606
+ ],
3607
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3608
+ }
2541
3609
  },
2542
3610
  "11.1": {
2543
3611
  id: "11.1",
@@ -2576,7 +3644,21 @@ export class SafeguardManager {
2576
3644
  "backup and recovery strategy"
2577
3645
  ],
2578
3646
  relatedSafeguards: ["3.2", "3.4", "3.5", "3.8", "11.2", "11.3", "11.4", "11.5"],
2579
- keywords: ["establish", "maintain", "documented", "data", "recovery", "process", "backup", "prioritization"]
3647
+ keywords: ["establish", "maintain", "documented", "data", "recovery", "process", "backup", "prioritization"],
3648
+ systemPrompt: {
3649
+ role: "data_recovery_governance_expert",
3650
+ context: "You are evaluating data recovery governance solutions against CIS Control 11.1 requirements for establishing and maintaining a documented data recovery process with scope, prioritization, and backup security considerations.",
3651
+ objective: "Determine if a vendor solution provides comprehensive data recovery process documentation, governance, and management capabilities including annual reviews and change management.",
3652
+ guidelines: [
3653
+ "Verify documented data recovery process establishment and maintenance",
3654
+ "Confirm scope of data recovery activities and recovery prioritization",
3655
+ "Validate security of backup data and protection mechanisms",
3656
+ "Assess annual documentation review and update processes",
3657
+ "Review business continuity documentation and recovery procedures",
3658
+ "Check change management for significant enterprise changes impacting recovery"
3659
+ ],
3660
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3661
+ }
2580
3662
  },
2581
3663
  "11.2": {
2582
3664
  id: "11.2",
@@ -2613,7 +3695,21 @@ export class SafeguardManager {
2613
3695
  "enterprise backup solutions"
2614
3696
  ],
2615
3697
  relatedSafeguards: ["1.1", "2.1", "11.1"],
2616
- keywords: ["perform", "automated", "backups", "enterprise", "assets", "weekly", "frequency", "sensitivity"]
3698
+ keywords: ["perform", "automated", "backups", "enterprise", "assets", "weekly", "frequency", "sensitivity"],
3699
+ systemPrompt: {
3700
+ role: "automated_backup_systems_expert",
3701
+ context: "You are evaluating automated backup solutions against CIS Control 11.2 requirements for performing automated backups of in-scope enterprise assets with weekly or more frequent schedules based on data sensitivity.",
3702
+ objective: "Determine if a vendor solution provides comprehensive automated backup capabilities with appropriate frequency scheduling and enterprise asset coverage.",
3703
+ guidelines: [
3704
+ "Verify automated backup performance and enterprise asset coverage",
3705
+ "Confirm backup frequency requirements (weekly or more frequent)",
3706
+ "Validate data sensitivity-based backup scheduling and prioritization",
3707
+ "Assess in-scope enterprise asset identification and backup coverage",
3708
+ "Review backup scheduling software and automated backup system reliability",
3709
+ "Check enterprise backup solution scalability and management features"
3710
+ ],
3711
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3712
+ }
2617
3713
  },
2618
3714
  "11.3": {
2619
3715
  id: "11.3",
@@ -2649,7 +3745,21 @@ export class SafeguardManager {
2649
3745
  "data separation technologies"
2650
3746
  ],
2651
3747
  relatedSafeguards: ["3.3", "3.10", "3.11", "11.1"],
2652
- keywords: ["protect", "recovery", "data", "equivalent", "controls", "encryption", "separation", "requirements"]
3748
+ keywords: ["protect", "recovery", "data", "equivalent", "controls", "encryption", "separation", "requirements"],
3749
+ systemPrompt: {
3750
+ role: "backup_data_protection_expert",
3751
+ context: "You are evaluating backup data protection solutions against CIS Control 11.3 requirements for protecting recovery data with equivalent controls to the original data, including encryption or data separation based on requirements.",
3752
+ objective: "Determine if a vendor solution provides comprehensive recovery data protection capabilities with equivalent controls, encryption, and data separation mechanisms.",
3753
+ guidelines: [
3754
+ "Verify recovery data protection implementation and equivalent controls",
3755
+ "Confirm original data protection parity and control equivalence",
3756
+ "Validate encryption capabilities for backup data protection",
3757
+ "Assess data separation technologies and implementation options",
3758
+ "Review backup encryption systems and secure backup storage solutions",
3759
+ "Check requirements-based implementation flexibility and compliance"
3760
+ ],
3761
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3762
+ }
2653
3763
  },
2654
3764
  "11.4": {
2655
3765
  id: "11.4",
@@ -2688,7 +3798,21 @@ export class SafeguardManager {
2688
3798
  "version controlling backup destinations"
2689
3799
  ],
2690
3800
  relatedSafeguards: ["11.1"],
2691
- keywords: ["establish", "maintain", "isolated", "instance", "recovery", "data", "offline", "cloud", "off-site"]
3801
+ keywords: ["establish", "maintain", "isolated", "instance", "recovery", "data", "offline", "cloud", "off-site"],
3802
+ systemPrompt: {
3803
+ role: "isolated_backup_recovery_expert",
3804
+ context: "You are evaluating isolated backup recovery solutions against CIS Control 11.4 requirements for establishing and maintaining an isolated instance of recovery data with version controlling backup destinations through offline, cloud, or off-site systems.",
3805
+ objective: "Determine if a vendor solution provides comprehensive isolated recovery data capabilities with backup destination control and implementation flexibility.",
3806
+ guidelines: [
3807
+ "Verify isolated instance of recovery data establishment and maintenance",
3808
+ "Confirm version controlling backup destinations and destination management",
3809
+ "Validate offline, cloud, and off-site implementation options",
3810
+ "Assess recovery data isolation effectiveness and security",
3811
+ "Review backup destination control mechanisms and flexibility",
3812
+ "Check off-site storage solutions and cloud backup service integration"
3813
+ ],
3814
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3815
+ }
2692
3816
  },
2693
3817
  "11.5": {
2694
3818
  id: "11.5",
@@ -2723,7 +3847,21 @@ export class SafeguardManager {
2723
3847
  "backup validation systems"
2724
3848
  ],
2725
3849
  relatedSafeguards: ["11.1"],
2726
- keywords: ["test", "backup", "recovery", "quarterly", "frequently", "sampling", "enterprise", "assets"]
3850
+ keywords: ["test", "backup", "recovery", "quarterly", "frequently", "sampling", "enterprise", "assets"],
3851
+ systemPrompt: {
3852
+ role: "backup_recovery_testing_expert",
3853
+ context: "You are evaluating backup recovery testing solutions against CIS Control 11.5 requirements for testing backup recovery quarterly or more frequently for a sampling of in-scope enterprise assets.",
3854
+ objective: "Determine if a vendor solution provides comprehensive backup recovery testing capabilities with appropriate frequency and enterprise asset sampling.",
3855
+ guidelines: [
3856
+ "Verify backup recovery testing implementation and quarterly frequency",
3857
+ "Confirm in-scope enterprise asset sampling and selection methods",
3858
+ "Validate recovery validation processes and testing effectiveness",
3859
+ "Assess testing frequency management and scheduling capabilities",
3860
+ "Review recovery testing procedures and backup validation systems",
3861
+ "Check data recovery testing automation and reporting features"
3862
+ ],
3863
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3864
+ }
2727
3865
  },
2728
3866
  "12.1": {
2729
3867
  id: "12.1",
@@ -2761,7 +3899,21 @@ export class SafeguardManager {
2761
3899
  "network-as-a-service platforms"
2762
3900
  ],
2763
3901
  relatedSafeguards: ["4.2", "7.3"],
2764
- keywords: ["ensure", "network", "infrastructure", "up-to-date", "software", "versions", "monthly", "NaaS"]
3902
+ keywords: ["ensure", "network", "infrastructure", "up-to-date", "software", "versions", "monthly", "NaaS"],
3903
+ systemPrompt: {
3904
+ role: "network_infrastructure_management_expert",
3905
+ context: "You are evaluating network infrastructure management solutions against CIS Control 12.1 requirements for ensuring network infrastructure is kept up-to-date with latest stable software releases and supported NaaS offerings.",
3906
+ objective: "Determine if a vendor solution provides comprehensive network infrastructure update management with monthly software version reviews and support verification.",
3907
+ guidelines: [
3908
+ "Verify network infrastructure up-to-date maintenance capabilities",
3909
+ "Confirm latest stable software release management and deployment",
3910
+ "Validate currently supported network-as-a-service offering utilization",
3911
+ "Assess monthly software version review processes and frequency",
3912
+ "Review automated patching tools and network management systems",
3913
+ "Check software support verification and maintenance tracking"
3914
+ ],
3915
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3916
+ }
2765
3917
  },
2766
3918
  "12.2": {
2767
3919
  id: "12.2",
@@ -2800,7 +3952,21 @@ export class SafeguardManager {
2800
3952
  "network architecture tools"
2801
3953
  ],
2802
3954
  relatedSafeguards: ["3.3", "3.10", "4.2", "12.4", "13.3", "13.4", "13.6", "13.8", "13.9", "13.10"],
2803
- keywords: ["establish", "maintain", "secure", "network", "architecture", "segmentation", "least", "privilege", "availability"]
3955
+ keywords: ["establish", "maintain", "secure", "network", "architecture", "segmentation", "least", "privilege", "availability"],
3956
+ systemPrompt: {
3957
+ role: "network_architecture_security_expert",
3958
+ context: "You are evaluating secure network architecture solutions against CIS Control 12.2 requirements for designing and maintaining secure network architecture with segmentation, least privilege, and availability considerations.",
3959
+ objective: "Determine if a vendor solution provides comprehensive secure network architecture capabilities including segmentation, least privilege implementation, and availability management.",
3960
+ guidelines: [
3961
+ "Verify secure network architecture design and maintenance capabilities",
3962
+ "Confirm network segmentation implementation and effectiveness",
3963
+ "Validate least privilege network access controls and enforcement",
3964
+ "Assess availability management and resilience features",
3965
+ "Review network architecture documentation, policy, and design components",
3966
+ "Check secure network management tools and architecture frameworks"
3967
+ ],
3968
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3969
+ }
2804
3970
  },
2805
3971
  "12.3": {
2806
3972
  id: "12.3",
@@ -2836,7 +4002,21 @@ export class SafeguardManager {
2836
4002
  "secure protocol implementations"
2837
4003
  ],
2838
4004
  relatedSafeguards: ["4.2", "12.6"],
2839
- keywords: ["securely", "manage", "network", "infrastructure", "version-controlled", "SSH", "HTTPS", "protocols"]
4005
+ keywords: ["securely", "manage", "network", "infrastructure", "version-controlled", "SSH", "HTTPS", "protocols"],
4006
+ systemPrompt: {
4007
+ role: "network_infrastructure_security_management_expert",
4008
+ context: "You are evaluating network infrastructure security management solutions against CIS Control 12.3 requirements for securely managing network infrastructure with version-controlled infrastructure-as-code and secure network protocols like SSH and HTTPS.",
4009
+ objective: "Determine if a vendor solution provides comprehensive secure network infrastructure management capabilities including infrastructure-as-code and secure protocol implementation.",
4010
+ guidelines: [
4011
+ "Verify secure network infrastructure management capabilities and practices",
4012
+ "Confirm version-controlled infrastructure-as-code implementation and management",
4013
+ "Validate secure network protocol usage (SSH, HTTPS) and enforcement",
4014
+ "Assess infrastructure security controls and management frameworks",
4015
+ "Review network management and monitoring tools integration",
4016
+ "Check secure protocol implementation and infrastructure automation"
4017
+ ],
4018
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4019
+ }
2840
4020
  },
2841
4021
  "12.4": {
2842
4022
  id: "12.4",
@@ -2873,7 +4053,21 @@ export class SafeguardManager {
2873
4053
  "architecture visualization tools"
2874
4054
  ],
2875
4055
  relatedSafeguards: ["3.8", "4.2", "12.2"],
2876
- keywords: ["establish", "maintain", "architecture", "diagrams", "documentation", "annually", "enterprise", "changes"]
4056
+ keywords: ["establish", "maintain", "architecture", "diagrams", "documentation", "annually", "enterprise", "changes"],
4057
+ systemPrompt: {
4058
+ role: "network_architecture_documentation_expert",
4059
+ context: "You are evaluating network architecture documentation solutions against CIS Control 12.4 requirements for establishing and maintaining architecture diagrams and network system documentation with annual reviews and change management.",
4060
+ objective: "Determine if a vendor solution provides comprehensive network architecture documentation capabilities including diagramming, documentation management, and regular updates.",
4061
+ guidelines: [
4062
+ "Verify architecture diagram establishment and maintenance capabilities",
4063
+ "Confirm network system documentation management and organization",
4064
+ "Validate annual documentation review and update processes",
4065
+ "Assess change management for significant enterprise changes",
4066
+ "Review network architecture diagramming tools and visualization systems",
4067
+ "Check documentation management systems and version control features"
4068
+ ],
4069
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4070
+ }
2877
4071
  },
2878
4072
  "12.5": {
2879
4073
  id: "12.5",
@@ -2908,7 +4102,21 @@ export class SafeguardManager {
2908
4102
  "centralized authentication systems"
2909
4103
  ],
2910
4104
  relatedSafeguards: ["4.2", "5.6", "6.7", "8.9", "12.6", "12.7"],
2911
- keywords: ["centralize", "network", "AAA", "authentication", "authorization", "auditing"]
4105
+ keywords: ["centralize", "network", "AAA", "authentication", "authorization", "auditing"],
4106
+ systemPrompt: {
4107
+ role: "network_aaa_centralization_expert",
4108
+ context: "You are evaluating network AAA centralization solutions against CIS Control 12.5 requirements for centralizing network authentication, authorization, and auditing (AAA) functions.",
4109
+ objective: "Determine if a vendor solution provides comprehensive centralized network AAA capabilities with authentication, authorization, and auditing integration.",
4110
+ guidelines: [
4111
+ "Verify centralized network AAA implementation and effectiveness",
4112
+ "Confirm network authentication centralization and management",
4113
+ "Validate authorization controls and centralized access management",
4114
+ "Assess auditing capabilities and centralized logging integration",
4115
+ "Review AAA servers and centralized authentication systems",
4116
+ "Check identity and access management tool integration and AAA functionality"
4117
+ ],
4118
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4119
+ }
2912
4120
  },
2913
4121
  "12.6": {
2914
4122
  id: "12.6",
@@ -2944,7 +4152,21 @@ export class SafeguardManager {
2944
4152
  "secure protocol implementations"
2945
4153
  ],
2946
4154
  relatedSafeguards: ["12.3", "12.5"],
2947
- keywords: ["use", "secure", "network", "management", "communication", "protocols", "802.1X", "WPA2", "enterprise"]
4155
+ keywords: ["use", "secure", "network", "management", "communication", "protocols", "802.1X", "WPA2", "enterprise"],
4156
+ systemPrompt: {
4157
+ role: "secure_network_protocol_expert",
4158
+ context: "You are evaluating secure network management and communication protocol solutions against CIS Control 12.6 requirements for implementing enterprise-grade secure protocols.",
4159
+ objective: "Determine if a vendor solution provides comprehensive secure network management and communication protocol capabilities including 802.1X and WPA2 Enterprise or greater.",
4160
+ guidelines: [
4161
+ "Verify secure network management protocol implementation",
4162
+ "Confirm secure communication protocol deployment (802.1X, WPA2 Enterprise+)",
4163
+ "Validate enterprise-grade security protocol capabilities",
4164
+ "Assess secure protocol implementation and configuration",
4165
+ "Review network security policy and process integration",
4166
+ "Check wireless security and authentication system compatibility"
4167
+ ],
4168
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4169
+ }
2948
4170
  },
2949
4171
  "12.7": {
2950
4172
  id: "12.7",
@@ -2980,7 +4202,21 @@ export class SafeguardManager {
2980
4202
  "AAA integration systems"
2981
4203
  ],
2982
4204
  relatedSafeguards: ["6.4", "12.5"],
2983
- keywords: ["require", "users", "authenticate", "enterprise-managed", "VPN", "authentication", "services", "devices"]
4205
+ keywords: ["require", "users", "authenticate", "enterprise-managed", "VPN", "authentication", "services", "devices"],
4206
+ systemPrompt: {
4207
+ role: "remote_access_vpn_expert",
4208
+ context: "You are evaluating remote access VPN and AAA integration solutions against CIS Control 12.7 requirements for ensuring remote devices utilize enterprise-managed VPN and authentication.",
4209
+ objective: "Determine if a vendor solution provides comprehensive remote device VPN requirements and AAA infrastructure integration for enterprise resource access.",
4210
+ guidelines: [
4211
+ "Verify enterprise-managed VPN deployment and user authentication requirements",
4212
+ "Confirm AAA infrastructure integration and authentication services",
4213
+ "Validate remote device access control and enterprise resource protection",
4214
+ "Assess VPN and authentication service integration capabilities",
4215
+ "Review secure network management policy and VPN tool compatibility",
4216
+ "Check end-user device authentication and access control systems"
4217
+ ],
4218
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4219
+ }
2984
4220
  },
2985
4221
  "12.8": {
2986
4222
  id: "12.8",
@@ -3018,7 +4254,21 @@ export class SafeguardManager {
3018
4254
  "administrative isolation systems"
3019
4255
  ],
3020
4256
  relatedSafeguards: ["1.1", "5.1"],
3021
- keywords: ["establish", "maintain", "dedicated", "computing", "resources", "administrative", "work", "segmented", "SAW"]
4257
+ keywords: ["establish", "maintain", "dedicated", "computing", "resources", "administrative", "work", "segmented", "SAW"],
4258
+ systemPrompt: {
4259
+ role: "secure_admin_workstation_expert",
4260
+ context: "You are evaluating secure administrative workstation (SAW) solutions against CIS Control 12.8 requirements for establishing dedicated computing resources for administrative work.",
4261
+ objective: "Determine if a vendor solution provides comprehensive dedicated computing resources for administrative tasks with proper network segmentation and internet access restrictions.",
4262
+ guidelines: [
4263
+ "Verify dedicated computing resource establishment and maintenance for administrative work",
4264
+ "Confirm administrative task isolation and access separation capabilities",
4265
+ "Validate network segmentation from enterprise primary network",
4266
+ "Assess internet access restriction and administrative isolation systems",
4267
+ "Review secure network management policy and SAW implementation",
4268
+ "Check administrative workstation security and separation tools"
4269
+ ],
4270
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4271
+ }
3022
4272
  },
3023
4273
  // Control 13: Network Monitoring and Defense
3024
4274
  "13.1": {
@@ -3054,7 +4304,21 @@ export class SafeguardManager {
3054
4304
  "event correlation engines"
3055
4305
  ],
3056
4306
  relatedSafeguards: ["8.1", "8.2", "8.11", "13.2", "13.3", "13.11"],
3057
- keywords: ["centralize", "security", "event", "alerting", "log", "correlation", "analysis", "exploitation"]
4307
+ keywords: ["centralize", "security", "event", "alerting", "log", "correlation", "analysis", "exploitation"],
4308
+ systemPrompt: {
4309
+ role: "security_event_alerting_expert",
4310
+ context: "You are evaluating security event alerting and correlation solutions against CIS Control 13.1 requirements for centralizing security event alerting across enterprise assets.",
4311
+ objective: "Determine if a vendor solution provides comprehensive centralized security event alerting with log correlation and analysis capabilities for detecting active exploitation attempts.",
4312
+ guidelines: [
4313
+ "Verify centralized security event alerting across all enterprise assets",
4314
+ "Confirm log correlation and analysis capabilities",
4315
+ "Validate active exploitation attempt detection and monitoring",
4316
+ "Assess SIEM/SOAR integration and event management systems",
4317
+ "Review security information correlation and automated response",
4318
+ "Check enterprise-wide security event coverage and alerting"
4319
+ ],
4320
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4321
+ }
3058
4322
  },
3059
4323
  "13.2": {
3060
4324
  id: "13.2",
@@ -3086,7 +4350,21 @@ export class SafeguardManager {
3086
4350
  "behavioral analysis tools"
3087
4351
  ],
3088
4352
  relatedSafeguards: ["1.1", "13.1", "13.3", "13.7"],
3089
- keywords: ["deploy", "host-based", "intrusion", "detection", "solution", "enterprise", "assets"]
4353
+ keywords: ["deploy", "host-based", "intrusion", "detection", "solution", "enterprise", "assets"],
4354
+ systemPrompt: {
4355
+ role: "host_intrusion_detection_expert",
4356
+ context: "You are evaluating host-based intrusion detection solutions against CIS Control 13.2 requirements for deploying HIDS on enterprise assets where technically feasible.",
4357
+ objective: "Determine if a vendor solution provides comprehensive host-based intrusion detection capabilities for enterprise asset deployment and protection.",
4358
+ guidelines: [
4359
+ "Verify host-based intrusion detection solution deployment capabilities",
4360
+ "Confirm enterprise asset coverage where technically feasible",
4361
+ "Validate HIDS/EDR functionality and behavioral analysis",
4362
+ "Assess technical feasibility assessment and deployment planning",
4363
+ "Review host-based security monitoring and detection capabilities",
4364
+ "Check endpoint protection and response integration systems"
4365
+ ],
4366
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4367
+ }
3090
4368
  },
3091
4369
  "13.3": {
3092
4370
  id: "13.3",
@@ -3118,7 +4396,21 @@ export class SafeguardManager {
3118
4396
  "industry-specific threat feeds"
3119
4397
  ],
3120
4398
  relatedSafeguards: ["13.1", "13.2", "13.8"],
3121
- keywords: ["deploy", "network", "intrusion", "detection", "solution", "ruleset", "threats", "industry"]
4399
+ keywords: ["deploy", "network", "intrusion", "detection", "solution", "ruleset", "threats", "industry"],
4400
+ systemPrompt: {
4401
+ role: "network_intrusion_detection_expert",
4402
+ context: "You are evaluating network intrusion detection solutions against CIS Control 13.3 requirements for deploying NIDS with industry-specific threat-tuned rulesets.",
4403
+ objective: "Determine if a vendor solution provides comprehensive network intrusion detection with threat rulesets tuned for the enterprise's industry sector.",
4404
+ guidelines: [
4405
+ "Verify network intrusion detection solution deployment capabilities",
4406
+ "Confirm threat-tuned rulesets for industry-specific threats",
4407
+ "Validate industry sector threat focus and intelligence integration",
4408
+ "Assess NIDS configuration and threat feed integration",
4409
+ "Review network security monitoring and threat detection capabilities",
4410
+ "Check industry-specific threat intelligence and rule customization"
4411
+ ],
4412
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4413
+ }
3122
4414
  },
3123
4415
  "13.4": {
3124
4416
  id: "13.4",
@@ -3148,7 +4440,21 @@ export class SafeguardManager {
3148
4440
  "software-defined perimeter"
3149
4441
  ],
3150
4442
  relatedSafeguards: ["12.2", "12.3", "13.9"],
3151
- keywords: ["perform", "traffic", "filtering", "network", "segments", "technically", "feasible"]
4443
+ keywords: ["perform", "traffic", "filtering", "network", "segments", "technically", "feasible"],
4444
+ systemPrompt: {
4445
+ role: "network_traffic_filtering_expert",
4446
+ context: "You are evaluating network traffic filtering solutions against CIS Control 13.4 requirements for performing traffic filtering between network segments where technically feasible.",
4447
+ objective: "Determine if a vendor solution provides comprehensive traffic filtering capabilities between network segments with technical feasibility assessment.",
4448
+ guidelines: [
4449
+ "Verify traffic filtering capabilities between network segments",
4450
+ "Confirm network segmentation controls and micro-segmentation",
4451
+ "Validate technical feasibility assessment for filtering implementation",
4452
+ "Assess network firewall and access control capabilities",
4453
+ "Review software-defined perimeter and network access control",
4454
+ "Check network security architecture and segmentation tools"
4455
+ ],
4456
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4457
+ }
3152
4458
  },
3153
4459
  "13.5": {
3154
4460
  id: "13.5",
@@ -3183,7 +4489,21 @@ export class SafeguardManager {
3183
4489
  "posture assessment tools"
3184
4490
  ],
3185
4491
  relatedSafeguards: ["6.1", "10.1", "10.7", "12.1", "13.2"],
3186
- keywords: ["manage", "access", "control", "remote", "assets", "connecting", "enterprise", "networks"]
4492
+ keywords: ["manage", "access", "control", "remote", "assets", "connecting", "enterprise", "networks"],
4493
+ systemPrompt: {
4494
+ role: "remote_access_control_expert",
4495
+ context: "You are evaluating remote access control solutions against CIS Control 13.5 requirements for managing access control for assets remotely connecting to enterprise networks based on security posture.",
4496
+ objective: "Determine if a vendor solution provides comprehensive remote asset access control based on security posture including anti-malware, patches, firewalls, and intrusion detection/prevention.",
4497
+ guidelines: [
4498
+ "Verify remote asset access control management capabilities",
4499
+ "Confirm security posture-based access determination (anti-malware, patches, firewall, IDS/IPS)",
4500
+ "Validate network access control (NAC) and zero trust capabilities",
4501
+ "Assess device compliance checking and posture assessment tools",
4502
+ "Review remote connection management and enterprise network protection",
4503
+ "Check up-to-date security control verification and access enforcement"
4504
+ ],
4505
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4506
+ }
3187
4507
  },
3188
4508
  "13.6": {
3189
4509
  id: "13.6",
@@ -3214,7 +4534,21 @@ export class SafeguardManager {
3214
4534
  "traffic analysis platforms"
3215
4535
  ],
3216
4536
  relatedSafeguards: ["8.5", "13.1", "13.3"],
3217
- keywords: ["collect", "network", "traffic", "flow", "logs", "review", "alert"]
4537
+ keywords: ["collect", "network", "traffic", "flow", "logs", "review", "alert"],
4538
+ systemPrompt: {
4539
+ role: "network_traffic_monitoring_expert",
4540
+ context: "You are evaluating network traffic flow monitoring solutions against CIS Control 13.6 requirements for collecting network traffic flow logs and traffic for review and alerting.",
4541
+ objective: "Determine if a vendor solution provides comprehensive network traffic flow log collection and monitoring capabilities for review and alerting purposes.",
4542
+ guidelines: [
4543
+ "Verify network traffic flow log collection capabilities",
4544
+ "Confirm network traffic monitoring and capture systems",
4545
+ "Validate review and alerting capabilities for traffic analysis",
4546
+ "Assess network flow analyzers and packet capture systems",
4547
+ "Review traffic analysis platforms and monitoring tools",
4548
+ "Check network security monitoring and flow-based detection"
4549
+ ],
4550
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4551
+ }
3218
4552
  },
3219
4553
  "13.7": {
3220
4554
  id: "13.7",
@@ -3246,7 +4580,21 @@ export class SafeguardManager {
3246
4580
  "automated threat response"
3247
4581
  ],
3248
4582
  relatedSafeguards: ["13.2", "13.8"],
3249
- keywords: ["deploy", "host-based", "intrusion", "prevention", "solution", "enterprise", "assets"]
4583
+ keywords: ["deploy", "host-based", "intrusion", "prevention", "solution", "enterprise", "assets"],
4584
+ systemPrompt: {
4585
+ role: "host_intrusion_prevention_expert",
4586
+ context: "You are evaluating host-based intrusion prevention solutions against CIS Control 13.7 requirements for deploying HIPS on enterprise assets where technically feasible.",
4587
+ objective: "Determine if a vendor solution provides comprehensive host-based intrusion prevention capabilities for enterprise asset deployment and automated threat response.",
4588
+ guidelines: [
4589
+ "Verify host-based intrusion prevention solution deployment capabilities",
4590
+ "Confirm enterprise asset coverage where technically feasible",
4591
+ "Validate HIPS/EPP functionality and behavioral blocking systems",
4592
+ "Assess automated threat response and prevention capabilities",
4593
+ "Review endpoint protection platforms and response automation",
4594
+ "Check real-time threat prevention and blocking systems"
4595
+ ],
4596
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4597
+ }
3250
4598
  },
3251
4599
  "13.8": {
3252
4600
  id: "13.8",
@@ -3277,7 +4625,21 @@ export class SafeguardManager {
3277
4625
  "real-time threat mitigation"
3278
4626
  ],
3279
4627
  relatedSafeguards: ["13.3", "13.7"],
3280
- keywords: ["deploy", "network", "intrusion", "prevention", "solution", "block", "malicious", "real-time"]
4628
+ keywords: ["deploy", "network", "intrusion", "prevention", "solution", "block", "malicious", "real-time"],
4629
+ systemPrompt: {
4630
+ role: "network_intrusion_prevention_expert",
4631
+ context: "You are evaluating network intrusion prevention solutions against CIS Control 13.8 requirements for deploying NIPS to block malicious network traffic in real-time.",
4632
+ objective: "Determine if a vendor solution provides comprehensive network intrusion prevention capabilities for real-time malicious traffic blocking and automated threat mitigation.",
4633
+ guidelines: [
4634
+ "Verify network intrusion prevention solution deployment capabilities",
4635
+ "Confirm real-time malicious traffic blocking and response",
4636
+ "Validate NIPS functionality and inline security appliances",
4637
+ "Assess automated blocking systems and threat mitigation",
4638
+ "Review real-time threat response and prevention capabilities",
4639
+ "Check network-based attack prevention and blocking efficiency"
4640
+ ],
4641
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4642
+ }
3281
4643
  },
3282
4644
  "13.9": {
3283
4645
  id: "13.9",
@@ -3308,7 +4670,21 @@ export class SafeguardManager {
3308
4670
  "port-based network access control"
3309
4671
  ],
3310
4672
  relatedSafeguards: ["12.7", "13.4"],
3311
- keywords: ["deploy", "port-level", "access", "control", "802.1x", "network", "protocols", "certificates"]
4673
+ keywords: ["deploy", "port-level", "access", "control", "802.1x", "network", "protocols", "certificates"],
4674
+ systemPrompt: {
4675
+ role: "port_access_control_expert",
4676
+ context: "You are evaluating port-level access control solutions against CIS Control 13.9 requirements for deploying 802.1x or similar network access control protocols for port-level access control.",
4677
+ objective: "Determine if a vendor solution provides comprehensive port-level access control capabilities using 802.1x or similar network access control protocols including certificate-based authentication.",
4678
+ guidelines: [
4679
+ "Verify port-level access control deployment capabilities",
4680
+ "Confirm 802.1x implementation and network access control protocols",
4681
+ "Validate certificate-based authentication and similar protocols",
4682
+ "Assess network access control systems and port-based authentication",
4683
+ "Review 802.1x infrastructure and certificate management",
4684
+ "Check port-based network access control and authentication systems"
4685
+ ],
4686
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4687
+ }
3312
4688
  },
3313
4689
  "13.10": {
3314
4690
  id: "13.10",
@@ -3339,7 +4715,21 @@ export class SafeguardManager {
3339
4715
  "application-aware filtering"
3340
4716
  ],
3341
4717
  relatedSafeguards: ["13.4", "16.11"],
3342
- keywords: ["perform", "application", "layer", "filtering", "protect", "network-based", "attacks"]
4718
+ keywords: ["perform", "application", "layer", "filtering", "protect", "network-based", "attacks"],
4719
+ systemPrompt: {
4720
+ role: "application_layer_filtering_expert",
4721
+ context: "You are evaluating application layer filtering solutions against CIS Control 13.10 requirements for performing application layer filtering to protect against enterprise's most common network-based attacks.",
4722
+ objective: "Determine if a vendor solution provides comprehensive application layer filtering capabilities to protect against common network-based attacks specific to the enterprise environment.",
4723
+ guidelines: [
4724
+ "Verify application layer filtering capabilities and deployment",
4725
+ "Confirm protection against enterprise's most common network-based attacks",
4726
+ "Validate web application firewalls and application layer gateways",
4727
+ "Assess deep packet inspection and application-aware filtering",
4728
+ "Review enterprise-specific threat focus and attack prevention",
4729
+ "Check application layer security and network-based attack mitigation"
4730
+ ],
4731
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4732
+ }
3343
4733
  },
3344
4734
  "13.11": {
3345
4735
  id: "13.11",
@@ -3369,7 +4759,21 @@ export class SafeguardManager {
3369
4759
  "false positive reduction"
3370
4760
  ],
3371
4761
  relatedSafeguards: ["13.1", "8.11"],
3372
- keywords: ["tune", "security", "event", "alerting", "thresholds", "monthly", "frequently"]
4762
+ keywords: ["tune", "security", "event", "alerting", "thresholds", "monthly", "frequently"],
4763
+ systemPrompt: {
4764
+ role: "security_alert_tuning_expert",
4765
+ context: "You are evaluating security event alerting threshold tuning solutions against CIS Control 13.11 requirements for tuning security event alerting thresholds monthly or more frequently.",
4766
+ objective: "Determine if a vendor solution provides comprehensive security event alerting threshold tuning capabilities with monthly or more frequent optimization cycles.",
4767
+ guidelines: [
4768
+ "Verify security event alerting threshold tuning capabilities",
4769
+ "Confirm monthly or more frequent tuning frequency and processes",
4770
+ "Validate SIEM tuning processes and threshold optimization tools",
4771
+ "Assess alert management platforms and false positive reduction",
4772
+ "Review threshold optimization and alerting efficiency",
4773
+ "Check automated tuning capabilities and performance monitoring"
4774
+ ],
4775
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4776
+ }
3373
4777
  },
3374
4778
  // Control 9: Email and Web Browser Protections
3375
4779
  "9.1": {
@@ -3404,7 +4808,21 @@ export class SafeguardManager {
3404
4808
  "automated patch management"
3405
4809
  ],
3406
4810
  relatedSafeguards: ["2.1", "4.1", "7.4"],
3407
- keywords: ["ensure", "fully", "supported", "browsers", "email", "clients", "latest", "version", "vendor"]
4811
+ keywords: ["ensure", "fully", "supported", "browsers", "email", "clients", "latest", "version", "vendor"],
4812
+ systemPrompt: {
4813
+ role: "browser_email_client_security_expert",
4814
+ context: "You are evaluating browser and email client security solutions against CIS Control 9.1 requirements for ensuring only fully supported, latest versions are used.",
4815
+ objective: "Determine if a vendor solution provides comprehensive browser and email client version management and execution control.",
4816
+ guidelines: [
4817
+ "Verify enforcement of fully supported browsers and email clients only",
4818
+ "Confirm latest vendor version requirement and update management",
4819
+ "Validate execution restriction and application allowlisting capabilities",
4820
+ "Assess enterprise software asset management tool integration",
4821
+ "Review automated patch management for browsers and email clients",
4822
+ "Check software inventory and compliance monitoring features"
4823
+ ],
4824
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4825
+ }
3408
4826
  },
3409
4827
  "9.2": {
3410
4828
  id: "9.2",
@@ -3439,7 +4857,21 @@ export class SafeguardManager {
3439
4857
  "cloud-based DNS filtering"
3440
4858
  ],
3441
4859
  relatedSafeguards: ["4.1", "4.9"],
3442
- keywords: ["use", "DNS", "filtering", "services", "end-user", "devices", "block", "malicious", "domains"]
4860
+ keywords: ["use", "DNS", "filtering", "services", "end-user", "devices", "block", "malicious", "domains"],
4861
+ systemPrompt: {
4862
+ role: "dns_filtering_security_expert",
4863
+ context: "You are evaluating DNS filtering solutions against CIS Control 9.2 requirements for DNS filtering services to block malicious domains.",
4864
+ objective: "Determine if a vendor solution provides comprehensive DNS filtering capabilities for all end-user devices to block malicious domains.",
4865
+ guidelines: [
4866
+ "Verify DNS filtering service deployment for all end-user devices",
4867
+ "Confirm malicious domain blocking capabilities and coverage",
4868
+ "Validate remote and on-premise asset inclusion",
4869
+ "Assess DNS filtering service effectiveness and accuracy",
4870
+ "Review secure DNS server configuration and cloud-based filtering",
4871
+ "Check DNS security platform integration and management features"
4872
+ ],
4873
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4874
+ }
3443
4875
  },
3444
4876
  "9.3": {
3445
4877
  id: "9.3",
@@ -3475,7 +4907,21 @@ export class SafeguardManager {
3475
4907
  "web content filtering"
3476
4908
  ],
3477
4909
  relatedSafeguards: ["4.1"],
3478
- keywords: ["maintain", "enforce", "network-based", "URL", "filters", "limit", "malicious", "unapproved", "websites"]
4910
+ keywords: ["maintain", "enforce", "network-based", "URL", "filters", "limit", "malicious", "unapproved", "websites"],
4911
+ systemPrompt: {
4912
+ role: "network_security_filtering_expert",
4913
+ context: "You are evaluating network-based URL filtering solutions against CIS Control 9.3 requirements for network-based URL filters to limit enterprise asset connections to malicious or unapproved websites.",
4914
+ objective: "Determine if a vendor solution provides comprehensive network-based URL filtering capabilities to enforce connection limits for all enterprise assets.",
4915
+ guidelines: [
4916
+ "Verify network-based URL filter implementation and enforcement",
4917
+ "Confirm malicious and unapproved website blocking capabilities",
4918
+ "Validate coverage for all enterprise assets in the filtering system",
4919
+ "Assess category-based, reputation-based, and block list filtering methods",
4920
+ "Review filter update mechanisms and management processes",
4921
+ "Check network-level enforcement and bypass prevention"
4922
+ ],
4923
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4924
+ }
3479
4925
  },
3480
4926
  "9.4": {
3481
4927
  id: "9.4",
@@ -3512,7 +4958,21 @@ export class SafeguardManager {
3512
4958
  "extension management platforms"
3513
4959
  ],
3514
4960
  relatedSafeguards: ["4.1"],
3515
- keywords: ["restrict", "unauthorized", "unnecessary", "browser", "email", "plugins", "extensions", "add-on"]
4961
+ keywords: ["restrict", "unauthorized", "unnecessary", "browser", "email", "plugins", "extensions", "add-on"],
4962
+ systemPrompt: {
4963
+ role: "browser_security_management_expert",
4964
+ context: "You are evaluating browser and email client extension management solutions against CIS Control 9.4 requirements for restricting unauthorized or unnecessary plugins, extensions, and add-on applications.",
4965
+ objective: "Determine if a vendor solution provides comprehensive browser and email client extension restriction capabilities through uninstalling or disabling mechanisms.",
4966
+ guidelines: [
4967
+ "Verify browser plugin and extension restriction capabilities",
4968
+ "Confirm email client plugin and extension management",
4969
+ "Validate unauthorized and unnecessary application identification",
4970
+ "Assess uninstalling and disabling mechanisms and enforcement",
4971
+ "Review configuration management and policy enforcement tools",
4972
+ "Check browser management system integration and compliance monitoring"
4973
+ ],
4974
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4975
+ }
3516
4976
  },
3517
4977
  "9.5": {
3518
4978
  id: "9.5",
@@ -3550,7 +5010,21 @@ export class SafeguardManager {
3550
5010
  "DKIM signature management"
3551
5011
  ],
3552
5012
  relatedSafeguards: ["4.1"],
3553
- keywords: ["implement", "DMARC", "policy", "verification", "SPF", "DKIM", "spoofed", "modified", "emails"]
5013
+ keywords: ["implement", "DMARC", "policy", "verification", "SPF", "DKIM", "spoofed", "modified", "emails"],
5014
+ systemPrompt: {
5015
+ role: "email_authentication_security_expert",
5016
+ context: "You are evaluating email authentication solutions against CIS Control 9.5 requirements for implementing DMARC policy and verification, including SPF and DKIM standards to prevent spoofed or modified emails.",
5017
+ objective: "Determine if a vendor solution provides comprehensive DMARC, SPF, and DKIM implementation capabilities to protect against email spoofing and modification from valid domains.",
5018
+ guidelines: [
5019
+ "Verify DMARC policy implementation and verification capabilities",
5020
+ "Confirm SPF (Sender Policy Framework) standard implementation",
5021
+ "Validate DKIM (DomainKeys Identified Mail) standard implementation",
5022
+ "Assess spoofed and modified email detection and prevention",
5023
+ "Review DMARC management tools and email authentication services",
5024
+ "Check SPF record management and DKIM signature management integration"
5025
+ ],
5026
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5027
+ }
3554
5028
  },
3555
5029
  "9.6": {
3556
5030
  id: "9.6",
@@ -3579,7 +5053,21 @@ export class SafeguardManager {
3579
5053
  "email content filtering"
3580
5054
  ],
3581
5055
  relatedSafeguards: ["4.1"],
3582
- keywords: ["block", "unnecessary", "file", "types", "email", "gateway", "enterprise"]
5056
+ keywords: ["block", "unnecessary", "file", "types", "email", "gateway", "enterprise"],
5057
+ systemPrompt: {
5058
+ role: "email_gateway_security_expert",
5059
+ context: "You are evaluating email gateway security solutions against CIS Control 9.6 requirements for blocking unnecessary file types attempting to enter the enterprise's email gateway.",
5060
+ objective: "Determine if a vendor solution provides comprehensive email gateway file type blocking capabilities to prevent unnecessary file types from entering the enterprise.",
5061
+ guidelines: [
5062
+ "Verify email gateway file type blocking capabilities and coverage",
5063
+ "Confirm unnecessary file type identification and filtering mechanisms",
5064
+ "Validate comprehensive email gateway protection and security controls",
5065
+ "Assess file type blocking system effectiveness and accuracy",
5066
+ "Review email security tools and content filtering integration",
5067
+ "Check email gateway filtering policies and management features"
5068
+ ],
5069
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5070
+ }
3583
5071
  },
3584
5072
  "9.7": {
3585
5073
  id: "9.7",
@@ -3612,7 +5100,21 @@ export class SafeguardManager {
3612
5100
  "email sandboxing solutions"
3613
5101
  ],
3614
5102
  relatedSafeguards: ["4.1", "10.1"],
3615
- keywords: ["deploy", "maintain", "email", "server", "anti-malware", "protections", "attachment", "scanning", "sandboxing"]
5103
+ keywords: ["deploy", "maintain", "email", "server", "anti-malware", "protections", "attachment", "scanning", "sandboxing"],
5104
+ systemPrompt: {
5105
+ role: "email_security_anti_malware_expert",
5106
+ context: "You are evaluating email server anti-malware solutions against CIS Control 9.7 requirements for deploying and maintaining email server anti-malware protections including attachment scanning and sandboxing.",
5107
+ objective: "Determine if a vendor solution provides comprehensive email server anti-malware protection capabilities with attachment scanning and sandboxing features.",
5108
+ guidelines: [
5109
+ "Verify email server anti-malware protection deployment and maintenance",
5110
+ "Confirm attachment scanning capabilities and effectiveness",
5111
+ "Validate sandboxing capabilities and threat isolation",
5112
+ "Assess comprehensive email security protection coverage",
5113
+ "Review anti-malware platform integration and management",
5114
+ "Check email sandboxing solution effectiveness and threat detection"
5115
+ ],
5116
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5117
+ }
3616
5118
  },
3617
5119
  // Control 14: Security Awareness and Skills Training
3618
5120
  "14.1": {
@@ -3651,7 +5153,21 @@ export class SafeguardManager {
3651
5153
  "learning management systems"
3652
5154
  ],
3653
5155
  relatedSafeguards: ["14.2", "14.3", "14.4", "14.5", "14.6", "14.7", "14.8", "14.9"],
3654
- keywords: ["establish", "maintain", "security", "awareness", "program", "educate", "workforce", "training", "annually"]
5156
+ keywords: ["establish", "maintain", "security", "awareness", "program", "educate", "workforce", "training", "annually"],
5157
+ systemPrompt: {
5158
+ role: "security_awareness_program_expert",
5159
+ context: "You are evaluating security awareness program solutions against CIS Control 14.1 requirements for establishing and maintaining comprehensive security awareness programs with annual training and content updates.",
5160
+ objective: "Determine if a vendor solution provides comprehensive security awareness program establishment and maintenance capabilities including workforce education, training delivery, and content management.",
5161
+ guidelines: [
5162
+ "Verify security awareness program establishment and maintenance capabilities",
5163
+ "Confirm workforce education on secure interaction with enterprise assets and data",
5164
+ "Validate training delivery at hire and minimum annually",
5165
+ "Assess content review and update processes annually or when enterprise changes occur",
5166
+ "Review learning management systems and training documentation capabilities",
5167
+ "Check security training and awareness tools integration and policy management"
5168
+ ],
5169
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5170
+ }
3655
5171
  },
3656
5172
  "14.2": {
3657
5173
  id: "14.2",
@@ -3686,7 +5202,21 @@ export class SafeguardManager {
3686
5202
  "security awareness modules"
3687
5203
  ],
3688
5204
  relatedSafeguards: ["14.1"],
3689
- keywords: ["train", "workforce", "recognize", "social", "engineering", "attacks", "phishing", "BEC", "pretexting", "tailgating"]
5205
+ keywords: ["train", "workforce", "recognize", "social", "engineering", "attacks", "phishing", "BEC", "pretexting", "tailgating"],
5206
+ systemPrompt: {
5207
+ role: "social_engineering_awareness_expert",
5208
+ context: "You are evaluating social engineering awareness training solutions against CIS Control 14.2 requirements for training workforce members to recognize various social engineering attacks.",
5209
+ objective: "Determine if a vendor solution provides comprehensive social engineering awareness training covering phishing, business email compromise, pretexting, and tailgating attack recognition.",
5210
+ guidelines: [
5211
+ "Verify social engineering attack recognition training capabilities",
5212
+ "Confirm phishing awareness and business email compromise (BEC) training",
5213
+ "Validate pretexting and tailgating attack awareness modules",
5214
+ "Assess phishing simulation platforms and interactive training tools",
5215
+ "Review security awareness modules and attack scenario training",
5216
+ "Check social engineering awareness training effectiveness and measurement"
5217
+ ],
5218
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5219
+ }
3690
5220
  },
3691
5221
  "14.3": {
3692
5222
  id: "14.3",
@@ -3719,7 +5249,21 @@ export class SafeguardManager {
3719
5249
  "MFA awareness programs"
3720
5250
  ],
3721
5251
  relatedSafeguards: ["14.1", "6.2", "6.3"],
3722
- keywords: ["train", "workforce", "authentication", "best", "practices", "MFA", "password", "composition", "credential", "management"]
5252
+ keywords: ["train", "workforce", "authentication", "best", "practices", "MFA", "password", "composition", "credential", "management"],
5253
+ systemPrompt: {
5254
+ role: "authentication_training_expert",
5255
+ context: "You are evaluating authentication best practices training solutions against CIS Control 14.3 requirements for training workforce members on MFA, password composition, and credential management.",
5256
+ objective: "Determine if a vendor solution provides comprehensive authentication best practices training covering MFA, password security, and credential management education.",
5257
+ guidelines: [
5258
+ "Verify authentication best practices training program capabilities",
5259
+ "Confirm multi-factor authentication (MFA) training and awareness",
5260
+ "Validate password composition and security training modules",
5261
+ "Assess credential management training and best practices education",
5262
+ "Review authentication training modules and MFA awareness programs",
5263
+ "Check password security training effectiveness and user engagement"
5264
+ ],
5265
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5266
+ }
3723
5267
  },
3724
5268
  "14.4": {
3725
5269
  id: "14.4",
@@ -3760,7 +5304,21 @@ export class SafeguardManager {
3760
5304
  "data classification training"
3761
5305
  ],
3762
5306
  relatedSafeguards: ["14.1", "3.1", "3.2"],
3763
- keywords: ["train", "workforce", "data", "handling", "best", "practices", "store", "transfer", "archive", "destroy", "sensitive", "clear", "screen", "desk"]
5307
+ keywords: ["train", "workforce", "data", "handling", "best", "practices", "store", "transfer", "archive", "destroy", "sensitive", "clear", "screen", "desk"],
5308
+ systemPrompt: {
5309
+ role: "data_handling_training_expert",
5310
+ context: "You are evaluating data handling best practices training solutions against CIS Control 14.4 requirements for training workforce on sensitive data identification, storage, transfer, archival, destruction, and clear screen/desk practices.",
5311
+ objective: "Determine if a vendor solution provides comprehensive data handling training covering sensitive data lifecycle management and workspace security best practices.",
5312
+ guidelines: [
5313
+ "Verify data handling best practices training and sensitive data identification",
5314
+ "Confirm secure data storage, transfer, archive, and destruction training",
5315
+ "Validate clear screen and desk best practices including screen locking",
5316
+ "Assess whiteboard erasing and secure data storage training modules",
5317
+ "Review data classification training and clean desk policy education",
5318
+ "Check data handling training effectiveness and workspace security awareness"
5319
+ ],
5320
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5321
+ }
3764
5322
  },
3765
5323
  "14.5": {
3766
5324
  id: "14.5",
@@ -3793,7 +5351,21 @@ export class SafeguardManager {
3793
5351
  "data sharing awareness programs"
3794
5352
  ],
3795
5353
  relatedSafeguards: ["14.1", "3.3"],
3796
- keywords: ["train", "workforce", "unintentional", "data", "exposure", "mis-delivery", "losing", "portable", "device", "publishing", "unintended", "audiences"]
5354
+ keywords: ["train", "workforce", "unintentional", "data", "exposure", "mis-delivery", "losing", "portable", "device", "publishing", "unintended", "audiences"],
5355
+ systemPrompt: {
5356
+ role: "data_exposure_awareness_expert",
5357
+ context: "You are evaluating unintentional data exposure awareness training solutions against CIS Control 14.5 requirements for training workforce on causes and prevention of unintentional data exposure.",
5358
+ objective: "Determine if a vendor solution provides comprehensive training on unintentional data exposure causes including mis-delivery, portable device loss, and unintended data publication.",
5359
+ guidelines: [
5360
+ "Verify unintentional data exposure awareness training coverage",
5361
+ "Confirm mis-delivery prevention and sensitive data handling training",
5362
+ "Validate portable device security awareness and loss prevention training",
5363
+ "Assess data publication controls and unintended audience protection",
5364
+ "Review data loss prevention training and device security awareness",
5365
+ "Check data sharing awareness programs and exposure prevention education"
5366
+ ],
5367
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5368
+ }
3797
5369
  },
3798
5370
  "14.6": {
3799
5371
  id: "14.6",
@@ -3824,7 +5396,21 @@ export class SafeguardManager {
3824
5396
  "incident reporting tools"
3825
5397
  ],
3826
5398
  relatedSafeguards: ["14.1", "17.3"],
3827
- keywords: ["train", "workforce", "recognizing", "reporting", "security", "incidents", "potential", "incident"]
5399
+ keywords: ["train", "workforce", "recognizing", "reporting", "security", "incidents", "potential", "incident"],
5400
+ systemPrompt: {
5401
+ role: "incident_recognition_training_expert",
5402
+ context: "You are evaluating security incident recognition and reporting training solutions against CIS Control 14.6 requirements for training workforce to recognize potential incidents and report them.",
5403
+ objective: "Determine if a vendor solution provides comprehensive security incident recognition training and effective incident reporting procedures for workforce members.",
5404
+ guidelines: [
5405
+ "Verify security incident recognition training capabilities and coverage",
5406
+ "Confirm potential incident identification and awareness training",
5407
+ "Validate incident reporting procedures and training effectiveness",
5408
+ "Assess incident response training and security awareness programs",
5409
+ "Review incident reporting tools and notification procedures",
5410
+ "Check security incident awareness and response training integration"
5411
+ ],
5412
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5413
+ }
3828
5414
  },
3829
5415
  "14.7": {
3830
5416
  id: "14.7",
@@ -3861,7 +5447,21 @@ export class SafeguardManager {
3861
5447
  "automated system monitoring training"
3862
5448
  ],
3863
5449
  relatedSafeguards: ["14.1", "7.3", "7.4"],
3864
- keywords: ["train", "workforce", "identify", "report", "enterprise", "assets", "missing", "security", "updates", "patches", "automated", "processes"]
5450
+ keywords: ["train", "workforce", "identify", "report", "enterprise", "assets", "missing", "security", "updates", "patches", "automated", "processes"],
5451
+ systemPrompt: {
5452
+ role: "security_update_awareness_expert",
5453
+ context: "You are evaluating security update awareness training solutions against CIS Control 14.7 requirements for training workforce to identify and report missing security updates and automated process failures.",
5454
+ objective: "Determine if a vendor solution provides comprehensive training on security update verification, patch identification, and automated process failure reporting to IT personnel.",
5455
+ guidelines: [
5456
+ "Verify security update verification training and out-of-date patch identification",
5457
+ "Confirm automated process and tool failure reporting training",
5458
+ "Validate IT personnel notification procedures and reporting mechanisms",
5459
+ "Assess patch management awareness training and system monitoring education",
5460
+ "Review automated system monitoring training and failure detection",
5461
+ "Check IT support reporting procedures and escalation training"
5462
+ ],
5463
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5464
+ }
3865
5465
  },
3866
5466
  "14.8": {
3867
5467
  id: "14.8",
@@ -3897,7 +5497,21 @@ export class SafeguardManager {
3897
5497
  "home network configuration guides"
3898
5498
  ],
3899
5499
  relatedSafeguards: ["14.1", "12.1"],
3900
- keywords: ["train", "workforce", "dangers", "connecting", "transmitting", "enterprise", "data", "insecure", "networks", "remote", "workers", "home", "network"]
5500
+ keywords: ["train", "workforce", "dangers", "connecting", "transmitting", "enterprise", "data", "insecure", "networks", "remote", "workers", "home", "network"],
5501
+ systemPrompt: {
5502
+ role: "network_security_awareness_expert",
5503
+ context: "You are evaluating network security awareness training solutions against CIS Control 14.8 requirements for training workforce on dangers of insecure networks and remote work security including home network configuration.",
5504
+ objective: "Determine if a vendor solution provides comprehensive training on insecure network dangers, secure connection practices, and remote worker home network security configuration.",
5505
+ guidelines: [
5506
+ "Verify training on dangers of connecting to and transmitting data over insecure networks",
5507
+ "Confirm enterprise data transmission security and secure connection practices",
5508
+ "Validate remote worker training and home network security configuration guidance",
5509
+ "Assess network security awareness training and remote work security education",
5510
+ "Review home network configuration guides and insecure network identification",
5511
+ "Check enterprise activity security and remote infrastructure protection training"
5512
+ ],
5513
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5514
+ }
3901
5515
  },
3902
5516
  "14.9": {
3903
5517
  id: "14.9",
@@ -3931,7 +5545,21 @@ export class SafeguardManager {
3931
5545
  "professional development programs"
3932
5546
  ],
3933
5547
  relatedSafeguards: ["14.1", "16.9"],
3934
- keywords: ["conduct", "role-specific", "security", "awareness", "skills", "training", "IT", "professionals", "OWASP", "developers", "high-profile", "roles"]
5548
+ keywords: ["conduct", "role-specific", "security", "awareness", "skills", "training", "IT", "professionals", "OWASP", "developers", "high-profile", "roles"],
5549
+ systemPrompt: {
5550
+ role: "role_specific_training_expert",
5551
+ context: "You are evaluating role-specific security awareness and skills training solutions against CIS Control 14.9 requirements for conducting specialized training including secure system administration, OWASP Top 10, and advanced social engineering awareness.",
5552
+ objective: "Determine if a vendor solution provides comprehensive role-specific security training including IT professional courses, developer vulnerability training, and high-profile role security awareness.",
5553
+ guidelines: [
5554
+ "Verify role-specific security awareness and skills training capabilities",
5555
+ "Confirm secure system administration courses for IT professionals",
5556
+ "Validate OWASP Top 10 vulnerability awareness and prevention training for developers",
5557
+ "Assess advanced social engineering awareness training for high-profile roles",
5558
+ "Review specialized security courses and professional development programs",
5559
+ "Check role-based training program customization and effectiveness measurement"
5560
+ ],
5561
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5562
+ }
3935
5563
  },
3936
5564
  // Control 15: Service Provider Management
3937
5565
  "15.1": {
@@ -3968,7 +5596,21 @@ export class SafeguardManager {
3968
5596
  "supplier relationship management tools"
3969
5597
  ],
3970
5598
  relatedSafeguards: ["2.1", "8.12", "15.2", "15.3", "15.4", "15.5", "15.6", "15.7"],
3971
- keywords: ["establish", "maintain", "inventory", "service", "providers", "classification", "enterprise", "contact", "review", "annually"]
5599
+ keywords: ["establish", "maintain", "inventory", "service", "providers", "classification", "enterprise", "contact", "review", "annually"],
5600
+ systemPrompt: {
5601
+ role: "service_provider_inventory_expert",
5602
+ context: "You are evaluating service provider inventory management solutions against CIS Control 15.1 requirements for establishing and maintaining comprehensive inventories of service providers with classifications and enterprise contacts.",
5603
+ objective: "Determine if a vendor solution provides comprehensive service provider inventory capabilities including classification systems, contact management, and annual review processes.",
5604
+ guidelines: [
5605
+ "Verify service provider inventory establishment and maintenance capabilities",
5606
+ "Confirm comprehensive service provider listing and classification systems",
5607
+ "Validate enterprise contact designation and management for each provider",
5608
+ "Assess annual review processes and enterprise change impact assessment",
5609
+ "Review third-party risk management tools and vendor inventory systems",
5610
+ "Check service provider management platform integration and supplier relationship management"
5611
+ ],
5612
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5613
+ }
3972
5614
  },
3973
5615
  "15.2": {
3974
5616
  id: "15.2",
@@ -4009,7 +5651,21 @@ export class SafeguardManager {
4009
5651
  "supplier governance documentation"
4010
5652
  ],
4011
5653
  relatedSafeguards: ["15.1", "15.3", "15.4", "15.5", "15.6", "15.7"],
4012
- keywords: ["establish", "maintain", "service", "provider", "management", "policy", "classification", "inventory", "assessment", "monitoring", "decommissioning"]
5654
+ keywords: ["establish", "maintain", "service", "provider", "management", "policy", "classification", "inventory", "assessment", "monitoring", "decommissioning"],
5655
+ systemPrompt: {
5656
+ role: "service_provider_policy_expert",
5657
+ context: "You are evaluating service provider management policy solutions against CIS Control 15.2 requirements for establishing and maintaining comprehensive policies covering classification, inventory, assessment, monitoring, and decommissioning.",
5658
+ objective: "Determine if a vendor solution provides comprehensive service provider management policy capabilities including all lifecycle processes and annual review requirements.",
5659
+ guidelines: [
5660
+ "Verify service provider management policy establishment and maintenance",
5661
+ "Confirm policy coverage of classification, inventory, assessment, monitoring, and decommissioning",
5662
+ "Validate annual policy review and enterprise change impact assessment",
5663
+ "Assess third-party risk management frameworks and policy documentation",
5664
+ "Review vendor management policy templates and supplier governance",
5665
+ "Check policy implementation and lifecycle process integration"
5666
+ ],
5667
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5668
+ }
4013
5669
  },
4014
5670
  "15.3": {
4015
5671
  id: "15.3",
@@ -4048,7 +5704,21 @@ export class SafeguardManager {
4048
5704
  "regulatory compliance matrices"
4049
5705
  ],
4050
5706
  relatedSafeguards: ["15.1", "15.2"],
4051
- keywords: ["classify", "service", "providers", "data", "sensitivity", "volume", "availability", "regulations", "risk", "classifications"]
5707
+ keywords: ["classify", "service", "providers", "data", "sensitivity", "volume", "availability", "regulations", "risk", "classifications"],
5708
+ systemPrompt: {
5709
+ role: "service_provider_classification_expert",
5710
+ context: "You are evaluating service provider classification solutions against CIS Control 15.3 requirements for classifying service providers based on data sensitivity, volume, availability, regulations, and risk factors.",
5711
+ objective: "Determine if a vendor solution provides comprehensive service provider classification capabilities including risk-based criteria, data sensitivity assessment, and regulatory compliance classification.",
5712
+ guidelines: [
5713
+ "Verify service provider classification system implementation",
5714
+ "Confirm risk-based classification criteria including data sensitivity and volume",
5715
+ "Validate availability requirements and regulatory compliance classification",
5716
+ "Assess inherent and mitigated risk classification capabilities",
5717
+ "Review classification framework annual updates and enterprise change management",
5718
+ "Check data sensitivity classification schemes and regulatory compliance matrices"
5719
+ ],
5720
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5721
+ }
4052
5722
  },
4053
5723
  "15.4": {
4054
5724
  id: "15.4",
@@ -4086,7 +5756,21 @@ export class SafeguardManager {
4086
5756
  "security requirement checklists"
4087
5757
  ],
4088
5758
  relatedSafeguards: ["15.1", "15.2"],
4089
- keywords: ["ensure", "service", "provider", "contracts", "include", "security", "requirements", "incident", "breach", "notification", "encryption", "disposal"]
5759
+ keywords: ["ensure", "service", "provider", "contracts", "include", "security", "requirements", "incident", "breach", "notification", "encryption", "disposal"],
5760
+ systemPrompt: {
5761
+ role: "service_provider_contract_security_expert",
5762
+ context: "You are evaluating service provider contract security management solutions against CIS Control 15.4 requirements for ensuring contracts include comprehensive security requirements consistent with enterprise policies.",
5763
+ objective: "Determine if a vendor solution provides comprehensive contract security requirement capabilities including incident notification, data encryption, disposal commitments, and annual review processes.",
5764
+ guidelines: [
5765
+ "Verify service provider contract security requirement inclusion and management",
5766
+ "Confirm minimum security program requirements and incident/breach notification",
5767
+ "Validate data encryption requirements and data disposal commitments",
5768
+ "Assess consistency with enterprise service provider management policy",
5769
+ "Review annual contract review processes and security requirement compliance",
5770
+ "Check contract management systems and security requirement checklists"
5771
+ ],
5772
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5773
+ }
4090
5774
  },
4091
5775
  "15.5": {
4092
5776
  id: "15.5",
@@ -4124,7 +5808,21 @@ export class SafeguardManager {
4124
5808
  "compliance monitoring systems"
4125
5809
  ],
4126
5810
  relatedSafeguards: ["15.1", "15.2"],
4127
- keywords: ["assess", "service", "providers", "SOC", "PCI", "questionnaires", "rigorous", "processes", "reassess", "annually", "contracts"]
5811
+ keywords: ["assess", "service", "providers", "SOC", "PCI", "questionnaires", "rigorous", "processes", "reassess", "annually", "contracts"],
5812
+ systemPrompt: {
5813
+ role: "service_provider_assessment_expert",
5814
+ context: "You are evaluating service provider assessment solutions against CIS Control 15.5 requirements for conducting rigorous assessments including SOC 2, PCI AoC, customized questionnaires, and annual reassessments.",
5815
+ objective: "Determine if a vendor solution provides comprehensive service provider assessment capabilities including standardized reports, customized questionnaires, and classification-based assessment scoping.",
5816
+ guidelines: [
5817
+ "Verify service provider assessment processes consistent with enterprise policy",
5818
+ "Confirm standardized assessment report reviews (SOC 2, PCI AoC)",
5819
+ "Validate customized questionnaire capabilities and rigorous assessment methodologies",
5820
+ "Assess classification-based assessment scoping and annual reassessment processes",
5821
+ "Review third-party risk management tools and compliance monitoring systems",
5822
+ "Check assessment questionnaire platforms and new/renewed contract triggers"
5823
+ ],
5824
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5825
+ }
4128
5826
  },
4129
5827
  "15.6": {
4130
5828
  id: "15.6",
@@ -4157,7 +5855,21 @@ export class SafeguardManager {
4157
5855
  "compliance monitoring platforms"
4158
5856
  ],
4159
5857
  relatedSafeguards: ["15.1", "15.2"],
4160
- keywords: ["monitor", "service", "providers", "periodic", "reassessment", "compliance", "release", "notes", "dark", "web", "monitoring"]
5858
+ keywords: ["monitor", "service", "providers", "periodic", "reassessment", "compliance", "release", "notes", "dark", "web", "monitoring"],
5859
+ systemPrompt: {
5860
+ role: "service_provider_monitoring_expert",
5861
+ context: "You are evaluating service provider monitoring solutions against CIS Control 15.6 requirements for monitoring service providers including periodic reassessment, release notes monitoring, and dark web monitoring.",
5862
+ objective: "Determine if a vendor solution provides comprehensive service provider monitoring capabilities including compliance reassessment, release notes tracking, and dark web monitoring services.",
5863
+ guidelines: [
5864
+ "Verify service provider monitoring processes consistent with enterprise policy",
5865
+ "Confirm periodic compliance reassessment and service provider monitoring",
5866
+ "Validate service provider release notes monitoring and tracking",
5867
+ "Assess dark web monitoring services and threat intelligence integration",
5868
+ "Review third-party risk management tools and compliance monitoring platforms",
5869
+ "Check continuous monitoring capabilities and policy compliance tracking"
5870
+ ],
5871
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5872
+ }
4161
5873
  },
4162
5874
  "15.7": {
4163
5875
  id: "15.7",
@@ -4189,7 +5901,21 @@ export class SafeguardManager {
4189
5901
  "secure decommissioning checklists"
4190
5902
  ],
4191
5903
  relatedSafeguards: ["15.1", "15.2"],
4192
- keywords: ["securely", "decommission", "service", "providers", "account", "deactivation", "data", "flows", "disposal", "enterprise", "data"]
5904
+ keywords: ["securely", "decommission", "service", "providers", "account", "deactivation", "data", "flows", "disposal", "enterprise", "data"],
5905
+ systemPrompt: {
5906
+ role: "service_provider_decommissioning_expert",
5907
+ context: "You are evaluating service provider decommissioning solutions against CIS Control 15.7 requirements for securely decommissioning service providers including account deactivation, data flow termination, and secure data disposal.",
5908
+ objective: "Determine if a vendor solution provides comprehensive secure service provider decommissioning capabilities including user/service account management, data flow control, and enterprise data disposal.",
5909
+ guidelines: [
5910
+ "Verify secure service provider decommissioning processes and procedures",
5911
+ "Confirm user and service account deactivation capabilities",
5912
+ "Validate data flow termination and enterprise data disposal processes",
5913
+ "Assess secure decommissioning checklists and account management",
5914
+ "Review data destruction procedures and secure disposal verification",
5915
+ "Check decommissioning policy compliance and process automation"
5916
+ ],
5917
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5918
+ }
4193
5919
  },
4194
5920
  // Control 16: Application Software Security
4195
5921
  "16.1": {
@@ -4229,7 +5955,21 @@ export class SafeguardManager {
4229
5955
  "security training programs for developers"
4230
5956
  ],
4231
5957
  relatedSafeguards: ["16.2", "16.3", "16.4", "16.5", "16.6", "16.7", "16.8", "16.9", "16.10", "16.11", "16.12", "16.13", "16.14"],
4232
- keywords: ["establish", "maintain", "secure", "application", "development", "process", "design", "standards", "coding", "practices", "training"]
5958
+ keywords: ["establish", "maintain", "secure", "application", "development", "process", "design", "standards", "coding", "practices", "training"],
5959
+ systemPrompt: {
5960
+ role: "secure_development_process_expert",
5961
+ context: "You are evaluating secure application development process solutions against CIS Control 16.1 requirements for establishing comprehensive secure development lifecycles including design standards, coding practices, training, and security testing.",
5962
+ objective: "Determine if a vendor solution provides comprehensive secure application development process capabilities including design standards, secure coding, developer training, vulnerability management, third-party code security, and testing procedures.",
5963
+ guidelines: [
5964
+ "Verify secure application development process establishment and maintenance",
5965
+ "Confirm secure application design standards and secure coding practices",
5966
+ "Validate developer training programs and vulnerability management integration",
5967
+ "Assess third-party code security and application security testing procedures",
5968
+ "Review SDLC frameworks and application security policies",
5969
+ "Check annual documentation updates and enterprise change impact assessment"
5970
+ ],
5971
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5972
+ }
4233
5973
  },
4234
5974
  "16.2": {
4235
5975
  id: "16.2",
@@ -4272,7 +6012,21 @@ export class SafeguardManager {
4272
6012
  "incident response tools"
4273
6013
  ],
4274
6014
  relatedSafeguards: ["16.1", "16.3", "16.6"],
4275
- keywords: ["establish", "maintain", "process", "accept", "address", "software", "vulnerabilities", "external", "entities", "report", "vulnerability", "handling", "policy"]
6015
+ keywords: ["establish", "maintain", "process", "accept", "address", "software", "vulnerabilities", "external", "entities", "report", "vulnerability", "handling", "policy"],
6016
+ systemPrompt: {
6017
+ role: "vulnerability_disclosure_process_expert",
6018
+ context: "You are evaluating vulnerability disclosure and handling process solutions against CIS Control 16.2 requirements for accepting and addressing software vulnerability reports including external reporting mechanisms and comprehensive tracking systems.",
6019
+ objective: "Determine if a vendor solution provides comprehensive vulnerability disclosure process capabilities including external reporting, vulnerability handling policy, tracking systems, and metrics for identification, analysis, and remediation timing.",
6020
+ guidelines: [
6021
+ "Verify vulnerability disclosure process establishment for internal and external reporting",
6022
+ "Confirm vulnerability handling policy including intake, assignment, remediation, and testing",
6023
+ "Validate vulnerability tracking system with severity ratings and timing metrics",
6024
+ "Assess external entity reporting mechanisms and stakeholder expectation management",
6025
+ "Review vulnerability disclosure platforms and bug bounty program integration",
6026
+ "Check annual documentation updates and responsible party designation"
6027
+ ],
6028
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6029
+ }
4276
6030
  },
4277
6031
  "16.3": {
4278
6032
  id: "16.3",
@@ -4300,7 +6054,21 @@ export class SafeguardManager {
4300
6054
  "systematic vulnerability review processes"
4301
6055
  ],
4302
6056
  relatedSafeguards: ["16.1", "16.2"],
4303
- keywords: ["perform", "root", "cause", "analysis", "security", "vulnerabilities", "reviewing", "evaluating", "underlying", "issues", "code"]
6057
+ keywords: ["perform", "root", "cause", "analysis", "security", "vulnerabilities", "reviewing", "evaluating", "underlying", "issues", "code"],
6058
+ systemPrompt: {
6059
+ role: "vulnerability_root_cause_analysis_expert",
6060
+ context: "You are evaluating vulnerability root cause analysis solutions against CIS Control 16.3 requirements for performing systematic root cause analysis on security vulnerabilities to address underlying issues in code.",
6061
+ objective: "Determine if a vendor solution provides comprehensive root cause analysis capabilities for security vulnerabilities including evaluation of underlying issues and systematic vulnerability review processes.",
6062
+ guidelines: [
6063
+ "Verify root cause analysis capabilities for security vulnerabilities",
6064
+ "Confirm systematic evaluation of underlying issues that create vulnerabilities",
6065
+ "Validate development team movement beyond individual vulnerability fixes",
6066
+ "Assess code analysis tools and vulnerability assessment platform integration",
6067
+ "Review development team training on root cause analysis methodologies",
6068
+ "Check systematic vulnerability review processes and pattern identification"
6069
+ ],
6070
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6071
+ }
4304
6072
  },
4305
6073
  "16.4": {
4306
6074
  id: "16.4",
@@ -4336,7 +6104,21 @@ export class SafeguardManager {
4336
6104
  "automated inventory tracking tools"
4337
6105
  ],
4338
6106
  relatedSafeguards: ["16.1", "16.5"],
4339
- keywords: ["establish", "manage", "inventory", "third-party", "software", "components", "bill", "materials", "risks", "monthly", "evaluation"]
6107
+ keywords: ["establish", "manage", "inventory", "third-party", "software", "components", "bill", "materials", "risks", "monthly", "evaluation"],
6108
+ systemPrompt: {
6109
+ role: "third_party_component_inventory_expert",
6110
+ context: "You are evaluating third-party software component inventory management solutions against CIS Control 16.4 requirements for maintaining bill of materials, risk assessment, and monthly component validation.",
6111
+ objective: "Determine if a vendor solution provides comprehensive third-party component inventory capabilities including bill of materials management, risk assessment, monthly evaluation, and component support validation.",
6112
+ guidelines: [
6113
+ "Verify third-party component inventory establishment and bill of materials management",
6114
+ "Confirm risk assessment for each third-party component",
6115
+ "Validate monthly evaluation processes for component changes and updates",
6116
+ "Assess component support validation and software composition analysis",
6117
+ "Review dependency management systems and component vulnerability databases",
6118
+ "Check automated inventory tracking tools and future use component planning"
6119
+ ],
6120
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6121
+ }
4340
6122
  },
4341
6123
  "16.5": {
4342
6124
  id: "16.5",
@@ -4369,7 +6151,21 @@ export class SafeguardManager {
4369
6151
  "component security assessment processes"
4370
6152
  ],
4371
6153
  relatedSafeguards: ["16.1", "16.4", "16.11", "7.1"],
4372
- keywords: ["use", "up-to-date", "trusted", "third-party", "software", "components", "established", "proven", "frameworks", "libraries", "adequate", "security"]
6154
+ keywords: ["use", "up-to-date", "trusted", "third-party", "software", "components", "established", "proven", "frameworks", "libraries", "adequate", "security"],
6155
+ systemPrompt: {
6156
+ role: "trusted_component_security_expert",
6157
+ context: "You are evaluating trusted third-party software component solutions against CIS Control 16.5 requirements for using up-to-date, trusted components from established sources with adequate security and vulnerability evaluation.",
6158
+ objective: "Determine if a vendor solution provides comprehensive trusted third-party component capabilities including up-to-date components, trusted sources, vulnerability evaluation, and proven framework selection.",
6159
+ guidelines: [
6160
+ "Verify up-to-date and trusted third-party software component usage",
6161
+ "Confirm established and proven frameworks with adequate security",
6162
+ "Validate trusted source acquisition and vulnerability evaluation before use",
6163
+ "Assess software composition analysis and component security assessment",
6164
+ "Review trusted software repositories and vulnerability scanning integration",
6165
+ "Check component security validation and source verification processes"
6166
+ ],
6167
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6168
+ }
4373
6169
  },
4374
6170
  "16.6": {
4375
6171
  id: "16.6",
@@ -4403,7 +6199,21 @@ export class SafeguardManager {
4403
6199
  "prioritization workflows"
4404
6200
  ],
4405
6201
  relatedSafeguards: ["16.1", "16.2"],
4406
- keywords: ["establish", "maintain", "severity", "rating", "system", "process", "application", "vulnerabilities", "prioritizing", "triaging", "risk", "management"]
6202
+ keywords: ["establish", "maintain", "severity", "rating", "system", "process", "application", "vulnerabilities", "prioritizing", "triaging", "risk", "management"],
6203
+ systemPrompt: {
6204
+ role: "vulnerability_severity_rating_expert",
6205
+ context: "You are evaluating vulnerability severity rating system solutions against CIS Control 16.6 requirements for establishing systematic vulnerability prioritization, triaging, and risk management with minimum security acceptability levels.",
6206
+ objective: "Determine if a vendor solution provides comprehensive vulnerability severity rating capabilities including prioritization systems, triaging workflows, risk management, and minimum security acceptability standards.",
6207
+ guidelines: [
6208
+ "Verify vulnerability severity rating system establishment and maintenance",
6209
+ "Confirm systematic vulnerability prioritization and triaging capabilities",
6210
+ "Validate minimum security acceptability levels for code/application releases",
6211
+ "Assess risk management improvement and severe bug prioritization",
6212
+ "Review CVSS scoring systems and vulnerability management platforms",
6213
+ "Check annual system updates and prioritization workflow effectiveness"
6214
+ ],
6215
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6216
+ }
4407
6217
  },
4408
6218
  "16.7": {
4409
6219
  id: "16.7",
@@ -4440,7 +6250,21 @@ export class SafeguardManager {
4440
6250
  "automated configuration management"
4441
6251
  ],
4442
6252
  relatedSafeguards: ["16.1"],
4443
- keywords: ["use", "standard", "hardening", "configuration", "templates", "application", "infrastructure", "servers", "databases", "web", "servers", "cloud", "containers", "PaaS", "SaaS"]
6253
+ keywords: ["use", "standard", "hardening", "configuration", "templates", "application", "infrastructure", "servers", "databases", "web", "servers", "cloud", "containers", "PaaS", "SaaS"],
6254
+ systemPrompt: {
6255
+ role: "infrastructure_hardening_template_expert",
6256
+ context: "You are evaluating infrastructure hardening configuration template solutions against CIS Control 16.7 requirements for using standard industry-recommended hardening templates for application infrastructure including servers, databases, web servers, cloud containers, PaaS, and SaaS components.",
6257
+ objective: "Determine if a vendor solution provides comprehensive infrastructure hardening template capabilities including industry-recommended configurations for servers, databases, cloud components, and configuration hardening protection.",
6258
+ guidelines: [
6259
+ "Verify standard industry-recommended hardening configuration template usage",
6260
+ "Confirm application infrastructure component coverage (servers, databases, web servers)",
6261
+ "Validate cloud containers, PaaS, and SaaS component hardening templates",
6262
+ "Assess configuration hardening protection against in-house software weakening",
6263
+ "Review configuration baseline tools and infrastructure as code (IaC) templates",
6264
+ "Check automated configuration management and security hardening guide integration"
6265
+ ],
6266
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6267
+ }
4444
6268
  },
4445
6269
  "16.8": {
4446
6270
  id: "16.8",
@@ -4468,7 +6292,21 @@ export class SafeguardManager {
4468
6292
  "deployment pipeline controls"
4469
6293
  ],
4470
6294
  relatedSafeguards: ["16.1"],
4471
- keywords: ["maintain", "separate", "environments", "production", "non-production", "systems"]
6295
+ keywords: ["maintain", "separate", "environments", "production", "non-production", "systems"],
6296
+ systemPrompt: {
6297
+ role: "environment_separation_expert",
6298
+ context: "You are evaluating environment separation solutions against CIS Control 16.8 requirements for maintaining separate environments for production and non-production systems.",
6299
+ objective: "Determine if a vendor solution provides comprehensive environment separation capabilities including production and non-production system isolation with proper access controls and deployment controls.",
6300
+ guidelines: [
6301
+ "Verify separate environment maintenance for production and non-production systems",
6302
+ "Confirm environment isolation technologies and network segmentation",
6303
+ "Validate access control systems and deployment pipeline controls",
6304
+ "Assess environment separation enforcement and security boundaries",
6305
+ "Review environment isolation technologies and segregation mechanisms",
6306
+ "Check production system protection and non-production environment management"
6307
+ ],
6308
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6309
+ }
4472
6310
  },
4473
6311
  "16.9": {
4474
6312
  id: "16.9",
@@ -4504,7 +6342,21 @@ export class SafeguardManager {
4504
6342
  "hands-on security workshops"
4505
6343
  ],
4506
6344
  relatedSafeguards: ["16.1", "14.1", "14.9"],
4507
- keywords: ["train", "developers", "application", "security", "concepts", "secure", "coding", "software", "development", "personnel", "training", "annually"]
6345
+ keywords: ["train", "developers", "application", "security", "concepts", "secure", "coding", "software", "development", "personnel", "training", "annually"],
6346
+ systemPrompt: {
6347
+ role: "developer_security_training_expert",
6348
+ context: "You are evaluating developer security training solutions against CIS Control 16.9 requirements for training all software development personnel in secure coding, application security principles, and building a security culture.",
6349
+ objective: "Determine if a vendor solution provides comprehensive developer security training including secure coding for specific environments, annual training programs, and security culture development within development teams.",
6350
+ guidelines: [
6351
+ "Verify comprehensive secure coding training for all software development personnel",
6352
+ "Confirm training specific to development environment and responsibilities",
6353
+ "Validate annual training programs and security principle education",
6354
+ "Assess security culture building and development team security promotion",
6355
+ "Review secure coding training programs and developer security certifications",
6356
+ "Check hands-on security workshops and application security standard practices training"
6357
+ ],
6358
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6359
+ }
4508
6360
  },
4509
6361
  "16.10": {
4510
6362
  id: "16.10",
@@ -4542,7 +6394,21 @@ export class SafeguardManager {
4542
6394
  "security design patterns"
4543
6395
  ],
4544
6396
  relatedSafeguards: ["16.1"],
4545
- keywords: ["apply", "secure", "design", "principles", "application", "architectures", "least", "privilege", "mediation", "validate", "never", "trust", "user", "input"]
6397
+ keywords: ["apply", "secure", "design", "principles", "application", "architectures", "least", "privilege", "mediation", "validate", "never", "trust", "user", "input"],
6398
+ systemPrompt: {
6399
+ role: "secure_architecture_design_expert",
6400
+ context: "You are evaluating secure application architecture design solutions against CIS Control 16.10 requirements for applying secure design principles including least privilege, input validation, and attack surface minimization.",
6401
+ objective: "Determine if a vendor solution provides comprehensive secure design principle capabilities including least privilege enforcement, user input validation, explicit error checking, and application infrastructure attack surface minimization.",
6402
+ guidelines: [
6403
+ "Verify secure design principle application in application architectures",
6404
+ "Confirm least privilege implementation and operation validation mediation",
6405
+ "Validate 'never trust user input' principle and explicit error checking",
6406
+ "Assess input validation for size, data type, and acceptable ranges/formats",
6407
+ "Review attack surface minimization including port/service management and default account removal",
6408
+ "Check secure architecture frameworks and security design pattern integration"
6409
+ ],
6410
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6411
+ }
4546
6412
  },
4547
6413
  "16.11": {
4548
6414
  id: "16.11",
@@ -4580,7 +6446,21 @@ export class SafeguardManager {
4580
6446
  "operating system security features"
4581
6447
  ],
4582
6448
  relatedSafeguards: ["16.1", "16.5"],
4583
- keywords: ["leverage", "vetted", "modules", "services", "application", "security", "components", "identity", "management", "encryption", "auditing", "logging", "platform", "features"]
6449
+ keywords: ["leverage", "vetted", "modules", "services", "application", "security", "components", "identity", "management", "encryption", "auditing", "logging", "platform", "features"],
6450
+ systemPrompt: {
6451
+ role: "vetted_security_module_expert",
6452
+ context: "You are evaluating vetted security module and service solutions against CIS Control 16.11 requirements for leveraging established security components including identity management, encryption, auditing, logging, and platform security features.",
6453
+ objective: "Determine if a vendor solution provides comprehensive vetted security module capabilities including identity management, encryption, auditing/logging, platform security features, and standardized cryptographic algorithms.",
6454
+ guidelines: [
6455
+ "Verify vetted modules and services for application security components",
6456
+ "Confirm identity management, encryption, auditing, and logging capabilities",
6457
+ "Validate platform security features and critical security function integration",
6458
+ "Assess standardized, accepted, and extensively reviewed encryption algorithms",
6459
+ "Review established security libraries and cryptographic modules",
6460
+ "Check operating system security feature utilization and secure audit log mechanisms"
6461
+ ],
6462
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6463
+ }
4584
6464
  },
4585
6465
  "16.12": {
4586
6466
  id: "16.12",
@@ -4610,7 +6490,21 @@ export class SafeguardManager {
4610
6490
  "interactive application security testing (IAST)"
4611
6491
  ],
4612
6492
  relatedSafeguards: ["16.1"],
4613
- keywords: ["implement", "code-level", "security", "checks", "static", "dynamic", "analysis", "tools", "application", "life", "cycle", "secure", "coding", "practices"]
6493
+ keywords: ["implement", "code-level", "security", "checks", "static", "dynamic", "analysis", "tools", "application", "life", "cycle", "secure", "coding", "practices"],
6494
+ systemPrompt: {
6495
+ role: "code_security_analysis_expert",
6496
+ context: "You are evaluating code-level security analysis solutions against CIS Control 16.12 requirements for implementing static and dynamic analysis tools within application lifecycles to verify secure coding practices.",
6497
+ objective: "Determine if a vendor solution provides comprehensive code-level security checking capabilities including static analysis, dynamic analysis, and secure coding practice verification within application development lifecycles.",
6498
+ guidelines: [
6499
+ "Verify static and dynamic analysis tool implementation in application lifecycle",
6500
+ "Confirm secure coding practices verification and compliance checking",
6501
+ "Validate SAST, DAST, and IAST capabilities and integration",
6502
+ "Assess code analysis tool effectiveness and lifecycle integration",
6503
+ "Review application security testing automation and continuous security",
6504
+ "Check secure coding standard enforcement and development process integration"
6505
+ ],
6506
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6507
+ }
4614
6508
  },
4615
6509
  "16.13": {
4616
6510
  id: "16.13",
@@ -4643,7 +6537,21 @@ export class SafeguardManager {
4643
6537
  "skilled penetration testers"
4644
6538
  ],
4645
6539
  relatedSafeguards: ["16.1"],
4646
- keywords: ["conduct", "application", "penetration", "testing", "critical", "applications", "authenticated", "business", "logic", "vulnerabilities", "manual", "manipulation"]
6540
+ keywords: ["conduct", "application", "penetration", "testing", "critical", "applications", "authenticated", "business", "logic", "vulnerabilities", "manual", "manipulation"],
6541
+ systemPrompt: {
6542
+ role: "application_penetration_testing_expert",
6543
+ context: "You are evaluating application penetration testing solutions against CIS Control 16.13 requirements for conducting penetration testing including authenticated testing for critical applications and business logic vulnerability identification.",
6544
+ objective: "Determine if a vendor solution provides comprehensive application penetration testing capabilities including authenticated testing, business logic vulnerability discovery, and manual application manipulation for critical applications.",
6545
+ guidelines: [
6546
+ "Verify application penetration testing capabilities and methodologies",
6547
+ "Confirm authenticated penetration testing for critical applications",
6548
+ "Validate business logic vulnerability identification and manual manipulation testing",
6549
+ "Assess authenticated and unauthenticated user testing approaches",
6550
+ "Review penetration testing frameworks and skilled tester capabilities",
6551
+ "Check testing effectiveness beyond code scanning and automated security testing"
6552
+ ],
6553
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6554
+ }
4647
6555
  },
4648
6556
  "16.14": {
4649
6557
  id: "16.14",
@@ -4680,7 +6588,21 @@ export class SafeguardManager {
4680
6588
  "security architecture documentation"
4681
6589
  ],
4682
6590
  relatedSafeguards: ["16.1"],
4683
- keywords: ["conduct", "threat", "modeling", "identifying", "addressing", "application", "security", "design", "flaws", "specially", "trained", "individuals", "entry", "point", "access", "level"]
6591
+ keywords: ["conduct", "threat", "modeling", "identifying", "addressing", "application", "security", "design", "flaws", "specially", "trained", "individuals", "entry", "point", "access", "level"],
6592
+ systemPrompt: {
6593
+ role: "threat_modeling_expert",
6594
+ context: "You are evaluating threat modeling solutions against CIS Control 16.14 requirements for conducting threat modeling to identify and address application security design flaws before code creation through specially trained individuals.",
6595
+ objective: "Determine if a vendor solution provides comprehensive threat modeling capabilities including design flaw identification, security risk assessment for entry points/access levels, and structured application/architecture/infrastructure mapping.",
6596
+ guidelines: [
6597
+ "Verify threat modeling process implementation and design flaw identification",
6598
+ "Confirm specially trained individual capabilities and application design evaluation",
6599
+ "Validate security risk assessment for each entry point and access level",
6600
+ "Assess structured mapping of application, architecture, and infrastructure",
6601
+ "Review threat modeling frameworks and security design review processes",
6602
+ "Check threat modeling tools and security architecture documentation integration"
6603
+ ],
6604
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6605
+ }
4684
6606
  },
4685
6607
  // Control 17: Incident Response Management
4686
6608
  "17.1": {
@@ -4715,7 +6637,21 @@ export class SafeguardManager {
4715
6637
  "documentation templates"
4716
6638
  ],
4717
6639
  relatedSafeguards: ["17.4"],
4718
- keywords: ["designate", "personnel", "manage", "incident", "handling", "key", "person", "backup", "coordination", "documentation", "response", "recovery"]
6640
+ keywords: ["designate", "personnel", "manage", "incident", "handling", "key", "person", "backup", "coordination", "documentation", "response", "recovery"],
6641
+ systemPrompt: {
6642
+ role: "incident_management_personnel_expert",
6643
+ context: "You are evaluating incident management personnel designation solutions against CIS Control 17.1 requirements for designating key personnel and backups to manage enterprise incident handling processes with coordination and documentation responsibilities.",
6644
+ objective: "Determine if a vendor solution provides comprehensive incident management personnel capabilities including key person designation, backup personnel, coordination and documentation systems, and annual review processes.",
6645
+ guidelines: [
6646
+ "Verify key person and backup designation for incident handling management",
6647
+ "Confirm coordination and documentation of incident response and recovery efforts",
6648
+ "Validate management personnel responsibilities and incident handling process oversight",
6649
+ "Assess internal employees, service providers, or hybrid approach support",
6650
+ "Review annual personnel review and enterprise change impact assessment",
6651
+ "Check incident response team structures and coordination tools integration"
6652
+ ],
6653
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6654
+ }
4719
6655
  },
4720
6656
  "17.2": {
4721
6657
  id: "17.2",
@@ -4747,7 +6683,21 @@ export class SafeguardManager {
4747
6683
  "contact information distribution methods"
4748
6684
  ],
4749
6685
  relatedSafeguards: ["17.3", "17.4"],
4750
- keywords: ["establish", "maintain", "contact", "information", "reporting", "security", "incidents", "workforce", "members", "communication", "methods"]
6686
+ keywords: ["establish", "maintain", "contact", "information", "reporting", "security", "incidents", "workforce", "members", "communication", "methods"],
6687
+ systemPrompt: {
6688
+ role: "incident_contact_information_expert",
6689
+ context: "You are evaluating incident contact information management solutions against CIS Control 17.2 requirements for establishing and maintaining comprehensive contact information for reporting security incidents with multiple communication methods.",
6690
+ objective: "Determine if a vendor solution provides comprehensive incident contact information capabilities including workforce-accessible contact methods, regular updates, and resilient communication systems for compromised environments.",
6691
+ guidelines: [
6692
+ "Verify incident contact information establishment and maintenance for security incident reporting",
6693
+ "Confirm workforce member accessibility and various contact method availability",
6694
+ "Validate regular contact information updates and communication method diversity",
6695
+ "Assess contact method availability during compromised primary communication systems",
6696
+ "Review incident reporting hotlines and emergency contact list management",
6697
+ "Check multiple communication channels and contact information distribution methods"
6698
+ ],
6699
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6700
+ }
4751
6701
  },
4752
6702
  "17.3": {
4753
6703
  id: "17.3",
@@ -4781,7 +6731,21 @@ export class SafeguardManager {
4781
6731
  "process communication methods"
4782
6732
  ],
4783
6733
  relatedSafeguards: ["17.2", "17.4", "14.6"],
4784
- keywords: ["establish", "maintain", "enterprise", "process", "reporting", "incidents", "documented", "timeframe", "personnel", "mechanism", "minimum", "information"]
6734
+ keywords: ["establish", "maintain", "enterprise", "process", "reporting", "incidents", "documented", "timeframe", "personnel", "mechanism", "minimum", "information"],
6735
+ systemPrompt: {
6736
+ role: "incident_reporting_process_expert",
6737
+ context: "You are evaluating incident reporting process solutions against CIS Control 17.3 requirements for establishing documented enterprise processes including reporting timeframes, personnel, mechanisms, and minimum information requirements.",
6738
+ objective: "Determine if a vendor solution provides comprehensive incident reporting process capabilities including documented procedures, workforce accessibility, reporting requirements, and annual review processes.",
6739
+ guidelines: [
6740
+ "Verify documented enterprise process establishment for workforce incident reporting",
6741
+ "Confirm reporting timeframe, personnel designation, and reporting mechanism definition",
6742
+ "Validate minimum information requirements and process workforce accessibility",
6743
+ "Assess annual process review and enterprise change impact assessment",
6744
+ "Review incident reporting procedures and workforce training material integration",
6745
+ "Check reporting forms, templates, and process communication methods"
6746
+ ],
6747
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6748
+ }
4785
6749
  },
4786
6750
  "17.4": {
4787
6751
  id: "17.4",
@@ -4812,7 +6776,21 @@ export class SafeguardManager {
4812
6776
  "communication protocols"
4813
6777
  ],
4814
6778
  relatedSafeguards: ["17.1", "17.3", "17.5", "17.6", "17.7", "17.8", "17.9"],
4815
- keywords: ["establish", "maintain", "incident", "response", "process", "documented", "roles", "responsibilities", "compliance", "requirements", "communication", "plan"]
6779
+ keywords: ["establish", "maintain", "incident", "response", "process", "documented", "roles", "responsibilities", "compliance", "requirements", "communication", "plan"],
6780
+ systemPrompt: {
6781
+ role: "incident_response_process_expert",
6782
+ context: "You are evaluating incident response process solutions against CIS Control 17.4 requirements for establishing documented incident response processes addressing roles, responsibilities, compliance requirements, and communication plans.",
6783
+ objective: "Determine if a vendor solution provides comprehensive incident response process capabilities including documentation, role definition, compliance integration, communication planning, and annual review processes.",
6784
+ guidelines: [
6785
+ "Verify documented incident response process establishment and maintenance",
6786
+ "Confirm roles and responsibilities definition and compliance requirements integration",
6787
+ "Validate communication plan development and incident response coordination",
6788
+ "Assess annual process review and enterprise change impact assessment",
6789
+ "Review incident response playbooks and process documentation templates",
6790
+ "Check compliance frameworks and communication protocol integration"
6791
+ ],
6792
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6793
+ }
4816
6794
  },
4817
6795
  "17.5": {
4818
6796
  id: "17.5",
@@ -4846,7 +6824,21 @@ export class SafeguardManager {
4846
6824
  "cross-functional team coordination"
4847
6825
  ],
4848
6826
  relatedSafeguards: ["17.4"],
4849
- keywords: ["assign", "key", "roles", "responsibilities", "incident", "response", "legal", "IT", "information", "security", "facilities", "public", "relations", "human", "resources", "responders", "analysts"]
6827
+ keywords: ["assign", "key", "roles", "responsibilities", "incident", "response", "legal", "IT", "information", "security", "facilities", "public", "relations", "human", "resources", "responders", "analysts"],
6828
+ systemPrompt: {
6829
+ role: "incident_response_role_assignment_expert",
6830
+ context: "You are evaluating incident response role assignment solutions against CIS Control 17.5 requirements for assigning key roles and responsibilities including legal, IT, information security, facilities, public relations, human resources, incident responders, and analysts.",
6831
+ objective: "Determine if a vendor solution provides comprehensive incident response role assignment capabilities including cross-functional team coordination, responsibility definition, and annual role review processes.",
6832
+ guidelines: [
6833
+ "Verify key role and responsibility assignment for incident response teams",
6834
+ "Confirm cross-functional staff inclusion (legal, IT, security, facilities, PR, HR, responders, analysts)",
6835
+ "Validate incident response team structure and role definition",
6836
+ "Assess annual role review and enterprise change impact assessment",
6837
+ "Review responsibility matrices and cross-functional team coordination",
6838
+ "Check incident response team structures and role definition template integration"
6839
+ ],
6840
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6841
+ }
4850
6842
  },
4851
6843
  "17.6": {
4852
6844
  id: "17.6",
@@ -4879,7 +6871,21 @@ export class SafeguardManager {
4879
6871
  "notification systems"
4880
6872
  ],
4881
6873
  relatedSafeguards: ["17.4"],
4882
- keywords: ["define", "mechanisms", "communicating", "incident", "response", "primary", "secondary", "communicate", "report", "security", "incident", "phone", "calls", "emails", "secure", "chat"]
6874
+ keywords: ["define", "mechanisms", "communicating", "incident", "response", "primary", "secondary", "communicate", "report", "security", "incident", "phone", "calls", "emails", "secure", "chat"],
6875
+ systemPrompt: {
6876
+ role: "incident_communication_mechanism_expert",
6877
+ context: "You are evaluating incident communication mechanism solutions against CIS Control 17.6 requirements for defining primary and secondary communication mechanisms during security incidents including resilient communication methods.",
6878
+ objective: "Determine if a vendor solution provides comprehensive incident communication mechanism capabilities including primary/secondary methods, resilient communication systems, and annual mechanism review processes.",
6879
+ guidelines: [
6880
+ "Verify primary and secondary communication mechanism definition for incident response",
6881
+ "Confirm diverse communication methods (phone calls, emails, secure chat, notification letters)",
6882
+ "Validate communication method resilience during security incidents",
6883
+ "Assess backup communication method availability when primary systems are compromised",
6884
+ "Review secure messaging systems and notification system integration",
6885
+ "Check annual mechanism review and enterprise change impact assessment"
6886
+ ],
6887
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6888
+ }
4883
6889
  },
4884
6890
  "17.7": {
4885
6891
  id: "17.7",
@@ -4912,7 +6918,21 @@ export class SafeguardManager {
4912
6918
  "testing schedules and protocols"
4913
6919
  ],
4914
6920
  relatedSafeguards: ["17.4"],
4915
- keywords: ["conduct", "routine", "incident", "response", "exercises", "plan", "scenarios", "key", "personnel", "real-world", "incidents", "test", "communication", "channels", "decision-making", "workflows"]
6921
+ keywords: ["conduct", "routine", "incident", "response", "exercises", "plan", "scenarios", "key", "personnel", "real-world", "incidents", "test", "communication", "channels", "decision-making", "workflows"],
6922
+ systemPrompt: {
6923
+ role: "incident_response_exercise_expert",
6924
+ context: "You are evaluating incident response exercise solutions against CIS Control 17.7 requirements for conducting routine exercises and scenarios for key personnel to test communication channels, decision-making, and workflows.",
6925
+ objective: "Determine if a vendor solution provides comprehensive incident response exercise capabilities including routine exercises, scenario planning, personnel training, and annual testing programs for real-world incident preparation.",
6926
+ guidelines: [
6927
+ "Verify routine incident response exercise planning and execution for key personnel",
6928
+ "Confirm scenario development and real-world incident preparation capabilities",
6929
+ "Validate communication channel, decision-making, and workflow testing",
6930
+ "Assess annual testing requirements and exercise frequency management",
6931
+ "Review tabletop exercises and simulation scenario planning frameworks",
6932
+ "Check exercise testing schedules and protocol integration"
6933
+ ],
6934
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6935
+ }
4916
6936
  },
4917
6937
  "17.8": {
4918
6938
  id: "17.8",
@@ -4941,7 +6961,21 @@ export class SafeguardManager {
4941
6961
  "review meeting processes"
4942
6962
  ],
4943
6963
  relatedSafeguards: ["17.4"],
4944
- keywords: ["conduct", "post-incident", "reviews", "prevent", "incident", "recurrence", "identifying", "lessons", "learned", "follow-up", "action"]
6964
+ keywords: ["conduct", "post-incident", "reviews", "prevent", "incident", "recurrence", "identifying", "lessons", "learned", "follow-up", "action"],
6965
+ systemPrompt: {
6966
+ role: "post_incident_review_expert",
6967
+ context: "You are evaluating post-incident review solutions against CIS Control 17.8 requirements for conducting post-incident reviews to prevent recurrence through lessons learned identification and follow-up actions.",
6968
+ objective: "Determine if a vendor solution provides comprehensive post-incident review capabilities including incident recurrence prevention, lessons learned documentation, and follow-up action management.",
6969
+ guidelines: [
6970
+ "Verify post-incident review process implementation and execution",
6971
+ "Confirm incident recurrence prevention and lessons learned identification",
6972
+ "Validate follow-up action planning and implementation tracking",
6973
+ "Assess post-incident review documentation and improvement processes",
6974
+ "Review lessons learned documentation and improvement action plan integration",
6975
+ "Check review meeting processes and continuous improvement capabilities"
6976
+ ],
6977
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6978
+ }
4945
6979
  },
4946
6980
  "17.9": {
4947
6981
  id: "17.9",
@@ -4974,7 +7008,21 @@ export class SafeguardManager {
4974
7008
  "incident categorization tools"
4975
7009
  ],
4976
7010
  relatedSafeguards: ["17.4"],
4977
- keywords: ["establish", "maintain", "security", "incident", "thresholds", "differentiating", "incident", "event", "abnormal", "activity", "vulnerability", "weakness", "data", "breach", "privacy"]
7011
+ keywords: ["establish", "maintain", "security", "incident", "thresholds", "differentiating", "incident", "event", "abnormal", "activity", "vulnerability", "weakness", "data", "breach", "privacy"],
7012
+ systemPrompt: {
7013
+ role: "incident_threshold_classification_expert",
7014
+ context: "You are evaluating security incident threshold and classification solutions against CIS Control 17.9 requirements for establishing incident thresholds including incident/event differentiation and classification criteria.",
7015
+ objective: "Determine if a vendor solution provides comprehensive security incident threshold capabilities including incident/event differentiation, classification criteria, and annual threshold review processes.",
7016
+ guidelines: [
7017
+ "Verify security incident threshold establishment and maintenance",
7018
+ "Confirm incident and event differentiation and classification criteria",
7019
+ "Validate incident classification including abnormal activity, vulnerabilities, weaknesses, data breaches, privacy incidents",
7020
+ "Assess annual threshold review and enterprise change impact assessment",
7021
+ "Review incident classification frameworks and threshold definition templates",
7022
+ "Check severity rating systems and incident categorization tool integration"
7023
+ ],
7024
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
7025
+ }
4978
7026
  },
4979
7027
  // Control 18: Penetration Testing
4980
7028
  "18.1": {
@@ -5013,7 +7061,21 @@ export class SafeguardManager {
5013
7061
  "testing frequency schedules"
5014
7062
  ],
5015
7063
  relatedSafeguards: ["18.2", "18.3", "18.4", "18.5"],
5016
- keywords: ["establish", "maintain", "penetration", "testing", "program", "scope", "network", "web", "application", "API", "hosted", "services", "frequency", "limitations", "remediation"]
7064
+ keywords: ["establish", "maintain", "penetration", "testing", "program", "scope", "network", "web", "application", "API", "hosted", "services", "frequency", "limitations", "remediation"],
7065
+ systemPrompt: {
7066
+ role: "penetration_testing_program_expert",
7067
+ context: "You are evaluating penetration testing program solutions against CIS Control 18.1 requirements for establishing comprehensive programs appropriate to enterprise size, complexity, industry, and maturity with defined scope, frequency, limitations, and remediation procedures.",
7068
+ objective: "Determine if a vendor solution provides comprehensive penetration testing program capabilities including program establishment, scope definition, frequency management, limitation setting, and remediation procedures.",
7069
+ guidelines: [
7070
+ "Verify penetration testing program establishment appropriate to enterprise characteristics",
7071
+ "Confirm comprehensive scope including network, web application, API, hosted services, physical premises",
7072
+ "Validate frequency requirements and limitation management (acceptable hours, excluded attacks)",
7073
+ "Assess point of contact information and remediation procedure integration",
7074
+ "Review penetration testing frameworks and program documentation templates",
7075
+ "Check retrospective requirements and scope definition guideline integration"
7076
+ ],
7077
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
7078
+ }
5017
7079
  },
5018
7080
  "18.2": {
5019
7081
  id: "18.2",
@@ -5048,7 +7110,21 @@ export class SafeguardManager {
5048
7110
  "clear box and opaque box methodologies"
5049
7111
  ],
5050
7112
  relatedSafeguards: ["18.1", "18.3", "18.4"],
5051
- keywords: ["perform", "periodic", "external", "penetration", "tests", "annually", "enterprise", "environmental", "reconnaissance", "exploitable", "information", "qualified", "party", "clear", "box", "opaque", "box"]
7113
+ keywords: ["perform", "periodic", "external", "penetration", "tests", "annually", "enterprise", "environmental", "reconnaissance", "exploitable", "information", "qualified", "party", "clear", "box", "opaque", "box"],
7114
+ systemPrompt: {
7115
+ role: "external_penetration_testing_expert",
7116
+ context: "You are evaluating external penetration testing solutions against CIS Control 18.2 requirements for performing periodic external penetration tests including enterprise and environmental reconnaissance with qualified party execution and clear/opaque box methodologies.",
7117
+ objective: "Determine if a vendor solution provides comprehensive external penetration testing capabilities including annual testing, reconnaissance, exploitable information detection, qualified party execution, and clear/opaque box methodologies.",
7118
+ guidelines: [
7119
+ "Verify periodic external penetration testing based on program requirements (minimum annually)",
7120
+ "Confirm enterprise and environmental reconnaissance capabilities for exploitable information detection",
7121
+ "Validate qualified party requirements and specialized skills/experience verification",
7122
+ "Assess clear box and opaque box testing methodology support",
7123
+ "Review external penetration testing services and reconnaissance tool integration",
7124
+ "Check qualified penetration testing vendor capabilities and methodology frameworks"
7125
+ ],
7126
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
7127
+ }
5052
7128
  },
5053
7129
  "18.3": {
5054
7130
  id: "18.3",
@@ -5079,7 +7155,21 @@ export class SafeguardManager {
5079
7155
  "impact assessment methodologies"
5080
7156
  ],
5081
7157
  relatedSafeguards: ["18.1", "18.2", "18.5"],
5082
- keywords: ["remediate", "penetration", "test", "findings", "documented", "vulnerability", "remediation", "process", "timeline", "level", "effort", "impact", "prioritization"]
7158
+ keywords: ["remediate", "penetration", "test", "findings", "documented", "vulnerability", "remediation", "process", "timeline", "level", "effort", "impact", "prioritization"],
7159
+ systemPrompt: {
7160
+ role: "penetration_test_remediation_expert",
7161
+ context: "You are evaluating penetration test finding remediation solutions against CIS Control 18.3 requirements for remediating findings based on documented vulnerability remediation processes with timeline, effort, impact, and prioritization assessment.",
7162
+ objective: "Determine if a vendor solution provides comprehensive penetration test finding remediation capabilities including documented processes, timeline determination, effort assessment, impact analysis, and finding prioritization.",
7163
+ guidelines: [
7164
+ "Verify penetration test finding remediation based on documented vulnerability processes",
7165
+ "Confirm timeline determination and level of effort assessment capabilities",
7166
+ "Validate impact assessment and finding prioritization frameworks",
7167
+ "Assess vulnerability remediation workflow integration and tracking systems",
7168
+ "Review finding prioritization frameworks and remediation tracking systems",
7169
+ "Check impact assessment methodologies and remediation process compliance"
7170
+ ],
7171
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
7172
+ }
5083
7173
  },
5084
7174
  "18.4": {
5085
7175
  id: "18.4",
@@ -5109,7 +7199,21 @@ export class SafeguardManager {
5109
7199
  "technique analysis methodologies"
5110
7200
  ],
5111
7201
  relatedSafeguards: ["18.1", "18.2", "18.5"],
5112
- keywords: ["validate", "security", "measures", "penetration", "test", "modify", "rulesets", "capabilities", "detect", "techniques", "testing"]
7202
+ keywords: ["validate", "security", "measures", "penetration", "test", "modify", "rulesets", "capabilities", "detect", "techniques", "testing"],
7203
+ systemPrompt: {
7204
+ role: "security_measure_validation_expert",
7205
+ context: "You are evaluating security measure validation solutions against CIS Control 18.4 requirements for validating security measures after penetration tests and modifying rulesets/capabilities to detect testing techniques.",
7206
+ objective: "Determine if a vendor solution provides comprehensive security measure validation capabilities including post-test validation, ruleset modification, capability enhancement, and technique detection improvement.",
7207
+ guidelines: [
7208
+ "Verify security measure validation after each penetration test",
7209
+ "Confirm ruleset and capability modification for technique detection improvement",
7210
+ "Validate detection enhancement for techniques used during penetration testing",
7211
+ "Assess security control validation frameworks and detection rule tuning",
7212
+ "Review capability enhancement procedures and technique analysis methodologies",
7213
+ "Check security measure effectiveness and penetration test technique integration"
7214
+ ],
7215
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
7216
+ }
5113
7217
  },
5114
7218
  "18.5": {
5115
7219
  id: "18.5",
@@ -5138,7 +7242,21 @@ export class SafeguardManager {
5138
7242
  "internal security assessment frameworks"
5139
7243
  ],
5140
7244
  relatedSafeguards: ["18.1", "18.3", "18.4"],
5141
- keywords: ["perform", "periodic", "internal", "penetration", "tests", "program", "requirements", "annually", "clear", "box", "opaque", "box"]
7245
+ keywords: ["perform", "periodic", "internal", "penetration", "tests", "program", "requirements", "annually", "clear", "box", "opaque", "box"],
7246
+ systemPrompt: {
7247
+ role: "internal_penetration_testing_expert",
7248
+ context: "You are evaluating internal penetration testing solutions against CIS Control 18.5 requirements for performing periodic internal penetration tests based on program requirements with annual frequency and clear/opaque box methodologies.",
7249
+ objective: "Determine if a vendor solution provides comprehensive internal penetration testing capabilities including periodic testing, program requirements compliance, annual frequency, and clear/opaque box approaches.",
7250
+ guidelines: [
7251
+ "Verify periodic internal penetration testing based on program requirements (minimum annually)",
7252
+ "Confirm annual testing frequency and program requirements compliance",
7253
+ "Validate clear box and opaque box testing methodology support",
7254
+ "Assess internal penetration testing tools and methodology integration",
7255
+ "Review internal testing methodologies and security assessment frameworks",
7256
+ "Check internal penetration testing capability and approach effectiveness"
7257
+ ],
7258
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
7259
+ }
5142
7260
  }
5143
7261
  };
5144
7262
  }