framework-mcp 1.4.0 → 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -238,7 +238,19 @@ export class SafeguardManager {
238
238
  "For mobile end-user devices, MDM type tools can support this process, where appropriate"
239
239
  ],
240
240
  relatedSafeguards: ["1.2", "1.3", "1.4", "1.5", "2.1", "3.2", "4.1", "5.1"],
241
- keywords: ["asset", "inventory", "device", "network", "mobile", "IoT", "server", "detailed", "accurate", "up-to-date"]
241
+ keywords: ["asset", "inventory", "device", "network", "mobile", "IoT", "server", "detailed", "accurate", "up-to-date"],
242
+ systemPrompt: {
243
+ role: "asset_inventory_expert",
244
+ context: "You are evaluating enterprise asset inventory solutions against CIS Control 1.1 requirements for comprehensive asset tracking.",
245
+ objective: "Determine if a vendor solution provides complete, accurate, and up-to-date enterprise asset inventory capabilities.",
246
+ guidelines: [
247
+ "Verify coverage of all asset types: end-user devices, network devices, IoT, servers",
248
+ "Confirm data collection includes: network/hardware addresses, machine names, ownership, department approval",
249
+ "Validate inventory accuracy and real-time updating capabilities",
250
+ "Assess policy/process management and bi-annual review compliance"
251
+ ],
252
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
253
+ }
242
254
  },
243
255
  "5.1": {
244
256
  id: "5.1",
@@ -277,7 +289,21 @@ export class SafeguardManager {
277
289
  "Identity and Access Management Tool"
278
290
  ],
279
291
  relatedSafeguards: ["1.1", "2.1", "5.2", "5.3", "5.4", "5.5", "5.6", "6.1", "6.2", "6.7", "12.8"],
280
- keywords: ["establish", "maintain", "inventory", "accounts", "user", "administrator", "name", "username", "dates", "department", "quarterly", "validate", "authorized", "recurring"]
292
+ keywords: ["establish", "maintain", "inventory", "accounts", "user", "administrator", "name", "username", "dates", "department", "quarterly", "validate", "authorized", "recurring"],
293
+ systemPrompt: {
294
+ role: "account_inventory_specialist",
295
+ context: "You are evaluating account management solutions against CIS Control 5.1 requirements for comprehensive account inventory and validation.",
296
+ objective: "Determine if a vendor solution provides complete account inventory management with quarterly validation processes.",
297
+ guidelines: [
298
+ "Verify comprehensive account inventory for all user and administrator accounts",
299
+ "Confirm tracking of required metadata (name, username, start/stop dates, department)",
300
+ "Validate quarterly account authorization review processes",
301
+ "Assess automated account discovery and lifecycle management",
302
+ "Review unauthorized account detection and remediation",
303
+ "Check compliance reporting and audit trail capabilities"
304
+ ],
305
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
306
+ }
281
307
  },
282
308
  "6.3": {
283
309
  id: "6.3",
@@ -308,7 +334,21 @@ export class SafeguardManager {
308
334
  "Multi-Factor Authentication Tool"
309
335
  ],
310
336
  relatedSafeguards: ["2.1", "4.1"],
311
- keywords: ["require", "externally-exposed", "enterprise", "third-party", "applications", "enforce", "MFA", "supported", "directory", "service", "SSO", "provider"]
337
+ keywords: ["require", "externally-exposed", "enterprise", "third-party", "applications", "enforce", "MFA", "supported", "directory", "service", "SSO", "provider"],
338
+ systemPrompt: {
339
+ role: "multi_factor_authentication_expert",
340
+ context: "You are evaluating multi-factor authentication solutions against CIS Control 6.3 requirements for externally-exposed application protection.",
341
+ objective: "Determine if a vendor solution provides comprehensive MFA enforcement for externally-exposed enterprise and third-party applications.",
342
+ guidelines: [
343
+ "Verify MFA enforcement for all externally-exposed applications",
344
+ "Confirm support for enterprise and third-party application integration",
345
+ "Validate directory service and SSO provider MFA implementation",
346
+ "Assess MFA method variety and adaptive authentication",
347
+ "Review policy-based MFA enforcement and exception handling",
348
+ "Check compliance monitoring and MFA adoption reporting"
349
+ ],
350
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
351
+ }
312
352
  },
313
353
  "7.1": {
314
354
  id: "7.1",
@@ -350,7 +390,21 @@ export class SafeguardManager {
350
390
  "vulnerability management platforms"
351
391
  ],
352
392
  relatedSafeguards: ["1.1", "2.1", "7.2", "7.3", "7.4", "7.5", "7.6", "7.7"],
353
- keywords: ["vulnerability", "management", "process", "documented", "annual", "review", "enterprise", "assets"]
393
+ keywords: ["vulnerability", "management", "process", "documented", "annual", "review", "enterprise", "assets"],
394
+ systemPrompt: {
395
+ role: "vulnerability_management_process_expert",
396
+ context: "You are evaluating vulnerability management solutions against CIS Control 7.1 requirements for establishing documented vulnerability management processes.",
397
+ objective: "Determine if a vendor solution provides comprehensive vulnerability management process establishment and maintenance capabilities.",
398
+ guidelines: [
399
+ "Verify documented vulnerability management process creation",
400
+ "Confirm process maintenance and annual review capabilities",
401
+ "Validate enterprise asset scope coverage and procedures",
402
+ "Assess vulnerability identification and assessment workflows",
403
+ "Review process update mechanisms for enterprise changes",
404
+ "Check policy integration and governance framework alignment"
405
+ ],
406
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
407
+ }
354
408
  },
355
409
  "1.2": {
356
410
  id: "1.2",
@@ -373,7 +427,19 @@ export class SafeguardManager {
373
427
  "The enterprise may choose to remove the asset from the network, deny the asset from connecting remotely to the network, or quarantine the asset"
374
428
  ],
375
429
  relatedSafeguards: ["1.1", "1.3"],
376
- keywords: ["unauthorized", "assets", "weekly", "remove", "deny", "quarantine", "process"]
430
+ keywords: ["unauthorized", "assets", "weekly", "remove", "deny", "quarantine", "process"],
431
+ systemPrompt: {
432
+ role: "asset_inventory_expert",
433
+ context: "You are evaluating solutions for addressing unauthorized assets against CIS Control 1.2 requirements for weekly remediation processes.",
434
+ objective: "Determine if a vendor solution provides automated detection and remediation of unauthorized assets on the network.",
435
+ guidelines: [
436
+ "Verify automated detection of unauthorized assets connected to the network",
437
+ "Confirm weekly or more frequent remediation processes",
438
+ "Assess capabilities for asset removal, network denial, or quarantine actions",
439
+ "Validate integration with asset inventory systems for authorization checks"
440
+ ],
441
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
442
+ }
377
443
  },
378
444
  "1.3": {
379
445
  id: "1.3",
@@ -398,7 +464,19 @@ export class SafeguardManager {
398
464
  implementationSuggestions: [ // Gray - Implementation suggestions
399
465
  ],
400
466
  relatedSafeguards: ["1.1", "1.2", "1.4", "1.5"],
401
- keywords: ["active", "discovery", "tool", "identify", "assets", "network", "scanning", "mapping"]
467
+ keywords: ["active", "discovery", "tool", "identify", "assets", "network", "scanning", "mapping"],
468
+ systemPrompt: {
469
+ role: "asset_inventory_expert",
470
+ context: "You are evaluating active discovery tools against CIS Control 1.3 requirements for daily network asset identification.",
471
+ objective: "Determine if a vendor solution provides active discovery capabilities to automatically identify network-connected assets.",
472
+ guidelines: [
473
+ "Verify active network scanning and asset discovery capabilities",
474
+ "Confirm daily or more frequent execution scheduling",
475
+ "Assess accuracy of asset identification across network segments",
476
+ "Validate integration with asset inventory systems for automatic updates"
477
+ ],
478
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
479
+ }
402
480
  },
403
481
  "1.4": {
404
482
  id: "1.4",
@@ -425,7 +503,19 @@ export class SafeguardManager {
425
503
  implementationSuggestions: [ // Gray - Implementation suggestions
426
504
  ],
427
505
  relatedSafeguards: ["1.1", "1.2", "1.3", "1.5"],
428
- keywords: ["DHCP", "logging", "update", "asset", "inventory", "IP", "address", "network", "tracking"]
506
+ keywords: ["DHCP", "logging", "update", "asset", "inventory", "IP", "address", "network", "tracking"],
507
+ systemPrompt: {
508
+ role: "asset_inventory_expert",
509
+ context: "You are evaluating DHCP logging and IPAM solutions against CIS Control 1.4 requirements for network-based asset tracking.",
510
+ objective: "Determine if a vendor solution provides DHCP logging or IP address management capabilities to enhance asset inventory accuracy.",
511
+ guidelines: [
512
+ "Verify DHCP logging capabilities on all DHCP servers",
513
+ "Assess IP address management (IPAM) tool functionality",
514
+ "Confirm weekly or more frequent log review and asset inventory updates",
515
+ "Validate automatic correlation of IP assignments with asset records"
516
+ ],
517
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
518
+ }
429
519
  },
430
520
  "1.5": {
431
521
  id: "1.5",
@@ -451,7 +541,19 @@ export class SafeguardManager {
451
541
  implementationSuggestions: [ // Gray - Implementation suggestions
452
542
  ],
453
543
  relatedSafeguards: ["1.1", "1.2", "1.3", "1.4"],
454
- keywords: ["passive", "discovery", "tool", "identify", "assets", "network", "traffic", "monitoring", "non-intrusive"]
544
+ keywords: ["passive", "discovery", "tool", "identify", "assets", "network", "traffic", "monitoring", "non-intrusive"],
545
+ systemPrompt: {
546
+ role: "asset_inventory_expert",
547
+ context: "You are evaluating passive discovery tools against CIS Control 1.5 requirements for non-intrusive network asset identification.",
548
+ objective: "Determine if a vendor solution provides passive discovery capabilities to identify network assets without active scanning.",
549
+ guidelines: [
550
+ "Verify passive network monitoring and asset discovery capabilities",
551
+ "Assess non-intrusive traffic analysis for asset identification",
552
+ "Confirm weekly or more frequent scan review and inventory updates",
553
+ "Validate integration with asset inventory systems for comprehensive coverage"
554
+ ],
555
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
556
+ }
455
557
  },
456
558
  "2.1": {
457
559
  id: "2.1",
@@ -489,7 +591,19 @@ export class SafeguardManager {
489
591
  implementationSuggestions: [ // Gray - Implementation suggestions
490
592
  ],
491
593
  relatedSafeguards: ["1.1", "2.2", "2.3", "2.4", "2.5", "2.6", "2.7"],
492
- keywords: ["software", "inventory", "licensed", "detailed", "enterprise", "assets", "applications"]
594
+ keywords: ["software", "inventory", "licensed", "detailed", "enterprise", "assets", "applications"],
595
+ systemPrompt: {
596
+ role: "asset_inventory_expert",
597
+ context: "You are evaluating software inventory solutions against CIS Control 2.1 requirements for comprehensive licensed software tracking.",
598
+ objective: "Determine if a vendor solution provides complete software inventory capabilities for all licensed applications on enterprise assets.",
599
+ guidelines: [
600
+ "Verify detailed tracking of all licensed software installations",
601
+ "Confirm documentation includes: title, publisher, install date, business purpose, URL, versions, deployment mechanism",
602
+ "Assess bi-annual or more frequent inventory review capabilities",
603
+ "Validate integration with asset management systems for comprehensive coverage"
604
+ ],
605
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
606
+ }
493
607
  },
494
608
  "2.2": {
495
609
  id: "2.2",
@@ -519,7 +633,19 @@ export class SafeguardManager {
519
633
  implementationSuggestions: [ // Gray - Implementation suggestions
520
634
  ],
521
635
  relatedSafeguards: ["2.1", "2.3", "2.4", "2.5", "2.6", "2.7"],
522
- keywords: ["supported", "software", "authorized", "designated", "inventory", "lifecycle", "end-of-life"]
636
+ keywords: ["supported", "software", "authorized", "designated", "inventory", "lifecycle", "end-of-life"],
637
+ systemPrompt: {
638
+ role: "asset_inventory_expert",
639
+ context: "You are evaluating software lifecycle management solutions against CIS Control 2.2 requirements for ensuring only supported software is authorized.",
640
+ objective: "Determine if a vendor solution provides capabilities to track software support status and manage authorization based on vendor support lifecycle.",
641
+ guidelines: [
642
+ "Verify tracking of software vendor support status and end-of-life dates",
643
+ "Assess automated designation of supported software as authorized",
644
+ "Confirm exception documentation capabilities for necessary unsupported software",
645
+ "Validate monthly or more frequent review processes for software support status"
646
+ ],
647
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
648
+ }
523
649
  },
524
650
  "2.3": {
525
651
  id: "2.3",
@@ -545,7 +671,19 @@ export class SafeguardManager {
545
671
  implementationSuggestions: [ // Gray - Implementation suggestions
546
672
  ],
547
673
  relatedSafeguards: ["2.1", "2.2", "2.4", "2.5", "2.6", "2.7"],
548
- keywords: ["unauthorized", "software", "removed", "approved", "enterprise", "assets", "address"]
674
+ keywords: ["unauthorized", "software", "removed", "approved", "enterprise", "assets", "address"],
675
+ systemPrompt: {
676
+ role: "asset_inventory_expert",
677
+ context: "You are evaluating software remediation solutions against CIS Control 2.3 requirements for addressing unauthorized software on enterprise assets.",
678
+ objective: "Determine if a vendor solution provides capabilities to detect and remediate unauthorized software installations.",
679
+ guidelines: [
680
+ "Verify automated detection of unauthorized software on enterprise assets",
681
+ "Assess software removal and uninstallation capabilities",
682
+ "Confirm exception documentation and approval workflow features",
683
+ "Validate monthly or more frequent review and remediation processes"
684
+ ],
685
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
686
+ }
549
687
  },
550
688
  "2.4": {
551
689
  id: "2.4",
@@ -571,7 +709,19 @@ export class SafeguardManager {
571
709
  implementationSuggestions: [ // Gray - Implementation suggestions
572
710
  ],
573
711
  relatedSafeguards: ["2.1", "2.2", "2.3", "2.5", "2.6", "2.7"],
574
- keywords: ["automated", "software", "inventory", "tools", "enterprise", "deployment", "discovery"]
712
+ keywords: ["automated", "software", "inventory", "tools", "enterprise", "deployment", "discovery"],
713
+ systemPrompt: {
714
+ role: "asset_inventory_expert",
715
+ context: "You are evaluating automated software inventory tools against CIS Control 2.4 requirements for enterprise-wide software discovery and documentation.",
716
+ objective: "Determine if a vendor solution provides automated software discovery and inventory capabilities across the enterprise.",
717
+ guidelines: [
718
+ "Verify automated software discovery capabilities across all enterprise assets",
719
+ "Assess comprehensive documentation of installed software details",
720
+ "Confirm enterprise-wide deployment and coverage capabilities",
721
+ "Validate integration with centralized inventory management systems"
722
+ ],
723
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
724
+ }
575
725
  },
576
726
  "2.5": {
577
727
  id: "2.5",
@@ -602,7 +752,19 @@ export class SafeguardManager {
602
752
  "Application Allowlisting"
603
753
  ],
604
754
  relatedSafeguards: ["2.1", "2.2", "2.3", "2.4", "2.6", "2.7"],
605
- keywords: ["allowlist", "authorized", "software", "technical", "controls", "application", "execution"]
755
+ keywords: ["allowlist", "authorized", "software", "technical", "controls", "application", "execution"],
756
+ systemPrompt: {
757
+ role: "asset_inventory_expert",
758
+ context: "You are evaluating application allowlisting solutions against CIS Control 2.5 requirements for restricting software execution to authorized applications only.",
759
+ objective: "Determine if a vendor solution provides technical controls to allowlist authorized software and prevent unauthorized execution.",
760
+ guidelines: [
761
+ "Verify application allowlisting and execution control capabilities",
762
+ "Assess technical controls for software execution restriction",
763
+ "Confirm bi-annual or more frequent reassessment processes",
764
+ "Validate policy management and exception handling features"
765
+ ],
766
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
767
+ }
606
768
  },
607
769
  "2.6": {
608
770
  id: "2.6",
@@ -637,7 +799,19 @@ export class SafeguardManager {
637
799
  "Specific .so files"
638
800
  ],
639
801
  relatedSafeguards: ["2.1", "2.2", "2.3", "2.4", "2.5", "2.7"],
640
- keywords: ["allowlist", "authorized", "libraries", "dll", "ocx", "so", "system", "process", "technical"]
802
+ keywords: ["allowlist", "authorized", "libraries", "dll", "ocx", "so", "system", "process", "technical"],
803
+ systemPrompt: {
804
+ role: "asset_inventory_expert",
805
+ context: "You are evaluating library allowlisting solutions against CIS Control 2.6 requirements for restricting software library loading to authorized libraries only.",
806
+ objective: "Determine if a vendor solution provides technical controls to allowlist authorized software libraries and prevent unauthorized library loading.",
807
+ guidelines: [
808
+ "Verify software library allowlisting capabilities for .dll, .ocx, .so files",
809
+ "Assess technical controls for preventing unauthorized library loading",
810
+ "Confirm bi-annual or more frequent reassessment processes",
811
+ "Validate system process protection and library validation features"
812
+ ],
813
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
814
+ }
641
815
  },
642
816
  "2.7": {
643
817
  id: "2.7",
@@ -671,7 +845,19 @@ export class SafeguardManager {
671
845
  "Specific .py files"
672
846
  ],
673
847
  relatedSafeguards: ["2.1", "2.2", "2.3", "2.4", "2.5", "2.6"],
674
- keywords: ["allowlist", "authorized", "scripts", "digital", "signatures", "version", "control", "execution"]
848
+ keywords: ["allowlist", "authorized", "scripts", "digital", "signatures", "version", "control", "execution"],
849
+ systemPrompt: {
850
+ role: "asset_inventory_expert",
851
+ context: "You are evaluating script allowlisting solutions against CIS Control 2.7 requirements for restricting script execution to authorized scripts only.",
852
+ objective: "Determine if a vendor solution provides technical controls to allowlist authorized scripts and prevent unauthorized script execution.",
853
+ guidelines: [
854
+ "Verify script allowlisting capabilities for .ps1, .py, and other script files",
855
+ "Assess digital signature validation and version control integration",
856
+ "Confirm bi-annual or more frequent reassessment processes",
857
+ "Validate script blocking capabilities for unauthorized execution attempts"
858
+ ],
859
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
860
+ }
675
861
  },
676
862
  "3.1": {
677
863
  id: "3.1",
@@ -704,7 +890,21 @@ export class SafeguardManager {
704
890
  implementationSuggestions: [ // Gray - Implementation suggestions
705
891
  ],
706
892
  relatedSafeguards: ["3.2", "3.3", "3.4", "3.5", "3.6", "3.7", "3.8", "3.9", "3.10", "3.11", "3.12", "3.13", "3.14"],
707
- keywords: ["data", "management", "process", "establish", "maintain", "governance", "lifecycle"]
893
+ keywords: ["data", "management", "process", "establish", "maintain", "governance", "lifecycle"],
894
+ systemPrompt: {
895
+ role: "data_governance_expert",
896
+ context: "You are evaluating data management solutions against CIS Control 3.1 requirements for comprehensive data governance processes.",
897
+ objective: "Determine if a vendor solution provides documented data management processes covering sensitivity, ownership, handling, retention, and disposal.",
898
+ guidelines: [
899
+ "Verify comprehensive data management process documentation",
900
+ "Confirm coverage of data sensitivity classification and handling procedures",
901
+ "Validate data ownership assignment and accountability measures",
902
+ "Assess retention policies with both minimum and maximum limits",
903
+ "Review disposal requirements commensurate with data sensitivity",
904
+ "Check annual review processes and change management triggers"
905
+ ],
906
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
907
+ }
708
908
  },
709
909
  "3.2": {
710
910
  id: "3.2",
@@ -733,7 +933,21 @@ export class SafeguardManager {
733
933
  implementationSuggestions: [ // Gray - Implementation suggestions
734
934
  ],
735
935
  relatedSafeguards: ["1.1", "3.1", "3.3", "3.4", "3.5", "3.6", "3.7", "3.8", "3.9", "3.10", "3.11", "3.12", "3.13", "3.14"],
736
- keywords: ["data", "inventory", "enterprise", "management", "process", "identification", "tracking"]
936
+ keywords: ["data", "inventory", "enterprise", "management", "process", "identification", "tracking"],
937
+ systemPrompt: {
938
+ role: "data_inventory_specialist",
939
+ context: "You are evaluating data inventory solutions against CIS Control 3.2 requirements for comprehensive data asset tracking.",
940
+ objective: "Determine if a vendor solution provides complete data inventory capabilities based on enterprise data management processes.",
941
+ guidelines: [
942
+ "Verify comprehensive data inventory creation and maintenance",
943
+ "Confirm sensitive data identification and prioritization",
944
+ "Validate integration with enterprise data management processes",
945
+ "Assess annual review and update mechanisms",
946
+ "Check inventory accuracy and completeness coverage",
947
+ "Review automated discovery and classification capabilities"
948
+ ],
949
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
950
+ }
737
951
  },
738
952
  "3.3": {
739
953
  id: "3.3",
@@ -761,7 +975,21 @@ export class SafeguardManager {
761
975
  implementationSuggestions: [ // Gray - Implementation suggestions
762
976
  ],
763
977
  relatedSafeguards: ["3.1", "3.2", "3.4", "3.5", "3.6", "5.1", "6.1", "6.2"],
764
- keywords: ["data", "access", "control", "lists", "need", "know", "user", "permissions"]
978
+ keywords: ["data", "access", "control", "lists", "need", "know", "user", "permissions"],
979
+ systemPrompt: {
980
+ role: "access_control_specialist",
981
+ context: "You are evaluating data access control solutions against CIS Control 3.3 requirements for need-to-know access management.",
982
+ objective: "Determine if a vendor solution provides comprehensive data access control lists with need-to-know enforcement capabilities.",
983
+ guidelines: [
984
+ "Verify granular access control list configuration and management",
985
+ "Confirm need-to-know principle enforcement mechanisms",
986
+ "Validate coverage across local and remote file systems",
987
+ "Assess database and application access permission capabilities",
988
+ "Review user-based access control granularity",
989
+ "Check integration with identity and access management systems"
990
+ ],
991
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
992
+ }
765
993
  },
766
994
  "3.4": {
767
995
  id: "3.4",
@@ -788,7 +1016,21 @@ export class SafeguardManager {
788
1016
  implementationSuggestions: [ // Gray - Implementation suggestions
789
1017
  ],
790
1018
  relatedSafeguards: ["3.1", "3.2", "3.5", "3.6", "3.10"],
791
- keywords: ["data", "retention", "enterprise", "management", "process", "lifecycle", "schedule"]
1019
+ keywords: ["data", "retention", "enterprise", "management", "process", "lifecycle", "schedule"],
1020
+ systemPrompt: {
1021
+ role: "data_retention_specialist",
1022
+ context: "You are evaluating data retention solutions against CIS Control 3.4 requirements for enterprise data lifecycle management.",
1023
+ objective: "Determine if a vendor solution provides comprehensive data retention enforcement with minimum and maximum timeline capabilities.",
1024
+ guidelines: [
1025
+ "Verify documented data retention policy implementation",
1026
+ "Confirm minimum and maximum timeline enforcement mechanisms",
1027
+ "Validate integration with enterprise data management processes",
1028
+ "Assess automated retention schedule management",
1029
+ "Review policy compliance monitoring and reporting",
1030
+ "Check data lifecycle automation and enforcement capabilities"
1031
+ ],
1032
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1033
+ }
792
1034
  },
793
1035
  "3.5": {
794
1036
  id: "3.5",
@@ -812,7 +1054,21 @@ export class SafeguardManager {
812
1054
  implementationSuggestions: [ // Gray - Implementation suggestions
813
1055
  ],
814
1056
  relatedSafeguards: ["3.1", "3.2", "3.4", "3.6", "3.10"],
815
- keywords: ["securely", "dispose", "data", "enterprise", "management", "process", "destruction"]
1057
+ keywords: ["securely", "dispose", "data", "enterprise", "management", "process", "destruction"],
1058
+ systemPrompt: {
1059
+ role: "data_disposal_expert",
1060
+ context: "You are evaluating secure data disposal solutions against CIS Control 3.5 requirements for enterprise data destruction.",
1061
+ objective: "Determine if a vendor solution provides secure data disposal capabilities commensurate with data sensitivity levels.",
1062
+ guidelines: [
1063
+ "Verify secure disposal method implementation and effectiveness",
1064
+ "Confirm data sensitivity-appropriate destruction techniques",
1065
+ "Validate integration with enterprise data management processes",
1066
+ "Assess destruction method documentation and verification",
1067
+ "Review disposal process automation and compliance tracking",
1068
+ "Check certification and audit trail capabilities"
1069
+ ],
1070
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1071
+ }
816
1072
  },
817
1073
  "3.6": {
818
1074
  id: "3.6",
@@ -837,7 +1093,21 @@ export class SafeguardManager {
837
1093
  "Linux dm-crypt"
838
1094
  ],
839
1095
  relatedSafeguards: ["1.1", "3.1", "3.2", "3.7", "3.8", "3.9", "3.11"],
840
- keywords: ["encrypt", "data", "end-user", "devices", "sensitive", "protection", "encryption"]
1096
+ keywords: ["encrypt", "data", "end-user", "devices", "sensitive", "protection", "encryption"],
1097
+ systemPrompt: {
1098
+ role: "endpoint_encryption_specialist",
1099
+ context: "You are evaluating endpoint encryption solutions against CIS Control 3.6 requirements for end-user device data protection.",
1100
+ objective: "Determine if a vendor solution provides comprehensive end-user device encryption for sensitive data protection.",
1101
+ guidelines: [
1102
+ "Verify full disk encryption implementation on end-user devices",
1103
+ "Confirm sensitive data encryption coverage and strength",
1104
+ "Validate encryption key management and recovery capabilities",
1105
+ "Assess cross-platform support (Windows, macOS, Linux)",
1106
+ "Review centralized encryption policy management",
1107
+ "Check compliance reporting and device encryption status monitoring"
1108
+ ],
1109
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1110
+ }
841
1111
  },
842
1112
  "3.7": {
843
1113
  id: "3.7",
@@ -868,7 +1138,21 @@ export class SafeguardManager {
868
1138
  "Public"
869
1139
  ],
870
1140
  relatedSafeguards: ["3.1", "3.2", "3.3", "3.8", "3.9", "3.10", "3.11", "3.12"],
871
- keywords: ["establish", "maintain", "data", "classification", "scheme", "sensitivity", "labeling"]
1141
+ keywords: ["establish", "maintain", "data", "classification", "scheme", "sensitivity", "labeling"],
1142
+ systemPrompt: {
1143
+ role: "data_classification_expert",
1144
+ context: "You are evaluating data classification solutions against CIS Control 3.7 requirements for enterprise data sensitivity management.",
1145
+ objective: "Determine if a vendor solution provides comprehensive data classification scheme establishment and maintenance capabilities.",
1146
+ guidelines: [
1147
+ "Verify data classification scheme creation and management",
1148
+ "Confirm sensitivity label implementation (Sensitive, Confidential, Public)",
1149
+ "Validate automated data classification and labeling capabilities",
1150
+ "Assess annual review and update processes",
1151
+ "Review integration with enterprise data management processes",
1152
+ "Check policy enforcement and compliance monitoring"
1153
+ ],
1154
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1155
+ }
872
1156
  },
873
1157
  "3.8": {
874
1158
  id: "3.8",
@@ -898,7 +1182,21 @@ export class SafeguardManager {
898
1182
  "Service provider documentation"
899
1183
  ],
900
1184
  relatedSafeguards: ["3.1", "3.2", "3.7", "3.9", "3.10", "3.11"],
901
- keywords: ["document", "data", "flows", "sensitive", "mapping", "tracking", "lineage"]
1185
+ keywords: ["document", "data", "flows", "sensitive", "mapping", "tracking", "lineage"],
1186
+ systemPrompt: {
1187
+ role: "data_flow_analyst",
1188
+ context: "You are evaluating data flow documentation solutions against CIS Control 3.8 requirements for enterprise data movement tracking.",
1189
+ objective: "Determine if a vendor solution provides comprehensive data flow documentation including service provider interactions.",
1190
+ guidelines: [
1191
+ "Verify comprehensive data flow mapping and documentation",
1192
+ "Confirm service provider data flow tracking capabilities",
1193
+ "Validate integration with enterprise data management processes",
1194
+ "Assess automated data lineage discovery and documentation",
1195
+ "Review annual update and change management processes",
1196
+ "Check visual mapping and reporting capabilities"
1197
+ ],
1198
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1199
+ }
902
1200
  },
903
1201
  "3.9": {
904
1202
  id: "3.9",
@@ -919,7 +1217,21 @@ export class SafeguardManager {
919
1217
  implementationSuggestions: [ // Gray - Implementation suggestions
920
1218
  ],
921
1219
  relatedSafeguards: ["3.1", "3.6", "3.7", "3.10", "3.11"],
922
- keywords: ["encrypt", "data", "removable", "media", "portable", "storage", "USB"]
1220
+ keywords: ["encrypt", "data", "removable", "media", "portable", "storage", "USB"],
1221
+ systemPrompt: {
1222
+ role: "removable_media_security_specialist",
1223
+ context: "You are evaluating removable media encryption solutions against CIS Control 3.9 requirements for portable storage protection.",
1224
+ objective: "Determine if a vendor solution provides comprehensive encryption for data on removable media devices.",
1225
+ guidelines: [
1226
+ "Verify encryption implementation for all removable media types",
1227
+ "Confirm automatic encryption enforcement on USB devices",
1228
+ "Validate encryption key management for portable storage",
1229
+ "Assess policy-based encryption controls and exceptions",
1230
+ "Review centralized management and monitoring capabilities",
1231
+ "Check compliance reporting and device access controls"
1232
+ ],
1233
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1234
+ }
923
1235
  },
924
1236
  "3.10": {
925
1237
  id: "3.10",
@@ -942,7 +1254,21 @@ export class SafeguardManager {
942
1254
  "OpenSSH"
943
1255
  ],
944
1256
  relatedSafeguards: ["3.1", "3.7", "3.8", "3.11", "13.1", "13.2"],
945
- keywords: ["encrypt", "sensitive", "data", "transit", "transmission", "TLS", "communication"]
1257
+ keywords: ["encrypt", "sensitive", "data", "transit", "transmission", "TLS", "communication"],
1258
+ systemPrompt: {
1259
+ role: "data_in_transit_encryption_expert",
1260
+ context: "You are evaluating data-in-transit encryption solutions against CIS Control 3.10 requirements for transmission protection.",
1261
+ objective: "Determine if a vendor solution provides comprehensive encryption for sensitive data during transmission.",
1262
+ guidelines: [
1263
+ "Verify encryption implementation for all data transmissions",
1264
+ "Confirm TLS/SSL protocol support and configuration",
1265
+ "Validate secure communication protocol enforcement",
1266
+ "Assess certificate management and PKI integration",
1267
+ "Review encryption strength and algorithm compliance",
1268
+ "Check monitoring and compliance reporting capabilities"
1269
+ ],
1270
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1271
+ }
946
1272
  },
947
1273
  "3.11": {
948
1274
  id: "3.11",
@@ -972,7 +1298,21 @@ export class SafeguardManager {
972
1298
  "Where access to the data storage device(s) does not permit access to the plain-text data"
973
1299
  ],
974
1300
  relatedSafeguards: ["3.1", "3.6", "3.7", "3.9", "3.10", "11.1"],
975
- keywords: ["encrypt", "sensitive", "data", "rest", "storage", "database", "persistent"]
1301
+ keywords: ["encrypt", "sensitive", "data", "rest", "storage", "database", "persistent"],
1302
+ systemPrompt: {
1303
+ role: "data_at_rest_encryption_specialist",
1304
+ context: "You are evaluating data-at-rest encryption solutions against CIS Control 3.11 requirements for stored data protection.",
1305
+ objective: "Determine if a vendor solution provides comprehensive encryption for sensitive data stored on servers, applications, and databases.",
1306
+ guidelines: [
1307
+ "Verify storage-layer encryption implementation on servers and databases",
1308
+ "Confirm application-layer encryption capabilities for sensitive data",
1309
+ "Validate encryption key management and protection mechanisms",
1310
+ "Assess transparent data encryption and file-level encryption",
1311
+ "Review encryption performance impact and optimization",
1312
+ "Check compliance reporting and encryption status monitoring"
1313
+ ],
1314
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1315
+ }
976
1316
  },
977
1317
  "3.12": {
978
1318
  id: "3.12",
@@ -996,7 +1336,21 @@ export class SafeguardManager {
996
1336
  implementationSuggestions: [ // Gray - Implementation suggestions
997
1337
  ],
998
1338
  relatedSafeguards: ["3.1", "3.7", "12.1", "12.2", "12.3"],
999
- keywords: ["segment", "data", "processing", "storage", "classification", "separation", "isolation"]
1339
+ keywords: ["segment", "data", "processing", "storage", "classification", "separation", "isolation"],
1340
+ systemPrompt: {
1341
+ role: "data_segmentation_architect",
1342
+ context: "You are evaluating data segmentation solutions against CIS Control 3.12 requirements for sensitivity-based data isolation.",
1343
+ objective: "Determine if a vendor solution provides comprehensive data processing and storage segmentation based on sensitivity levels.",
1344
+ guidelines: [
1345
+ "Verify data segmentation implementation based on classification",
1346
+ "Confirm isolation of sensitive data from lower sensitivity environments",
1347
+ "Validate network and storage separation capabilities",
1348
+ "Assess automated policy enforcement for data placement",
1349
+ "Review access control integration with segmentation",
1350
+ "Check monitoring and compliance reporting for data isolation"
1351
+ ],
1352
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1353
+ }
1000
1354
  },
1001
1355
  "3.13": {
1002
1356
  id: "3.13",
@@ -1026,7 +1380,21 @@ export class SafeguardManager {
1026
1380
  "Host-based Data loss Prevention (DLP) tool"
1027
1381
  ],
1028
1382
  relatedSafeguards: ["3.1", "3.7", "3.8", "3.10", "3.11"],
1029
- keywords: ["deploy", "data", "loss", "prevention", "solution", "sensitive", "DLP"]
1383
+ keywords: ["deploy", "data", "loss", "prevention", "solution", "sensitive", "DLP"],
1384
+ systemPrompt: {
1385
+ role: "data_loss_prevention_specialist",
1386
+ context: "You are evaluating Data Loss Prevention solutions against CIS Control 3.13 requirements for automated sensitive data identification and protection.",
1387
+ objective: "Determine if a vendor solution provides comprehensive DLP capabilities for identifying and protecting sensitive data across all enterprise assets.",
1388
+ guidelines: [
1389
+ "Verify automated sensitive data discovery and classification",
1390
+ "Confirm comprehensive coverage across onsite and remote assets",
1391
+ "Validate data inventory integration and updating capabilities",
1392
+ "Assess policy-based data protection and loss prevention",
1393
+ "Review monitoring, alerting, and incident response integration",
1394
+ "Check service provider data protection coverage"
1395
+ ],
1396
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1397
+ }
1030
1398
  },
1031
1399
  "3.14": {
1032
1400
  id: "3.14",
@@ -1050,7 +1418,21 @@ export class SafeguardManager {
1050
1418
  implementationSuggestions: [ // Gray - Implementation suggestions
1051
1419
  ],
1052
1420
  relatedSafeguards: ["3.1", "3.7", "3.8", "8.1", "8.2"],
1053
- keywords: ["log", "sensitive", "data", "access", "modification", "disposal", "audit"]
1421
+ keywords: ["log", "sensitive", "data", "access", "modification", "disposal", "audit"],
1422
+ systemPrompt: {
1423
+ role: "data_access_auditing_expert",
1424
+ context: "You are evaluating data access logging solutions against CIS Control 3.14 requirements for sensitive data activity monitoring.",
1425
+ objective: "Determine if a vendor solution provides comprehensive logging of sensitive data access, modification, and disposal activities.",
1426
+ guidelines: [
1427
+ "Verify comprehensive logging of all sensitive data access events",
1428
+ "Confirm modification and disposal activity tracking",
1429
+ "Validate integration with audit log management systems",
1430
+ "Assess real-time monitoring and alerting capabilities",
1431
+ "Review log retention and analysis capabilities",
1432
+ "Check compliance reporting and forensic investigation support"
1433
+ ],
1434
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1435
+ }
1054
1436
  },
1055
1437
  "4.1": {
1056
1438
  id: "4.1",
@@ -1087,7 +1469,21 @@ export class SafeguardManager {
1087
1469
  "Configuration Management Tool"
1088
1470
  ],
1089
1471
  relatedSafeguards: ["1.1", "2.1", "4.2", "4.3", "4.4", "4.5", "4.6", "4.7", "4.8", "4.9", "4.10", "4.11", "4.12"],
1090
- keywords: ["establish", "maintain", "documented", "secure", "configuration", "process", "enterprise", "assets", "software", "review", "update"]
1472
+ keywords: ["establish", "maintain", "documented", "secure", "configuration", "process", "enterprise", "assets", "software", "review", "update"],
1473
+ systemPrompt: {
1474
+ role: "secure_configuration_expert",
1475
+ context: "You are evaluating secure configuration management solutions against CIS Control 4.1 requirements for enterprise asset hardening.",
1476
+ objective: "Determine if a vendor solution provides comprehensive secure configuration processes for enterprise assets and software.",
1477
+ guidelines: [
1478
+ "Verify documented secure configuration process establishment",
1479
+ "Confirm coverage of all enterprise assets and software types",
1480
+ "Validate configuration baseline management and enforcement",
1481
+ "Assess automated configuration monitoring and remediation",
1482
+ "Review annual process updates and change management",
1483
+ "Check integration with configuration management tools"
1484
+ ],
1485
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1486
+ }
1091
1487
  },
1092
1488
  "4.2": {
1093
1489
  id: "4.2",
@@ -1115,7 +1511,21 @@ export class SafeguardManager {
1115
1511
  "Configuration Management Tool"
1116
1512
  ],
1117
1513
  relatedSafeguards: ["1.1", "2.1", "3.10", "4.1", "6.4", "8.1", "12.1", "12.2", "12.3", "12.4", "12.5", "13.3", "13.4", "13.6", "13.8", "13.9", "13.10"],
1118
- keywords: ["establish", "maintain", "documented", "secure", "configuration", "network", "infrastructure", "process", "devices"]
1514
+ keywords: ["establish", "maintain", "documented", "secure", "configuration", "network", "infrastructure", "process", "devices"],
1515
+ systemPrompt: {
1516
+ role: "network_configuration_specialist",
1517
+ context: "You are evaluating network infrastructure configuration solutions against CIS Control 4.2 requirements for secure network device management.",
1518
+ objective: "Determine if a vendor solution provides comprehensive secure configuration processes for network infrastructure devices.",
1519
+ guidelines: [
1520
+ "Verify documented network configuration process establishment",
1521
+ "Confirm coverage of all network infrastructure device types",
1522
+ "Validate network security baseline management and enforcement",
1523
+ "Assess automated network configuration monitoring and compliance",
1524
+ "Review network change management and approval processes",
1525
+ "Check integration with network management and security tools"
1526
+ ],
1527
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1528
+ }
1119
1529
  },
1120
1530
  "4.3": {
1121
1531
  id: "4.3",
@@ -1144,7 +1554,21 @@ export class SafeguardManager {
1144
1554
  "Configuration Management Tool"
1145
1555
  ],
1146
1556
  relatedSafeguards: ["4.1"],
1147
- keywords: ["configure", "automatic", "session", "locking", "enterprise", "assets", "inactivity", "period", "minutes", "mobile", "operating", "systems"]
1557
+ keywords: ["configure", "automatic", "session", "locking", "enterprise", "assets", "inactivity", "period", "minutes", "mobile", "operating", "systems"],
1558
+ systemPrompt: {
1559
+ role: "session_security_specialist",
1560
+ context: "You are evaluating session management solutions against CIS Control 4.3 requirements for automatic session locking.",
1561
+ objective: "Determine if a vendor solution provides comprehensive automatic session locking capabilities for enterprise assets.",
1562
+ guidelines: [
1563
+ "Verify automatic session locking configuration and enforcement",
1564
+ "Confirm inactivity period customization and policy management",
1565
+ "Validate coverage across all enterprise asset types",
1566
+ "Assess mobile and desktop operating system support",
1567
+ "Review centralized policy deployment and monitoring",
1568
+ "Check user experience and security balance optimization"
1569
+ ],
1570
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1571
+ }
1148
1572
  },
1149
1573
  "4.4": {
1150
1574
  id: "4.4",
@@ -1172,7 +1596,21 @@ export class SafeguardManager {
1172
1596
  "Configuration Management Tool"
1173
1597
  ],
1174
1598
  relatedSafeguards: ["4.1"],
1175
- keywords: ["implement", "manage", "firewall", "servers", "virtual", "operating", "system", "third-party", "agent"]
1599
+ keywords: ["implement", "manage", "firewall", "servers", "virtual", "operating", "system", "third-party", "agent"],
1600
+ systemPrompt: {
1601
+ role: "server_firewall_expert",
1602
+ context: "You are evaluating server firewall solutions against CIS Control 4.4 requirements for host-based server protection.",
1603
+ objective: "Determine if a vendor solution provides comprehensive firewall implementation and management for servers.",
1604
+ guidelines: [
1605
+ "Verify host-based firewall implementation on all servers",
1606
+ "Confirm virtual environment and container firewall support",
1607
+ "Validate centralized firewall policy management",
1608
+ "Assess rule automation and threat-based configuration",
1609
+ "Review monitoring, alerting, and compliance reporting",
1610
+ "Check integration with security management platforms"
1611
+ ],
1612
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1613
+ }
1176
1614
  },
1177
1615
  "4.5": {
1178
1616
  id: "4.5",
@@ -1202,7 +1640,21 @@ export class SafeguardManager {
1202
1640
  "Configuration Management Tool"
1203
1641
  ],
1204
1642
  relatedSafeguards: ["4.1"],
1205
- keywords: ["implement", "manage", "host-based", "firewall", "port-filtering", "end-user", "devices", "default-deny", "explicitly", "allowed"]
1643
+ keywords: ["implement", "manage", "host-based", "firewall", "port-filtering", "end-user", "devices", "default-deny", "explicitly", "allowed"],
1644
+ systemPrompt: {
1645
+ role: "endpoint_firewall_specialist",
1646
+ context: "You are evaluating endpoint firewall solutions against CIS Control 4.5 requirements for end-user device protection.",
1647
+ objective: "Determine if a vendor solution provides comprehensive host-based firewall and port filtering for end-user devices.",
1648
+ guidelines: [
1649
+ "Verify host-based firewall implementation on all end-user devices",
1650
+ "Confirm default-deny policy with explicit allow configurations",
1651
+ "Validate port-filtering capabilities and rule management",
1652
+ "Assess centralized policy deployment and management",
1653
+ "Review monitoring, logging, and compliance reporting",
1654
+ "Check user experience and productivity impact minimization"
1655
+ ],
1656
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1657
+ }
1206
1658
  },
1207
1659
  "4.6": {
1208
1660
  id: "4.6",
@@ -1231,7 +1683,21 @@ export class SafeguardManager {
1231
1683
  "Configuration Management Tool"
1232
1684
  ],
1233
1685
  relatedSafeguards: ["4.1", "12.3"],
1234
- keywords: ["securely", "manage", "enterprise", "assets", "software", "infrastructure-as-code", "administrative", "interfaces", "SSH", "HTTPS", "protocols"]
1686
+ keywords: ["securely", "manage", "enterprise", "assets", "software", "infrastructure-as-code", "administrative", "interfaces", "SSH", "HTTPS", "protocols"],
1687
+ systemPrompt: {
1688
+ role: "secure_administration_expert",
1689
+ context: "You are evaluating secure administrative interface solutions against CIS Control 4.6 requirements for enterprise asset management.",
1690
+ objective: "Determine if a vendor solution provides secure management of enterprise assets and software administrative interfaces.",
1691
+ guidelines: [
1692
+ "Verify secure administrative interface implementation (SSH, HTTPS)",
1693
+ "Confirm infrastructure-as-code security management capabilities",
1694
+ "Validate encrypted administrative communication protocols",
1695
+ "Assess administrative access control and authentication",
1696
+ "Review privileged session monitoring and recording",
1697
+ "Check integration with privileged access management systems"
1698
+ ],
1699
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1700
+ }
1235
1701
  },
1236
1702
  "4.7": {
1237
1703
  id: "4.7",
@@ -1260,7 +1726,21 @@ export class SafeguardManager {
1260
1726
  "Configuration Management Tool"
1261
1727
  ],
1262
1728
  relatedSafeguards: ["4.1"],
1263
- keywords: ["manage", "default", "accounts", "enterprise", "assets", "software", "root", "administrator", "pre-configured", "vendor", "disabling", "unusable"]
1729
+ keywords: ["manage", "default", "accounts", "enterprise", "assets", "software", "root", "administrator", "pre-configured", "vendor", "disabling", "unusable"],
1730
+ systemPrompt: {
1731
+ role: "default_account_security_specialist",
1732
+ context: "You are evaluating default account management solutions against CIS Control 4.7 requirements for vendor account security.",
1733
+ objective: "Determine if a vendor solution provides comprehensive management of default accounts on enterprise assets and software.",
1734
+ guidelines: [
1735
+ "Verify identification and management of all default accounts",
1736
+ "Confirm default account disabling or secure configuration",
1737
+ "Validate vendor-supplied account discovery and remediation",
1738
+ "Assess automated default account detection and management",
1739
+ "Review policy enforcement and compliance monitoring",
1740
+ "Check integration with identity and access management systems"
1741
+ ],
1742
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1743
+ }
1264
1744
  },
1265
1745
  "4.8": {
1266
1746
  id: "4.8",
@@ -1288,7 +1768,21 @@ export class SafeguardManager {
1288
1768
  "Configuration Management Tool"
1289
1769
  ],
1290
1770
  relatedSafeguards: ["4.1"],
1291
- keywords: ["uninstall", "disable", "unnecessary", "services", "enterprise", "assets", "software", "unused", "file", "sharing", "web", "application", "module", "function"]
1771
+ keywords: ["uninstall", "disable", "unnecessary", "services", "enterprise", "assets", "software", "unused", "file", "sharing", "web", "application", "module", "function"],
1772
+ systemPrompt: {
1773
+ role: "service_hardening_expert",
1774
+ context: "You are evaluating service management solutions against CIS Control 4.8 requirements for unnecessary service removal.",
1775
+ objective: "Determine if a vendor solution provides comprehensive identification and management of unnecessary services on enterprise assets.",
1776
+ guidelines: [
1777
+ "Verify identification of all unnecessary services and functions",
1778
+ "Confirm automated service removal and disabling capabilities",
1779
+ "Validate coverage across all enterprise asset types",
1780
+ "Assess risk-based service evaluation and recommendation",
1781
+ "Review service dependency analysis and impact assessment",
1782
+ "Check ongoing monitoring and compliance enforcement"
1783
+ ],
1784
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1785
+ }
1292
1786
  },
1293
1787
  "4.9": {
1294
1788
  id: "4.9",
@@ -1313,7 +1807,21 @@ export class SafeguardManager {
1313
1807
  "Configuration Management Tool"
1314
1808
  ],
1315
1809
  relatedSafeguards: ["4.1", "8.6", "9.2"],
1316
- keywords: ["configure", "trusted", "DNS", "servers", "enterprise", "assets", "enterprise-controlled", "reputable", "externally", "accessible"]
1810
+ keywords: ["configure", "trusted", "DNS", "servers", "enterprise", "assets", "enterprise-controlled", "reputable", "externally", "accessible"],
1811
+ systemPrompt: {
1812
+ role: "dns_security_specialist",
1813
+ context: "You are evaluating DNS security solutions against CIS Control 4.9 requirements for trusted DNS server configuration.",
1814
+ objective: "Determine if a vendor solution provides comprehensive trusted DNS server configuration and management for enterprise assets.",
1815
+ guidelines: [
1816
+ "Verify trusted DNS server configuration on all enterprise assets",
1817
+ "Confirm enterprise-controlled or reputable DNS service usage",
1818
+ "Validate DNS security policy enforcement and monitoring",
1819
+ "Assess DNS filtering and threat protection capabilities",
1820
+ "Review centralized DNS configuration management",
1821
+ "Check DNS query logging and analysis capabilities"
1822
+ ],
1823
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1824
+ }
1317
1825
  },
1318
1826
  "4.10": {
1319
1827
  id: "4.10",
@@ -1344,7 +1852,21 @@ export class SafeguardManager {
1344
1852
  "Configuration Management Tool"
1345
1853
  ],
1346
1854
  relatedSafeguards: ["4.1"],
1347
- keywords: ["enforce", "automatic", "device", "lockout", "portable", "end-user", "devices", "failed", "authentication", "attempts", "laptops", "tablets", "smartphones", "InTune", "Apple"]
1855
+ keywords: ["enforce", "automatic", "device", "lockout", "portable", "end-user", "devices", "failed", "authentication", "attempts", "laptops", "tablets", "smartphones", "InTune", "Apple"],
1856
+ systemPrompt: {
1857
+ role: "device_lockout_security_expert",
1858
+ context: "You are evaluating device lockout solutions against CIS Control 4.10 requirements for failed authentication protection.",
1859
+ objective: "Determine if a vendor solution provides comprehensive automatic device lockout enforcement for portable end-user devices.",
1860
+ guidelines: [
1861
+ "Verify automatic device lockout after failed authentication attempts",
1862
+ "Confirm coverage across all portable device types (laptops, tablets, smartphones)",
1863
+ "Validate lockout policy customization and management",
1864
+ "Assess integration with mobile device management platforms",
1865
+ "Review unlock procedures and security recovery mechanisms",
1866
+ "Check compliance monitoring and reporting capabilities"
1867
+ ],
1868
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1869
+ }
1348
1870
  },
1349
1871
  "4.11": {
1350
1872
  id: "4.11",
@@ -1370,7 +1892,21 @@ export class SafeguardManager {
1370
1892
  "Configuration Management Tool"
1371
1893
  ],
1372
1894
  relatedSafeguards: ["4.1"],
1373
- keywords: ["remotely", "wipe", "enterprise", "data", "enterprise-owned", "portable", "end-user", "devices", "lost", "stolen", "individual", "no", "longer", "supports"]
1895
+ keywords: ["remotely", "wipe", "enterprise", "data", "enterprise-owned", "portable", "end-user", "devices", "lost", "stolen", "individual", "no", "longer", "supports"],
1896
+ systemPrompt: {
1897
+ role: "remote_wipe_specialist",
1898
+ context: "You are evaluating remote wipe solutions against CIS Control 4.11 requirements for enterprise data protection on portable devices.",
1899
+ objective: "Determine if a vendor solution provides comprehensive remote wipe capabilities for enterprise data on portable end-user devices.",
1900
+ guidelines: [
1901
+ "Verify remote wipe capability for all enterprise-owned portable devices",
1902
+ "Confirm selective enterprise data wiping without affecting personal data",
1903
+ "Validate real-time remote wipe execution and verification",
1904
+ "Assess integration with mobile device management platforms",
1905
+ "Review policy-based automated wiping triggers",
1906
+ "Check audit trails and compliance reporting for wipe operations"
1907
+ ],
1908
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1909
+ }
1374
1910
  },
1375
1911
  "4.12": {
1376
1912
  id: "4.12",
@@ -1400,7 +1936,21 @@ export class SafeguardManager {
1400
1936
  "Configuration Management Tool"
1401
1937
  ],
1402
1938
  relatedSafeguards: ["4.1"],
1403
- keywords: ["separate", "enterprise", "workspaces", "mobile", "end-user", "devices", "Apple", "Configuration", "Profile", "Android", "Work", "Profile", "applications", "data", "personal"]
1939
+ keywords: ["separate", "enterprise", "workspaces", "mobile", "end-user", "devices", "Apple", "Configuration", "Profile", "Android", "Work", "Profile", "applications", "data", "personal"],
1940
+ systemPrompt: {
1941
+ role: "mobile_workspace_security_expert",
1942
+ context: "You are evaluating mobile workspace separation solutions against CIS Control 4.12 requirements for enterprise and personal data isolation.",
1943
+ objective: "Determine if a vendor solution provides comprehensive enterprise workspace separation on mobile end-user devices.",
1944
+ guidelines: [
1945
+ "Verify enterprise workspace separation on mobile devices",
1946
+ "Confirm support for Apple Configuration Profiles and Android Work Profiles",
1947
+ "Validate application and data isolation between enterprise and personal spaces",
1948
+ "Assess policy enforcement and workspace management capabilities",
1949
+ "Review user experience and productivity optimization",
1950
+ "Check compliance monitoring and enterprise data protection"
1951
+ ],
1952
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1953
+ }
1404
1954
  },
1405
1955
  "5.2": {
1406
1956
  id: "5.2",
@@ -1428,7 +1978,21 @@ export class SafeguardManager {
1428
1978
  "Password Management Tool"
1429
1979
  ],
1430
1980
  relatedSafeguards: ["5.1"],
1431
- keywords: ["use", "unique", "passwords", "enterprise", "assets", "8-character", "14-character", "MFA", "minimum"]
1981
+ keywords: ["use", "unique", "passwords", "enterprise", "assets", "8-character", "14-character", "MFA", "minimum"],
1982
+ systemPrompt: {
1983
+ role: "password_security_expert",
1984
+ context: "You are evaluating password management solutions against CIS Control 5.2 requirements for unique password enforcement.",
1985
+ objective: "Determine if a vendor solution provides comprehensive unique password enforcement for enterprise assets.",
1986
+ guidelines: [
1987
+ "Verify unique password requirement enforcement across all assets",
1988
+ "Confirm minimum length requirements (8-character minimum, 14-character for non-MFA)",
1989
+ "Validate password complexity and uniqueness checking",
1990
+ "Assess integration with multi-factor authentication systems",
1991
+ "Review password policy management and enforcement capabilities",
1992
+ "Check compliance monitoring and password strength reporting"
1993
+ ],
1994
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
1995
+ }
1432
1996
  },
1433
1997
  "5.3": {
1434
1998
  id: "5.3",
@@ -1454,7 +2018,21 @@ export class SafeguardManager {
1454
2018
  "Identity and Access Management Tool"
1455
2019
  ],
1456
2020
  relatedSafeguards: ["5.1"],
1457
- keywords: ["delete", "disable", "dormant", "accounts", "45", "days", "inactivity", "supported"]
2021
+ keywords: ["delete", "disable", "dormant", "accounts", "45", "days", "inactivity", "supported"],
2022
+ systemPrompt: {
2023
+ role: "dormant_account_management_specialist",
2024
+ context: "You are evaluating dormant account management solutions against CIS Control 5.3 requirements for inactive account cleanup.",
2025
+ objective: "Determine if a vendor solution provides comprehensive dormant account detection and management capabilities.",
2026
+ guidelines: [
2027
+ "Verify automated dormant account detection after 45 days inactivity",
2028
+ "Confirm account deletion or disabling capabilities",
2029
+ "Validate supported vs unsupported account handling",
2030
+ "Assess automated workflow and approval processes",
2031
+ "Review account activity monitoring and tracking",
2032
+ "Check compliance reporting and audit trail capabilities"
2033
+ ],
2034
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2035
+ }
1458
2036
  },
1459
2037
  "5.4": {
1460
2038
  id: "5.4",
@@ -1486,7 +2064,21 @@ export class SafeguardManager {
1486
2064
  "Productivity suite use"
1487
2065
  ],
1488
2066
  relatedSafeguards: ["4.1", "5.1"],
1489
- keywords: ["restrict", "administrator", "privileges", "dedicated", "accounts", "enterprise", "assets", "general", "computing", "browsing", "email", "productivity"]
2067
+ keywords: ["restrict", "administrator", "privileges", "dedicated", "accounts", "enterprise", "assets", "general", "computing", "browsing", "email", "productivity"],
2068
+ systemPrompt: {
2069
+ role: "privileged_access_specialist",
2070
+ context: "You are evaluating privileged access management solutions against CIS Control 5.4 requirements for administrator privilege restriction.",
2071
+ objective: "Determine if a vendor solution provides comprehensive administrator privilege restriction and dedicated account management.",
2072
+ guidelines: [
2073
+ "Verify administrator privilege restriction to dedicated accounts only",
2074
+ "Confirm separation of administrative and general computing activities",
2075
+ "Validate privileged access controls and session management",
2076
+ "Assess just-in-time privilege elevation capabilities",
2077
+ "Review privileged session monitoring and recording",
2078
+ "Check compliance with principle of least privilege enforcement"
2079
+ ],
2080
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2081
+ }
1490
2082
  },
1491
2083
  "5.5": {
1492
2084
  id: "5.5",
@@ -1521,7 +2113,21 @@ export class SafeguardManager {
1521
2113
  "Identity and Access Management Tool"
1522
2114
  ],
1523
2115
  relatedSafeguards: ["5.1"],
1524
- keywords: ["establish", "maintain", "inventory", "service", "accounts", "department", "owner", "review", "date", "purpose", "quarterly", "validate", "authorized"]
2116
+ keywords: ["establish", "maintain", "inventory", "service", "accounts", "department", "owner", "review", "date", "purpose", "quarterly", "validate", "authorized"],
2117
+ systemPrompt: {
2118
+ role: "service_account_management_expert",
2119
+ context: "You are evaluating service account management solutions against CIS Control 5.5 requirements for service account inventory and oversight.",
2120
+ objective: "Determine if a vendor solution provides comprehensive service account inventory management and quarterly validation processes.",
2121
+ guidelines: [
2122
+ "Verify comprehensive service account inventory establishment",
2123
+ "Confirm tracking of department, owner, purpose, and review dates",
2124
+ "Validate quarterly service account review and authorization processes",
2125
+ "Assess automated service account discovery and classification",
2126
+ "Review service account lifecycle management capabilities",
2127
+ "Check compliance monitoring and unauthorized account detection"
2128
+ ],
2129
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2130
+ }
1525
2131
  },
1526
2132
  "5.6": {
1527
2133
  id: "5.6",
@@ -1547,7 +2153,21 @@ export class SafeguardManager {
1547
2153
  "Identity and Access Management Tool"
1548
2154
  ],
1549
2155
  relatedSafeguards: ["5.1", "6.6", "6.7", "12.5"],
1550
- keywords: ["centralize", "account", "management", "directory", "service", "identity"]
2156
+ keywords: ["centralize", "account", "management", "directory", "service", "identity"],
2157
+ systemPrompt: {
2158
+ role: "centralized_identity_specialist",
2159
+ context: "You are evaluating centralized identity management solutions against CIS Control 5.6 requirements for directory service implementation.",
2160
+ objective: "Determine if a vendor solution provides comprehensive centralized account management through directory or identity services.",
2161
+ guidelines: [
2162
+ "Verify centralized account management implementation",
2163
+ "Confirm directory service or identity service capabilities",
2164
+ "Validate integration with enterprise authentication systems",
2165
+ "Assess single sign-on and identity federation support",
2166
+ "Review account provisioning and deprovisioning automation",
2167
+ "Check scalability and multi-domain support capabilities"
2168
+ ],
2169
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2170
+ }
1551
2171
  },
1552
2172
  "6.1": {
1553
2173
  id: "6.1",
@@ -1580,7 +2200,21 @@ export class SafeguardManager {
1580
2200
  "Account and Credential Management Policy/Process"
1581
2201
  ],
1582
2202
  relatedSafeguards: ["5.1", "6.7", "6.8"],
1583
- keywords: ["establish", "follow", "documented", "process", "automated", "granting", "access", "enterprise", "assets", "new", "hire", "role", "change"]
2203
+ keywords: ["establish", "follow", "documented", "process", "automated", "granting", "access", "enterprise", "assets", "new", "hire", "role", "change"],
2204
+ systemPrompt: {
2205
+ role: "access_granting_process_expert",
2206
+ context: "You are evaluating access granting solutions against CIS Control 6.1 requirements for establishing documented access provisioning processes.",
2207
+ objective: "Determine if a vendor solution provides comprehensive access granting processes for new hires and role changes.",
2208
+ guidelines: [
2209
+ "Verify existence of documented access granting procedures",
2210
+ "Confirm automation capabilities for access provisioning",
2211
+ "Validate coverage of new hire onboarding scenarios",
2212
+ "Assess role change access modification processes",
2213
+ "Review enterprise asset access management integration",
2214
+ "Check process documentation and governance compliance"
2215
+ ],
2216
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2217
+ }
1584
2218
  },
1585
2219
  "6.2": {
1586
2220
  id: "6.2",
@@ -1618,7 +2252,21 @@ export class SafeguardManager {
1618
2252
  "Account and Credential Management Policy/Process"
1619
2253
  ],
1620
2254
  relatedSafeguards: ["5.1", "6.7"],
1621
- keywords: ["establish", "follow", "process", "automated", "revoking", "access", "enterprise", "assets", "disabling", "accounts", "termination", "rights", "revocation", "role", "change", "audit", "trails"]
2255
+ keywords: ["establish", "follow", "process", "automated", "revoking", "access", "enterprise", "assets", "disabling", "accounts", "termination", "rights", "revocation", "role", "change", "audit", "trails"],
2256
+ systemPrompt: {
2257
+ role: "access_revocation_process_expert",
2258
+ context: "You are evaluating access revocation solutions against CIS Control 6.2 requirements for establishing documented access deprovisioning processes.",
2259
+ objective: "Determine if a vendor solution provides comprehensive access revocation processes for terminations, rights changes, and role modifications.",
2260
+ guidelines: [
2261
+ "Verify existence of documented access revocation procedures",
2262
+ "Confirm automation capabilities for access deprovisioning",
2263
+ "Validate immediate account disabling upon termination",
2264
+ "Assess role change access modification processes",
2265
+ "Review account preservation vs deletion for audit trail requirements",
2266
+ "Check process documentation and governance compliance"
2267
+ ],
2268
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2269
+ }
1622
2270
  },
1623
2271
  "6.4": {
1624
2272
  id: "6.4",
@@ -1644,7 +2292,21 @@ export class SafeguardManager {
1644
2292
  "Multi-Factor Authentication Tool"
1645
2293
  ],
1646
2294
  relatedSafeguards: ["4.2", "12.7"],
1647
- keywords: ["require", "MFA", "remote", "network", "access", "multi-factor", "authentication"]
2295
+ keywords: ["require", "MFA", "remote", "network", "access", "multi-factor", "authentication"],
2296
+ systemPrompt: {
2297
+ role: "remote_access_security_specialist",
2298
+ context: "You are evaluating remote access security solutions against CIS Control 6.4 requirements for MFA on remote network access.",
2299
+ objective: "Determine if a vendor solution provides comprehensive MFA enforcement for remote network access connections.",
2300
+ guidelines: [
2301
+ "Verify MFA requirement for all remote network access",
2302
+ "Confirm coverage of VPN, RDP, and other remote access methods",
2303
+ "Validate integration with network access control systems",
2304
+ "Assess conditional access and risk-based authentication",
2305
+ "Review remote access session monitoring and logging",
2306
+ "Check policy enforcement and compliance reporting"
2307
+ ],
2308
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2309
+ }
1648
2310
  },
1649
2311
  "6.5": {
1650
2312
  id: "6.5",
@@ -1676,7 +2338,21 @@ export class SafeguardManager {
1676
2338
  "Multi-Factor Authentication Tool"
1677
2339
  ],
1678
2340
  relatedSafeguards: ["4.1"],
1679
- keywords: ["require", "MFA", "administrative", "access", "accounts", "supported", "enterprise", "assets", "managed", "onsite", "service", "provider"]
2341
+ keywords: ["require", "MFA", "administrative", "access", "accounts", "supported", "enterprise", "assets", "managed", "onsite", "service", "provider"],
2342
+ systemPrompt: {
2343
+ role: "administrative_access_security_expert",
2344
+ context: "You are evaluating administrative access security solutions against CIS Control 6.5 requirements for MFA on administrative accounts.",
2345
+ objective: "Determine if a vendor solution provides comprehensive MFA enforcement for administrative access to enterprise assets.",
2346
+ guidelines: [
2347
+ "Verify MFA requirement for all administrative account access",
2348
+ "Confirm coverage of onsite and service provider managed assets",
2349
+ "Validate privileged access management integration",
2350
+ "Assess just-in-time access and session management",
2351
+ "Review administrative session monitoring and recording",
2352
+ "Check policy enforcement and administrative access compliance"
2353
+ ],
2354
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2355
+ }
1680
2356
  },
1681
2357
  "6.6": {
1682
2358
  id: "6.6",
@@ -1709,7 +2385,21 @@ export class SafeguardManager {
1709
2385
  "Account and Credential Management Policy/Process"
1710
2386
  ],
1711
2387
  relatedSafeguards: ["1.1", "2.1", "3.3", "5.6", "6.7"],
1712
- keywords: ["establish", "maintain", "inventory", "enterprise", "authentication", "authorization", "systems", "hosted", "onsite", "remote", "service", "provider", "review", "update", "annually"]
2388
+ keywords: ["establish", "maintain", "inventory", "enterprise", "authentication", "authorization", "systems", "hosted", "onsite", "remote", "service", "provider", "review", "update", "annually"],
2389
+ systemPrompt: {
2390
+ role: "authentication_authorization_inventory_expert",
2391
+ context: "You are evaluating authentication and authorization inventory solutions against CIS Control 6.6 requirements for comprehensive system tracking.",
2392
+ objective: "Determine if a vendor solution provides complete inventory capabilities for authentication and authorization systems across the enterprise.",
2393
+ guidelines: [
2394
+ "Verify comprehensive authentication system discovery and inventory",
2395
+ "Confirm authorization system tracking and documentation",
2396
+ "Validate coverage of on-site and remote service provider systems",
2397
+ "Assess inventory maintenance and annual review capabilities",
2398
+ "Review system classification and risk assessment features",
2399
+ "Check integration with identity governance platforms"
2400
+ ],
2401
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2402
+ }
1713
2403
  },
1714
2404
  "6.7": {
1715
2405
  id: "6.7",
@@ -1743,7 +2433,21 @@ export class SafeguardManager {
1743
2433
  "Identity and Access Management Tool"
1744
2434
  ],
1745
2435
  relatedSafeguards: ["4.1", "5.1", "5.6", "6.1", "6.2", "6.6", "12.5", "12.7"],
1746
- keywords: ["centralize", "access", "control", "enterprise", "assets", "directory", "service", "SSO", "provider", "supported"]
2436
+ keywords: ["centralize", "access", "control", "enterprise", "assets", "directory", "service", "SSO", "provider", "supported"],
2437
+ systemPrompt: {
2438
+ role: "centralized_access_control_expert",
2439
+ context: "You are evaluating centralized access control solutions against CIS Control 6.7 requirements for directory service and SSO-based access management.",
2440
+ objective: "Determine if a vendor solution provides comprehensive centralized access control for enterprise assets through directory services or SSO providers.",
2441
+ guidelines: [
2442
+ "Verify centralized access control implementation capabilities",
2443
+ "Confirm directory service integration and management",
2444
+ "Validate SSO provider connectivity and configuration",
2445
+ "Assess enterprise asset coverage and support levels",
2446
+ "Review access policy enforcement and administration",
2447
+ "Check scalability and performance of centralized systems"
2448
+ ],
2449
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2450
+ }
1747
2451
  },
1748
2452
  "6.8": {
1749
2453
  id: "6.8",
@@ -1781,7 +2485,21 @@ export class SafeguardManager {
1781
2485
  "Identity and Access management Tool"
1782
2486
  ],
1783
2487
  relatedSafeguards: ["3.3", "4.1", "6.1"],
1784
- keywords: ["define", "maintain", "role-based", "access", "control", "determining", "documenting", "rights", "necessary", "role", "enterprise", "duties", "perform", "reviews", "validate", "privileges", "authorized", "recurring", "annually"]
2488
+ keywords: ["define", "maintain", "role-based", "access", "control", "determining", "documenting", "rights", "necessary", "role", "enterprise", "duties", "perform", "reviews", "validate", "privileges", "authorized", "recurring", "annually"],
2489
+ systemPrompt: {
2490
+ role: "role_based_access_control_expert",
2491
+ context: "You are evaluating role-based access control solutions against CIS Control 6.8 requirements for defining, maintaining, and reviewing role-based permissions.",
2492
+ objective: "Determine if a vendor solution provides comprehensive RBAC capabilities including role definition, access rights documentation, and periodic reviews.",
2493
+ guidelines: [
2494
+ "Verify role definition and maintenance capabilities",
2495
+ "Confirm access rights documentation and mapping to roles",
2496
+ "Validate enterprise role modeling and assignment processes",
2497
+ "Assess access control review and validation features",
2498
+ "Review privilege authorization and least privilege enforcement",
2499
+ "Check annual review processes and compliance reporting"
2500
+ ],
2501
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2502
+ }
1785
2503
  },
1786
2504
  "7.2": {
1787
2505
  id: "7.2",
@@ -1819,7 +2537,21 @@ export class SafeguardManager {
1819
2537
  "risk scoring frameworks"
1820
2538
  ],
1821
2539
  relatedSafeguards: ["7.1", "7.3", "7.4", "7.5", "7.6", "7.7"],
1822
- keywords: ["establish", "maintain", "remediation", "process", "SLA", "security", "vulnerabilities"]
2540
+ keywords: ["establish", "maintain", "remediation", "process", "SLA", "security", "vulnerabilities"],
2541
+ systemPrompt: {
2542
+ role: "vulnerability_remediation_process_expert",
2543
+ context: "You are evaluating vulnerability remediation solutions against CIS Control 7.2 requirements for establishing remediation processes and SLAs.",
2544
+ objective: "Determine if a vendor solution provides comprehensive vulnerability remediation process management and SLA capabilities.",
2545
+ guidelines: [
2546
+ "Verify remediation process establishment and maintenance",
2547
+ "Confirm SLA definition and tracking for security vulnerabilities",
2548
+ "Validate vulnerability prioritization and timeline management",
2549
+ "Assess remediation workflow automation and escalation procedures",
2550
+ "Review patch management integration and coordination",
2551
+ "Check remediation verification and compliance reporting"
2552
+ ],
2553
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2554
+ }
1823
2555
  },
1824
2556
  "7.3": {
1825
2557
  id: "7.3",
@@ -1857,7 +2589,21 @@ export class SafeguardManager {
1857
2589
  "system center tools"
1858
2590
  ],
1859
2591
  relatedSafeguards: ["1.1", "4.1", "7.1", "7.2", "7.4", "7.5"],
1860
- keywords: ["perform", "automated", "operating", "system", "patch", "management", "enterprise", "assets"]
2592
+ keywords: ["perform", "automated", "operating", "system", "patch", "management", "enterprise", "assets"],
2593
+ systemPrompt: {
2594
+ role: "automated_os_patch_management_expert",
2595
+ context: "You are evaluating automated OS patch management solutions against CIS Control 7.3 requirements for automated operating system patching.",
2596
+ objective: "Determine if a vendor solution provides comprehensive automated operating system patch management for enterprise assets.",
2597
+ guidelines: [
2598
+ "Verify automated OS patch deployment capabilities",
2599
+ "Confirm enterprise asset coverage and compatibility",
2600
+ "Validate patch testing and approval workflows",
2601
+ "Assess patch scheduling and deployment automation",
2602
+ "Review rollback capabilities and failure recovery",
2603
+ "Check compliance monitoring and patch status reporting"
2604
+ ],
2605
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2606
+ }
1861
2607
  },
1862
2608
  "7.4": {
1863
2609
  id: "7.4",
@@ -1895,7 +2641,21 @@ export class SafeguardManager {
1895
2641
  "patch compliance scanners"
1896
2642
  ],
1897
2643
  relatedSafeguards: ["2.1", "2.2", "7.1", "7.2", "7.3", "7.5"],
1898
- keywords: ["perform", "automated", "application", "patch", "management", "enterprise", "assets", "updates"]
2644
+ keywords: ["perform", "automated", "application", "patch", "management", "enterprise", "assets", "updates"],
2645
+ systemPrompt: {
2646
+ role: "automated_application_patch_management_expert",
2647
+ context: "You are evaluating automated application patch management solutions against CIS Control 7.4 requirements for automated application patching.",
2648
+ objective: "Determine if a vendor solution provides comprehensive automated application patch management for enterprise assets.",
2649
+ guidelines: [
2650
+ "Verify automated application patch deployment capabilities",
2651
+ "Confirm enterprise application coverage and compatibility",
2652
+ "Validate third-party application update management",
2653
+ "Assess browser plugin and security update automation",
2654
+ "Review compatibility testing and rollback procedures",
2655
+ "Check vendor patch notification and prioritization systems"
2656
+ ],
2657
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2658
+ }
1899
2659
  },
1900
2660
  "7.5": {
1901
2661
  id: "7.5",
@@ -1933,7 +2693,21 @@ export class SafeguardManager {
1933
2693
  "vulnerability management systems"
1934
2694
  ],
1935
2695
  relatedSafeguards: ["1.1", "2.1", "7.1", "7.2", "7.3", "7.4", "7.6", "7.7"],
1936
- keywords: ["perform", "automated", "vulnerability", "scans", "internal", "enterprise", "assets", "quarterly"]
2696
+ keywords: ["perform", "automated", "vulnerability", "scans", "internal", "enterprise", "assets", "quarterly"],
2697
+ systemPrompt: {
2698
+ role: "internal_vulnerability_scanning_expert",
2699
+ context: "You are evaluating internal vulnerability scanning solutions against CIS Control 7.5 requirements for automated vulnerability scanning of internal enterprise assets.",
2700
+ objective: "Determine if a vendor solution provides comprehensive automated vulnerability scanning capabilities for internal enterprise assets.",
2701
+ guidelines: [
2702
+ "Verify automated vulnerability scanning capabilities for internal assets",
2703
+ "Confirm quarterly or more frequent scanning schedules",
2704
+ "Validate coverage of devices and applications",
2705
+ "Assess scan result analysis and false positive management",
2706
+ "Review vulnerability prioritization and reporting features",
2707
+ "Check integration with vulnerability management platforms"
2708
+ ],
2709
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2710
+ }
1937
2711
  },
1938
2712
  "7.6": {
1939
2713
  id: "7.6",
@@ -1971,7 +2745,21 @@ export class SafeguardManager {
1971
2745
  "third-party scanning services"
1972
2746
  ],
1973
2747
  relatedSafeguards: ["1.1", "2.1", "7.1", "7.2", "7.5", "7.7"],
1974
- keywords: ["perform", "automated", "vulnerability", "scans", "externally-exposed", "enterprise", "assets"]
2748
+ keywords: ["perform", "automated", "vulnerability", "scans", "externally-exposed", "enterprise", "assets"],
2749
+ systemPrompt: {
2750
+ role: "external_vulnerability_scanning_expert",
2751
+ context: "You are evaluating external vulnerability scanning solutions against CIS Control 7.6 requirements for automated vulnerability scanning of externally-exposed enterprise assets.",
2752
+ objective: "Determine if a vendor solution provides comprehensive automated vulnerability scanning capabilities for externally-exposed enterprise assets.",
2753
+ guidelines: [
2754
+ "Verify automated vulnerability scanning for externally-exposed assets",
2755
+ "Confirm internal or external scanning service capabilities",
2756
+ "Validate internet-facing asset discovery and inventory",
2757
+ "Assess web application and cloud security scanning",
2758
+ "Review external scan scheduling and result management",
2759
+ "Check integration with threat intelligence and attack surface monitoring"
2760
+ ],
2761
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2762
+ }
1975
2763
  },
1976
2764
  "7.7": {
1977
2765
  id: "7.7",
@@ -2009,7 +2797,21 @@ export class SafeguardManager {
2009
2797
  "risk assessment tools"
2010
2798
  ],
2011
2799
  relatedSafeguards: ["7.1", "7.2", "7.3", "7.4", "7.5", "7.6"],
2012
- keywords: ["remediate", "detected", "vulnerabilities", "software", "monthly", "processes", "tooling"]
2800
+ keywords: ["remediate", "detected", "vulnerabilities", "software", "monthly", "processes", "tooling"],
2801
+ systemPrompt: {
2802
+ role: "vulnerability_remediation_specialist",
2803
+ context: "You are evaluating vulnerability remediation solutions against CIS Control 7.7 requirements for monthly remediation of detected vulnerabilities.",
2804
+ objective: "Determine if a vendor solution provides comprehensive vulnerability remediation capabilities with monthly or more frequent cycles.",
2805
+ guidelines: [
2806
+ "Verify vulnerability remediation processes and automation",
2807
+ "Confirm monthly or more frequent remediation cycles",
2808
+ "Validate software vulnerability handling and patching",
2809
+ "Assess remediation workflow and tracking systems",
2810
+ "Review patch management integration and coordination",
2811
+ "Check remediation verification and compliance reporting"
2812
+ ],
2813
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2814
+ }
2013
2815
  },
2014
2816
  "8.1": {
2015
2817
  id: "8.1",
@@ -2041,7 +2843,21 @@ export class SafeguardManager {
2041
2843
  "documentation"
2042
2844
  ],
2043
2845
  relatedSafeguards: ["8.2", "8.3", "8.5", "8.6", "8.7", "8.8", "8.9", "8.10", "8.11", "8.12"],
2044
- keywords: ["audit log management", "logging requirements", "collection", "review", "retention", "process", "documented"]
2846
+ keywords: ["audit log management", "logging requirements", "collection", "review", "retention", "process", "documented"],
2847
+ systemPrompt: {
2848
+ role: "audit_log_management_process_expert",
2849
+ context: "You are evaluating audit log management solutions against CIS Control 8.1 requirements for establishing documented audit log management processes.",
2850
+ objective: "Determine if a vendor solution provides comprehensive audit log management process establishment and maintenance capabilities.",
2851
+ guidelines: [
2852
+ "Verify documented audit log management process creation",
2853
+ "Confirm enterprise logging requirements definition",
2854
+ "Validate audit log collection, review, and retention capabilities",
2855
+ "Assess process documentation and annual review procedures",
2856
+ "Review enterprise asset coverage and logging scope",
2857
+ "Check compliance with enterprise change management integration"
2858
+ ],
2859
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2860
+ }
2045
2861
  },
2046
2862
  "8.2": {
2047
2863
  id: "8.2",
@@ -2066,7 +2882,21 @@ export class SafeguardManager {
2066
2882
  "OS dependent"
2067
2883
  ],
2068
2884
  relatedSafeguards: ["8.1"],
2069
- keywords: ["collect", "audit logs", "logging", "enabled", "enterprise assets"]
2885
+ keywords: ["collect", "audit logs", "logging", "enabled", "enterprise assets"],
2886
+ systemPrompt: {
2887
+ role: "audit_log_collection_expert",
2888
+ context: "You are evaluating audit log collection solutions against CIS Control 8.2 requirements for comprehensive audit log collection across enterprise assets.",
2889
+ objective: "Determine if a vendor solution provides comprehensive audit log collection capabilities for enterprise assets.",
2890
+ guidelines: [
2891
+ "Verify audit log collection across all enterprise assets",
2892
+ "Confirm logging enablement per enterprise audit log management process",
2893
+ "Validate comprehensive log source coverage and integration",
2894
+ "Assess log collection tools and mechanisms",
2895
+ "Review OS-dependent and platform-specific logging capabilities",
2896
+ "Check log management tool integration and compatibility"
2897
+ ],
2898
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2899
+ }
2070
2900
  },
2071
2901
  "8.3": {
2072
2902
  id: "8.3",
@@ -2092,7 +2922,21 @@ export class SafeguardManager {
2092
2922
  "potentially OS dependent"
2093
2923
  ],
2094
2924
  relatedSafeguards: ["8.1", "8.9", "8.10"],
2095
- keywords: ["adequate storage", "logging destinations", "maintain", "comply"]
2925
+ keywords: ["adequate storage", "logging destinations", "maintain", "comply"],
2926
+ systemPrompt: {
2927
+ role: "audit_log_storage_expert",
2928
+ context: "You are evaluating audit log storage solutions against CIS Control 8.3 requirements for ensuring adequate audit log storage capacity.",
2929
+ objective: "Determine if a vendor solution provides adequate audit log storage to comply with enterprise audit log management processes.",
2930
+ guidelines: [
2931
+ "Verify adequate storage capacity for audit log retention",
2932
+ "Confirm logging destination storage management",
2933
+ "Validate compliance with enterprise audit log management processes",
2934
+ "Assess storage scalability and expansion capabilities",
2935
+ "Review storage performance and reliability features",
2936
+ "Check storage monitoring and capacity alerting systems"
2937
+ ],
2938
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2939
+ }
2096
2940
  },
2097
2941
  "8.4": {
2098
2942
  id: "8.4",
@@ -2120,7 +2964,21 @@ export class SafeguardManager {
2120
2964
  "potentially OS dependent"
2121
2965
  ],
2122
2966
  relatedSafeguards: ["4.1"],
2123
- keywords: ["time synchronization", "synchronized", "time sources", "configure", "standardize"]
2967
+ keywords: ["time synchronization", "synchronized", "time sources", "configure", "standardize"],
2968
+ systemPrompt: {
2969
+ role: "time_synchronization_expert",
2970
+ context: "You are evaluating time synchronization solutions against CIS Control 8.4 requirements for standardized time synchronization across enterprise assets.",
2971
+ objective: "Determine if a vendor solution provides comprehensive time synchronization capabilities for enterprise assets.",
2972
+ guidelines: [
2973
+ "Verify time synchronization standardization across enterprise assets",
2974
+ "Confirm configuration of at least two synchronized time sources",
2975
+ "Validate enterprise asset coverage where supported",
2976
+ "Assess secure configuration policy and process integration",
2977
+ "Review OS-dependent time synchronization capabilities",
2978
+ "Check time source reliability and redundancy features"
2979
+ ],
2980
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
2981
+ }
2124
2982
  },
2125
2983
  "8.5": {
2126
2984
  id: "8.5",
@@ -2151,7 +3009,21 @@ export class SafeguardManager {
2151
3009
  "potentially OS dependent"
2152
3010
  ],
2153
3011
  relatedSafeguards: ["8.1", "1.1", "3.2"],
2154
- keywords: ["detailed audit logging", "sensitive data", "forensic investigation", "event source", "timestamp"]
3012
+ keywords: ["detailed audit logging", "sensitive data", "forensic investigation", "event source", "timestamp"],
3013
+ systemPrompt: {
3014
+ role: "detailed_audit_logging_expert",
3015
+ context: "You are evaluating detailed audit logging solutions against CIS Control 8.5 requirements for comprehensive audit logging of enterprise assets containing sensitive data.",
3016
+ objective: "Determine if a vendor solution provides detailed audit logging capabilities for forensic investigation support.",
3017
+ guidelines: [
3018
+ "Verify detailed audit logging configuration for sensitive data assets",
3019
+ "Confirm inclusion of event source, date, username, timestamp details",
3020
+ "Validate source and destination address logging capabilities",
3021
+ "Assess forensic investigation support and log detail completeness",
3022
+ "Review log management tool integration and policy compliance",
3023
+ "Check OS-dependent logging capabilities and platform coverage"
3024
+ ],
3025
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3026
+ }
2155
3027
  },
2156
3028
  "8.6": {
2157
3029
  id: "8.6",
@@ -2178,7 +3050,21 @@ export class SafeguardManager {
2178
3050
  "potentially OS dependent"
2179
3051
  ],
2180
3052
  relatedSafeguards: ["8.1", "4.9"],
2181
- keywords: ["DNS query", "audit logs", "collect", "DNS", "query logs"]
3053
+ keywords: ["DNS query", "audit logs", "collect", "DNS", "query logs"],
3054
+ systemPrompt: {
3055
+ role: "dns_audit_logging_expert",
3056
+ context: "You are evaluating DNS audit logging solutions against CIS Control 8.6 requirements for DNS query audit log collection.",
3057
+ objective: "Determine if a vendor solution provides comprehensive DNS query audit logging capabilities for enterprise assets.",
3058
+ guidelines: [
3059
+ "Verify DNS query audit log collection capabilities",
3060
+ "Confirm enterprise asset coverage where appropriate and supported",
3061
+ "Validate log management tool integration for DNS logging",
3062
+ "Assess secure configuration policy and process compliance",
3063
+ "Review OS-dependent DNS logging capabilities",
3064
+ "Check DNS query logging completeness and accuracy"
3065
+ ],
3066
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3067
+ }
2182
3068
  },
2183
3069
  "8.7": {
2184
3070
  id: "8.7",
@@ -2205,7 +3091,21 @@ export class SafeguardManager {
2205
3091
  "potentially OS dependent"
2206
3092
  ],
2207
3093
  relatedSafeguards: ["8.1"],
2208
- keywords: ["URL request", "audit logs", "collect", "URL", "web logs"]
3094
+ keywords: ["URL request", "audit logs", "collect", "URL", "web logs"],
3095
+ systemPrompt: {
3096
+ role: "url_request_audit_logging_expert",
3097
+ context: "You are evaluating URL request audit logging solutions against CIS Control 8.7 requirements for URL request audit log collection.",
3098
+ objective: "Determine if a vendor solution provides comprehensive URL request audit logging capabilities for enterprise assets.",
3099
+ guidelines: [
3100
+ "Verify URL request audit log collection capabilities",
3101
+ "Confirm enterprise asset coverage where appropriate and supported",
3102
+ "Validate web traffic logging and URL request capture",
3103
+ "Assess log management tool integration for web logs",
3104
+ "Review secure configuration policy and process compliance",
3105
+ "Check OS-dependent URL logging capabilities and browser coverage"
3106
+ ],
3107
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3108
+ }
2209
3109
  },
2210
3110
  "8.8": {
2211
3111
  id: "8.8",
@@ -2231,7 +3131,21 @@ export class SafeguardManager {
2231
3131
  "OS dependent"
2232
3132
  ],
2233
3133
  relatedSafeguards: ["8.1"],
2234
- keywords: ["command-line", "audit logs", "PowerShell", "BASH", "terminal", "administrative"]
3134
+ keywords: ["command-line", "audit logs", "PowerShell", "BASH", "terminal", "administrative"],
3135
+ systemPrompt: {
3136
+ role: "command_line_audit_logging_expert",
3137
+ context: "You are evaluating command-line audit logging solutions against CIS Control 8.8 requirements for command-line audit log collection.",
3138
+ objective: "Determine if a vendor solution provides comprehensive command-line audit logging capabilities including PowerShell, BASH, and remote terminals.",
3139
+ guidelines: [
3140
+ "Verify command-line audit log collection capabilities",
3141
+ "Confirm PowerShell, BASH, and remote terminal logging coverage",
3142
+ "Validate administrative terminal session logging",
3143
+ "Assess log management tool integration for command logs",
3144
+ "Review secure configuration policy and OS-dependent capabilities",
3145
+ "Check command execution tracking and security monitoring"
3146
+ ],
3147
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3148
+ }
2235
3149
  },
2236
3150
  "8.9": {
2237
3151
  id: "8.9",
@@ -2259,7 +3173,21 @@ export class SafeguardManager {
2259
3173
  "OS dependent"
2260
3174
  ],
2261
3175
  relatedSafeguards: ["8.1", "8.3", "12.5", "13.1"],
2262
- keywords: ["centralize", "audit logs", "collection", "retention", "SIEM", "log sources"]
3176
+ keywords: ["centralize", "audit logs", "collection", "retention", "SIEM", "log sources"],
3177
+ systemPrompt: {
3178
+ role: "centralized_audit_logging_expert",
3179
+ context: "You are evaluating centralized audit logging solutions against CIS Control 8.9 requirements for centralized audit log collection and retention.",
3180
+ objective: "Determine if a vendor solution provides comprehensive centralized audit log collection and retention capabilities for enterprise assets.",
3181
+ guidelines: [
3182
+ "Verify centralized audit log collection capabilities across enterprise assets",
3183
+ "Confirm compliance with documented audit log management processes",
3184
+ "Validate SIEM tool integration and multiple log source support",
3185
+ "Assess log analytics and centralization tool capabilities",
3186
+ "Review scalability and enterprise-wide log aggregation",
3187
+ "Check OS-dependent log collection and centralization features"
3188
+ ],
3189
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3190
+ }
2263
3191
  },
2264
3192
  "8.10": {
2265
3193
  id: "8.10",
@@ -2282,7 +3210,21 @@ export class SafeguardManager {
2282
3210
  "log analytics and centralization tool"
2283
3211
  ],
2284
3212
  relatedSafeguards: ["8.1", "8.3"],
2285
- keywords: ["retain", "audit logs", "90 days", "retention", "minimum"]
3213
+ keywords: ["retain", "audit logs", "90 days", "retention", "minimum"],
3214
+ systemPrompt: {
3215
+ role: "audit_log_retention_expert",
3216
+ context: "You are evaluating audit log retention solutions against CIS Control 8.10 requirements for 90-day minimum audit log retention.",
3217
+ objective: "Determine if a vendor solution provides adequate audit log retention capabilities for enterprise assets with minimum 90-day retention.",
3218
+ guidelines: [
3219
+ "Verify audit log retention capabilities for minimum 90 days",
3220
+ "Confirm enterprise asset coverage for retention policies",
3221
+ "Validate log analytics and centralization tool retention features",
3222
+ "Assess automated retention management and policy enforcement",
3223
+ "Review storage optimization and archival capabilities",
3224
+ "Check compliance monitoring and retention reporting features"
3225
+ ],
3226
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3227
+ }
2286
3228
  },
2287
3229
  "8.11": {
2288
3230
  id: "8.11",
@@ -2308,7 +3250,21 @@ export class SafeguardManager {
2308
3250
  "log analytics and centralization tool"
2309
3251
  ],
2310
3252
  relatedSafeguards: ["8.1", "8.12"],
2311
- keywords: ["audit log reviews", "anomalies", "abnormal events", "threat", "weekly", "reviews"]
3253
+ keywords: ["audit log reviews", "anomalies", "abnormal events", "threat", "weekly", "reviews"],
3254
+ systemPrompt: {
3255
+ role: "audit_log_review_expert",
3256
+ context: "You are evaluating audit log review solutions against CIS Control 8.11 requirements for weekly audit log reviews to detect anomalies and threats.",
3257
+ objective: "Determine if a vendor solution provides comprehensive audit log review capabilities for anomaly and threat detection.",
3258
+ guidelines: [
3259
+ "Verify audit log review capabilities for anomaly detection",
3260
+ "Confirm weekly or more frequent review scheduling",
3261
+ "Validate abnormal event detection and potential threat identification",
3262
+ "Assess log analytics and automated review capabilities",
3263
+ "Review threat detection algorithms and alert mechanisms",
3264
+ "Check review workflow integration and analyst productivity tools"
3265
+ ],
3266
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3267
+ }
2312
3268
  },
2313
3269
  "8.12": {
2314
3270
  id: "8.12",
@@ -2335,7 +3291,21 @@ export class SafeguardManager {
2335
3291
  "secure configuration policy/process"
2336
3292
  ],
2337
3293
  relatedSafeguards: ["8.1", "8.11", "15.1"],
2338
- keywords: ["service provider logs", "authentication", "authorization", "data creation", "disposal", "user management"]
3294
+ keywords: ["service provider logs", "authentication", "authorization", "data creation", "disposal", "user management"],
3295
+ systemPrompt: {
3296
+ role: "service_provider_log_collection_expert",
3297
+ context: "You are evaluating service provider log collection solutions against CIS Control 8.12 requirements for collecting service provider logs where supported.",
3298
+ objective: "Determine if a vendor solution provides comprehensive service provider log collection capabilities including authentication, authorization, and data events.",
3299
+ guidelines: [
3300
+ "Verify service provider log collection capabilities where supported",
3301
+ "Confirm authentication and authorization event logging",
3302
+ "Validate data creation, disposal, and user management event capture",
3303
+ "Assess log analytics and centralization tool integration",
3304
+ "Review secure configuration policy and process compliance",
3305
+ "Check third-party service provider log aggregation and API integration"
3306
+ ],
3307
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3308
+ }
2339
3309
  },
2340
3310
  "10.1": {
2341
3311
  id: "10.1",
@@ -2370,7 +3340,21 @@ export class SafeguardManager {
2370
3340
  "security software management"
2371
3341
  ],
2372
3342
  relatedSafeguards: ["4.1", "10.2", "10.4", "10.6", "10.7", "13.5"],
2373
- keywords: ["deploy", "maintain", "anti-malware", "software", "enterprise", "assets", "endpoint", "protection"]
3343
+ keywords: ["deploy", "maintain", "anti-malware", "software", "enterprise", "assets", "endpoint", "protection"],
3344
+ systemPrompt: {
3345
+ role: "endpoint_security_anti_malware_expert",
3346
+ context: "You are evaluating anti-malware solutions against CIS Control 10.1 requirements for deploying and maintaining anti-malware software on all enterprise assets.",
3347
+ objective: "Determine if a vendor solution provides comprehensive anti-malware software deployment and maintenance capabilities across all enterprise assets.",
3348
+ guidelines: [
3349
+ "Verify anti-malware software deployment capabilities and coverage",
3350
+ "Confirm maintenance and update management for anti-malware software",
3351
+ "Validate comprehensive enterprise asset protection and coverage",
3352
+ "Assess malware detection capabilities and effectiveness",
3353
+ "Review endpoint protection platform integration and management",
3354
+ "Check security software management and centralized administration"
3355
+ ],
3356
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3357
+ }
2374
3358
  },
2375
3359
  "10.2": {
2376
3360
  id: "10.2",
@@ -2404,7 +3388,21 @@ export class SafeguardManager {
2404
3388
  "update scheduling tools"
2405
3389
  ],
2406
3390
  relatedSafeguards: ["10.1"],
2407
- keywords: ["configure", "automatic", "updates", "signature", "files", "anti-malware", "enterprise", "assets"]
3391
+ keywords: ["configure", "automatic", "updates", "signature", "files", "anti-malware", "enterprise", "assets"],
3392
+ systemPrompt: {
3393
+ role: "anti_malware_signature_management_expert",
3394
+ context: "You are evaluating anti-malware signature update solutions against CIS Control 10.2 requirements for configuring automatic updates for anti-malware signature files on all enterprise assets.",
3395
+ objective: "Determine if a vendor solution provides comprehensive automatic anti-malware signature update capabilities across all enterprise assets.",
3396
+ guidelines: [
3397
+ "Verify automatic update configuration capabilities and reliability",
3398
+ "Confirm anti-malware signature file management and distribution",
3399
+ "Validate comprehensive enterprise asset coverage for updates",
3400
+ "Assess signature currency maintenance and update frequency",
3401
+ "Review centralized update management and scheduling systems",
3402
+ "Check signature distribution mechanisms and update verification"
3403
+ ],
3404
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3405
+ }
2408
3406
  },
2409
3407
  "10.3": {
2410
3408
  id: "10.3",
@@ -2439,7 +3437,21 @@ export class SafeguardManager {
2439
3437
  "secure configuration policy/process"
2440
3438
  ],
2441
3439
  relatedSafeguards: ["4.1"],
2442
- keywords: ["disable", "autorun", "autoplay", "auto-execute", "removable", "media", "configuration"]
3440
+ keywords: ["disable", "autorun", "autoplay", "auto-execute", "removable", "media", "configuration"],
3441
+ systemPrompt: {
3442
+ role: "removable_media_security_expert",
3443
+ context: "You are evaluating removable media security solutions against CIS Control 10.3 requirements for disabling autorun and autoplay auto-execute functionality for removable media.",
3444
+ objective: "Determine if a vendor solution provides comprehensive autorun and autoplay disabling capabilities to prevent auto-execute functionality on removable media.",
3445
+ guidelines: [
3446
+ "Verify autorun functionality disabling capabilities and enforcement",
3447
+ "Confirm autoplay functionality disabling and auto-execute prevention",
3448
+ "Validate comprehensive removable media security controls",
3449
+ "Assess configuration management and policy enforcement tools",
3450
+ "Review group policy settings and registry modification capabilities",
3451
+ "Check secure configuration policy implementation and process management"
3452
+ ],
3453
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3454
+ }
2443
3455
  },
2444
3456
  "10.4": {
2445
3457
  id: "10.4",
@@ -2473,7 +3485,21 @@ export class SafeguardManager {
2473
3485
  "automated threat detection"
2474
3486
  ],
2475
3487
  relatedSafeguards: ["10.1"],
2476
- keywords: ["configure", "anti-malware", "software", "automatically", "scan", "removable", "media"]
3488
+ keywords: ["configure", "anti-malware", "software", "automatically", "scan", "removable", "media"],
3489
+ systemPrompt: {
3490
+ role: "anti_malware_scanning_configuration_expert",
3491
+ context: "You are evaluating anti-malware scanning solutions against CIS Control 10.4 requirements for configuring anti-malware software to automatically scan removable media.",
3492
+ objective: "Determine if a vendor solution provides comprehensive anti-malware configuration capabilities for automatic removable media scanning.",
3493
+ guidelines: [
3494
+ "Verify anti-malware software configuration capabilities for removable media",
3495
+ "Confirm automatic scanning configuration and policy enforcement",
3496
+ "Validate comprehensive removable media protection and malware detection",
3497
+ "Assess scanning policy management and automated threat detection",
3498
+ "Review endpoint scanning policies and media scanning tools integration",
3499
+ "Check anti-malware software configuration policy and process effectiveness"
3500
+ ],
3501
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3502
+ }
2477
3503
  },
2478
3504
  "10.5": {
2479
3505
  id: "10.5",
@@ -2509,7 +3535,21 @@ export class SafeguardManager {
2509
3535
  "configuration management tool"
2510
3536
  ],
2511
3537
  relatedSafeguards: ["4.1"],
2512
- keywords: ["enable", "anti-exploitation", "features", "enterprise", "assets", "software", "DEP", "WDEG", "SIP", "gatekeeper"]
3538
+ keywords: ["enable", "anti-exploitation", "features", "enterprise", "assets", "software", "DEP", "WDEG", "SIP", "gatekeeper"],
3539
+ systemPrompt: {
3540
+ role: "anti_exploitation_security_expert",
3541
+ context: "You are evaluating anti-exploitation solutions against CIS Control 10.5 requirements for enabling anti-exploitation features on enterprise assets and software, including DEP, WDEG, SIP, and Gatekeeper.",
3542
+ objective: "Determine if a vendor solution provides comprehensive anti-exploitation feature enablement capabilities across enterprise assets and software platforms.",
3543
+ guidelines: [
3544
+ "Verify anti-exploitation feature enablement capabilities and coverage",
3545
+ "Confirm enterprise asset and software protection implementation",
3546
+ "Validate exploit prevention mechanisms and effectiveness",
3547
+ "Assess platform-specific anti-exploitation features (DEP, WDEG, SIP, Gatekeeper)",
3548
+ "Review configuration management tools and security policy enforcement",
3549
+ "Check compatibility and implementation feasibility across different platforms"
3550
+ ],
3551
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3552
+ }
2513
3553
  },
2514
3554
  "10.6": {
2515
3555
  id: "10.6",
@@ -2541,7 +3581,21 @@ export class SafeguardManager {
2541
3581
  "enterprise security tools"
2542
3582
  ],
2543
3583
  relatedSafeguards: ["10.1"],
2544
- keywords: ["centrally", "manage", "anti-malware", "software", "centralized", "management"]
3584
+ keywords: ["centrally", "manage", "anti-malware", "software", "centralized", "management"],
3585
+ systemPrompt: {
3586
+ role: "centralized_anti_malware_management_expert",
3587
+ context: "You are evaluating centralized anti-malware management solutions against CIS Control 10.6 requirements for centrally managing anti-malware software across the enterprise.",
3588
+ objective: "Determine if a vendor solution provides comprehensive centralized anti-malware software management capabilities with centralized control and governance.",
3589
+ guidelines: [
3590
+ "Verify centralized anti-malware management capabilities and infrastructure",
3591
+ "Confirm centralized management process implementation and effectiveness",
3592
+ "Validate anti-malware software governance and policy enforcement",
3593
+ "Assess management infrastructure scalability and reliability",
3594
+ "Review centralized management platforms and security management consoles",
3595
+ "Check enterprise security tools integration and centralized control features"
3596
+ ],
3597
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3598
+ }
2545
3599
  },
2546
3600
  "10.7": {
2547
3601
  id: "10.7",
@@ -2574,7 +3628,21 @@ export class SafeguardManager {
2574
3628
  "machine learning security"
2575
3629
  ],
2576
3630
  relatedSafeguards: ["10.1"],
2577
- keywords: ["use", "behavior-based", "anti-malware", "software", "behavioral", "analysis", "advanced", "detection"]
3631
+ keywords: ["use", "behavior-based", "anti-malware", "software", "behavioral", "analysis", "advanced", "detection"],
3632
+ systemPrompt: {
3633
+ role: "behavioral_anti_malware_analysis_expert",
3634
+ context: "You are evaluating behavior-based anti-malware solutions against CIS Control 10.7 requirements for using behavior-based anti-malware software with advanced threat detection capabilities.",
3635
+ objective: "Determine if a vendor solution provides comprehensive behavior-based anti-malware software capabilities with behavioral analysis and dynamic threat identification.",
3636
+ guidelines: [
3637
+ "Verify behavior-based anti-malware software implementation and effectiveness",
3638
+ "Confirm behavioral analysis capabilities and advanced threat detection",
3639
+ "Validate dynamic threat identification and behavior-based protection",
3640
+ "Assess advanced malware detection accuracy and false positive management",
3641
+ "Review behavioral analysis tools and machine learning security integration",
3642
+ "Check advanced endpoint detection capabilities and threat response mechanisms"
3643
+ ],
3644
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3645
+ }
2578
3646
  },
2579
3647
  "11.1": {
2580
3648
  id: "11.1",
@@ -2613,7 +3681,21 @@ export class SafeguardManager {
2613
3681
  "backup and recovery strategy"
2614
3682
  ],
2615
3683
  relatedSafeguards: ["3.2", "3.4", "3.5", "3.8", "11.2", "11.3", "11.4", "11.5"],
2616
- keywords: ["establish", "maintain", "documented", "data", "recovery", "process", "backup", "prioritization"]
3684
+ keywords: ["establish", "maintain", "documented", "data", "recovery", "process", "backup", "prioritization"],
3685
+ systemPrompt: {
3686
+ role: "data_recovery_governance_expert",
3687
+ context: "You are evaluating data recovery governance solutions against CIS Control 11.1 requirements for establishing and maintaining a documented data recovery process with scope, prioritization, and backup security considerations.",
3688
+ objective: "Determine if a vendor solution provides comprehensive data recovery process documentation, governance, and management capabilities including annual reviews and change management.",
3689
+ guidelines: [
3690
+ "Verify documented data recovery process establishment and maintenance",
3691
+ "Confirm scope of data recovery activities and recovery prioritization",
3692
+ "Validate security of backup data and protection mechanisms",
3693
+ "Assess annual documentation review and update processes",
3694
+ "Review business continuity documentation and recovery procedures",
3695
+ "Check change management for significant enterprise changes impacting recovery"
3696
+ ],
3697
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3698
+ }
2617
3699
  },
2618
3700
  "11.2": {
2619
3701
  id: "11.2",
@@ -2650,7 +3732,21 @@ export class SafeguardManager {
2650
3732
  "enterprise backup solutions"
2651
3733
  ],
2652
3734
  relatedSafeguards: ["1.1", "2.1", "11.1"],
2653
- keywords: ["perform", "automated", "backups", "enterprise", "assets", "weekly", "frequency", "sensitivity"]
3735
+ keywords: ["perform", "automated", "backups", "enterprise", "assets", "weekly", "frequency", "sensitivity"],
3736
+ systemPrompt: {
3737
+ role: "automated_backup_systems_expert",
3738
+ context: "You are evaluating automated backup solutions against CIS Control 11.2 requirements for performing automated backups of in-scope enterprise assets with weekly or more frequent schedules based on data sensitivity.",
3739
+ objective: "Determine if a vendor solution provides comprehensive automated backup capabilities with appropriate frequency scheduling and enterprise asset coverage.",
3740
+ guidelines: [
3741
+ "Verify automated backup performance and enterprise asset coverage",
3742
+ "Confirm backup frequency requirements (weekly or more frequent)",
3743
+ "Validate data sensitivity-based backup scheduling and prioritization",
3744
+ "Assess in-scope enterprise asset identification and backup coverage",
3745
+ "Review backup scheduling software and automated backup system reliability",
3746
+ "Check enterprise backup solution scalability and management features"
3747
+ ],
3748
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3749
+ }
2654
3750
  },
2655
3751
  "11.3": {
2656
3752
  id: "11.3",
@@ -2686,7 +3782,21 @@ export class SafeguardManager {
2686
3782
  "data separation technologies"
2687
3783
  ],
2688
3784
  relatedSafeguards: ["3.3", "3.10", "3.11", "11.1"],
2689
- keywords: ["protect", "recovery", "data", "equivalent", "controls", "encryption", "separation", "requirements"]
3785
+ keywords: ["protect", "recovery", "data", "equivalent", "controls", "encryption", "separation", "requirements"],
3786
+ systemPrompt: {
3787
+ role: "backup_data_protection_expert",
3788
+ context: "You are evaluating backup data protection solutions against CIS Control 11.3 requirements for protecting recovery data with equivalent controls to the original data, including encryption or data separation based on requirements.",
3789
+ objective: "Determine if a vendor solution provides comprehensive recovery data protection capabilities with equivalent controls, encryption, and data separation mechanisms.",
3790
+ guidelines: [
3791
+ "Verify recovery data protection implementation and equivalent controls",
3792
+ "Confirm original data protection parity and control equivalence",
3793
+ "Validate encryption capabilities for backup data protection",
3794
+ "Assess data separation technologies and implementation options",
3795
+ "Review backup encryption systems and secure backup storage solutions",
3796
+ "Check requirements-based implementation flexibility and compliance"
3797
+ ],
3798
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3799
+ }
2690
3800
  },
2691
3801
  "11.4": {
2692
3802
  id: "11.4",
@@ -2725,7 +3835,21 @@ export class SafeguardManager {
2725
3835
  "version controlling backup destinations"
2726
3836
  ],
2727
3837
  relatedSafeguards: ["11.1"],
2728
- keywords: ["establish", "maintain", "isolated", "instance", "recovery", "data", "offline", "cloud", "off-site"]
3838
+ keywords: ["establish", "maintain", "isolated", "instance", "recovery", "data", "offline", "cloud", "off-site"],
3839
+ systemPrompt: {
3840
+ role: "isolated_backup_recovery_expert",
3841
+ context: "You are evaluating isolated backup recovery solutions against CIS Control 11.4 requirements for establishing and maintaining an isolated instance of recovery data with version controlling backup destinations through offline, cloud, or off-site systems.",
3842
+ objective: "Determine if a vendor solution provides comprehensive isolated recovery data capabilities with backup destination control and implementation flexibility.",
3843
+ guidelines: [
3844
+ "Verify isolated instance of recovery data establishment and maintenance",
3845
+ "Confirm version controlling backup destinations and destination management",
3846
+ "Validate offline, cloud, and off-site implementation options",
3847
+ "Assess recovery data isolation effectiveness and security",
3848
+ "Review backup destination control mechanisms and flexibility",
3849
+ "Check off-site storage solutions and cloud backup service integration"
3850
+ ],
3851
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3852
+ }
2729
3853
  },
2730
3854
  "11.5": {
2731
3855
  id: "11.5",
@@ -2760,7 +3884,21 @@ export class SafeguardManager {
2760
3884
  "backup validation systems"
2761
3885
  ],
2762
3886
  relatedSafeguards: ["11.1"],
2763
- keywords: ["test", "backup", "recovery", "quarterly", "frequently", "sampling", "enterprise", "assets"]
3887
+ keywords: ["test", "backup", "recovery", "quarterly", "frequently", "sampling", "enterprise", "assets"],
3888
+ systemPrompt: {
3889
+ role: "backup_recovery_testing_expert",
3890
+ context: "You are evaluating backup recovery testing solutions against CIS Control 11.5 requirements for testing backup recovery quarterly or more frequently for a sampling of in-scope enterprise assets.",
3891
+ objective: "Determine if a vendor solution provides comprehensive backup recovery testing capabilities with appropriate frequency and enterprise asset sampling.",
3892
+ guidelines: [
3893
+ "Verify backup recovery testing implementation and quarterly frequency",
3894
+ "Confirm in-scope enterprise asset sampling and selection methods",
3895
+ "Validate recovery validation processes and testing effectiveness",
3896
+ "Assess testing frequency management and scheduling capabilities",
3897
+ "Review recovery testing procedures and backup validation systems",
3898
+ "Check data recovery testing automation and reporting features"
3899
+ ],
3900
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3901
+ }
2764
3902
  },
2765
3903
  "12.1": {
2766
3904
  id: "12.1",
@@ -2798,7 +3936,21 @@ export class SafeguardManager {
2798
3936
  "network-as-a-service platforms"
2799
3937
  ],
2800
3938
  relatedSafeguards: ["4.2", "7.3"],
2801
- keywords: ["ensure", "network", "infrastructure", "up-to-date", "software", "versions", "monthly", "NaaS"]
3939
+ keywords: ["ensure", "network", "infrastructure", "up-to-date", "software", "versions", "monthly", "NaaS"],
3940
+ systemPrompt: {
3941
+ role: "network_infrastructure_management_expert",
3942
+ context: "You are evaluating network infrastructure management solutions against CIS Control 12.1 requirements for ensuring network infrastructure is kept up-to-date with latest stable software releases and supported NaaS offerings.",
3943
+ objective: "Determine if a vendor solution provides comprehensive network infrastructure update management with monthly software version reviews and support verification.",
3944
+ guidelines: [
3945
+ "Verify network infrastructure up-to-date maintenance capabilities",
3946
+ "Confirm latest stable software release management and deployment",
3947
+ "Validate currently supported network-as-a-service offering utilization",
3948
+ "Assess monthly software version review processes and frequency",
3949
+ "Review automated patching tools and network management systems",
3950
+ "Check software support verification and maintenance tracking"
3951
+ ],
3952
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
3953
+ }
2802
3954
  },
2803
3955
  "12.2": {
2804
3956
  id: "12.2",
@@ -2837,7 +3989,21 @@ export class SafeguardManager {
2837
3989
  "network architecture tools"
2838
3990
  ],
2839
3991
  relatedSafeguards: ["3.3", "3.10", "4.2", "12.4", "13.3", "13.4", "13.6", "13.8", "13.9", "13.10"],
2840
- keywords: ["establish", "maintain", "secure", "network", "architecture", "segmentation", "least", "privilege", "availability"]
3992
+ keywords: ["establish", "maintain", "secure", "network", "architecture", "segmentation", "least", "privilege", "availability"],
3993
+ systemPrompt: {
3994
+ role: "network_architecture_security_expert",
3995
+ context: "You are evaluating secure network architecture solutions against CIS Control 12.2 requirements for designing and maintaining secure network architecture with segmentation, least privilege, and availability considerations.",
3996
+ objective: "Determine if a vendor solution provides comprehensive secure network architecture capabilities including segmentation, least privilege implementation, and availability management.",
3997
+ guidelines: [
3998
+ "Verify secure network architecture design and maintenance capabilities",
3999
+ "Confirm network segmentation implementation and effectiveness",
4000
+ "Validate least privilege network access controls and enforcement",
4001
+ "Assess availability management and resilience features",
4002
+ "Review network architecture documentation, policy, and design components",
4003
+ "Check secure network management tools and architecture frameworks"
4004
+ ],
4005
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4006
+ }
2841
4007
  },
2842
4008
  "12.3": {
2843
4009
  id: "12.3",
@@ -2873,7 +4039,21 @@ export class SafeguardManager {
2873
4039
  "secure protocol implementations"
2874
4040
  ],
2875
4041
  relatedSafeguards: ["4.2", "12.6"],
2876
- keywords: ["securely", "manage", "network", "infrastructure", "version-controlled", "SSH", "HTTPS", "protocols"]
4042
+ keywords: ["securely", "manage", "network", "infrastructure", "version-controlled", "SSH", "HTTPS", "protocols"],
4043
+ systemPrompt: {
4044
+ role: "network_infrastructure_security_management_expert",
4045
+ context: "You are evaluating network infrastructure security management solutions against CIS Control 12.3 requirements for securely managing network infrastructure with version-controlled infrastructure-as-code and secure network protocols like SSH and HTTPS.",
4046
+ objective: "Determine if a vendor solution provides comprehensive secure network infrastructure management capabilities including infrastructure-as-code and secure protocol implementation.",
4047
+ guidelines: [
4048
+ "Verify secure network infrastructure management capabilities and practices",
4049
+ "Confirm version-controlled infrastructure-as-code implementation and management",
4050
+ "Validate secure network protocol usage (SSH, HTTPS) and enforcement",
4051
+ "Assess infrastructure security controls and management frameworks",
4052
+ "Review network management and monitoring tools integration",
4053
+ "Check secure protocol implementation and infrastructure automation"
4054
+ ],
4055
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4056
+ }
2877
4057
  },
2878
4058
  "12.4": {
2879
4059
  id: "12.4",
@@ -2910,7 +4090,21 @@ export class SafeguardManager {
2910
4090
  "architecture visualization tools"
2911
4091
  ],
2912
4092
  relatedSafeguards: ["3.8", "4.2", "12.2"],
2913
- keywords: ["establish", "maintain", "architecture", "diagrams", "documentation", "annually", "enterprise", "changes"]
4093
+ keywords: ["establish", "maintain", "architecture", "diagrams", "documentation", "annually", "enterprise", "changes"],
4094
+ systemPrompt: {
4095
+ role: "network_architecture_documentation_expert",
4096
+ context: "You are evaluating network architecture documentation solutions against CIS Control 12.4 requirements for establishing and maintaining architecture diagrams and network system documentation with annual reviews and change management.",
4097
+ objective: "Determine if a vendor solution provides comprehensive network architecture documentation capabilities including diagramming, documentation management, and regular updates.",
4098
+ guidelines: [
4099
+ "Verify architecture diagram establishment and maintenance capabilities",
4100
+ "Confirm network system documentation management and organization",
4101
+ "Validate annual documentation review and update processes",
4102
+ "Assess change management for significant enterprise changes",
4103
+ "Review network architecture diagramming tools and visualization systems",
4104
+ "Check documentation management systems and version control features"
4105
+ ],
4106
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4107
+ }
2914
4108
  },
2915
4109
  "12.5": {
2916
4110
  id: "12.5",
@@ -2945,7 +4139,21 @@ export class SafeguardManager {
2945
4139
  "centralized authentication systems"
2946
4140
  ],
2947
4141
  relatedSafeguards: ["4.2", "5.6", "6.7", "8.9", "12.6", "12.7"],
2948
- keywords: ["centralize", "network", "AAA", "authentication", "authorization", "auditing"]
4142
+ keywords: ["centralize", "network", "AAA", "authentication", "authorization", "auditing"],
4143
+ systemPrompt: {
4144
+ role: "network_aaa_centralization_expert",
4145
+ context: "You are evaluating network AAA centralization solutions against CIS Control 12.5 requirements for centralizing network authentication, authorization, and auditing (AAA) functions.",
4146
+ objective: "Determine if a vendor solution provides comprehensive centralized network AAA capabilities with authentication, authorization, and auditing integration.",
4147
+ guidelines: [
4148
+ "Verify centralized network AAA implementation and effectiveness",
4149
+ "Confirm network authentication centralization and management",
4150
+ "Validate authorization controls and centralized access management",
4151
+ "Assess auditing capabilities and centralized logging integration",
4152
+ "Review AAA servers and centralized authentication systems",
4153
+ "Check identity and access management tool integration and AAA functionality"
4154
+ ],
4155
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4156
+ }
2949
4157
  },
2950
4158
  "12.6": {
2951
4159
  id: "12.6",
@@ -2981,7 +4189,21 @@ export class SafeguardManager {
2981
4189
  "secure protocol implementations"
2982
4190
  ],
2983
4191
  relatedSafeguards: ["12.3", "12.5"],
2984
- keywords: ["use", "secure", "network", "management", "communication", "protocols", "802.1X", "WPA2", "enterprise"]
4192
+ keywords: ["use", "secure", "network", "management", "communication", "protocols", "802.1X", "WPA2", "enterprise"],
4193
+ systemPrompt: {
4194
+ role: "secure_network_protocol_expert",
4195
+ context: "You are evaluating secure network management and communication protocol solutions against CIS Control 12.6 requirements for implementing enterprise-grade secure protocols.",
4196
+ objective: "Determine if a vendor solution provides comprehensive secure network management and communication protocol capabilities including 802.1X and WPA2 Enterprise or greater.",
4197
+ guidelines: [
4198
+ "Verify secure network management protocol implementation",
4199
+ "Confirm secure communication protocol deployment (802.1X, WPA2 Enterprise+)",
4200
+ "Validate enterprise-grade security protocol capabilities",
4201
+ "Assess secure protocol implementation and configuration",
4202
+ "Review network security policy and process integration",
4203
+ "Check wireless security and authentication system compatibility"
4204
+ ],
4205
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4206
+ }
2985
4207
  },
2986
4208
  "12.7": {
2987
4209
  id: "12.7",
@@ -3017,7 +4239,21 @@ export class SafeguardManager {
3017
4239
  "AAA integration systems"
3018
4240
  ],
3019
4241
  relatedSafeguards: ["6.4", "12.5"],
3020
- keywords: ["require", "users", "authenticate", "enterprise-managed", "VPN", "authentication", "services", "devices"]
4242
+ keywords: ["require", "users", "authenticate", "enterprise-managed", "VPN", "authentication", "services", "devices"],
4243
+ systemPrompt: {
4244
+ role: "remote_access_vpn_expert",
4245
+ context: "You are evaluating remote access VPN and AAA integration solutions against CIS Control 12.7 requirements for ensuring remote devices utilize enterprise-managed VPN and authentication.",
4246
+ objective: "Determine if a vendor solution provides comprehensive remote device VPN requirements and AAA infrastructure integration for enterprise resource access.",
4247
+ guidelines: [
4248
+ "Verify enterprise-managed VPN deployment and user authentication requirements",
4249
+ "Confirm AAA infrastructure integration and authentication services",
4250
+ "Validate remote device access control and enterprise resource protection",
4251
+ "Assess VPN and authentication service integration capabilities",
4252
+ "Review secure network management policy and VPN tool compatibility",
4253
+ "Check end-user device authentication and access control systems"
4254
+ ],
4255
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4256
+ }
3021
4257
  },
3022
4258
  "12.8": {
3023
4259
  id: "12.8",
@@ -3055,7 +4291,21 @@ export class SafeguardManager {
3055
4291
  "administrative isolation systems"
3056
4292
  ],
3057
4293
  relatedSafeguards: ["1.1", "5.1"],
3058
- keywords: ["establish", "maintain", "dedicated", "computing", "resources", "administrative", "work", "segmented", "SAW"]
4294
+ keywords: ["establish", "maintain", "dedicated", "computing", "resources", "administrative", "work", "segmented", "SAW"],
4295
+ systemPrompt: {
4296
+ role: "secure_admin_workstation_expert",
4297
+ context: "You are evaluating secure administrative workstation (SAW) solutions against CIS Control 12.8 requirements for establishing dedicated computing resources for administrative work.",
4298
+ objective: "Determine if a vendor solution provides comprehensive dedicated computing resources for administrative tasks with proper network segmentation and internet access restrictions.",
4299
+ guidelines: [
4300
+ "Verify dedicated computing resource establishment and maintenance for administrative work",
4301
+ "Confirm administrative task isolation and access separation capabilities",
4302
+ "Validate network segmentation from enterprise primary network",
4303
+ "Assess internet access restriction and administrative isolation systems",
4304
+ "Review secure network management policy and SAW implementation",
4305
+ "Check administrative workstation security and separation tools"
4306
+ ],
4307
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4308
+ }
3059
4309
  },
3060
4310
 
3061
4311
  // Control 13: Network Monitoring and Defense
@@ -3092,7 +4342,21 @@ export class SafeguardManager {
3092
4342
  "event correlation engines"
3093
4343
  ],
3094
4344
  relatedSafeguards: ["8.1", "8.2", "8.11", "13.2", "13.3", "13.11"],
3095
- keywords: ["centralize", "security", "event", "alerting", "log", "correlation", "analysis", "exploitation"]
4345
+ keywords: ["centralize", "security", "event", "alerting", "log", "correlation", "analysis", "exploitation"],
4346
+ systemPrompt: {
4347
+ role: "security_event_alerting_expert",
4348
+ context: "You are evaluating security event alerting and correlation solutions against CIS Control 13.1 requirements for centralizing security event alerting across enterprise assets.",
4349
+ objective: "Determine if a vendor solution provides comprehensive centralized security event alerting with log correlation and analysis capabilities for detecting active exploitation attempts.",
4350
+ guidelines: [
4351
+ "Verify centralized security event alerting across all enterprise assets",
4352
+ "Confirm log correlation and analysis capabilities",
4353
+ "Validate active exploitation attempt detection and monitoring",
4354
+ "Assess SIEM/SOAR integration and event management systems",
4355
+ "Review security information correlation and automated response",
4356
+ "Check enterprise-wide security event coverage and alerting"
4357
+ ],
4358
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4359
+ }
3096
4360
  },
3097
4361
  "13.2": {
3098
4362
  id: "13.2",
@@ -3124,7 +4388,21 @@ export class SafeguardManager {
3124
4388
  "behavioral analysis tools"
3125
4389
  ],
3126
4390
  relatedSafeguards: ["1.1", "13.1", "13.3", "13.7"],
3127
- keywords: ["deploy", "host-based", "intrusion", "detection", "solution", "enterprise", "assets"]
4391
+ keywords: ["deploy", "host-based", "intrusion", "detection", "solution", "enterprise", "assets"],
4392
+ systemPrompt: {
4393
+ role: "host_intrusion_detection_expert",
4394
+ context: "You are evaluating host-based intrusion detection solutions against CIS Control 13.2 requirements for deploying HIDS on enterprise assets where technically feasible.",
4395
+ objective: "Determine if a vendor solution provides comprehensive host-based intrusion detection capabilities for enterprise asset deployment and protection.",
4396
+ guidelines: [
4397
+ "Verify host-based intrusion detection solution deployment capabilities",
4398
+ "Confirm enterprise asset coverage where technically feasible",
4399
+ "Validate HIDS/EDR functionality and behavioral analysis",
4400
+ "Assess technical feasibility assessment and deployment planning",
4401
+ "Review host-based security monitoring and detection capabilities",
4402
+ "Check endpoint protection and response integration systems"
4403
+ ],
4404
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4405
+ }
3128
4406
  },
3129
4407
  "13.3": {
3130
4408
  id: "13.3",
@@ -3156,7 +4434,21 @@ export class SafeguardManager {
3156
4434
  "industry-specific threat feeds"
3157
4435
  ],
3158
4436
  relatedSafeguards: ["13.1", "13.2", "13.8"],
3159
- keywords: ["deploy", "network", "intrusion", "detection", "solution", "ruleset", "threats", "industry"]
4437
+ keywords: ["deploy", "network", "intrusion", "detection", "solution", "ruleset", "threats", "industry"],
4438
+ systemPrompt: {
4439
+ role: "network_intrusion_detection_expert",
4440
+ context: "You are evaluating network intrusion detection solutions against CIS Control 13.3 requirements for deploying NIDS with industry-specific threat-tuned rulesets.",
4441
+ objective: "Determine if a vendor solution provides comprehensive network intrusion detection with threat rulesets tuned for the enterprise's industry sector.",
4442
+ guidelines: [
4443
+ "Verify network intrusion detection solution deployment capabilities",
4444
+ "Confirm threat-tuned rulesets for industry-specific threats",
4445
+ "Validate industry sector threat focus and intelligence integration",
4446
+ "Assess NIDS configuration and threat feed integration",
4447
+ "Review network security monitoring and threat detection capabilities",
4448
+ "Check industry-specific threat intelligence and rule customization"
4449
+ ],
4450
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4451
+ }
3160
4452
  },
3161
4453
  "13.4": {
3162
4454
  id: "13.4",
@@ -3186,7 +4478,21 @@ export class SafeguardManager {
3186
4478
  "software-defined perimeter"
3187
4479
  ],
3188
4480
  relatedSafeguards: ["12.2", "12.3", "13.9"],
3189
- keywords: ["perform", "traffic", "filtering", "network", "segments", "technically", "feasible"]
4481
+ keywords: ["perform", "traffic", "filtering", "network", "segments", "technically", "feasible"],
4482
+ systemPrompt: {
4483
+ role: "network_traffic_filtering_expert",
4484
+ context: "You are evaluating network traffic filtering solutions against CIS Control 13.4 requirements for performing traffic filtering between network segments where technically feasible.",
4485
+ objective: "Determine if a vendor solution provides comprehensive traffic filtering capabilities between network segments with technical feasibility assessment.",
4486
+ guidelines: [
4487
+ "Verify traffic filtering capabilities between network segments",
4488
+ "Confirm network segmentation controls and micro-segmentation",
4489
+ "Validate technical feasibility assessment for filtering implementation",
4490
+ "Assess network firewall and access control capabilities",
4491
+ "Review software-defined perimeter and network access control",
4492
+ "Check network security architecture and segmentation tools"
4493
+ ],
4494
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4495
+ }
3190
4496
  },
3191
4497
  "13.5": {
3192
4498
  id: "13.5",
@@ -3221,7 +4527,21 @@ export class SafeguardManager {
3221
4527
  "posture assessment tools"
3222
4528
  ],
3223
4529
  relatedSafeguards: ["6.1", "10.1", "10.7", "12.1", "13.2"],
3224
- keywords: ["manage", "access", "control", "remote", "assets", "connecting", "enterprise", "networks"]
4530
+ keywords: ["manage", "access", "control", "remote", "assets", "connecting", "enterprise", "networks"],
4531
+ systemPrompt: {
4532
+ role: "remote_access_control_expert",
4533
+ context: "You are evaluating remote access control solutions against CIS Control 13.5 requirements for managing access control for assets remotely connecting to enterprise networks based on security posture.",
4534
+ objective: "Determine if a vendor solution provides comprehensive remote asset access control based on security posture including anti-malware, patches, firewalls, and intrusion detection/prevention.",
4535
+ guidelines: [
4536
+ "Verify remote asset access control management capabilities",
4537
+ "Confirm security posture-based access determination (anti-malware, patches, firewall, IDS/IPS)",
4538
+ "Validate network access control (NAC) and zero trust capabilities",
4539
+ "Assess device compliance checking and posture assessment tools",
4540
+ "Review remote connection management and enterprise network protection",
4541
+ "Check up-to-date security control verification and access enforcement"
4542
+ ],
4543
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4544
+ }
3225
4545
  },
3226
4546
  "13.6": {
3227
4547
  id: "13.6",
@@ -3252,7 +4572,21 @@ export class SafeguardManager {
3252
4572
  "traffic analysis platforms"
3253
4573
  ],
3254
4574
  relatedSafeguards: ["8.5", "13.1", "13.3"],
3255
- keywords: ["collect", "network", "traffic", "flow", "logs", "review", "alert"]
4575
+ keywords: ["collect", "network", "traffic", "flow", "logs", "review", "alert"],
4576
+ systemPrompt: {
4577
+ role: "network_traffic_monitoring_expert",
4578
+ context: "You are evaluating network traffic flow monitoring solutions against CIS Control 13.6 requirements for collecting network traffic flow logs and traffic for review and alerting.",
4579
+ objective: "Determine if a vendor solution provides comprehensive network traffic flow log collection and monitoring capabilities for review and alerting purposes.",
4580
+ guidelines: [
4581
+ "Verify network traffic flow log collection capabilities",
4582
+ "Confirm network traffic monitoring and capture systems",
4583
+ "Validate review and alerting capabilities for traffic analysis",
4584
+ "Assess network flow analyzers and packet capture systems",
4585
+ "Review traffic analysis platforms and monitoring tools",
4586
+ "Check network security monitoring and flow-based detection"
4587
+ ],
4588
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4589
+ }
3256
4590
  },
3257
4591
  "13.7": {
3258
4592
  id: "13.7",
@@ -3284,7 +4618,21 @@ export class SafeguardManager {
3284
4618
  "automated threat response"
3285
4619
  ],
3286
4620
  relatedSafeguards: ["13.2", "13.8"],
3287
- keywords: ["deploy", "host-based", "intrusion", "prevention", "solution", "enterprise", "assets"]
4621
+ keywords: ["deploy", "host-based", "intrusion", "prevention", "solution", "enterprise", "assets"],
4622
+ systemPrompt: {
4623
+ role: "host_intrusion_prevention_expert",
4624
+ context: "You are evaluating host-based intrusion prevention solutions against CIS Control 13.7 requirements for deploying HIPS on enterprise assets where technically feasible.",
4625
+ objective: "Determine if a vendor solution provides comprehensive host-based intrusion prevention capabilities for enterprise asset deployment and automated threat response.",
4626
+ guidelines: [
4627
+ "Verify host-based intrusion prevention solution deployment capabilities",
4628
+ "Confirm enterprise asset coverage where technically feasible",
4629
+ "Validate HIPS/EPP functionality and behavioral blocking systems",
4630
+ "Assess automated threat response and prevention capabilities",
4631
+ "Review endpoint protection platforms and response automation",
4632
+ "Check real-time threat prevention and blocking systems"
4633
+ ],
4634
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4635
+ }
3288
4636
  },
3289
4637
  "13.8": {
3290
4638
  id: "13.8",
@@ -3315,7 +4663,21 @@ export class SafeguardManager {
3315
4663
  "real-time threat mitigation"
3316
4664
  ],
3317
4665
  relatedSafeguards: ["13.3", "13.7"],
3318
- keywords: ["deploy", "network", "intrusion", "prevention", "solution", "block", "malicious", "real-time"]
4666
+ keywords: ["deploy", "network", "intrusion", "prevention", "solution", "block", "malicious", "real-time"],
4667
+ systemPrompt: {
4668
+ role: "network_intrusion_prevention_expert",
4669
+ context: "You are evaluating network intrusion prevention solutions against CIS Control 13.8 requirements for deploying NIPS to block malicious network traffic in real-time.",
4670
+ objective: "Determine if a vendor solution provides comprehensive network intrusion prevention capabilities for real-time malicious traffic blocking and automated threat mitigation.",
4671
+ guidelines: [
4672
+ "Verify network intrusion prevention solution deployment capabilities",
4673
+ "Confirm real-time malicious traffic blocking and response",
4674
+ "Validate NIPS functionality and inline security appliances",
4675
+ "Assess automated blocking systems and threat mitigation",
4676
+ "Review real-time threat response and prevention capabilities",
4677
+ "Check network-based attack prevention and blocking efficiency"
4678
+ ],
4679
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4680
+ }
3319
4681
  },
3320
4682
  "13.9": {
3321
4683
  id: "13.9",
@@ -3346,7 +4708,21 @@ export class SafeguardManager {
3346
4708
  "port-based network access control"
3347
4709
  ],
3348
4710
  relatedSafeguards: ["12.7", "13.4"],
3349
- keywords: ["deploy", "port-level", "access", "control", "802.1x", "network", "protocols", "certificates"]
4711
+ keywords: ["deploy", "port-level", "access", "control", "802.1x", "network", "protocols", "certificates"],
4712
+ systemPrompt: {
4713
+ role: "port_access_control_expert",
4714
+ context: "You are evaluating port-level access control solutions against CIS Control 13.9 requirements for deploying 802.1x or similar network access control protocols for port-level access control.",
4715
+ objective: "Determine if a vendor solution provides comprehensive port-level access control capabilities using 802.1x or similar network access control protocols including certificate-based authentication.",
4716
+ guidelines: [
4717
+ "Verify port-level access control deployment capabilities",
4718
+ "Confirm 802.1x implementation and network access control protocols",
4719
+ "Validate certificate-based authentication and similar protocols",
4720
+ "Assess network access control systems and port-based authentication",
4721
+ "Review 802.1x infrastructure and certificate management",
4722
+ "Check port-based network access control and authentication systems"
4723
+ ],
4724
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4725
+ }
3350
4726
  },
3351
4727
  "13.10": {
3352
4728
  id: "13.10",
@@ -3377,7 +4753,21 @@ export class SafeguardManager {
3377
4753
  "application-aware filtering"
3378
4754
  ],
3379
4755
  relatedSafeguards: ["13.4", "16.11"],
3380
- keywords: ["perform", "application", "layer", "filtering", "protect", "network-based", "attacks"]
4756
+ keywords: ["perform", "application", "layer", "filtering", "protect", "network-based", "attacks"],
4757
+ systemPrompt: {
4758
+ role: "application_layer_filtering_expert",
4759
+ context: "You are evaluating application layer filtering solutions against CIS Control 13.10 requirements for performing application layer filtering to protect against enterprise's most common network-based attacks.",
4760
+ objective: "Determine if a vendor solution provides comprehensive application layer filtering capabilities to protect against common network-based attacks specific to the enterprise environment.",
4761
+ guidelines: [
4762
+ "Verify application layer filtering capabilities and deployment",
4763
+ "Confirm protection against enterprise's most common network-based attacks",
4764
+ "Validate web application firewalls and application layer gateways",
4765
+ "Assess deep packet inspection and application-aware filtering",
4766
+ "Review enterprise-specific threat focus and attack prevention",
4767
+ "Check application layer security and network-based attack mitigation"
4768
+ ],
4769
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4770
+ }
3381
4771
  },
3382
4772
  "13.11": {
3383
4773
  id: "13.11",
@@ -3407,7 +4797,21 @@ export class SafeguardManager {
3407
4797
  "false positive reduction"
3408
4798
  ],
3409
4799
  relatedSafeguards: ["13.1", "8.11"],
3410
- keywords: ["tune", "security", "event", "alerting", "thresholds", "monthly", "frequently"]
4800
+ keywords: ["tune", "security", "event", "alerting", "thresholds", "monthly", "frequently"],
4801
+ systemPrompt: {
4802
+ role: "security_alert_tuning_expert",
4803
+ context: "You are evaluating security event alerting threshold tuning solutions against CIS Control 13.11 requirements for tuning security event alerting thresholds monthly or more frequently.",
4804
+ objective: "Determine if a vendor solution provides comprehensive security event alerting threshold tuning capabilities with monthly or more frequent optimization cycles.",
4805
+ guidelines: [
4806
+ "Verify security event alerting threshold tuning capabilities",
4807
+ "Confirm monthly or more frequent tuning frequency and processes",
4808
+ "Validate SIEM tuning processes and threshold optimization tools",
4809
+ "Assess alert management platforms and false positive reduction",
4810
+ "Review threshold optimization and alerting efficiency",
4811
+ "Check automated tuning capabilities and performance monitoring"
4812
+ ],
4813
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4814
+ }
3411
4815
  },
3412
4816
 
3413
4817
  // Control 9: Email and Web Browser Protections
@@ -3443,7 +4847,21 @@ export class SafeguardManager {
3443
4847
  "automated patch management"
3444
4848
  ],
3445
4849
  relatedSafeguards: ["2.1", "4.1", "7.4"],
3446
- keywords: ["ensure", "fully", "supported", "browsers", "email", "clients", "latest", "version", "vendor"]
4850
+ keywords: ["ensure", "fully", "supported", "browsers", "email", "clients", "latest", "version", "vendor"],
4851
+ systemPrompt: {
4852
+ role: "browser_email_client_security_expert",
4853
+ context: "You are evaluating browser and email client security solutions against CIS Control 9.1 requirements for ensuring only fully supported, latest versions are used.",
4854
+ objective: "Determine if a vendor solution provides comprehensive browser and email client version management and execution control.",
4855
+ guidelines: [
4856
+ "Verify enforcement of fully supported browsers and email clients only",
4857
+ "Confirm latest vendor version requirement and update management",
4858
+ "Validate execution restriction and application allowlisting capabilities",
4859
+ "Assess enterprise software asset management tool integration",
4860
+ "Review automated patch management for browsers and email clients",
4861
+ "Check software inventory and compliance monitoring features"
4862
+ ],
4863
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4864
+ }
3447
4865
  },
3448
4866
  "9.2": {
3449
4867
  id: "9.2",
@@ -3478,7 +4896,21 @@ export class SafeguardManager {
3478
4896
  "cloud-based DNS filtering"
3479
4897
  ],
3480
4898
  relatedSafeguards: ["4.1", "4.9"],
3481
- keywords: ["use", "DNS", "filtering", "services", "end-user", "devices", "block", "malicious", "domains"]
4899
+ keywords: ["use", "DNS", "filtering", "services", "end-user", "devices", "block", "malicious", "domains"],
4900
+ systemPrompt: {
4901
+ role: "dns_filtering_security_expert",
4902
+ context: "You are evaluating DNS filtering solutions against CIS Control 9.2 requirements for DNS filtering services to block malicious domains.",
4903
+ objective: "Determine if a vendor solution provides comprehensive DNS filtering capabilities for all end-user devices to block malicious domains.",
4904
+ guidelines: [
4905
+ "Verify DNS filtering service deployment for all end-user devices",
4906
+ "Confirm malicious domain blocking capabilities and coverage",
4907
+ "Validate remote and on-premise asset inclusion",
4908
+ "Assess DNS filtering service effectiveness and accuracy",
4909
+ "Review secure DNS server configuration and cloud-based filtering",
4910
+ "Check DNS security platform integration and management features"
4911
+ ],
4912
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4913
+ }
3482
4914
  },
3483
4915
  "9.3": {
3484
4916
  id: "9.3",
@@ -3514,7 +4946,21 @@ export class SafeguardManager {
3514
4946
  "web content filtering"
3515
4947
  ],
3516
4948
  relatedSafeguards: ["4.1"],
3517
- keywords: ["maintain", "enforce", "network-based", "URL", "filters", "limit", "malicious", "unapproved", "websites"]
4949
+ keywords: ["maintain", "enforce", "network-based", "URL", "filters", "limit", "malicious", "unapproved", "websites"],
4950
+ systemPrompt: {
4951
+ role: "network_security_filtering_expert",
4952
+ context: "You are evaluating network-based URL filtering solutions against CIS Control 9.3 requirements for network-based URL filters to limit enterprise asset connections to malicious or unapproved websites.",
4953
+ objective: "Determine if a vendor solution provides comprehensive network-based URL filtering capabilities to enforce connection limits for all enterprise assets.",
4954
+ guidelines: [
4955
+ "Verify network-based URL filter implementation and enforcement",
4956
+ "Confirm malicious and unapproved website blocking capabilities",
4957
+ "Validate coverage for all enterprise assets in the filtering system",
4958
+ "Assess category-based, reputation-based, and block list filtering methods",
4959
+ "Review filter update mechanisms and management processes",
4960
+ "Check network-level enforcement and bypass prevention"
4961
+ ],
4962
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
4963
+ }
3518
4964
  },
3519
4965
  "9.4": {
3520
4966
  id: "9.4",
@@ -3551,7 +4997,21 @@ export class SafeguardManager {
3551
4997
  "extension management platforms"
3552
4998
  ],
3553
4999
  relatedSafeguards: ["4.1"],
3554
- keywords: ["restrict", "unauthorized", "unnecessary", "browser", "email", "plugins", "extensions", "add-on"]
5000
+ keywords: ["restrict", "unauthorized", "unnecessary", "browser", "email", "plugins", "extensions", "add-on"],
5001
+ systemPrompt: {
5002
+ role: "browser_security_management_expert",
5003
+ context: "You are evaluating browser and email client extension management solutions against CIS Control 9.4 requirements for restricting unauthorized or unnecessary plugins, extensions, and add-on applications.",
5004
+ objective: "Determine if a vendor solution provides comprehensive browser and email client extension restriction capabilities through uninstalling or disabling mechanisms.",
5005
+ guidelines: [
5006
+ "Verify browser plugin and extension restriction capabilities",
5007
+ "Confirm email client plugin and extension management",
5008
+ "Validate unauthorized and unnecessary application identification",
5009
+ "Assess uninstalling and disabling mechanisms and enforcement",
5010
+ "Review configuration management and policy enforcement tools",
5011
+ "Check browser management system integration and compliance monitoring"
5012
+ ],
5013
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5014
+ }
3555
5015
  },
3556
5016
  "9.5": {
3557
5017
  id: "9.5",
@@ -3589,7 +5049,21 @@ export class SafeguardManager {
3589
5049
  "DKIM signature management"
3590
5050
  ],
3591
5051
  relatedSafeguards: ["4.1"],
3592
- keywords: ["implement", "DMARC", "policy", "verification", "SPF", "DKIM", "spoofed", "modified", "emails"]
5052
+ keywords: ["implement", "DMARC", "policy", "verification", "SPF", "DKIM", "spoofed", "modified", "emails"],
5053
+ systemPrompt: {
5054
+ role: "email_authentication_security_expert",
5055
+ context: "You are evaluating email authentication solutions against CIS Control 9.5 requirements for implementing DMARC policy and verification, including SPF and DKIM standards to prevent spoofed or modified emails.",
5056
+ objective: "Determine if a vendor solution provides comprehensive DMARC, SPF, and DKIM implementation capabilities to protect against email spoofing and modification from valid domains.",
5057
+ guidelines: [
5058
+ "Verify DMARC policy implementation and verification capabilities",
5059
+ "Confirm SPF (Sender Policy Framework) standard implementation",
5060
+ "Validate DKIM (DomainKeys Identified Mail) standard implementation",
5061
+ "Assess spoofed and modified email detection and prevention",
5062
+ "Review DMARC management tools and email authentication services",
5063
+ "Check SPF record management and DKIM signature management integration"
5064
+ ],
5065
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5066
+ }
3593
5067
  },
3594
5068
  "9.6": {
3595
5069
  id: "9.6",
@@ -3618,7 +5092,21 @@ export class SafeguardManager {
3618
5092
  "email content filtering"
3619
5093
  ],
3620
5094
  relatedSafeguards: ["4.1"],
3621
- keywords: ["block", "unnecessary", "file", "types", "email", "gateway", "enterprise"]
5095
+ keywords: ["block", "unnecessary", "file", "types", "email", "gateway", "enterprise"],
5096
+ systemPrompt: {
5097
+ role: "email_gateway_security_expert",
5098
+ context: "You are evaluating email gateway security solutions against CIS Control 9.6 requirements for blocking unnecessary file types attempting to enter the enterprise's email gateway.",
5099
+ objective: "Determine if a vendor solution provides comprehensive email gateway file type blocking capabilities to prevent unnecessary file types from entering the enterprise.",
5100
+ guidelines: [
5101
+ "Verify email gateway file type blocking capabilities and coverage",
5102
+ "Confirm unnecessary file type identification and filtering mechanisms",
5103
+ "Validate comprehensive email gateway protection and security controls",
5104
+ "Assess file type blocking system effectiveness and accuracy",
5105
+ "Review email security tools and content filtering integration",
5106
+ "Check email gateway filtering policies and management features"
5107
+ ],
5108
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5109
+ }
3622
5110
  },
3623
5111
  "9.7": {
3624
5112
  id: "9.7",
@@ -3651,7 +5139,21 @@ export class SafeguardManager {
3651
5139
  "email sandboxing solutions"
3652
5140
  ],
3653
5141
  relatedSafeguards: ["4.1", "10.1"],
3654
- keywords: ["deploy", "maintain", "email", "server", "anti-malware", "protections", "attachment", "scanning", "sandboxing"]
5142
+ keywords: ["deploy", "maintain", "email", "server", "anti-malware", "protections", "attachment", "scanning", "sandboxing"],
5143
+ systemPrompt: {
5144
+ role: "email_security_anti_malware_expert",
5145
+ context: "You are evaluating email server anti-malware solutions against CIS Control 9.7 requirements for deploying and maintaining email server anti-malware protections including attachment scanning and sandboxing.",
5146
+ objective: "Determine if a vendor solution provides comprehensive email server anti-malware protection capabilities with attachment scanning and sandboxing features.",
5147
+ guidelines: [
5148
+ "Verify email server anti-malware protection deployment and maintenance",
5149
+ "Confirm attachment scanning capabilities and effectiveness",
5150
+ "Validate sandboxing capabilities and threat isolation",
5151
+ "Assess comprehensive email security protection coverage",
5152
+ "Review anti-malware platform integration and management",
5153
+ "Check email sandboxing solution effectiveness and threat detection"
5154
+ ],
5155
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5156
+ }
3655
5157
  },
3656
5158
 
3657
5159
  // Control 14: Security Awareness and Skills Training
@@ -3691,7 +5193,21 @@ export class SafeguardManager {
3691
5193
  "learning management systems"
3692
5194
  ],
3693
5195
  relatedSafeguards: ["14.2", "14.3", "14.4", "14.5", "14.6", "14.7", "14.8", "14.9"],
3694
- keywords: ["establish", "maintain", "security", "awareness", "program", "educate", "workforce", "training", "annually"]
5196
+ keywords: ["establish", "maintain", "security", "awareness", "program", "educate", "workforce", "training", "annually"],
5197
+ systemPrompt: {
5198
+ role: "security_awareness_program_expert",
5199
+ context: "You are evaluating security awareness program solutions against CIS Control 14.1 requirements for establishing and maintaining comprehensive security awareness programs with annual training and content updates.",
5200
+ objective: "Determine if a vendor solution provides comprehensive security awareness program establishment and maintenance capabilities including workforce education, training delivery, and content management.",
5201
+ guidelines: [
5202
+ "Verify security awareness program establishment and maintenance capabilities",
5203
+ "Confirm workforce education on secure interaction with enterprise assets and data",
5204
+ "Validate training delivery at hire and minimum annually",
5205
+ "Assess content review and update processes annually or when enterprise changes occur",
5206
+ "Review learning management systems and training documentation capabilities",
5207
+ "Check security training and awareness tools integration and policy management"
5208
+ ],
5209
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5210
+ }
3695
5211
  },
3696
5212
  "14.2": {
3697
5213
  id: "14.2",
@@ -3726,7 +5242,21 @@ export class SafeguardManager {
3726
5242
  "security awareness modules"
3727
5243
  ],
3728
5244
  relatedSafeguards: ["14.1"],
3729
- keywords: ["train", "workforce", "recognize", "social", "engineering", "attacks", "phishing", "BEC", "pretexting", "tailgating"]
5245
+ keywords: ["train", "workforce", "recognize", "social", "engineering", "attacks", "phishing", "BEC", "pretexting", "tailgating"],
5246
+ systemPrompt: {
5247
+ role: "social_engineering_awareness_expert",
5248
+ context: "You are evaluating social engineering awareness training solutions against CIS Control 14.2 requirements for training workforce members to recognize various social engineering attacks.",
5249
+ objective: "Determine if a vendor solution provides comprehensive social engineering awareness training covering phishing, business email compromise, pretexting, and tailgating attack recognition.",
5250
+ guidelines: [
5251
+ "Verify social engineering attack recognition training capabilities",
5252
+ "Confirm phishing awareness and business email compromise (BEC) training",
5253
+ "Validate pretexting and tailgating attack awareness modules",
5254
+ "Assess phishing simulation platforms and interactive training tools",
5255
+ "Review security awareness modules and attack scenario training",
5256
+ "Check social engineering awareness training effectiveness and measurement"
5257
+ ],
5258
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5259
+ }
3730
5260
  },
3731
5261
  "14.3": {
3732
5262
  id: "14.3",
@@ -3759,7 +5289,21 @@ export class SafeguardManager {
3759
5289
  "MFA awareness programs"
3760
5290
  ],
3761
5291
  relatedSafeguards: ["14.1", "6.2", "6.3"],
3762
- keywords: ["train", "workforce", "authentication", "best", "practices", "MFA", "password", "composition", "credential", "management"]
5292
+ keywords: ["train", "workforce", "authentication", "best", "practices", "MFA", "password", "composition", "credential", "management"],
5293
+ systemPrompt: {
5294
+ role: "authentication_training_expert",
5295
+ context: "You are evaluating authentication best practices training solutions against CIS Control 14.3 requirements for training workforce members on MFA, password composition, and credential management.",
5296
+ objective: "Determine if a vendor solution provides comprehensive authentication best practices training covering MFA, password security, and credential management education.",
5297
+ guidelines: [
5298
+ "Verify authentication best practices training program capabilities",
5299
+ "Confirm multi-factor authentication (MFA) training and awareness",
5300
+ "Validate password composition and security training modules",
5301
+ "Assess credential management training and best practices education",
5302
+ "Review authentication training modules and MFA awareness programs",
5303
+ "Check password security training effectiveness and user engagement"
5304
+ ],
5305
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5306
+ }
3763
5307
  },
3764
5308
  "14.4": {
3765
5309
  id: "14.4",
@@ -3800,7 +5344,21 @@ export class SafeguardManager {
3800
5344
  "data classification training"
3801
5345
  ],
3802
5346
  relatedSafeguards: ["14.1", "3.1", "3.2"],
3803
- keywords: ["train", "workforce", "data", "handling", "best", "practices", "store", "transfer", "archive", "destroy", "sensitive", "clear", "screen", "desk"]
5347
+ keywords: ["train", "workforce", "data", "handling", "best", "practices", "store", "transfer", "archive", "destroy", "sensitive", "clear", "screen", "desk"],
5348
+ systemPrompt: {
5349
+ role: "data_handling_training_expert",
5350
+ context: "You are evaluating data handling best practices training solutions against CIS Control 14.4 requirements for training workforce on sensitive data identification, storage, transfer, archival, destruction, and clear screen/desk practices.",
5351
+ objective: "Determine if a vendor solution provides comprehensive data handling training covering sensitive data lifecycle management and workspace security best practices.",
5352
+ guidelines: [
5353
+ "Verify data handling best practices training and sensitive data identification",
5354
+ "Confirm secure data storage, transfer, archive, and destruction training",
5355
+ "Validate clear screen and desk best practices including screen locking",
5356
+ "Assess whiteboard erasing and secure data storage training modules",
5357
+ "Review data classification training and clean desk policy education",
5358
+ "Check data handling training effectiveness and workspace security awareness"
5359
+ ],
5360
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5361
+ }
3804
5362
  },
3805
5363
  "14.5": {
3806
5364
  id: "14.5",
@@ -3833,7 +5391,21 @@ export class SafeguardManager {
3833
5391
  "data sharing awareness programs"
3834
5392
  ],
3835
5393
  relatedSafeguards: ["14.1", "3.3"],
3836
- keywords: ["train", "workforce", "unintentional", "data", "exposure", "mis-delivery", "losing", "portable", "device", "publishing", "unintended", "audiences"]
5394
+ keywords: ["train", "workforce", "unintentional", "data", "exposure", "mis-delivery", "losing", "portable", "device", "publishing", "unintended", "audiences"],
5395
+ systemPrompt: {
5396
+ role: "data_exposure_awareness_expert",
5397
+ context: "You are evaluating unintentional data exposure awareness training solutions against CIS Control 14.5 requirements for training workforce on causes and prevention of unintentional data exposure.",
5398
+ objective: "Determine if a vendor solution provides comprehensive training on unintentional data exposure causes including mis-delivery, portable device loss, and unintended data publication.",
5399
+ guidelines: [
5400
+ "Verify unintentional data exposure awareness training coverage",
5401
+ "Confirm mis-delivery prevention and sensitive data handling training",
5402
+ "Validate portable device security awareness and loss prevention training",
5403
+ "Assess data publication controls and unintended audience protection",
5404
+ "Review data loss prevention training and device security awareness",
5405
+ "Check data sharing awareness programs and exposure prevention education"
5406
+ ],
5407
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5408
+ }
3837
5409
  },
3838
5410
  "14.6": {
3839
5411
  id: "14.6",
@@ -3864,7 +5436,21 @@ export class SafeguardManager {
3864
5436
  "incident reporting tools"
3865
5437
  ],
3866
5438
  relatedSafeguards: ["14.1", "17.3"],
3867
- keywords: ["train", "workforce", "recognizing", "reporting", "security", "incidents", "potential", "incident"]
5439
+ keywords: ["train", "workforce", "recognizing", "reporting", "security", "incidents", "potential", "incident"],
5440
+ systemPrompt: {
5441
+ role: "incident_recognition_training_expert",
5442
+ context: "You are evaluating security incident recognition and reporting training solutions against CIS Control 14.6 requirements for training workforce to recognize potential incidents and report them.",
5443
+ objective: "Determine if a vendor solution provides comprehensive security incident recognition training and effective incident reporting procedures for workforce members.",
5444
+ guidelines: [
5445
+ "Verify security incident recognition training capabilities and coverage",
5446
+ "Confirm potential incident identification and awareness training",
5447
+ "Validate incident reporting procedures and training effectiveness",
5448
+ "Assess incident response training and security awareness programs",
5449
+ "Review incident reporting tools and notification procedures",
5450
+ "Check security incident awareness and response training integration"
5451
+ ],
5452
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5453
+ }
3868
5454
  },
3869
5455
  "14.7": {
3870
5456
  id: "14.7",
@@ -3901,7 +5487,21 @@ export class SafeguardManager {
3901
5487
  "automated system monitoring training"
3902
5488
  ],
3903
5489
  relatedSafeguards: ["14.1", "7.3", "7.4"],
3904
- keywords: ["train", "workforce", "identify", "report", "enterprise", "assets", "missing", "security", "updates", "patches", "automated", "processes"]
5490
+ keywords: ["train", "workforce", "identify", "report", "enterprise", "assets", "missing", "security", "updates", "patches", "automated", "processes"],
5491
+ systemPrompt: {
5492
+ role: "security_update_awareness_expert",
5493
+ context: "You are evaluating security update awareness training solutions against CIS Control 14.7 requirements for training workforce to identify and report missing security updates and automated process failures.",
5494
+ objective: "Determine if a vendor solution provides comprehensive training on security update verification, patch identification, and automated process failure reporting to IT personnel.",
5495
+ guidelines: [
5496
+ "Verify security update verification training and out-of-date patch identification",
5497
+ "Confirm automated process and tool failure reporting training",
5498
+ "Validate IT personnel notification procedures and reporting mechanisms",
5499
+ "Assess patch management awareness training and system monitoring education",
5500
+ "Review automated system monitoring training and failure detection",
5501
+ "Check IT support reporting procedures and escalation training"
5502
+ ],
5503
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5504
+ }
3905
5505
  },
3906
5506
  "14.8": {
3907
5507
  id: "14.8",
@@ -3937,7 +5537,21 @@ export class SafeguardManager {
3937
5537
  "home network configuration guides"
3938
5538
  ],
3939
5539
  relatedSafeguards: ["14.1", "12.1"],
3940
- keywords: ["train", "workforce", "dangers", "connecting", "transmitting", "enterprise", "data", "insecure", "networks", "remote", "workers", "home", "network"]
5540
+ keywords: ["train", "workforce", "dangers", "connecting", "transmitting", "enterprise", "data", "insecure", "networks", "remote", "workers", "home", "network"],
5541
+ systemPrompt: {
5542
+ role: "network_security_awareness_expert",
5543
+ context: "You are evaluating network security awareness training solutions against CIS Control 14.8 requirements for training workforce on dangers of insecure networks and remote work security including home network configuration.",
5544
+ objective: "Determine if a vendor solution provides comprehensive training on insecure network dangers, secure connection practices, and remote worker home network security configuration.",
5545
+ guidelines: [
5546
+ "Verify training on dangers of connecting to and transmitting data over insecure networks",
5547
+ "Confirm enterprise data transmission security and secure connection practices",
5548
+ "Validate remote worker training and home network security configuration guidance",
5549
+ "Assess network security awareness training and remote work security education",
5550
+ "Review home network configuration guides and insecure network identification",
5551
+ "Check enterprise activity security and remote infrastructure protection training"
5552
+ ],
5553
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5554
+ }
3941
5555
  },
3942
5556
  "14.9": {
3943
5557
  id: "14.9",
@@ -3971,7 +5585,21 @@ export class SafeguardManager {
3971
5585
  "professional development programs"
3972
5586
  ],
3973
5587
  relatedSafeguards: ["14.1", "16.9"],
3974
- keywords: ["conduct", "role-specific", "security", "awareness", "skills", "training", "IT", "professionals", "OWASP", "developers", "high-profile", "roles"]
5588
+ keywords: ["conduct", "role-specific", "security", "awareness", "skills", "training", "IT", "professionals", "OWASP", "developers", "high-profile", "roles"],
5589
+ systemPrompt: {
5590
+ role: "role_specific_training_expert",
5591
+ context: "You are evaluating role-specific security awareness and skills training solutions against CIS Control 14.9 requirements for conducting specialized training including secure system administration, OWASP Top 10, and advanced social engineering awareness.",
5592
+ objective: "Determine if a vendor solution provides comprehensive role-specific security training including IT professional courses, developer vulnerability training, and high-profile role security awareness.",
5593
+ guidelines: [
5594
+ "Verify role-specific security awareness and skills training capabilities",
5595
+ "Confirm secure system administration courses for IT professionals",
5596
+ "Validate OWASP Top 10 vulnerability awareness and prevention training for developers",
5597
+ "Assess advanced social engineering awareness training for high-profile roles",
5598
+ "Review specialized security courses and professional development programs",
5599
+ "Check role-based training program customization and effectiveness measurement"
5600
+ ],
5601
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5602
+ }
3975
5603
  },
3976
5604
 
3977
5605
  // Control 15: Service Provider Management
@@ -4009,7 +5637,21 @@ export class SafeguardManager {
4009
5637
  "supplier relationship management tools"
4010
5638
  ],
4011
5639
  relatedSafeguards: ["2.1", "8.12", "15.2", "15.3", "15.4", "15.5", "15.6", "15.7"],
4012
- keywords: ["establish", "maintain", "inventory", "service", "providers", "classification", "enterprise", "contact", "review", "annually"]
5640
+ keywords: ["establish", "maintain", "inventory", "service", "providers", "classification", "enterprise", "contact", "review", "annually"],
5641
+ systemPrompt: {
5642
+ role: "service_provider_inventory_expert",
5643
+ context: "You are evaluating service provider inventory management solutions against CIS Control 15.1 requirements for establishing and maintaining comprehensive inventories of service providers with classifications and enterprise contacts.",
5644
+ objective: "Determine if a vendor solution provides comprehensive service provider inventory capabilities including classification systems, contact management, and annual review processes.",
5645
+ guidelines: [
5646
+ "Verify service provider inventory establishment and maintenance capabilities",
5647
+ "Confirm comprehensive service provider listing and classification systems",
5648
+ "Validate enterprise contact designation and management for each provider",
5649
+ "Assess annual review processes and enterprise change impact assessment",
5650
+ "Review third-party risk management tools and vendor inventory systems",
5651
+ "Check service provider management platform integration and supplier relationship management"
5652
+ ],
5653
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5654
+ }
4013
5655
  },
4014
5656
  "15.2": {
4015
5657
  id: "15.2",
@@ -4050,7 +5692,21 @@ export class SafeguardManager {
4050
5692
  "supplier governance documentation"
4051
5693
  ],
4052
5694
  relatedSafeguards: ["15.1", "15.3", "15.4", "15.5", "15.6", "15.7"],
4053
- keywords: ["establish", "maintain", "service", "provider", "management", "policy", "classification", "inventory", "assessment", "monitoring", "decommissioning"]
5695
+ keywords: ["establish", "maintain", "service", "provider", "management", "policy", "classification", "inventory", "assessment", "monitoring", "decommissioning"],
5696
+ systemPrompt: {
5697
+ role: "service_provider_policy_expert",
5698
+ context: "You are evaluating service provider management policy solutions against CIS Control 15.2 requirements for establishing and maintaining comprehensive policies covering classification, inventory, assessment, monitoring, and decommissioning.",
5699
+ objective: "Determine if a vendor solution provides comprehensive service provider management policy capabilities including all lifecycle processes and annual review requirements.",
5700
+ guidelines: [
5701
+ "Verify service provider management policy establishment and maintenance",
5702
+ "Confirm policy coverage of classification, inventory, assessment, monitoring, and decommissioning",
5703
+ "Validate annual policy review and enterprise change impact assessment",
5704
+ "Assess third-party risk management frameworks and policy documentation",
5705
+ "Review vendor management policy templates and supplier governance",
5706
+ "Check policy implementation and lifecycle process integration"
5707
+ ],
5708
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5709
+ }
4054
5710
  },
4055
5711
  "15.3": {
4056
5712
  id: "15.3",
@@ -4089,7 +5745,21 @@ export class SafeguardManager {
4089
5745
  "regulatory compliance matrices"
4090
5746
  ],
4091
5747
  relatedSafeguards: ["15.1", "15.2"],
4092
- keywords: ["classify", "service", "providers", "data", "sensitivity", "volume", "availability", "regulations", "risk", "classifications"]
5748
+ keywords: ["classify", "service", "providers", "data", "sensitivity", "volume", "availability", "regulations", "risk", "classifications"],
5749
+ systemPrompt: {
5750
+ role: "service_provider_classification_expert",
5751
+ context: "You are evaluating service provider classification solutions against CIS Control 15.3 requirements for classifying service providers based on data sensitivity, volume, availability, regulations, and risk factors.",
5752
+ objective: "Determine if a vendor solution provides comprehensive service provider classification capabilities including risk-based criteria, data sensitivity assessment, and regulatory compliance classification.",
5753
+ guidelines: [
5754
+ "Verify service provider classification system implementation",
5755
+ "Confirm risk-based classification criteria including data sensitivity and volume",
5756
+ "Validate availability requirements and regulatory compliance classification",
5757
+ "Assess inherent and mitigated risk classification capabilities",
5758
+ "Review classification framework annual updates and enterprise change management",
5759
+ "Check data sensitivity classification schemes and regulatory compliance matrices"
5760
+ ],
5761
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5762
+ }
4093
5763
  },
4094
5764
  "15.4": {
4095
5765
  id: "15.4",
@@ -4127,7 +5797,21 @@ export class SafeguardManager {
4127
5797
  "security requirement checklists"
4128
5798
  ],
4129
5799
  relatedSafeguards: ["15.1", "15.2"],
4130
- keywords: ["ensure", "service", "provider", "contracts", "include", "security", "requirements", "incident", "breach", "notification", "encryption", "disposal"]
5800
+ keywords: ["ensure", "service", "provider", "contracts", "include", "security", "requirements", "incident", "breach", "notification", "encryption", "disposal"],
5801
+ systemPrompt: {
5802
+ role: "service_provider_contract_security_expert",
5803
+ context: "You are evaluating service provider contract security management solutions against CIS Control 15.4 requirements for ensuring contracts include comprehensive security requirements consistent with enterprise policies.",
5804
+ objective: "Determine if a vendor solution provides comprehensive contract security requirement capabilities including incident notification, data encryption, disposal commitments, and annual review processes.",
5805
+ guidelines: [
5806
+ "Verify service provider contract security requirement inclusion and management",
5807
+ "Confirm minimum security program requirements and incident/breach notification",
5808
+ "Validate data encryption requirements and data disposal commitments",
5809
+ "Assess consistency with enterprise service provider management policy",
5810
+ "Review annual contract review processes and security requirement compliance",
5811
+ "Check contract management systems and security requirement checklists"
5812
+ ],
5813
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5814
+ }
4131
5815
  },
4132
5816
  "15.5": {
4133
5817
  id: "15.5",
@@ -4165,7 +5849,21 @@ export class SafeguardManager {
4165
5849
  "compliance monitoring systems"
4166
5850
  ],
4167
5851
  relatedSafeguards: ["15.1", "15.2"],
4168
- keywords: ["assess", "service", "providers", "SOC", "PCI", "questionnaires", "rigorous", "processes", "reassess", "annually", "contracts"]
5852
+ keywords: ["assess", "service", "providers", "SOC", "PCI", "questionnaires", "rigorous", "processes", "reassess", "annually", "contracts"],
5853
+ systemPrompt: {
5854
+ role: "service_provider_assessment_expert",
5855
+ context: "You are evaluating service provider assessment solutions against CIS Control 15.5 requirements for conducting rigorous assessments including SOC 2, PCI AoC, customized questionnaires, and annual reassessments.",
5856
+ objective: "Determine if a vendor solution provides comprehensive service provider assessment capabilities including standardized reports, customized questionnaires, and classification-based assessment scoping.",
5857
+ guidelines: [
5858
+ "Verify service provider assessment processes consistent with enterprise policy",
5859
+ "Confirm standardized assessment report reviews (SOC 2, PCI AoC)",
5860
+ "Validate customized questionnaire capabilities and rigorous assessment methodologies",
5861
+ "Assess classification-based assessment scoping and annual reassessment processes",
5862
+ "Review third-party risk management tools and compliance monitoring systems",
5863
+ "Check assessment questionnaire platforms and new/renewed contract triggers"
5864
+ ],
5865
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5866
+ }
4169
5867
  },
4170
5868
  "15.6": {
4171
5869
  id: "15.6",
@@ -4198,7 +5896,21 @@ export class SafeguardManager {
4198
5896
  "compliance monitoring platforms"
4199
5897
  ],
4200
5898
  relatedSafeguards: ["15.1", "15.2"],
4201
- keywords: ["monitor", "service", "providers", "periodic", "reassessment", "compliance", "release", "notes", "dark", "web", "monitoring"]
5899
+ keywords: ["monitor", "service", "providers", "periodic", "reassessment", "compliance", "release", "notes", "dark", "web", "monitoring"],
5900
+ systemPrompt: {
5901
+ role: "service_provider_monitoring_expert",
5902
+ context: "You are evaluating service provider monitoring solutions against CIS Control 15.6 requirements for monitoring service providers including periodic reassessment, release notes monitoring, and dark web monitoring.",
5903
+ objective: "Determine if a vendor solution provides comprehensive service provider monitoring capabilities including compliance reassessment, release notes tracking, and dark web monitoring services.",
5904
+ guidelines: [
5905
+ "Verify service provider monitoring processes consistent with enterprise policy",
5906
+ "Confirm periodic compliance reassessment and service provider monitoring",
5907
+ "Validate service provider release notes monitoring and tracking",
5908
+ "Assess dark web monitoring services and threat intelligence integration",
5909
+ "Review third-party risk management tools and compliance monitoring platforms",
5910
+ "Check continuous monitoring capabilities and policy compliance tracking"
5911
+ ],
5912
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5913
+ }
4202
5914
  },
4203
5915
  "15.7": {
4204
5916
  id: "15.7",
@@ -4230,7 +5942,21 @@ export class SafeguardManager {
4230
5942
  "secure decommissioning checklists"
4231
5943
  ],
4232
5944
  relatedSafeguards: ["15.1", "15.2"],
4233
- keywords: ["securely", "decommission", "service", "providers", "account", "deactivation", "data", "flows", "disposal", "enterprise", "data"]
5945
+ keywords: ["securely", "decommission", "service", "providers", "account", "deactivation", "data", "flows", "disposal", "enterprise", "data"],
5946
+ systemPrompt: {
5947
+ role: "service_provider_decommissioning_expert",
5948
+ context: "You are evaluating service provider decommissioning solutions against CIS Control 15.7 requirements for securely decommissioning service providers including account deactivation, data flow termination, and secure data disposal.",
5949
+ objective: "Determine if a vendor solution provides comprehensive secure service provider decommissioning capabilities including user/service account management, data flow control, and enterprise data disposal.",
5950
+ guidelines: [
5951
+ "Verify secure service provider decommissioning processes and procedures",
5952
+ "Confirm user and service account deactivation capabilities",
5953
+ "Validate data flow termination and enterprise data disposal processes",
5954
+ "Assess secure decommissioning checklists and account management",
5955
+ "Review data destruction procedures and secure disposal verification",
5956
+ "Check decommissioning policy compliance and process automation"
5957
+ ],
5958
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
5959
+ }
4234
5960
  },
4235
5961
 
4236
5962
  // Control 16: Application Software Security
@@ -4271,7 +5997,21 @@ export class SafeguardManager {
4271
5997
  "security training programs for developers"
4272
5998
  ],
4273
5999
  relatedSafeguards: ["16.2", "16.3", "16.4", "16.5", "16.6", "16.7", "16.8", "16.9", "16.10", "16.11", "16.12", "16.13", "16.14"],
4274
- keywords: ["establish", "maintain", "secure", "application", "development", "process", "design", "standards", "coding", "practices", "training"]
6000
+ keywords: ["establish", "maintain", "secure", "application", "development", "process", "design", "standards", "coding", "practices", "training"],
6001
+ systemPrompt: {
6002
+ role: "secure_development_process_expert",
6003
+ context: "You are evaluating secure application development process solutions against CIS Control 16.1 requirements for establishing comprehensive secure development lifecycles including design standards, coding practices, training, and security testing.",
6004
+ objective: "Determine if a vendor solution provides comprehensive secure application development process capabilities including design standards, secure coding, developer training, vulnerability management, third-party code security, and testing procedures.",
6005
+ guidelines: [
6006
+ "Verify secure application development process establishment and maintenance",
6007
+ "Confirm secure application design standards and secure coding practices",
6008
+ "Validate developer training programs and vulnerability management integration",
6009
+ "Assess third-party code security and application security testing procedures",
6010
+ "Review SDLC frameworks and application security policies",
6011
+ "Check annual documentation updates and enterprise change impact assessment"
6012
+ ],
6013
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6014
+ }
4275
6015
  },
4276
6016
  "16.2": {
4277
6017
  id: "16.2",
@@ -4314,7 +6054,21 @@ export class SafeguardManager {
4314
6054
  "incident response tools"
4315
6055
  ],
4316
6056
  relatedSafeguards: ["16.1", "16.3", "16.6"],
4317
- keywords: ["establish", "maintain", "process", "accept", "address", "software", "vulnerabilities", "external", "entities", "report", "vulnerability", "handling", "policy"]
6057
+ keywords: ["establish", "maintain", "process", "accept", "address", "software", "vulnerabilities", "external", "entities", "report", "vulnerability", "handling", "policy"],
6058
+ systemPrompt: {
6059
+ role: "vulnerability_disclosure_process_expert",
6060
+ context: "You are evaluating vulnerability disclosure and handling process solutions against CIS Control 16.2 requirements for accepting and addressing software vulnerability reports including external reporting mechanisms and comprehensive tracking systems.",
6061
+ objective: "Determine if a vendor solution provides comprehensive vulnerability disclosure process capabilities including external reporting, vulnerability handling policy, tracking systems, and metrics for identification, analysis, and remediation timing.",
6062
+ guidelines: [
6063
+ "Verify vulnerability disclosure process establishment for internal and external reporting",
6064
+ "Confirm vulnerability handling policy including intake, assignment, remediation, and testing",
6065
+ "Validate vulnerability tracking system with severity ratings and timing metrics",
6066
+ "Assess external entity reporting mechanisms and stakeholder expectation management",
6067
+ "Review vulnerability disclosure platforms and bug bounty program integration",
6068
+ "Check annual documentation updates and responsible party designation"
6069
+ ],
6070
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6071
+ }
4318
6072
  },
4319
6073
  "16.3": {
4320
6074
  id: "16.3",
@@ -4342,7 +6096,21 @@ export class SafeguardManager {
4342
6096
  "systematic vulnerability review processes"
4343
6097
  ],
4344
6098
  relatedSafeguards: ["16.1", "16.2"],
4345
- keywords: ["perform", "root", "cause", "analysis", "security", "vulnerabilities", "reviewing", "evaluating", "underlying", "issues", "code"]
6099
+ keywords: ["perform", "root", "cause", "analysis", "security", "vulnerabilities", "reviewing", "evaluating", "underlying", "issues", "code"],
6100
+ systemPrompt: {
6101
+ role: "vulnerability_root_cause_analysis_expert",
6102
+ context: "You are evaluating vulnerability root cause analysis solutions against CIS Control 16.3 requirements for performing systematic root cause analysis on security vulnerabilities to address underlying issues in code.",
6103
+ objective: "Determine if a vendor solution provides comprehensive root cause analysis capabilities for security vulnerabilities including evaluation of underlying issues and systematic vulnerability review processes.",
6104
+ guidelines: [
6105
+ "Verify root cause analysis capabilities for security vulnerabilities",
6106
+ "Confirm systematic evaluation of underlying issues that create vulnerabilities",
6107
+ "Validate development team movement beyond individual vulnerability fixes",
6108
+ "Assess code analysis tools and vulnerability assessment platform integration",
6109
+ "Review development team training on root cause analysis methodologies",
6110
+ "Check systematic vulnerability review processes and pattern identification"
6111
+ ],
6112
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6113
+ }
4346
6114
  },
4347
6115
  "16.4": {
4348
6116
  id: "16.4",
@@ -4378,7 +6146,21 @@ export class SafeguardManager {
4378
6146
  "automated inventory tracking tools"
4379
6147
  ],
4380
6148
  relatedSafeguards: ["16.1", "16.5"],
4381
- keywords: ["establish", "manage", "inventory", "third-party", "software", "components", "bill", "materials", "risks", "monthly", "evaluation"]
6149
+ keywords: ["establish", "manage", "inventory", "third-party", "software", "components", "bill", "materials", "risks", "monthly", "evaluation"],
6150
+ systemPrompt: {
6151
+ role: "third_party_component_inventory_expert",
6152
+ context: "You are evaluating third-party software component inventory management solutions against CIS Control 16.4 requirements for maintaining bill of materials, risk assessment, and monthly component validation.",
6153
+ objective: "Determine if a vendor solution provides comprehensive third-party component inventory capabilities including bill of materials management, risk assessment, monthly evaluation, and component support validation.",
6154
+ guidelines: [
6155
+ "Verify third-party component inventory establishment and bill of materials management",
6156
+ "Confirm risk assessment for each third-party component",
6157
+ "Validate monthly evaluation processes for component changes and updates",
6158
+ "Assess component support validation and software composition analysis",
6159
+ "Review dependency management systems and component vulnerability databases",
6160
+ "Check automated inventory tracking tools and future use component planning"
6161
+ ],
6162
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6163
+ }
4382
6164
  },
4383
6165
  "16.5": {
4384
6166
  id: "16.5",
@@ -4411,7 +6193,21 @@ export class SafeguardManager {
4411
6193
  "component security assessment processes"
4412
6194
  ],
4413
6195
  relatedSafeguards: ["16.1", "16.4", "16.11", "7.1"],
4414
- keywords: ["use", "up-to-date", "trusted", "third-party", "software", "components", "established", "proven", "frameworks", "libraries", "adequate", "security"]
6196
+ keywords: ["use", "up-to-date", "trusted", "third-party", "software", "components", "established", "proven", "frameworks", "libraries", "adequate", "security"],
6197
+ systemPrompt: {
6198
+ role: "trusted_component_security_expert",
6199
+ context: "You are evaluating trusted third-party software component solutions against CIS Control 16.5 requirements for using up-to-date, trusted components from established sources with adequate security and vulnerability evaluation.",
6200
+ objective: "Determine if a vendor solution provides comprehensive trusted third-party component capabilities including up-to-date components, trusted sources, vulnerability evaluation, and proven framework selection.",
6201
+ guidelines: [
6202
+ "Verify up-to-date and trusted third-party software component usage",
6203
+ "Confirm established and proven frameworks with adequate security",
6204
+ "Validate trusted source acquisition and vulnerability evaluation before use",
6205
+ "Assess software composition analysis and component security assessment",
6206
+ "Review trusted software repositories and vulnerability scanning integration",
6207
+ "Check component security validation and source verification processes"
6208
+ ],
6209
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6210
+ }
4415
6211
  },
4416
6212
  "16.6": {
4417
6213
  id: "16.6",
@@ -4445,7 +6241,21 @@ export class SafeguardManager {
4445
6241
  "prioritization workflows"
4446
6242
  ],
4447
6243
  relatedSafeguards: ["16.1", "16.2"],
4448
- keywords: ["establish", "maintain", "severity", "rating", "system", "process", "application", "vulnerabilities", "prioritizing", "triaging", "risk", "management"]
6244
+ keywords: ["establish", "maintain", "severity", "rating", "system", "process", "application", "vulnerabilities", "prioritizing", "triaging", "risk", "management"],
6245
+ systemPrompt: {
6246
+ role: "vulnerability_severity_rating_expert",
6247
+ context: "You are evaluating vulnerability severity rating system solutions against CIS Control 16.6 requirements for establishing systematic vulnerability prioritization, triaging, and risk management with minimum security acceptability levels.",
6248
+ objective: "Determine if a vendor solution provides comprehensive vulnerability severity rating capabilities including prioritization systems, triaging workflows, risk management, and minimum security acceptability standards.",
6249
+ guidelines: [
6250
+ "Verify vulnerability severity rating system establishment and maintenance",
6251
+ "Confirm systematic vulnerability prioritization and triaging capabilities",
6252
+ "Validate minimum security acceptability levels for code/application releases",
6253
+ "Assess risk management improvement and severe bug prioritization",
6254
+ "Review CVSS scoring systems and vulnerability management platforms",
6255
+ "Check annual system updates and prioritization workflow effectiveness"
6256
+ ],
6257
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6258
+ }
4449
6259
  },
4450
6260
  "16.7": {
4451
6261
  id: "16.7",
@@ -4482,7 +6292,21 @@ export class SafeguardManager {
4482
6292
  "automated configuration management"
4483
6293
  ],
4484
6294
  relatedSafeguards: ["16.1"],
4485
- keywords: ["use", "standard", "hardening", "configuration", "templates", "application", "infrastructure", "servers", "databases", "web", "servers", "cloud", "containers", "PaaS", "SaaS"]
6295
+ keywords: ["use", "standard", "hardening", "configuration", "templates", "application", "infrastructure", "servers", "databases", "web", "servers", "cloud", "containers", "PaaS", "SaaS"],
6296
+ systemPrompt: {
6297
+ role: "infrastructure_hardening_template_expert",
6298
+ context: "You are evaluating infrastructure hardening configuration template solutions against CIS Control 16.7 requirements for using standard industry-recommended hardening templates for application infrastructure including servers, databases, web servers, cloud containers, PaaS, and SaaS components.",
6299
+ objective: "Determine if a vendor solution provides comprehensive infrastructure hardening template capabilities including industry-recommended configurations for servers, databases, cloud components, and configuration hardening protection.",
6300
+ guidelines: [
6301
+ "Verify standard industry-recommended hardening configuration template usage",
6302
+ "Confirm application infrastructure component coverage (servers, databases, web servers)",
6303
+ "Validate cloud containers, PaaS, and SaaS component hardening templates",
6304
+ "Assess configuration hardening protection against in-house software weakening",
6305
+ "Review configuration baseline tools and infrastructure as code (IaC) templates",
6306
+ "Check automated configuration management and security hardening guide integration"
6307
+ ],
6308
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6309
+ }
4486
6310
  },
4487
6311
  "16.8": {
4488
6312
  id: "16.8",
@@ -4510,7 +6334,21 @@ export class SafeguardManager {
4510
6334
  "deployment pipeline controls"
4511
6335
  ],
4512
6336
  relatedSafeguards: ["16.1"],
4513
- keywords: ["maintain", "separate", "environments", "production", "non-production", "systems"]
6337
+ keywords: ["maintain", "separate", "environments", "production", "non-production", "systems"],
6338
+ systemPrompt: {
6339
+ role: "environment_separation_expert",
6340
+ context: "You are evaluating environment separation solutions against CIS Control 16.8 requirements for maintaining separate environments for production and non-production systems.",
6341
+ objective: "Determine if a vendor solution provides comprehensive environment separation capabilities including production and non-production system isolation with proper access controls and deployment controls.",
6342
+ guidelines: [
6343
+ "Verify separate environment maintenance for production and non-production systems",
6344
+ "Confirm environment isolation technologies and network segmentation",
6345
+ "Validate access control systems and deployment pipeline controls",
6346
+ "Assess environment separation enforcement and security boundaries",
6347
+ "Review environment isolation technologies and segregation mechanisms",
6348
+ "Check production system protection and non-production environment management"
6349
+ ],
6350
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6351
+ }
4514
6352
  },
4515
6353
  "16.9": {
4516
6354
  id: "16.9",
@@ -4546,7 +6384,21 @@ export class SafeguardManager {
4546
6384
  "hands-on security workshops"
4547
6385
  ],
4548
6386
  relatedSafeguards: ["16.1", "14.1", "14.9"],
4549
- keywords: ["train", "developers", "application", "security", "concepts", "secure", "coding", "software", "development", "personnel", "training", "annually"]
6387
+ keywords: ["train", "developers", "application", "security", "concepts", "secure", "coding", "software", "development", "personnel", "training", "annually"],
6388
+ systemPrompt: {
6389
+ role: "developer_security_training_expert",
6390
+ context: "You are evaluating developer security training solutions against CIS Control 16.9 requirements for training all software development personnel in secure coding, application security principles, and building a security culture.",
6391
+ objective: "Determine if a vendor solution provides comprehensive developer security training including secure coding for specific environments, annual training programs, and security culture development within development teams.",
6392
+ guidelines: [
6393
+ "Verify comprehensive secure coding training for all software development personnel",
6394
+ "Confirm training specific to development environment and responsibilities",
6395
+ "Validate annual training programs and security principle education",
6396
+ "Assess security culture building and development team security promotion",
6397
+ "Review secure coding training programs and developer security certifications",
6398
+ "Check hands-on security workshops and application security standard practices training"
6399
+ ],
6400
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6401
+ }
4550
6402
  },
4551
6403
  "16.10": {
4552
6404
  id: "16.10",
@@ -4584,7 +6436,21 @@ export class SafeguardManager {
4584
6436
  "security design patterns"
4585
6437
  ],
4586
6438
  relatedSafeguards: ["16.1"],
4587
- keywords: ["apply", "secure", "design", "principles", "application", "architectures", "least", "privilege", "mediation", "validate", "never", "trust", "user", "input"]
6439
+ keywords: ["apply", "secure", "design", "principles", "application", "architectures", "least", "privilege", "mediation", "validate", "never", "trust", "user", "input"],
6440
+ systemPrompt: {
6441
+ role: "secure_architecture_design_expert",
6442
+ context: "You are evaluating secure application architecture design solutions against CIS Control 16.10 requirements for applying secure design principles including least privilege, input validation, and attack surface minimization.",
6443
+ objective: "Determine if a vendor solution provides comprehensive secure design principle capabilities including least privilege enforcement, user input validation, explicit error checking, and application infrastructure attack surface minimization.",
6444
+ guidelines: [
6445
+ "Verify secure design principle application in application architectures",
6446
+ "Confirm least privilege implementation and operation validation mediation",
6447
+ "Validate 'never trust user input' principle and explicit error checking",
6448
+ "Assess input validation for size, data type, and acceptable ranges/formats",
6449
+ "Review attack surface minimization including port/service management and default account removal",
6450
+ "Check secure architecture frameworks and security design pattern integration"
6451
+ ],
6452
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6453
+ }
4588
6454
  },
4589
6455
  "16.11": {
4590
6456
  id: "16.11",
@@ -4622,7 +6488,21 @@ export class SafeguardManager {
4622
6488
  "operating system security features"
4623
6489
  ],
4624
6490
  relatedSafeguards: ["16.1", "16.5"],
4625
- keywords: ["leverage", "vetted", "modules", "services", "application", "security", "components", "identity", "management", "encryption", "auditing", "logging", "platform", "features"]
6491
+ keywords: ["leverage", "vetted", "modules", "services", "application", "security", "components", "identity", "management", "encryption", "auditing", "logging", "platform", "features"],
6492
+ systemPrompt: {
6493
+ role: "vetted_security_module_expert",
6494
+ context: "You are evaluating vetted security module and service solutions against CIS Control 16.11 requirements for leveraging established security components including identity management, encryption, auditing, logging, and platform security features.",
6495
+ objective: "Determine if a vendor solution provides comprehensive vetted security module capabilities including identity management, encryption, auditing/logging, platform security features, and standardized cryptographic algorithms.",
6496
+ guidelines: [
6497
+ "Verify vetted modules and services for application security components",
6498
+ "Confirm identity management, encryption, auditing, and logging capabilities",
6499
+ "Validate platform security features and critical security function integration",
6500
+ "Assess standardized, accepted, and extensively reviewed encryption algorithms",
6501
+ "Review established security libraries and cryptographic modules",
6502
+ "Check operating system security feature utilization and secure audit log mechanisms"
6503
+ ],
6504
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6505
+ }
4626
6506
  },
4627
6507
  "16.12": {
4628
6508
  id: "16.12",
@@ -4652,7 +6532,21 @@ export class SafeguardManager {
4652
6532
  "interactive application security testing (IAST)"
4653
6533
  ],
4654
6534
  relatedSafeguards: ["16.1"],
4655
- keywords: ["implement", "code-level", "security", "checks", "static", "dynamic", "analysis", "tools", "application", "life", "cycle", "secure", "coding", "practices"]
6535
+ keywords: ["implement", "code-level", "security", "checks", "static", "dynamic", "analysis", "tools", "application", "life", "cycle", "secure", "coding", "practices"],
6536
+ systemPrompt: {
6537
+ role: "code_security_analysis_expert",
6538
+ context: "You are evaluating code-level security analysis solutions against CIS Control 16.12 requirements for implementing static and dynamic analysis tools within application lifecycles to verify secure coding practices.",
6539
+ objective: "Determine if a vendor solution provides comprehensive code-level security checking capabilities including static analysis, dynamic analysis, and secure coding practice verification within application development lifecycles.",
6540
+ guidelines: [
6541
+ "Verify static and dynamic analysis tool implementation in application lifecycle",
6542
+ "Confirm secure coding practices verification and compliance checking",
6543
+ "Validate SAST, DAST, and IAST capabilities and integration",
6544
+ "Assess code analysis tool effectiveness and lifecycle integration",
6545
+ "Review application security testing automation and continuous security",
6546
+ "Check secure coding standard enforcement and development process integration"
6547
+ ],
6548
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6549
+ }
4656
6550
  },
4657
6551
  "16.13": {
4658
6552
  id: "16.13",
@@ -4685,7 +6579,21 @@ export class SafeguardManager {
4685
6579
  "skilled penetration testers"
4686
6580
  ],
4687
6581
  relatedSafeguards: ["16.1"],
4688
- keywords: ["conduct", "application", "penetration", "testing", "critical", "applications", "authenticated", "business", "logic", "vulnerabilities", "manual", "manipulation"]
6582
+ keywords: ["conduct", "application", "penetration", "testing", "critical", "applications", "authenticated", "business", "logic", "vulnerabilities", "manual", "manipulation"],
6583
+ systemPrompt: {
6584
+ role: "application_penetration_testing_expert",
6585
+ context: "You are evaluating application penetration testing solutions against CIS Control 16.13 requirements for conducting penetration testing including authenticated testing for critical applications and business logic vulnerability identification.",
6586
+ objective: "Determine if a vendor solution provides comprehensive application penetration testing capabilities including authenticated testing, business logic vulnerability discovery, and manual application manipulation for critical applications.",
6587
+ guidelines: [
6588
+ "Verify application penetration testing capabilities and methodologies",
6589
+ "Confirm authenticated penetration testing for critical applications",
6590
+ "Validate business logic vulnerability identification and manual manipulation testing",
6591
+ "Assess authenticated and unauthenticated user testing approaches",
6592
+ "Review penetration testing frameworks and skilled tester capabilities",
6593
+ "Check testing effectiveness beyond code scanning and automated security testing"
6594
+ ],
6595
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6596
+ }
4689
6597
  },
4690
6598
  "16.14": {
4691
6599
  id: "16.14",
@@ -4722,7 +6630,21 @@ export class SafeguardManager {
4722
6630
  "security architecture documentation"
4723
6631
  ],
4724
6632
  relatedSafeguards: ["16.1"],
4725
- keywords: ["conduct", "threat", "modeling", "identifying", "addressing", "application", "security", "design", "flaws", "specially", "trained", "individuals", "entry", "point", "access", "level"]
6633
+ keywords: ["conduct", "threat", "modeling", "identifying", "addressing", "application", "security", "design", "flaws", "specially", "trained", "individuals", "entry", "point", "access", "level"],
6634
+ systemPrompt: {
6635
+ role: "threat_modeling_expert",
6636
+ context: "You are evaluating threat modeling solutions against CIS Control 16.14 requirements for conducting threat modeling to identify and address application security design flaws before code creation through specially trained individuals.",
6637
+ objective: "Determine if a vendor solution provides comprehensive threat modeling capabilities including design flaw identification, security risk assessment for entry points/access levels, and structured application/architecture/infrastructure mapping.",
6638
+ guidelines: [
6639
+ "Verify threat modeling process implementation and design flaw identification",
6640
+ "Confirm specially trained individual capabilities and application design evaluation",
6641
+ "Validate security risk assessment for each entry point and access level",
6642
+ "Assess structured mapping of application, architecture, and infrastructure",
6643
+ "Review threat modeling frameworks and security design review processes",
6644
+ "Check threat modeling tools and security architecture documentation integration"
6645
+ ],
6646
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6647
+ }
4726
6648
  },
4727
6649
 
4728
6650
  // Control 17: Incident Response Management
@@ -4758,7 +6680,21 @@ export class SafeguardManager {
4758
6680
  "documentation templates"
4759
6681
  ],
4760
6682
  relatedSafeguards: ["17.4"],
4761
- keywords: ["designate", "personnel", "manage", "incident", "handling", "key", "person", "backup", "coordination", "documentation", "response", "recovery"]
6683
+ keywords: ["designate", "personnel", "manage", "incident", "handling", "key", "person", "backup", "coordination", "documentation", "response", "recovery"],
6684
+ systemPrompt: {
6685
+ role: "incident_management_personnel_expert",
6686
+ context: "You are evaluating incident management personnel designation solutions against CIS Control 17.1 requirements for designating key personnel and backups to manage enterprise incident handling processes with coordination and documentation responsibilities.",
6687
+ objective: "Determine if a vendor solution provides comprehensive incident management personnel capabilities including key person designation, backup personnel, coordination and documentation systems, and annual review processes.",
6688
+ guidelines: [
6689
+ "Verify key person and backup designation for incident handling management",
6690
+ "Confirm coordination and documentation of incident response and recovery efforts",
6691
+ "Validate management personnel responsibilities and incident handling process oversight",
6692
+ "Assess internal employees, service providers, or hybrid approach support",
6693
+ "Review annual personnel review and enterprise change impact assessment",
6694
+ "Check incident response team structures and coordination tools integration"
6695
+ ],
6696
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6697
+ }
4762
6698
  },
4763
6699
  "17.2": {
4764
6700
  id: "17.2",
@@ -4790,7 +6726,21 @@ export class SafeguardManager {
4790
6726
  "contact information distribution methods"
4791
6727
  ],
4792
6728
  relatedSafeguards: ["17.3", "17.4"],
4793
- keywords: ["establish", "maintain", "contact", "information", "reporting", "security", "incidents", "workforce", "members", "communication", "methods"]
6729
+ keywords: ["establish", "maintain", "contact", "information", "reporting", "security", "incidents", "workforce", "members", "communication", "methods"],
6730
+ systemPrompt: {
6731
+ role: "incident_contact_information_expert",
6732
+ context: "You are evaluating incident contact information management solutions against CIS Control 17.2 requirements for establishing and maintaining comprehensive contact information for reporting security incidents with multiple communication methods.",
6733
+ objective: "Determine if a vendor solution provides comprehensive incident contact information capabilities including workforce-accessible contact methods, regular updates, and resilient communication systems for compromised environments.",
6734
+ guidelines: [
6735
+ "Verify incident contact information establishment and maintenance for security incident reporting",
6736
+ "Confirm workforce member accessibility and various contact method availability",
6737
+ "Validate regular contact information updates and communication method diversity",
6738
+ "Assess contact method availability during compromised primary communication systems",
6739
+ "Review incident reporting hotlines and emergency contact list management",
6740
+ "Check multiple communication channels and contact information distribution methods"
6741
+ ],
6742
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6743
+ }
4794
6744
  },
4795
6745
  "17.3": {
4796
6746
  id: "17.3",
@@ -4824,7 +6774,21 @@ export class SafeguardManager {
4824
6774
  "process communication methods"
4825
6775
  ],
4826
6776
  relatedSafeguards: ["17.2", "17.4", "14.6"],
4827
- keywords: ["establish", "maintain", "enterprise", "process", "reporting", "incidents", "documented", "timeframe", "personnel", "mechanism", "minimum", "information"]
6777
+ keywords: ["establish", "maintain", "enterprise", "process", "reporting", "incidents", "documented", "timeframe", "personnel", "mechanism", "minimum", "information"],
6778
+ systemPrompt: {
6779
+ role: "incident_reporting_process_expert",
6780
+ context: "You are evaluating incident reporting process solutions against CIS Control 17.3 requirements for establishing documented enterprise processes including reporting timeframes, personnel, mechanisms, and minimum information requirements.",
6781
+ objective: "Determine if a vendor solution provides comprehensive incident reporting process capabilities including documented procedures, workforce accessibility, reporting requirements, and annual review processes.",
6782
+ guidelines: [
6783
+ "Verify documented enterprise process establishment for workforce incident reporting",
6784
+ "Confirm reporting timeframe, personnel designation, and reporting mechanism definition",
6785
+ "Validate minimum information requirements and process workforce accessibility",
6786
+ "Assess annual process review and enterprise change impact assessment",
6787
+ "Review incident reporting procedures and workforce training material integration",
6788
+ "Check reporting forms, templates, and process communication methods"
6789
+ ],
6790
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6791
+ }
4828
6792
  },
4829
6793
  "17.4": {
4830
6794
  id: "17.4",
@@ -4855,7 +6819,21 @@ export class SafeguardManager {
4855
6819
  "communication protocols"
4856
6820
  ],
4857
6821
  relatedSafeguards: ["17.1", "17.3", "17.5", "17.6", "17.7", "17.8", "17.9"],
4858
- keywords: ["establish", "maintain", "incident", "response", "process", "documented", "roles", "responsibilities", "compliance", "requirements", "communication", "plan"]
6822
+ keywords: ["establish", "maintain", "incident", "response", "process", "documented", "roles", "responsibilities", "compliance", "requirements", "communication", "plan"],
6823
+ systemPrompt: {
6824
+ role: "incident_response_process_expert",
6825
+ context: "You are evaluating incident response process solutions against CIS Control 17.4 requirements for establishing documented incident response processes addressing roles, responsibilities, compliance requirements, and communication plans.",
6826
+ objective: "Determine if a vendor solution provides comprehensive incident response process capabilities including documentation, role definition, compliance integration, communication planning, and annual review processes.",
6827
+ guidelines: [
6828
+ "Verify documented incident response process establishment and maintenance",
6829
+ "Confirm roles and responsibilities definition and compliance requirements integration",
6830
+ "Validate communication plan development and incident response coordination",
6831
+ "Assess annual process review and enterprise change impact assessment",
6832
+ "Review incident response playbooks and process documentation templates",
6833
+ "Check compliance frameworks and communication protocol integration"
6834
+ ],
6835
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6836
+ }
4859
6837
  },
4860
6838
  "17.5": {
4861
6839
  id: "17.5",
@@ -4889,7 +6867,21 @@ export class SafeguardManager {
4889
6867
  "cross-functional team coordination"
4890
6868
  ],
4891
6869
  relatedSafeguards: ["17.4"],
4892
- keywords: ["assign", "key", "roles", "responsibilities", "incident", "response", "legal", "IT", "information", "security", "facilities", "public", "relations", "human", "resources", "responders", "analysts"]
6870
+ keywords: ["assign", "key", "roles", "responsibilities", "incident", "response", "legal", "IT", "information", "security", "facilities", "public", "relations", "human", "resources", "responders", "analysts"],
6871
+ systemPrompt: {
6872
+ role: "incident_response_role_assignment_expert",
6873
+ context: "You are evaluating incident response role assignment solutions against CIS Control 17.5 requirements for assigning key roles and responsibilities including legal, IT, information security, facilities, public relations, human resources, incident responders, and analysts.",
6874
+ objective: "Determine if a vendor solution provides comprehensive incident response role assignment capabilities including cross-functional team coordination, responsibility definition, and annual role review processes.",
6875
+ guidelines: [
6876
+ "Verify key role and responsibility assignment for incident response teams",
6877
+ "Confirm cross-functional staff inclusion (legal, IT, security, facilities, PR, HR, responders, analysts)",
6878
+ "Validate incident response team structure and role definition",
6879
+ "Assess annual role review and enterprise change impact assessment",
6880
+ "Review responsibility matrices and cross-functional team coordination",
6881
+ "Check incident response team structures and role definition template integration"
6882
+ ],
6883
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6884
+ }
4893
6885
  },
4894
6886
  "17.6": {
4895
6887
  id: "17.6",
@@ -4922,7 +6914,21 @@ export class SafeguardManager {
4922
6914
  "notification systems"
4923
6915
  ],
4924
6916
  relatedSafeguards: ["17.4"],
4925
- keywords: ["define", "mechanisms", "communicating", "incident", "response", "primary", "secondary", "communicate", "report", "security", "incident", "phone", "calls", "emails", "secure", "chat"]
6917
+ keywords: ["define", "mechanisms", "communicating", "incident", "response", "primary", "secondary", "communicate", "report", "security", "incident", "phone", "calls", "emails", "secure", "chat"],
6918
+ systemPrompt: {
6919
+ role: "incident_communication_mechanism_expert",
6920
+ context: "You are evaluating incident communication mechanism solutions against CIS Control 17.6 requirements for defining primary and secondary communication mechanisms during security incidents including resilient communication methods.",
6921
+ objective: "Determine if a vendor solution provides comprehensive incident communication mechanism capabilities including primary/secondary methods, resilient communication systems, and annual mechanism review processes.",
6922
+ guidelines: [
6923
+ "Verify primary and secondary communication mechanism definition for incident response",
6924
+ "Confirm diverse communication methods (phone calls, emails, secure chat, notification letters)",
6925
+ "Validate communication method resilience during security incidents",
6926
+ "Assess backup communication method availability when primary systems are compromised",
6927
+ "Review secure messaging systems and notification system integration",
6928
+ "Check annual mechanism review and enterprise change impact assessment"
6929
+ ],
6930
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6931
+ }
4926
6932
  },
4927
6933
  "17.7": {
4928
6934
  id: "17.7",
@@ -4955,7 +6961,21 @@ export class SafeguardManager {
4955
6961
  "testing schedules and protocols"
4956
6962
  ],
4957
6963
  relatedSafeguards: ["17.4"],
4958
- keywords: ["conduct", "routine", "incident", "response", "exercises", "plan", "scenarios", "key", "personnel", "real-world", "incidents", "test", "communication", "channels", "decision-making", "workflows"]
6964
+ keywords: ["conduct", "routine", "incident", "response", "exercises", "plan", "scenarios", "key", "personnel", "real-world", "incidents", "test", "communication", "channels", "decision-making", "workflows"],
6965
+ systemPrompt: {
6966
+ role: "incident_response_exercise_expert",
6967
+ context: "You are evaluating incident response exercise solutions against CIS Control 17.7 requirements for conducting routine exercises and scenarios for key personnel to test communication channels, decision-making, and workflows.",
6968
+ objective: "Determine if a vendor solution provides comprehensive incident response exercise capabilities including routine exercises, scenario planning, personnel training, and annual testing programs for real-world incident preparation.",
6969
+ guidelines: [
6970
+ "Verify routine incident response exercise planning and execution for key personnel",
6971
+ "Confirm scenario development and real-world incident preparation capabilities",
6972
+ "Validate communication channel, decision-making, and workflow testing",
6973
+ "Assess annual testing requirements and exercise frequency management",
6974
+ "Review tabletop exercises and simulation scenario planning frameworks",
6975
+ "Check exercise testing schedules and protocol integration"
6976
+ ],
6977
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
6978
+ }
4959
6979
  },
4960
6980
  "17.8": {
4961
6981
  id: "17.8",
@@ -4984,7 +7004,21 @@ export class SafeguardManager {
4984
7004
  "review meeting processes"
4985
7005
  ],
4986
7006
  relatedSafeguards: ["17.4"],
4987
- keywords: ["conduct", "post-incident", "reviews", "prevent", "incident", "recurrence", "identifying", "lessons", "learned", "follow-up", "action"]
7007
+ keywords: ["conduct", "post-incident", "reviews", "prevent", "incident", "recurrence", "identifying", "lessons", "learned", "follow-up", "action"],
7008
+ systemPrompt: {
7009
+ role: "post_incident_review_expert",
7010
+ context: "You are evaluating post-incident review solutions against CIS Control 17.8 requirements for conducting post-incident reviews to prevent recurrence through lessons learned identification and follow-up actions.",
7011
+ objective: "Determine if a vendor solution provides comprehensive post-incident review capabilities including incident recurrence prevention, lessons learned documentation, and follow-up action management.",
7012
+ guidelines: [
7013
+ "Verify post-incident review process implementation and execution",
7014
+ "Confirm incident recurrence prevention and lessons learned identification",
7015
+ "Validate follow-up action planning and implementation tracking",
7016
+ "Assess post-incident review documentation and improvement processes",
7017
+ "Review lessons learned documentation and improvement action plan integration",
7018
+ "Check review meeting processes and continuous improvement capabilities"
7019
+ ],
7020
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
7021
+ }
4988
7022
  },
4989
7023
  "17.9": {
4990
7024
  id: "17.9",
@@ -5017,7 +7051,21 @@ export class SafeguardManager {
5017
7051
  "incident categorization tools"
5018
7052
  ],
5019
7053
  relatedSafeguards: ["17.4"],
5020
- keywords: ["establish", "maintain", "security", "incident", "thresholds", "differentiating", "incident", "event", "abnormal", "activity", "vulnerability", "weakness", "data", "breach", "privacy"]
7054
+ keywords: ["establish", "maintain", "security", "incident", "thresholds", "differentiating", "incident", "event", "abnormal", "activity", "vulnerability", "weakness", "data", "breach", "privacy"],
7055
+ systemPrompt: {
7056
+ role: "incident_threshold_classification_expert",
7057
+ context: "You are evaluating security incident threshold and classification solutions against CIS Control 17.9 requirements for establishing incident thresholds including incident/event differentiation and classification criteria.",
7058
+ objective: "Determine if a vendor solution provides comprehensive security incident threshold capabilities including incident/event differentiation, classification criteria, and annual threshold review processes.",
7059
+ guidelines: [
7060
+ "Verify security incident threshold establishment and maintenance",
7061
+ "Confirm incident and event differentiation and classification criteria",
7062
+ "Validate incident classification including abnormal activity, vulnerabilities, weaknesses, data breaches, privacy incidents",
7063
+ "Assess annual threshold review and enterprise change impact assessment",
7064
+ "Review incident classification frameworks and threshold definition templates",
7065
+ "Check severity rating systems and incident categorization tool integration"
7066
+ ],
7067
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
7068
+ }
5021
7069
  },
5022
7070
 
5023
7071
  // Control 18: Penetration Testing
@@ -5057,7 +7105,21 @@ export class SafeguardManager {
5057
7105
  "testing frequency schedules"
5058
7106
  ],
5059
7107
  relatedSafeguards: ["18.2", "18.3", "18.4", "18.5"],
5060
- keywords: ["establish", "maintain", "penetration", "testing", "program", "scope", "network", "web", "application", "API", "hosted", "services", "frequency", "limitations", "remediation"]
7108
+ keywords: ["establish", "maintain", "penetration", "testing", "program", "scope", "network", "web", "application", "API", "hosted", "services", "frequency", "limitations", "remediation"],
7109
+ systemPrompt: {
7110
+ role: "penetration_testing_program_expert",
7111
+ context: "You are evaluating penetration testing program solutions against CIS Control 18.1 requirements for establishing comprehensive programs appropriate to enterprise size, complexity, industry, and maturity with defined scope, frequency, limitations, and remediation procedures.",
7112
+ objective: "Determine if a vendor solution provides comprehensive penetration testing program capabilities including program establishment, scope definition, frequency management, limitation setting, and remediation procedures.",
7113
+ guidelines: [
7114
+ "Verify penetration testing program establishment appropriate to enterprise characteristics",
7115
+ "Confirm comprehensive scope including network, web application, API, hosted services, physical premises",
7116
+ "Validate frequency requirements and limitation management (acceptable hours, excluded attacks)",
7117
+ "Assess point of contact information and remediation procedure integration",
7118
+ "Review penetration testing frameworks and program documentation templates",
7119
+ "Check retrospective requirements and scope definition guideline integration"
7120
+ ],
7121
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
7122
+ }
5061
7123
  },
5062
7124
  "18.2": {
5063
7125
  id: "18.2",
@@ -5092,7 +7154,21 @@ export class SafeguardManager {
5092
7154
  "clear box and opaque box methodologies"
5093
7155
  ],
5094
7156
  relatedSafeguards: ["18.1", "18.3", "18.4"],
5095
- keywords: ["perform", "periodic", "external", "penetration", "tests", "annually", "enterprise", "environmental", "reconnaissance", "exploitable", "information", "qualified", "party", "clear", "box", "opaque", "box"]
7157
+ keywords: ["perform", "periodic", "external", "penetration", "tests", "annually", "enterprise", "environmental", "reconnaissance", "exploitable", "information", "qualified", "party", "clear", "box", "opaque", "box"],
7158
+ systemPrompt: {
7159
+ role: "external_penetration_testing_expert",
7160
+ context: "You are evaluating external penetration testing solutions against CIS Control 18.2 requirements for performing periodic external penetration tests including enterprise and environmental reconnaissance with qualified party execution and clear/opaque box methodologies.",
7161
+ objective: "Determine if a vendor solution provides comprehensive external penetration testing capabilities including annual testing, reconnaissance, exploitable information detection, qualified party execution, and clear/opaque box methodologies.",
7162
+ guidelines: [
7163
+ "Verify periodic external penetration testing based on program requirements (minimum annually)",
7164
+ "Confirm enterprise and environmental reconnaissance capabilities for exploitable information detection",
7165
+ "Validate qualified party requirements and specialized skills/experience verification",
7166
+ "Assess clear box and opaque box testing methodology support",
7167
+ "Review external penetration testing services and reconnaissance tool integration",
7168
+ "Check qualified penetration testing vendor capabilities and methodology frameworks"
7169
+ ],
7170
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
7171
+ }
5096
7172
  },
5097
7173
  "18.3": {
5098
7174
  id: "18.3",
@@ -5123,7 +7199,21 @@ export class SafeguardManager {
5123
7199
  "impact assessment methodologies"
5124
7200
  ],
5125
7201
  relatedSafeguards: ["18.1", "18.2", "18.5"],
5126
- keywords: ["remediate", "penetration", "test", "findings", "documented", "vulnerability", "remediation", "process", "timeline", "level", "effort", "impact", "prioritization"]
7202
+ keywords: ["remediate", "penetration", "test", "findings", "documented", "vulnerability", "remediation", "process", "timeline", "level", "effort", "impact", "prioritization"],
7203
+ systemPrompt: {
7204
+ role: "penetration_test_remediation_expert",
7205
+ context: "You are evaluating penetration test finding remediation solutions against CIS Control 18.3 requirements for remediating findings based on documented vulnerability remediation processes with timeline, effort, impact, and prioritization assessment.",
7206
+ objective: "Determine if a vendor solution provides comprehensive penetration test finding remediation capabilities including documented processes, timeline determination, effort assessment, impact analysis, and finding prioritization.",
7207
+ guidelines: [
7208
+ "Verify penetration test finding remediation based on documented vulnerability processes",
7209
+ "Confirm timeline determination and level of effort assessment capabilities",
7210
+ "Validate impact assessment and finding prioritization frameworks",
7211
+ "Assess vulnerability remediation workflow integration and tracking systems",
7212
+ "Review finding prioritization frameworks and remediation tracking systems",
7213
+ "Check impact assessment methodologies and remediation process compliance"
7214
+ ],
7215
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
7216
+ }
5127
7217
  },
5128
7218
  "18.4": {
5129
7219
  id: "18.4",
@@ -5153,7 +7243,21 @@ export class SafeguardManager {
5153
7243
  "technique analysis methodologies"
5154
7244
  ],
5155
7245
  relatedSafeguards: ["18.1", "18.2", "18.5"],
5156
- keywords: ["validate", "security", "measures", "penetration", "test", "modify", "rulesets", "capabilities", "detect", "techniques", "testing"]
7246
+ keywords: ["validate", "security", "measures", "penetration", "test", "modify", "rulesets", "capabilities", "detect", "techniques", "testing"],
7247
+ systemPrompt: {
7248
+ role: "security_measure_validation_expert",
7249
+ context: "You are evaluating security measure validation solutions against CIS Control 18.4 requirements for validating security measures after penetration tests and modifying rulesets/capabilities to detect testing techniques.",
7250
+ objective: "Determine if a vendor solution provides comprehensive security measure validation capabilities including post-test validation, ruleset modification, capability enhancement, and technique detection improvement.",
7251
+ guidelines: [
7252
+ "Verify security measure validation after each penetration test",
7253
+ "Confirm ruleset and capability modification for technique detection improvement",
7254
+ "Validate detection enhancement for techniques used during penetration testing",
7255
+ "Assess security control validation frameworks and detection rule tuning",
7256
+ "Review capability enhancement procedures and technique analysis methodologies",
7257
+ "Check security measure effectiveness and penetration test technique integration"
7258
+ ],
7259
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
7260
+ }
5157
7261
  },
5158
7262
  "18.5": {
5159
7263
  id: "18.5",
@@ -5182,7 +7286,21 @@ export class SafeguardManager {
5182
7286
  "internal security assessment frameworks"
5183
7287
  ],
5184
7288
  relatedSafeguards: ["18.1", "18.3", "18.4"],
5185
- keywords: ["perform", "periodic", "internal", "penetration", "tests", "program", "requirements", "annually", "clear", "box", "opaque", "box"]
7289
+ keywords: ["perform", "periodic", "internal", "penetration", "tests", "program", "requirements", "annually", "clear", "box", "opaque", "box"],
7290
+ systemPrompt: {
7291
+ role: "internal_penetration_testing_expert",
7292
+ context: "You are evaluating internal penetration testing solutions against CIS Control 18.5 requirements for performing periodic internal penetration tests based on program requirements with annual frequency and clear/opaque box methodologies.",
7293
+ objective: "Determine if a vendor solution provides comprehensive internal penetration testing capabilities including periodic testing, program requirements compliance, annual frequency, and clear/opaque box approaches.",
7294
+ guidelines: [
7295
+ "Verify periodic internal penetration testing based on program requirements (minimum annually)",
7296
+ "Confirm annual testing frequency and program requirements compliance",
7297
+ "Validate clear box and opaque box testing methodology support",
7298
+ "Assess internal penetration testing tools and methodology integration",
7299
+ "Review internal testing methodologies and security assessment frameworks",
7300
+ "Check internal penetration testing capability and approach effectiveness"
7301
+ ],
7302
+ outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
7303
+ }
5186
7304
  }
5187
7305
  };
5188
7306
  }