vaspera 2.5.0

package/dist/compliance/gdpr.js

@@ -0,0 +1,319 @@
+/**
+ * GDPR Controls
+ *
+ * General Data Protection Regulation (EU 2016/679)
+ * Articles relevant to software security and data protection.
+ *
+ * @module compliance/gdpr
+ */
+/**
+ * GDPR article categories relevant to software security
+ */
+export const GDPR_CATEGORIES = [
+    "Principles",
+    "Data Subject Rights",
+    "Controller Obligations",
+    "Security",
+    "Breach Notification",
+    "Data Protection by Design",
+];
+/**
+ * GDPR controls relevant to code security and data protection
+ */
+export const GDPR_CONTROLS = [
+    // Chapter II - Principles (Articles 5-11)
+    {
+        id: "GDPR-5.1.a",
+        framework: "GDPR",
+        category: "Principles",
+        title: "Lawfulness, Fairness, Transparency",
+        description: "Personal data shall be processed lawfully, fairly, and in a transparent manner.",
+        keywords: ["lawfulness", "transparency", "consent", "legal-basis"],
+        findingCategories: ["privacy", "consent"],
+    },
+    {
+        id: "GDPR-5.1.b",
+        framework: "GDPR",
+        category: "Principles",
+        title: "Purpose Limitation",
+        description: "Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible.",
+        keywords: ["purpose-limitation", "data-collection", "processing"],
+        findingCategories: ["data-handling", "privacy"],
+    },
+    {
+        id: "GDPR-5.1.c",
+        framework: "GDPR",
+        category: "Principles",
+        title: "Data Minimization",
+        description: "Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.",
+        keywords: ["data-minimization", "necessity", "relevance"],
+        findingCategories: ["data-handling", "data-exposure"],
+    },
+    {
+        id: "GDPR-5.1.d",
+        framework: "GDPR",
+        category: "Principles",
+        title: "Accuracy",
+        description: "Accurate and, where necessary, kept up to date; inaccurate data erased or rectified without delay.",
+        keywords: ["accuracy", "data-quality", "rectification"],
+        findingCategories: ["data-handling", "integrity"],
+    },
+    {
+        id: "GDPR-5.1.e",
+        framework: "GDPR",
+        category: "Principles",
+        title: "Storage Limitation",
+        description: "Kept in a form which permits identification of data subjects for no longer than necessary.",
+        keywords: ["retention", "storage-limitation", "deletion"],
+        findingCategories: ["data-handling", "data-retention"],
+    },
+    {
+        id: "GDPR-5.1.f",
+        framework: "GDPR",
+        category: "Principles",
+        title: "Integrity and Confidentiality",
+        description: "Processed in a manner that ensures appropriate security, including protection against unauthorized processing, loss, destruction, or damage.",
+        keywords: ["integrity", "confidentiality", "security", "protection"],
+        findingCategories: ["security", "encryption", "access-control"],
+        cweIds: ["CWE-311", "CWE-312", "CWE-284"],
+    },
+    // Chapter III - Rights of Data Subject (Articles 12-23)
+    {
+        id: "GDPR-15",
+        framework: "GDPR",
+        category: "Data Subject Rights",
+        title: "Right of Access",
+        description: "Data subject shall have the right to obtain confirmation whether personal data is being processed and access to the data.",
+        keywords: ["access-right", "data-subject", "transparency"],
+        findingCategories: ["privacy", "data-handling"],
+    },
+    {
+        id: "GDPR-17",
+        framework: "GDPR",
+        category: "Data Subject Rights",
+        title: "Right to Erasure (Right to be Forgotten)",
+        description: "Data subject shall have the right to obtain erasure of personal data without undue delay.",
+        keywords: ["erasure", "deletion", "right-to-be-forgotten"],
+        findingCategories: ["data-handling", "data-retention"],
+    },
+    {
+        id: "GDPR-20",
+        framework: "GDPR",
+        category: "Data Subject Rights",
+        title: "Right to Data Portability",
+        description: "Data subject shall have the right to receive personal data in a structured, commonly used, machine-readable format.",
+        keywords: ["portability", "data-export", "interoperability"],
+        findingCategories: ["data-handling"],
+    },
+    // Chapter IV - Controller and Processor (Articles 24-43)
+    {
+        id: "GDPR-24",
+        framework: "GDPR",
+        category: "Controller Obligations",
+        title: "Responsibility of the Controller",
+        description: "Controller shall implement appropriate technical and organizational measures to ensure processing is performed in accordance with GDPR.",
+        keywords: ["controller", "responsibility", "measures"],
+        findingCategories: ["security", "compliance"],
+    },
+    {
+        id: "GDPR-25.1",
+        framework: "GDPR",
+        category: "Data Protection by Design",
+        title: "Data Protection by Design",
+        description: "Implement appropriate technical and organizational measures designed to implement data-protection principles effectively.",
+        keywords: ["privacy-by-design", "data-protection", "design"],
+        findingCategories: ["security", "privacy", "architecture"],
+        cweIds: ["CWE-284"],
+    },
+    {
+        id: "GDPR-25.2",
+        framework: "GDPR",
+        category: "Data Protection by Design",
+        title: "Data Protection by Default",
+        description: "Implement appropriate technical and organizational measures for ensuring that, by default, only personal data necessary for each specific purpose is processed.",
+        keywords: ["privacy-by-default", "data-minimization", "default-settings"],
+        findingCategories: ["privacy", "data-handling", "configuration"],
+    },
+    {
+        id: "GDPR-28",
+        framework: "GDPR",
+        category: "Controller Obligations",
+        title: "Processor Requirements",
+        description: "Processing by a processor shall be governed by a contract requiring sufficient guarantees for appropriate technical and organizational measures.",
+        keywords: ["processor", "contract", "third-party"],
+        findingCategories: ["third-party", "compliance"],
+    },
+    {
+        id: "GDPR-30",
+        framework: "GDPR",
+        category: "Controller Obligations",
+        title: "Records of Processing Activities",
+        description: "Maintain a record of processing activities under its responsibility.",
+        keywords: ["records", "documentation", "processing-activities"],
+        findingCategories: ["logging", "documentation"],
+    },
+    // Security of Processing (Article 32)
+    {
+        id: "GDPR-32.1.a",
+        framework: "GDPR",
+        category: "Security",
+        title: "Pseudonymisation and Encryption",
+        description: "Implement pseudonymisation and encryption of personal data.",
+        keywords: ["pseudonymisation", "encryption", "cryptography"],
+        findingCategories: ["encryption", "data-protection"],
+        cweIds: ["CWE-311", "CWE-312", "CWE-327"],
+    },
+    {
+        id: "GDPR-32.1.b",
+        framework: "GDPR",
+        category: "Security",
+        title: "Confidentiality, Integrity, Availability, Resilience",
+        description: "Ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.",
+        keywords: ["confidentiality", "integrity", "availability", "resilience", "CIA"],
+        findingCategories: ["security", "availability", "integrity"],
+        cweIds: ["CWE-284", "CWE-354"],
+    },
+    {
+        id: "GDPR-32.1.c",
+        framework: "GDPR",
+        category: "Security",
+        title: "Restore Availability and Access",
+        description: "Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.",
+        keywords: ["disaster-recovery", "backup", "business-continuity"],
+        findingCategories: ["availability", "backup", "disaster-recovery"],
+    },
+    {
+        id: "GDPR-32.1.d",
+        framework: "GDPR",
+        category: "Security",
+        title: "Testing, Assessing, Evaluating Effectiveness",
+        description: "Process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures.",
+        keywords: ["testing", "assessment", "security-testing"],
+        findingCategories: ["security", "testing"],
+    },
+    {
+        id: "GDPR-32.2",
+        framework: "GDPR",
+        category: "Security",
+        title: "Risk Assessment for Security",
+        description: "In assessing the appropriate level of security, account shall be taken of risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.",
+        keywords: ["risk-assessment", "security-assessment", "threat-modeling"],
+        findingCategories: ["security", "risk"],
+        cweIds: ["CWE-200", "CWE-284"],
+    },
+    // Breach Notification (Articles 33-34)
+    {
+        id: "GDPR-33",
+        framework: "GDPR",
+        category: "Breach Notification",
+        title: "Notification of Breach to Authority",
+        description: "In case of a personal data breach, notify the supervisory authority within 72 hours.",
+        keywords: ["breach-notification", "incident-response", "reporting"],
+        findingCategories: ["incident-response", "logging"],
+    },
+    {
+        id: "GDPR-34",
+        framework: "GDPR",
+        category: "Breach Notification",
+        title: "Communication of Breach to Data Subject",
+        description: "When the personal data breach is likely to result in a high risk, communicate the breach to the data subject without undue delay.",
+        keywords: ["breach-notification", "data-subject", "communication"],
+        findingCategories: ["incident-response"],
+    },
+    // Data Protection Impact Assessment (Article 35)
+    {
+        id: "GDPR-35",
+        framework: "GDPR",
+        category: "Data Protection by Design",
+        title: "Data Protection Impact Assessment",
+        description: "Where processing is likely to result in a high risk to rights and freedoms, carry out a data protection impact assessment (DPIA).",
+        keywords: ["DPIA", "impact-assessment", "risk-assessment", "privacy"],
+        findingCategories: ["privacy", "risk"],
+    },
+    // Additional Security-Related Controls
+    {
+        id: "GDPR-Auth",
+        framework: "GDPR",
+        category: "Security",
+        title: "Authentication Controls",
+        description: "Implement proper authentication mechanisms to verify identity before granting access to personal data.",
+        keywords: ["authentication", "login", "identity", "password"],
+        findingCategories: ["authentication"],
+        cweIds: ["CWE-287", "CWE-306", "CWE-521"],
+    },
+    {
+        id: "GDPR-AuthZ",
+        framework: "GDPR",
+        category: "Security",
+        title: "Authorization Controls",
+        description: "Implement proper authorization to ensure users can only access personal data they are entitled to.",
+        keywords: ["authorization", "access-control", "permissions", "RBAC"],
+        findingCategories: ["authorization", "access-control"],
+        cweIds: ["CWE-284", "CWE-285", "CWE-862", "CWE-863"],
+    },
+    {
+        id: "GDPR-Input",
+        framework: "GDPR",
+        category: "Security",
+        title: "Input Validation",
+        description: "Validate and sanitize all input to prevent injection attacks that could expose personal data.",
+        keywords: ["input-validation", "injection", "sanitization"],
+        findingCategories: ["sql-injection", "xss", "injection"],
+        cweIds: ["CWE-89", "CWE-79", "CWE-78"],
+    },
+    {
+        id: "GDPR-Secrets",
+        framework: "GDPR",
+        category: "Security",
+        title: "Secrets Management",
+        description: "Properly manage and protect cryptographic keys, credentials, and other secrets used to protect personal data.",
+        keywords: ["secrets", "credentials", "keys", "passwords"],
+        findingCategories: ["secrets", "credentials"],
+        cweIds: ["CWE-798", "CWE-522"],
+    },
+    {
+        id: "GDPR-Logging",
+        framework: "GDPR",
+        category: "Security",
+        title: "Audit Logging",
+        description: "Implement comprehensive logging of access to and processing of personal data for audit purposes.",
+        keywords: ["logging", "audit", "monitoring", "trail"],
+        findingCategories: ["logging", "audit"],
+        cweIds: ["CWE-778"],
+    },
+    {
+        id: "GDPR-Transport",
+        framework: "GDPR",
+        category: "Security",
+        title: "Transport Security",
+        description: "Encrypt personal data in transit using TLS/HTTPS to prevent interception.",
+        keywords: ["TLS", "HTTPS", "transport-security", "encryption"],
+        findingCategories: ["transport-security", "encryption"],
+        cweIds: ["CWE-319", "CWE-523"],
+    },
+];
+/**
+ * Get all GDPR controls
+ */
+export function getGDPRControls() {
+    return GDPR_CONTROLS;
+}
+/**
+ * Get GDPR controls by category
+ */
+export function getGDPRControlsByCategory(category) {
+    return GDPR_CONTROLS.filter((c) => c.category === category);
+}
+/**
+ * Get GDPR controls by article
+ */
+export function getGDPRControlsByArticle(article) {
+    return GDPR_CONTROLS.filter((c) => c.id.startsWith(`GDPR-${article}`));
+}
+/**
+ * Get GDPR categories
+ */
+export function getGDPRCategories() {
+    return GDPR_CATEGORIES;
+}
+//# sourceMappingURL=gdpr.js.map

package/dist/compliance/gdpr.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gdpr.js","sourceRoot":"","sources":["../../src/compliance/gdpr.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,YAAY;IACZ,qBAAqB;IACrB,wBAAwB;IACxB,UAAU;IACV,qBAAqB;IACrB,2BAA2B;CACnB,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAwB;IAChD,0CAA0C;IAC1C;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,iFAAiF;QACnF,QAAQ,EAAE,CAAC,YAAY,EAAE,cAAc,EAAE,SAAS,EAAE,aAAa,CAAC;QAClE,iBAAiB,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC1C;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,gHAAgH;QAClH,QAAQ,EAAE,CAAC,oBAAoB,EAAE,iBAAiB,EAAE,YAAY,CAAC;QACjE,iBAAiB,EAAE,CAAC,eAAe,EAAE,SAAS,CAAC;KAChD;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,mBAAmB;QAC1B,WAAW,EACT,gHAAgH;QAClH,QAAQ,EAAE,CAAC,mBAAmB,EAAE,WAAW,EAAE,WAAW,CAAC;QACzD,iBAAiB,EAAE,CAAC,eAAe,EAAE,eAAe,CAAC;KACtD;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,UAAU;QACjB,WAAW,EACT,oGAAoG;QACtG,QAAQ,EAAE,CAAC,UAAU,EAAE,cAAc,EAAE,eAAe,CAAC;QACvD,iBAAiB,EAAE,CAAC,eAAe,EAAE,WAAW,CAAC;KAClD;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,4FAA4F;QAC9F,QAAQ,EAAE,CAAC,WAAW,EAAE,oBAAoB,EAAE,UAAU,CAAC;QACzD,iBAAiB,EAAE,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACvD;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,+BAA+B;QACtC,WAAW,EACT,8IAA8I;QAChJ,QAAQ,EAAE,CAAC,WAAW,EAAE,iBAAiB,EAAE,UAAU,EAAE,YAAY,CAAC;QACpE,iBAAiB,EAAE,CAAC,UAAU,EAAE,YAAY,EAAE,gBAAgB,CAAC;QAC/D,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;KAC1C;IAED,wDAAwD;IACxD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,qBAAqB;QAC/B,KAAK,EAAE,iBAAiB;QACxB,WAAW,EACT,2HAA2H;QAC7H,QAAQ,EAAE,CAAC,cAAc,EAAE,cAAc,EAAE,cAAc,CAAC;QAC1D,iBAAiB,EAAE,CAAC,SAAS,EAAE,eAAe,CAAC;KAChD;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,qBAAqB;QAC/B,KAAK,EAAE,0CAA0C;QACjD,WAAW,EACT,2FAA2F;QAC7F,QAAQ,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,uBAAuB,CAAC;QAC1D,iBAAiB,EAAE,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACvD;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,qBAAqB;QAC/B,KAAK,EAAE,2BAA2B;QAClC,WAAW,EACT,qHAAqH;QACvH,QAAQ,EAAE,CAAC,aAAa,EAAE,aAAa,EAAE,kBAAkB,CAAC;QAC5D,iBAAiB,EAAE,CAAC,eAAe,CAAC;KACrC;IAED,yDAAyD;IACzD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,wBAAwB;QAClC,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,yIAAyI;QAC3I,QAAQ,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,UAAU,CAAC;QACtD,iBAAiB,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC;KAC9C;IACD;QACE,EAAE,EAAE,WAAW;QACf,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,2BAA2B;QAClC,WAAW,EACT,2HAA2H;QAC7H,QAAQ,EAAE,CAAC,mBAAmB,EAAE,iBAAiB,EAAE,QAAQ,CAAC;QAC5D,iBAAiB,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,cAAc,CAAC;QAC1D,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,WAAW;QACf,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,4BAA4B;QACnC,WAAW,EACT,iKAAiK;QACnK,QAAQ,EAAE,CAAC,oBAAoB,EAAE,mBAAmB,EAAE,kBAAkB,CAAC;QACzE,iBAAiB,EAAE,CAAC,SAAS,EAAE,eAAe,EAAE,eAAe,CAAC;KACjE;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,wBAAwB;QAClC,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,kJAAkJ;QACpJ,QAAQ,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,aAAa,CAAC;QAClD,iBAAiB,EAAE,CAAC,aAAa,EAAE,YAAY,CAAC;KACjD;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,wBAAwB;QAClC,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,sEAAsE;QACxE,QAAQ,EAAE,CAAC,SAAS,EAAE,eAAe,EAAE,uBAAuB,CAAC;QAC/D,iBAAiB,EAAE,CAAC,SAAS,EAAE,eAAe,CAAC;KAChD;IAED,sCAAsC;IACtC;QACE,EAAE,EAAE,aAAa;QACjB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,iCAAiC;QACxC,WAAW,EACT,6DAA6D;QAC/D,QAAQ,EAAE,CAAC,kBAAkB,EAAE,YAAY,EAAE,cAAc,CAAC;QAC5D,iBAAiB,EAAE,CAAC,YAAY,EAAE,iBAAiB,CAAC;QACpD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;KAC1C;IACD;QACE,EAAE,EAAE,aAAa;QACjB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,sDAAsD;QAC7D,WAAW,EACT,iHAAiH;QACnH,QAAQ,EAAE,CAAC,iBAAiB,EAAE,WAAW,EAAE,cAAc,EAAE,YAAY,EAAE,KAAK,CAAC;QAC/E,iBAAiB,EAAE,CAAC,UAAU,EAAE,cAAc,EAAE,WAAW,CAAC;QAC5D,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;IACD;QACE,EAAE,EAAE,aAAa;QACjB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,iCAAiC;QACxC,WAAW,EACT,sIAAsI;QACxI,QAAQ,EAAE,CAAC,mBAAmB,EAAE,QAAQ,EAAE,qBAAqB,CAAC;QAChE,iBAAiB,EAAE,CAAC,cAAc,EAAE,QAAQ,EAAE,mBAAmB,CAAC;KACnE;IACD;QACE,EAAE,EAAE,aAAa;QACjB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,8CAA8C;QACrD,WAAW,EACT,sHAAsH;QACxH,QAAQ,EAAE,CAAC,SAAS,EAAE,YAAY,EAAE,kBAAkB,CAAC;QACvD,iBAAiB,EAAE,CAAC,UAAU,EAAE,SAAS,CAAC;KAC3C;IACD;QACE,EAAE,EAAE,WAAW;QACf,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,8BAA8B;QACrC,WAAW,EACT,8KAA8K;QAChL,QAAQ,EAAE,CAAC,iBAAiB,EAAE,qBAAqB,EAAE,iBAAiB,CAAC;QACvE,iBAAiB,EAAE,CAAC,UAAU,EAAE,MAAM,CAAC;QACvC,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;IAED,uCAAuC;IACvC;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,qBAAqB;QAC/B,KAAK,EAAE,qCAAqC;QAC5C,WAAW,EACT,sFAAsF;QACxF,QAAQ,EAAE,CAAC,qBAAqB,EAAE,mBAAmB,EAAE,WAAW,CAAC;QACnE,iBAAiB,EAAE,CAAC,mBAAmB,EAAE,SAAS,CAAC;KACpD;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,qBAAqB;QAC/B,KAAK,EAAE,yCAAyC;QAChD,WAAW,EACT,mIAAmI;QACrI,QAAQ,EAAE,CAAC,qBAAqB,EAAE,cAAc,EAAE,eAAe,CAAC;QAClE,iBAAiB,EAAE,CAAC,mBAAmB,CAAC;KACzC;IAED,iDAAiD;IACjD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,mCAAmC;QAC1C,WAAW,EACT,mIAAmI;QACrI,QAAQ,EAAE,CAAC,MAAM,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,SAAS,CAAC;QACrE,iBAAiB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;KACvC;IAED,uCAAuC;IACvC;QACE,EAAE,EAAE,WAAW;QACf,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,yBAAyB;QAChC,WAAW,EACT,wGAAwG;QAC1G,QAAQ,EAAE,CAAC,gBAAgB,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,CAAC;QAC7D,iBAAiB,EAAE,CAAC,gBAAgB,CAAC;QACrC,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;KAC1C;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,oGAAoG;QACtG,QAAQ,EAAE,CAAC,eAAe,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,CAAC;QACpE,iBAAiB,EAAE,CAAC,eAAe,EAAE,gBAAgB,CAAC;QACtD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;KACrD;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kBAAkB;QACzB,WAAW,EACT,+FAA+F;QACjG,QAAQ,EAAE,CAAC,kBAAkB,EAAE,WAAW,EAAE,cAAc,CAAC;QAC3D,iBAAiB,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,WAAW,CAAC;QACxD,MAAM,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;KACvC;IACD;QACE,EAAE,EAAE,cAAc;QAClB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,+GAA+G;QACjH,QAAQ,EAAE,CAAC,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,CAAC;QACzD,iBAAiB,EAAE,CAAC,SAAS,EAAE,aAAa,CAAC;QAC7C,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;IACD;QACE,EAAE,EAAE,cAAc;QAClB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,eAAe;QACtB,WAAW,EACT,kGAAkG;QACpG,QAAQ,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,CAAC;QACrD,iBAAiB,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;QACvC,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,2EAA2E;QAC7E,QAAQ,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,oBAAoB,EAAE,YAAY,CAAC;QAC9D,iBAAiB,EAAE,CAAC,oBAAoB,EAAE,YAAY,CAAC;QACvD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,eAAe;IAC7B,OAAO,aAAa,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,QAAgB;IACxD,OAAO,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAe;IACtD,OAAO,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,OAAO,EAAE,CAAC,CAAC,CAAC;AACzE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,eAAe,CAAC;AACzB,CAAC"}

package/dist/compliance/hipaa.d.ts

@@ -0,0 +1,29 @@
+/**
+ * HIPAA Security Rule Controls
+ *
+ * Health Insurance Portability and Accountability Act
+ *
+ * @module compliance/hipaa
+ */
+import type { ComplianceControl } from "./types.js";
+/**
+ * HIPAA safeguard categories
+ */
+export declare const HIPAA_CATEGORIES: readonly ["Administrative Safeguards", "Physical Safeguards", "Technical Safeguards"];
+/**
+ * HIPAA Security Rule controls relevant to code security
+ */
+export declare const HIPAA_CONTROLS: ComplianceControl[];
+/**
+ * Get all HIPAA controls
+ */
+export declare function getHIPAAControls(): ComplianceControl[];
+/**
+ * Get HIPAA controls by category
+ */
+export declare function getHIPAAControlsByCategory(category: string): ComplianceControl[];
+/**
+ * Get HIPAA categories
+ */
+export declare function getHIPAACategories(): readonly string[];
+//# sourceMappingURL=hipaa.d.ts.map

package/dist/compliance/hipaa.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hipaa.d.ts","sourceRoot":"","sources":["../../src/compliance/hipaa.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD;;GAEG;AACH,eAAO,MAAM,gBAAgB,uFAInB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,iBAAiB,EAwL7C,CAAC;AAEF;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,iBAAiB,EAAE,CAEtD;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,MAAM,GACf,iBAAiB,EAAE,CAErB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,SAAS,MAAM,EAAE,CAEtD"}

package/dist/compliance/hipaa.js

@@ -0,0 +1,205 @@
+/**
+ * HIPAA Security Rule Controls
+ *
+ * Health Insurance Portability and Accountability Act
+ *
+ * @module compliance/hipaa
+ */
+/**
+ * HIPAA safeguard categories
+ */
+export const HIPAA_CATEGORIES = [
+    "Administrative Safeguards",
+    "Physical Safeguards",
+    "Technical Safeguards",
+];
+/**
+ * HIPAA Security Rule controls relevant to code security
+ */
+export const HIPAA_CONTROLS = [
+    // Administrative Safeguards (§164.308)
+    {
+        id: "164.308(a)(1)",
+        framework: "HIPAA",
+        category: "Administrative Safeguards",
+        title: "Security Management Process",
+        description: "Implement policies and procedures to prevent, detect, contain, and correct security violations.",
+        keywords: ["security-management", "policy", "procedures"],
+        findingCategories: ["security", "policy"],
+    },
+    {
+        id: "164.308(a)(3)",
+        framework: "HIPAA",
+        category: "Administrative Safeguards",
+        title: "Workforce Security",
+        description: "Implement policies and procedures to ensure appropriate access to ePHI.",
+        keywords: ["workforce", "access", "authorization"],
+        findingCategories: ["authorization", "access-control"],
+        cweIds: ["CWE-284"],
+    },
+    {
+        id: "164.308(a)(4)",
+        framework: "HIPAA",
+        category: "Administrative Safeguards",
+        title: "Information Access Management",
+        description: "Implement policies and procedures for authorizing access to ePHI.",
+        keywords: ["access-management", "authorization", "PHI"],
+        findingCategories: ["authorization", "data-exposure"],
+        cweIds: ["CWE-284", "CWE-285"],
+    },
+    {
+        id: "164.308(a)(5)",
+        framework: "HIPAA",
+        category: "Administrative Safeguards",
+        title: "Security Awareness and Training",
+        description: "Implement a security awareness and training program for workforce members.",
+        keywords: ["training", "awareness", "security"],
+        findingCategories: ["security"],
+    },
+    {
+        id: "164.308(a)(6)",
+        framework: "HIPAA",
+        category: "Administrative Safeguards",
+        title: "Security Incident Procedures",
+        description: "Implement policies and procedures to address security incidents.",
+        keywords: ["incident", "response", "security"],
+        findingCategories: ["security", "logging"],
+    },
+    // Technical Safeguards (§164.312)
+    {
+        id: "164.312(a)(1)",
+        framework: "HIPAA",
+        category: "Technical Safeguards",
+        title: "Access Control",
+        description: "Implement technical policies and procedures for electronic information systems that maintain ePHI.",
+        keywords: ["access-control", "authentication", "authorization"],
+        findingCategories: ["authentication", "authorization"],
+        cweIds: ["CWE-284", "CWE-287"],
+    },
+    {
+        id: "164.312(a)(2)(i)",
+        framework: "HIPAA",
+        category: "Technical Safeguards",
+        title: "Unique User Identification",
+        description: "Assign a unique name and/or number for identifying and tracking user identity.",
+        keywords: ["user-id", "identity", "tracking"],
+        findingCategories: ["authentication", "identity"],
+        cweIds: ["CWE-287"],
+    },
+    {
+        id: "164.312(a)(2)(ii)",
+        framework: "HIPAA",
+        category: "Technical Safeguards",
+        title: "Emergency Access Procedure",
+        description: "Establish procedures for obtaining necessary ePHI during an emergency.",
+        keywords: ["emergency", "access", "procedure"],
+        findingCategories: ["availability", "access-control"],
+    },
+    {
+        id: "164.312(a)(2)(iii)",
+        framework: "HIPAA",
+        category: "Technical Safeguards",
+        title: "Automatic Logoff",
+        description: "Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.",
+        keywords: ["session", "timeout", "logoff"],
+        findingCategories: ["authentication", "session-management"],
+        cweIds: ["CWE-613"],
+    },
+    {
+        id: "164.312(a)(2)(iv)",
+        framework: "HIPAA",
+        category: "Technical Safeguards",
+        title: "Encryption and Decryption",
+        description: "Implement a mechanism to encrypt and decrypt ePHI.",
+        keywords: ["encryption", "decryption", "cryptography"],
+        findingCategories: ["encryption", "data-protection"],
+        cweIds: ["CWE-311", "CWE-312"],
+    },
+    {
+        id: "164.312(b)",
+        framework: "HIPAA",
+        category: "Technical Safeguards",
+        title: "Audit Controls",
+        description: "Implement hardware, software, and/or procedural mechanisms to record and examine activity.",
+        keywords: ["audit", "logging", "monitoring"],
+        findingCategories: ["logging", "audit"],
+        cweIds: ["CWE-778"],
+    },
+    {
+        id: "164.312(c)(1)",
+        framework: "HIPAA",
+        category: "Technical Safeguards",
+        title: "Integrity",
+        description: "Implement policies and procedures to protect ePHI from improper alteration or destruction.",
+        keywords: ["integrity", "data-protection", "tampering"],
+        findingCategories: ["integrity", "data-protection"],
+        cweIds: ["CWE-354"],
+    },
+    {
+        id: "164.312(c)(2)",
+        framework: "HIPAA",
+        category: "Technical Safeguards",
+        title: "Mechanism to Authenticate ePHI",
+        description: "Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed.",
+        keywords: ["authentication", "integrity", "verification"],
+        findingCategories: ["integrity", "authentication"],
+    },
+    {
+        id: "164.312(d)",
+        framework: "HIPAA",
+        category: "Technical Safeguards",
+        title: "Person or Entity Authentication",
+        description: "Implement procedures to verify a person or entity seeking access is the one claimed.",
+        keywords: ["authentication", "verification", "identity"],
+        findingCategories: ["authentication"],
+        cweIds: ["CWE-287", "CWE-306"],
+    },
+    {
+        id: "164.312(e)(1)",
+        framework: "HIPAA",
+        category: "Technical Safeguards",
+        title: "Transmission Security",
+        description: "Implement technical security measures to guard against unauthorized access to ePHI transmitted over networks.",
+        keywords: ["transmission", "network", "encryption", "TLS"],
+        findingCategories: ["transport-security", "encryption"],
+        cweIds: ["CWE-319"],
+    },
+    {
+        id: "164.312(e)(2)(i)",
+        framework: "HIPAA",
+        category: "Technical Safeguards",
+        title: "Integrity Controls for Transmission",
+        description: "Implement security measures to ensure electronically transmitted ePHI is not improperly modified.",
+        keywords: ["transmission", "integrity", "modification"],
+        findingCategories: ["transport-security", "integrity"],
+    },
+    {
+        id: "164.312(e)(2)(ii)",
+        framework: "HIPAA",
+        category: "Technical Safeguards",
+        title: "Encryption for Transmission",
+        description: "Implement a mechanism to encrypt ePHI whenever deemed appropriate.",
+        keywords: ["encryption", "transmission", "TLS", "HTTPS"],
+        findingCategories: ["encryption", "transport-security"],
+        cweIds: ["CWE-319", "CWE-523"],
+    },
+];
+/**
+ * Get all HIPAA controls
+ */
+export function getHIPAAControls() {
+    return HIPAA_CONTROLS;
+}
+/**
+ * Get HIPAA controls by category
+ */
+export function getHIPAAControlsByCategory(category) {
+    return HIPAA_CONTROLS.filter((c) => c.category === category);
+}
+/**
+ * Get HIPAA categories
+ */
+export function getHIPAACategories() {
+    return HIPAA_CATEGORIES;
+}
+//# sourceMappingURL=hipaa.js.map

package/dist/compliance/hipaa.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hipaa.js","sourceRoot":"","sources":["../../src/compliance/hipaa.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,2BAA2B;IAC3B,qBAAqB;IACrB,sBAAsB;CACd,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAwB;IACjD,uCAAuC;IACvC;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,iGAAiG;QACnG,QAAQ,EAAE,CAAC,qBAAqB,EAAE,QAAQ,EAAE,YAAY,CAAC;QACzD,iBAAiB,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC;KAC1C;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,yEAAyE;QAC3E,QAAQ,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,eAAe,CAAC;QAClD,iBAAiB,EAAE,CAAC,eAAe,EAAE,gBAAgB,CAAC;QACtD,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,+BAA+B;QACtC,WAAW,EACT,mEAAmE;QACrE,QAAQ,EAAE,CAAC,mBAAmB,EAAE,eAAe,EAAE,KAAK,CAAC;QACvD,iBAAiB,EAAE,CAAC,eAAe,EAAE,eAAe,CAAC;QACrD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,iCAAiC;QACxC,WAAW,EACT,4EAA4E;QAC9E,QAAQ,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,UAAU,CAAC;QAC/C,iBAAiB,EAAE,CAAC,UAAU,CAAC;KAChC;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,8BAA8B;QACrC,WAAW,EACT,kEAAkE;QACpE,QAAQ,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC;QAC9C,iBAAiB,EAAE,CAAC,UAAU,EAAE,SAAS,CAAC;KAC3C;IAED,kCAAkC;IAClC;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,gBAAgB;QACvB,WAAW,EACT,oGAAoG;QACtG,QAAQ,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,eAAe,CAAC;QAC/D,iBAAiB,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;QACtD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,4BAA4B;QACnC,WAAW,EAAE,gFAAgF;QAC7F,QAAQ,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,CAAC;QAC7C,iBAAiB,EAAE,CAAC,gBAAgB,EAAE,UAAU,CAAC;QACjD,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,4BAA4B;QACnC,WAAW,EACT,wEAAwE;QAC1E,QAAQ,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,WAAW,CAAC;QAC9C,iBAAiB,EAAE,CAAC,cAAc,EAAE,gBAAgB,CAAC;KACtD;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,kBAAkB;QACzB,WAAW,EACT,gHAAgH;QAClH,QAAQ,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC;QAC1C,iBAAiB,EAAE,CAAC,gBAAgB,EAAE,oBAAoB,CAAC;QAC3D,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,2BAA2B;QAClC,WAAW,EACT,oDAAoD;QACtD,QAAQ,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,cAAc,CAAC;QACtD,iBAAiB,EAAE,CAAC,YAAY,EAAE,iBAAiB,CAAC;QACpD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,gBAAgB;QACvB,WAAW,EACT,4FAA4F;QAC9F,QAAQ,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,YAAY,CAAC;QAC5C,iBAAiB,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;QACvC,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,WAAW;QAClB,WAAW,EACT,4FAA4F;QAC9F,QAAQ,EAAE,CAAC,WAAW,EAAE,iBAAiB,EAAE,WAAW,CAAC;QACvD,iBAAiB,EAAE,CAAC,WAAW,EAAE,iBAAiB,CAAC;QACnD,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,6FAA6F;QAC/F,QAAQ,EAAE,CAAC,gBAAgB,EAAE,WAAW,EAAE,cAAc,CAAC;QACzD,iBAAiB,EAAE,CAAC,WAAW,EAAE,gBAAgB,CAAC;KACnD;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,iCAAiC;QACxC,WAAW,EACT,sFAAsF;QACxF,QAAQ,EAAE,CAAC,gBAAgB,EAAE,cAAc,EAAE,UAAU,CAAC;QACxD,iBAAiB,EAAE,CAAC,gBAAgB,CAAC;QACrC,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EACT,+GAA+G;QACjH,QAAQ,EAAE,CAAC,cAAc,EAAE,SAAS,EAAE,YAAY,EAAE,KAAK,CAAC;QAC1D,iBAAiB,EAAE,CAAC,oBAAoB,EAAE,YAAY,CAAC;QACvD,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,qCAAqC;QAC5C,WAAW,EACT,mGAAmG;QACrG,QAAQ,EAAE,CAAC,cAAc,EAAE,WAAW,EAAE,cAAc,CAAC;QACvD,iBAAiB,EAAE,CAAC,oBAAoB,EAAE,WAAW,CAAC;KACvD;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,oEAAoE;QACtE,QAAQ,EAAE,CAAC,YAAY,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC;QACxD,iBAAiB,EAAE,CAAC,YAAY,EAAE,oBAAoB,CAAC;QACvD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,QAAgB;IAEhB,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,gBAAgB,CAAC;AAC1B,CAAC"}

package/dist/compliance/index.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Compliance Module
+ *
+ * Exports compliance framework mapping and reporting functionality.
+ *
+ * @module compliance
+ */
+export type { ComplianceFramework, ComplianceControl, ControlWithFindings, ComplianceStatus, ComplianceReport, ComplianceRecommendation, CategoryMapping, MultiFrameworkReport, } from "./types.js";
+export { SOC2_CONTROLS, getSOC2Controls, getSOC2ControlsByCategory, getSOC2ControlById, getSOC2Categories, } from "./soc2.js";
+export { ISO27001_CONTROLS, getISO27001Controls, getISO27001ControlsByCategory, getISO27001ControlById, getISO27001Categories, } from "./iso27001.js";
+export { PCI_DSS_CONTROLS, getPCIDSSControls, getPCIDSSControlsByCategory, getPCIDSSCategories, } from "./pci-dss.js";
+export { HIPAA_CONTROLS, getHIPAAControls, getHIPAAControlsByCategory, getHIPAACategories, } from "./hipaa.js";
+export { CIS_CONTROLS, getCISControls, getCISControlsByCategory, getCISCategories, } from "./cis.js";
+export { GDPR_CONTROLS, getGDPRControls, getGDPRControlsByCategory, getGDPRControlsByArticle, getGDPRCategories, } from "./gdpr.js";
+export * from "./frameworks/index.js";
+export { getControlsForFramework, findingMatchesControl, meetsSeverityThreshold, mapFindingsToControls, calculateComplianceStatus, generateRecommendations, generateComplianceReport, generateMultiFrameworkReport, } from "./mapper.js";
+export { formatComplianceReportAsMarkdown, formatMultiFrameworkReportAsMarkdown, formatComplianceReportAsJson, generateCompactComplianceSummary, } from "./report.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/compliance/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/compliance/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,YAAY,EACV,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,wBAAwB,EACxB,eAAe,EACf,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,6BAA6B,EAC7B,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,2BAA2B,EAC3B,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,YAAY,EACZ,cAAc,EACd,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,wBAAwB,EACxB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAGnB,cAAc,uBAAuB,CAAC;AAGtC,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,qBAAqB,EACrB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,4BAA4B,GAC7B,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,gCAAgC,EAChC,oCAAoC,EACpC,4BAA4B,EAC5B,gCAAgC,GACjC,MAAM,aAAa,CAAC"}

package/dist/compliance/index.js

@@ -0,0 +1,26 @@
+/**
+ * Compliance Module
+ *
+ * Exports compliance framework mapping and reporting functionality.
+ *
+ * @module compliance
+ */
+// SOC 2
+export { SOC2_CONTROLS, getSOC2Controls, getSOC2ControlsByCategory, getSOC2ControlById, getSOC2Categories, } from "./soc2.js";
+// ISO 27001
+export { ISO27001_CONTROLS, getISO27001Controls, getISO27001ControlsByCategory, getISO27001ControlById, getISO27001Categories, } from "./iso27001.js";
+// PCI-DSS
+export { PCI_DSS_CONTROLS, getPCIDSSControls, getPCIDSSControlsByCategory, getPCIDSSCategories, } from "./pci-dss.js";
+// HIPAA
+export { HIPAA_CONTROLS, getHIPAAControls, getHIPAAControlsByCategory, getHIPAACategories, } from "./hipaa.js";
+// CIS Controls
+export { CIS_CONTROLS, getCISControls, getCISControlsByCategory, getCISCategories, } from "./cis.js";
+// GDPR
+export { GDPR_CONTROLS, getGDPRControls, getGDPRControlsByCategory, getGDPRControlsByArticle, getGDPRCategories, } from "./gdpr.js";
+// M6: AI Compliance Frameworks
+export * from "./frameworks/index.js";
+// Mapper
+export { getControlsForFramework, findingMatchesControl, meetsSeverityThreshold, mapFindingsToControls, calculateComplianceStatus, generateRecommendations, generateComplianceReport, generateMultiFrameworkReport, } from "./mapper.js";
+// Report
+export { formatComplianceReportAsMarkdown, formatMultiFrameworkReportAsMarkdown, formatComplianceReportAsJson, generateCompactComplianceSummary, } from "./report.js";
+//# sourceMappingURL=index.js.map

package/dist/compliance/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/compliance/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAcH,QAAQ;AACR,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAEnB,YAAY;AACZ,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,6BAA6B,EAC7B,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAEvB,UAAU;AACV,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,2BAA2B,EAC3B,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,QAAQ;AACR,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB,eAAe;AACf,OAAO,EACL,YAAY,EACZ,cAAc,EACd,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAElB,OAAO;AACP,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,wBAAwB,EACxB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAEnB,+BAA+B;AAC/B,cAAc,uBAAuB,CAAC;AAEtC,SAAS;AACT,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,qBAAqB,EACrB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,4BAA4B,GAC7B,MAAM,aAAa,CAAC;AAErB,SAAS;AACT,OAAO,EACL,gCAAgC,EAChC,oCAAoC,EACpC,4BAA4B,EAC5B,gCAAgC,GACjC,MAAM,aAAa,CAAC"}