PyPI - icdev - Versions diffs - 1.0.0__py3-none-any.whl - Mend

icdev 1.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1105) hide show

icdev/__init__.py +18 -0
icdev/_paths.py +85 -0
icdev/_version.py +3 -0
icdev/data/__init__.py +1 -0
icdev/data/args/__init__.py +1 -0
icdev/data/args/agent_authority.yaml +61 -0
icdev/data/args/agent_config.yaml +355 -0
icdev/data/args/agentic_fitness.yaml +31 -0
icdev/data/args/ai_governance_config.yaml +137 -0
icdev/data/args/atlas_critique_config.yaml +66 -0
icdev/data/args/bedrock_models.yaml +63 -0
icdev/data/args/cicd_config.yaml +82 -0
icdev/data/args/classification_config.yaml +232 -0
icdev/data/args/cli_config.yaml +154 -0
icdev/data/args/cloud_config.yaml +63 -0
icdev/data/args/code_pattern_config.yaml +151 -0
icdev/data/args/code_quality_config.yaml +47 -0
icdev/data/args/companion_registry.yaml +202 -0
icdev/data/args/context_config.yaml +82 -0
icdev/data/args/csp_monitor_config.yaml +268 -0
icdev/data/args/cui_markings.yaml +35 -0
icdev/data/args/db_config.yaml +40 -0
icdev/data/args/deployment_profiles.yaml +248 -0
icdev/data/args/dev_profile_config.yaml +144 -0
icdev/data/args/devsecops_config.yaml +286 -0
icdev/data/args/endpoint_security_config.yaml +137 -0
icdev/data/args/extension_config.yaml +79 -0
icdev/data/args/file_access_tiers.yaml +88 -0
icdev/data/args/framework_registry.yaml +415 -0
icdev/data/args/innovation_config.yaml +431 -0
icdev/data/args/installation_manifest.yaml +1087 -0
icdev/data/args/llm_config.yaml +495 -0
icdev/data/args/maintenance_config.yaml +55 -0
icdev/data/args/memory_config.yaml +83 -0
icdev/data/args/monitoring_config.yaml +127 -0
icdev/data/args/mosa_config.yaml +190 -0
icdev/data/args/nlq_config.yaml +35 -0
icdev/data/args/observability_config.yaml +39 -0
icdev/data/args/observability_tracing_config.yaml +170 -0
icdev/data/args/oscal_tools_config.yaml +43 -0
icdev/data/args/owasp_agentic_config.yaml +171 -0
icdev/data/args/phase_registry.yaml +618 -0
icdev/data/args/project_defaults.yaml +235 -0
icdev/data/args/prompt_chains.yaml +163 -0
icdev/data/args/resilience_config.yaml +50 -0
icdev/data/args/ricoas_config.yaml +191 -0
icdev/data/args/role_personas.yaml +362 -0
icdev/data/args/scaling_config.yaml +176 -0
icdev/data/args/security_gates.yaml +685 -0
icdev/data/args/skill_injection_config.yaml +322 -0
icdev/data/args/spec_config.yaml +53 -0
icdev/data/args/supply_chain_config.yaml +76 -0
icdev/data/args/translation_config.yaml +228 -0
icdev/data/args/workflow_templates/ato_acceleration.yaml +54 -0
icdev/data/args/workflow_templates/build_deploy.yaml +63 -0
icdev/data/args/workflow_templates/full_compliance.yaml +43 -0
icdev/data/args/workflow_templates/security_hardening.yaml +55 -0
icdev/data/args/worktree_config.yaml +34 -0
icdev/data/args/zta_config.yaml +247 -0
icdev/data/context/__init__.py +1 -0
icdev/data/context/agent/__init__.py +1 -0
icdev/data/context/agent/response_schemas/__init__.py +1 -0
icdev/data/context/agent/response_schemas/debate_position.json +46 -0
icdev/data/context/agent/response_schemas/fitness_scorecard.json +74 -0
icdev/data/context/agent/response_schemas/review_decision.json +39 -0
icdev/data/context/agent/response_schemas/task_decomposition.json +82 -0
icdev/data/context/agent/response_schemas/veto_decision.json +40 -0
icdev/data/context/agentic/__init__.py +1 -0
icdev/data/context/agentic/architecture_patterns.md +269 -0
icdev/data/context/agentic/capability_registry.yaml +202 -0
icdev/data/context/agentic/csp_mcp_registry.yaml +280 -0
icdev/data/context/agentic/fitness_rubric.md +56 -0
icdev/data/context/agentic/governance_baseline.md +205 -0
icdev/data/context/ci/__init__.py +1 -0
icdev/data/context/ci/worktree_templates.json +44 -0
icdev/data/context/cloud/__init__.py +1 -0
icdev/data/context/cloud/csp_service_registry.json +739 -0
icdev/data/context/compliance/__init__.py +1 -0
icdev/data/context/compliance/atlas_mitigations.json +293 -0
icdev/data/context/compliance/atlas_techniques.json +833 -0
icdev/data/context/compliance/cisa_sbd_requirements.json +432 -0
icdev/data/context/compliance/cjis_security_policy.json +522 -0
icdev/data/context/compliance/cmmc_practices.json +2494 -0
icdev/data/context/compliance/cmmc_report_template.md +142 -0
icdev/data/context/compliance/cnssi_1253_overlay.json +109 -0
icdev/data/context/compliance/control_crosswalk.json +1914 -0
icdev/data/context/compliance/control_families/__init__.py +1 -0
icdev/data/context/compliance/csp_certifications.json +251 -0
icdev/data/context/compliance/cssp_report_template.md +193 -0
icdev/data/context/compliance/cui_templates/__init__.py +1 -0
icdev/data/context/compliance/cui_templates/banner_block.txt +4 -0
icdev/data/context/compliance/cui_templates/code_header.txt +8 -0
icdev/data/context/compliance/cui_templates/document_template.md +35 -0
icdev/data/context/compliance/data_type_framework_map.json +321 -0
icdev/data/context/compliance/data_type_registry.json +147 -0
icdev/data/context/compliance/dod_cssp_8530.json +463 -0
icdev/data/context/compliance/eu_ai_act_annex_iii.json +108 -0
icdev/data/context/compliance/export_templates/__init__.py +1 -0
icdev/data/context/compliance/export_templates/emass_controls.csv.j2 +4 -0
icdev/data/context/compliance/export_templates/evidence_package.md.j2 +39 -0
icdev/data/context/compliance/export_templates/executive_summary.md.j2 +55 -0
icdev/data/context/compliance/export_templates/poam_tracking.csv.j2 +4 -0
icdev/data/context/compliance/fedramp_20x_ksi_schemas.json +133 -0
icdev/data/context/compliance/fedramp_high_baseline.json +4370 -0
icdev/data/context/compliance/fedramp_moderate_baseline.json +2183 -0
icdev/data/context/compliance/fedramp_report_template.md +181 -0
icdev/data/context/compliance/fips_200_areas.json +362 -0
icdev/data/context/compliance/gao_ai_accountability.json +262 -0
icdev/data/context/compliance/hipaa_security_rule.json +720 -0
icdev/data/context/compliance/hitrust_csf_v11.json +930 -0
icdev/data/context/compliance/impact_level_profiles.json +251 -0
icdev/data/context/compliance/incident_response_template.md +1110 -0
icdev/data/context/compliance/iso27001_2022_controls.json +750 -0
icdev/data/context/compliance/iso27001_nist_bridge.json +382 -0
icdev/data/context/compliance/iso42001_controls.json +254 -0
icdev/data/context/compliance/ivv_checklist_template.md +80 -0
icdev/data/context/compliance/ivv_report_template.md +116 -0
icdev/data/context/compliance/ivv_requirements.json +372 -0
icdev/data/context/compliance/mosa_crosswalk.json +327 -0
icdev/data/context/compliance/mosa_framework.json +250 -0
icdev/data/context/compliance/narrative_templates/AC.md.j2 +101 -0
icdev/data/context/compliance/narrative_templates/AU.md.j2 +106 -0
icdev/data/context/compliance/narrative_templates/IA.md.j2 +104 -0
icdev/data/context/compliance/narrative_templates/SC.md.j2 +102 -0
icdev/data/context/compliance/narrative_templates/SI.md.j2 +111 -0
icdev/data/context/compliance/narrative_templates/__init__.py +1 -0
icdev/data/context/compliance/narrative_templates/default.md.j2 +50 -0
icdev/data/context/compliance/narrative_templates/executive_summary.j2 +27 -0
icdev/data/context/compliance/narrative_templates/poam_milestone.j2 +19 -0
icdev/data/context/compliance/narrative_templates/ssp_section.j2 +11 -0
icdev/data/context/compliance/nist_800_171_controls.json +1552 -0
icdev/data/context/compliance/nist_800_207_crosswalk.json +399 -0
icdev/data/context/compliance/nist_800_207_zta.json +258 -0
icdev/data/context/compliance/nist_800_53.json +324 -0
icdev/data/context/compliance/nist_ai_600_1_genai.json +326 -0
icdev/data/context/compliance/nist_ai_rmf.json +206 -0
icdev/data/context/compliance/nist_sp_800_60_types.json +1667 -0
icdev/data/context/compliance/omb_m25_21_high_impact_ai.json +248 -0
icdev/data/context/compliance/omb_m26_04_unbiased_ai.json +262 -0
icdev/data/context/compliance/owasp_agentic_asi.json +133 -0
icdev/data/context/compliance/owasp_agentic_threats.json +285 -0
icdev/data/context/compliance/owasp_llm_top10.json +274 -0
icdev/data/context/compliance/pci_dss_v4.json +510 -0
icdev/data/context/compliance/poam_template.md +117 -0
icdev/data/context/compliance/safeai_controls.json +512 -0
icdev/data/context/compliance/sbd_report_template.md +77 -0
icdev/data/context/compliance/siem_config_templates/__init__.py +1 -0
icdev/data/context/compliance/siem_config_templates/filebeat.yml +213 -0
icdev/data/context/compliance/siem_config_templates/log_sources.json +208 -0
icdev/data/context/compliance/soc2_trust_criteria.json +661 -0
icdev/data/context/compliance/ssp_template.md +432 -0
icdev/data/context/compliance/stig_templates/__init__.py +1 -0
icdev/data/context/compliance/stig_templates/webapp_stig.json +139 -0
icdev/data/context/compliance/xai_requirements.json +108 -0
icdev/data/context/dashboard/__init__.py +1 -0
icdev/data/context/dashboard/nlq_examples.json +50 -0
icdev/data/context/dashboard/schema_descriptions.json +23 -0
icdev/data/context/integration/__init__.py +1 -0
icdev/data/context/integration/approval_workflows.json +32 -0
icdev/data/context/integration/gitlab_field_mappings.json +33 -0
icdev/data/context/integration/jira_field_mappings.json +32 -0
icdev/data/context/integration/reqif_export_schema.json +23 -0
icdev/data/context/integration/servicenow_field_mappings.json +22 -0
icdev/data/context/languages/__init__.py +1 -0
icdev/data/context/languages/framework_patterns.json +205 -0
icdev/data/context/languages/language_registry.json +279 -0
icdev/data/context/llm/__init__.py +1 -0
icdev/data/context/llm/example_provider.py +86 -0
icdev/data/context/mbse/__init__.py +1 -0
icdev/data/context/mbse/des_report_template.md +162 -0
icdev/data/context/mbse/des_requirements.json +411 -0
icdev/data/context/mbse/digital_thread_patterns.json +403 -0
icdev/data/context/mbse/reqif_schema.json +280 -0
icdev/data/context/mbse/sysml_element_types.json +432 -0
icdev/data/context/modernization/__init__.py +1 -0
icdev/data/context/modernization/db_type_mappings.json +148 -0
icdev/data/context/modernization/decomposition_patterns.json +284 -0
icdev/data/context/modernization/framework_migration_patterns.json +359 -0
icdev/data/context/modernization/migration_report_template.md +168 -0
icdev/data/context/modernization/seven_rs_catalog.json +369 -0
icdev/data/context/modernization/version_upgrade_rules.json +279 -0
icdev/data/context/oscal/NIST_SP-800-53_rev5_catalog.json +254987 -0
icdev/data/context/oscal/README.md +43 -0
icdev/data/context/patterns/__init__.py +1 -0
icdev/data/context/profiles/__init__.py +1 -0
icdev/data/context/profiles/dod_baseline_v1.yaml +145 -0
icdev/data/context/profiles/fedramp_baseline_v1.yaml +143 -0
icdev/data/context/profiles/financial_baseline_v1.yaml +142 -0
icdev/data/context/profiles/healthcare_baseline_v1.yaml +135 -0
icdev/data/context/profiles/law_enforcement_v1.yaml +129 -0
icdev/data/context/profiles/startup_v1.yaml +134 -0
icdev/data/context/requirements/__init__.py +1 -0
icdev/data/context/requirements/ambiguity_patterns.json +97 -0
icdev/data/context/requirements/boundary_impact_rules.json +123 -0
icdev/data/context/requirements/default_constitutions.json +67 -0
icdev/data/context/requirements/document_extraction_rules.json +58 -0
icdev/data/context/requirements/gap_patterns.json +108 -0
icdev/data/context/requirements/readiness_rubric.json +78 -0
icdev/data/context/requirements/red_alternative_patterns.json +210 -0
icdev/data/context/requirements/safe_templates.json +72 -0
icdev/data/context/requirements/spec_quality_checklist.json +122 -0
icdev/data/context/simulation/__init__.py +1 -0
icdev/data/context/simulation/architecture_patterns.json +36 -0
icdev/data/context/simulation/coa_templates.json +38 -0
icdev/data/context/simulation/cost_models.json +23 -0
icdev/data/context/simulation/risk_categories.json +46 -0
icdev/data/context/supply_chain/__init__.py +1 -0
icdev/data/context/supply_chain/isa_templates.json +129 -0
icdev/data/context/supply_chain/nist_800_161_controls.json +247 -0
icdev/data/context/supply_chain/scrm_risk_matrix.json +147 -0
icdev/data/context/templates/__init__.py +1 -0
icdev/data/context/templates/ansible/__init__.py +1 -0
icdev/data/context/templates/ansible/playbooks/__init__.py +1 -0
icdev/data/context/templates/ansible/roles/__init__.py +1 -0
icdev/data/context/templates/gitlab_ci/__init__.py +1 -0
icdev/data/context/templates/grafana/__init__.py +1 -0
icdev/data/context/templates/kubernetes/__init__.py +1 -0
icdev/data/context/templates/project/__init__.py +1 -0
icdev/data/context/templates/project/api/__init__.py +1 -0
icdev/data/context/templates/project/cli/__init__.py +1 -0
icdev/data/context/templates/project/data_pipeline/__init__.py +1 -0
icdev/data/context/templates/project/iac/__init__.py +1 -0
icdev/data/context/templates/project/javascript_frontend/__init__.py +1 -0
icdev/data/context/templates/project/javascript_frontend/src/__init__.py +1 -0
icdev/data/context/templates/project/javascript_frontend/tests/__init__.py +1 -0
icdev/data/context/templates/project/microservice/__init__.py +1 -0
icdev/data/context/templates/project/python_backend/__init__.py +1 -0
icdev/data/context/templates/project/python_backend/src/__init__.py +1 -0
icdev/data/context/templates/project/python_backend/tests/__init__.py +1 -0
icdev/data/context/templates/project/python_backend/tests/features/__init__.py +1 -0
icdev/data/context/templates/project/python_backend/tests/steps/__init__.py +1 -0
icdev/data/context/templates/terraform/__init__.py +1 -0
icdev/data/context/templates/terraform/govcloud_base/__init__.py +1 -0
icdev/data/context/templates/terraform/modules/__init__.py +1 -0
icdev/data/context/tone/__init__.py +1 -0
icdev/data/context/translation/dependency_mappings.json +186 -0
icdev/data/context/translation/type_mappings.json +149 -0
icdev/data/docs/README.md +187 -0
icdev/data/docs/__init__.py +1 -0
icdev/data/docs/admin/gateway-guide.md +338 -0
icdev/data/docs/admin/marketplace-guide.md +396 -0
icdev/data/docs/admin/monitoring-guide.md +509 -0
icdev/data/docs/architecture/compliance-framework.md +764 -0
icdev/data/docs/architecture/database-schema.md +689 -0
icdev/data/docs/architecture/gotcha-framework.md +518 -0
icdev/data/docs/architecture/multi-agent-system.md +603 -0
icdev/data/docs/dx/README.md +106 -0
icdev/data/docs/dx/__init__.py +1 -0
icdev/data/docs/dx/ci-cd-integration.md +378 -0
icdev/data/docs/dx/claude-code-guide.md +213 -0
icdev/data/docs/dx/companion-guide.md +232 -0
icdev/data/docs/dx/dev-profiles.md +309 -0
icdev/data/docs/dx/icdev-yaml-spec.md +219 -0
icdev/data/docs/dx/integration-tiers.md +279 -0
icdev/data/docs/dx/llm-routing-guide.md +456 -0
icdev/data/docs/dx/quickstart.md +192 -0
icdev/data/docs/dx/sdk-reference.md +356 -0
icdev/data/docs/dx/unified-mcp-setup.md +525 -0
icdev/data/docs/features/__init__.py +1 -0
icdev/data/docs/features/phase-01-gotcha-framework.md +249 -0
icdev/data/docs/features/phase-02-atlas-build-workflow.md +223 -0
icdev/data/docs/features/phase-03-tdd-bdd-testing.md +261 -0
icdev/data/docs/features/phase-04-nist-compliance.md +255 -0
icdev/data/docs/features/phase-05-security-scanning.md +229 -0
icdev/data/docs/features/phase-06-infrastructure-deployment.md +288 -0
icdev/data/docs/features/phase-07-code-review-gates.md +276 -0
icdev/data/docs/features/phase-08-self-healing.md +223 -0
icdev/data/docs/features/phase-09-monitoring-observability.md +230 -0
icdev/data/docs/features/phase-10-dashboard-web-ui.md +218 -0
icdev/data/docs/features/phase-11-multi-agent-architecture.md +272 -0
icdev/data/docs/features/phase-12-integration-testing.md +228 -0
icdev/data/docs/features/phase-13-cicd-integration.md +257 -0
icdev/data/docs/features/phase-14-secure-by-design-ivv.md +240 -0
icdev/data/docs/features/phase-15-maintenance-audit.md +192 -0
icdev/data/docs/features/phase-16-ato-acceleration.md +228 -0
icdev/data/docs/features/phase-17-multi-framework-compliance.md +223 -0
icdev/data/docs/features/phase-18-mbse-integration.md +242 -0
icdev/data/docs/features/phase-19-agentic-generation.md +202 -0
icdev/data/docs/features/phase-20-fips-security-categorization.md +198 -0
icdev/data/docs/features/phase-21-saas-multi-tenancy.md +273 -0
icdev/data/docs/features/phase-22-federated-gotcha-marketplace.md +242 -0
icdev/data/docs/features/phase-23-universal-compliance-platform.md +238 -0
icdev/data/docs/features/phase-24-devsecops-pipeline-security.md +198 -0
icdev/data/docs/features/phase-25-zero-trust-architecture.md +220 -0
icdev/data/docs/features/phase-26-dod-mosa.md +205 -0
icdev/data/docs/features/phase-27-cli-capabilities.md +222 -0
icdev/data/docs/features/phase-28-remote-command-gateway.md +235 -0
icdev/data/docs/features/phase-29-proactive-monitoring.md +212 -0
icdev/data/docs/features/phase-30-dashboard-auth.md +215 -0
icdev/data/docs/features/phase-31-dashboard-ux-low-impact.md +188 -0
icdev/data/docs/features/phase-32-dashboard-ux-medium-impact.md +223 -0
icdev/data/docs/features/phase-33-modular-installation.md +218 -0
icdev/data/docs/features/phase-34-dev-profiles.md +239 -0
icdev/data/docs/features/phase-35-innovation-engine.md +257 -0
icdev/data/docs/features/phase-36-evolutionary-intelligence.md +351 -0
icdev/data/docs/features/phase-37-mitre-atlas-integration.md +485 -0
icdev/data/docs/features/phase-38-cloud-agnostic-architecture.md +1033 -0
icdev/data/docs/features/phase-39-observability-operations.md +178 -0
icdev/data/docs/features/phase-40-nlq-compliance-queries.md +176 -0
icdev/data/docs/features/phase-41-parallel-cicd.md +169 -0
icdev/data/docs/features/phase-42-framework-planning.md +177 -0
icdev/data/docs/features/phase-43-cross-language-translation.md +225 -0
icdev/data/docs/features/phase-44-innovation-adaptation.md +227 -0
icdev/data/docs/features/phase-45-owasp-agentic-security.md +239 -0
icdev/data/docs/features/phase-46-observability-traceability-xai.md +240 -0
icdev/data/docs/features/phase-47-unified-mcp-gateway.md +257 -0
icdev/data/docs/features/phase-48-ai-transparency.md +203 -0
icdev/data/docs/features/phase-49-ai-accountability.md +243 -0
icdev/data/docs/features/phase-50-ai-governance-intake-chat.md +195 -0
icdev/data/docs/features/phase-51-unified-chat-dashboard.md +240 -0
icdev/data/docs/features/phase-52-code-intelligence.md +244 -0
icdev/data/docs/features/phase-53-fedramp-20x-owasp-asi.md +359 -0
icdev/data/docs/features/phase-54-slsa-swft-orchestration.md +379 -0
icdev/data/docs/features/phase-55-a2a-v03-mcp-oauth.md +322 -0
icdev/data/docs/features/phase-56-evidence-lineage.md +352 -0
icdev/data/docs/features/phase-57-eu-ai-act-iron-bank.md +319 -0
icdev/data/docs/features/phase-58-creative-engine.md +370 -0
icdev/data/docs/features/phase-59-govcon-intelligence.md +535 -0
icdev/data/docs/features/phase-60-cpmp.md +528 -0
icdev/data/docs/features/phase-61-orchestration-improvements.md +534 -0
icdev/data/docs/operations/dashboard-guide.md +354 -0
icdev/data/docs/operations/deployment-guide.md +556 -0
icdev/data/docs/operations/saas-admin-guide.md +439 -0
icdev/data/docs/operations/security-operations-guide.md +733 -0
icdev/data/docs/runbooks/backup-restore.md +412 -0
icdev/data/docs/runbooks/troubleshooting.md +499 -0
icdev/data/features/__init__.py +1 -0
icdev/data/features/cicd_integration.feature +41 -0
icdev/data/features/compliance_gates.feature +46 -0
icdev/data/features/dashboard.feature +72 -0
icdev/data/features/environment.py +25 -0
icdev/data/features/project_management.feature +32 -0
icdev/data/features/requirements_intake.feature +42 -0
icdev/data/features/saas_platform.feature +53 -0
icdev/data/features/security_scanning.feature +36 -0
icdev/data/features/steps/__init__.py +1 -0
icdev/data/features/steps/cicd_steps.py +465 -0
icdev/data/features/steps/compliance_steps.py +308 -0
icdev/data/features/steps/dashboard_steps.py +88 -0
icdev/data/features/steps/project_steps.py +126 -0
icdev/data/features/steps/requirements_intake_steps.py +689 -0
icdev/data/features/steps/saas_platform_steps.py +572 -0
icdev/data/features/steps/security_steps.py +236 -0
icdev/data/features/steps/testing_steps.py +226 -0
icdev/data/features/testing_pipeline.feature +42 -0
icdev/data/goals/__init__.py +1 -0
icdev/data/goals/agent_management.md +144 -0
icdev/data/goals/agentic_generation.md +345 -0
icdev/data/goals/agentic_threat_model.md +309 -0
icdev/data/goals/ai_accountability.md +90 -0
icdev/data/goals/ai_governance_intake.md +132 -0
icdev/data/goals/ai_transparency.md +76 -0
icdev/data/goals/atlas_integration.md +405 -0
icdev/data/goals/ato_acceleration.md +139 -0
icdev/data/goals/boundary_supply_chain.md +206 -0
icdev/data/goals/build_app.md +544 -0
icdev/data/goals/cicd_integration.md +86 -0
icdev/data/goals/claude_dir_maintenance.md +77 -0
icdev/data/goals/cli_capabilities.md +340 -0
icdev/data/goals/cloud_agnostic.md +312 -0
icdev/data/goals/code_intelligence.md +197 -0
icdev/data/goals/code_review.md +94 -0
icdev/data/goals/compliance_workflow.md +858 -0
icdev/data/goals/continuous_harmonization.md +140 -0
icdev/data/goals/cross_language_translation.md +171 -0
icdev/data/goals/dashboard.md +142 -0
icdev/data/goals/deploy_workflow.md +390 -0
icdev/data/goals/devsecops_workflow.md +408 -0
icdev/data/goals/evolutionary_intelligence.md +305 -0
icdev/data/goals/external_integration.md +113 -0
icdev/data/goals/framework_planning.md +63 -0
icdev/data/goals/init_project.md +235 -0
icdev/data/goals/innovation_engine.md +199 -0
icdev/data/goals/integration_testing.md +189 -0
icdev/data/goals/maintenance_audit.md +196 -0
icdev/data/goals/manifest.md +56 -0
icdev/data/goals/mbse_integration.md +504 -0
icdev/data/goals/modernization_workflow.md +618 -0
icdev/data/goals/monitoring.md +126 -0
icdev/data/goals/mosa_workflow.md +463 -0
icdev/data/goals/multi_agent_orchestration.md +68 -0
icdev/data/goals/nlq_compliance.md +63 -0
icdev/data/goals/observability.md +64 -0
icdev/data/goals/observability_traceability_xai.md +154 -0
icdev/data/goals/owasp_agentic_security.md +395 -0
icdev/data/goals/parallel_cicd.md +61 -0
icdev/data/goals/requirements_intake.md +213 -0
icdev/data/goals/sbd_ivv_workflow.md +195 -0
icdev/data/goals/security_categorization.md +133 -0
icdev/data/goals/security_scan.md +381 -0
icdev/data/goals/self_healing.md +120 -0
icdev/data/goals/simulation_engine.md +111 -0
icdev/data/goals/tdd_workflow.md +403 -0
icdev/data/goals/zero_trust_architecture.md +403 -0
icdev/data/hardprompts/__init__.py +1 -0
icdev/data/hardprompts/agent/__init__.py +1 -0
icdev/data/hardprompts/agent/agentic_architect.md +100 -0
icdev/data/hardprompts/agent/debate_prompt.md +32 -0
icdev/data/hardprompts/agent/fitness_evaluation.md +48 -0
icdev/data/hardprompts/agent/governance_review.md +214 -0
icdev/data/hardprompts/agent/reviewer_prompt.md +34 -0
icdev/data/hardprompts/agent/skill_design.md +172 -0
icdev/data/hardprompts/agent/task_decomposition.md +275 -0
icdev/data/hardprompts/agent/veto_check_prompt.md +33 -0
icdev/data/hardprompts/architect/__init__.py +1 -0
icdev/data/hardprompts/architect/api_design.md +283 -0
icdev/data/hardprompts/architect/data_model.md +277 -0
icdev/data/hardprompts/architect/system_design.md +180 -0
icdev/data/hardprompts/builder/__init__.py +1 -0
icdev/data/hardprompts/builder/code_generation.md +59 -0
icdev/data/hardprompts/builder/refactor.md +58 -0
icdev/data/hardprompts/builder/scaffold_project.md +69 -0
icdev/data/hardprompts/builder/test_generation.md +87 -0
icdev/data/hardprompts/ci/__init__.py +1 -0
icdev/data/hardprompts/ci/worktree_setup.md +35 -0
icdev/data/hardprompts/compliance/__init__.py +1 -0
icdev/data/hardprompts/compliance/cmmc_assessment.md +63 -0
icdev/data/hardprompts/compliance/cssp_assessment.md +75 -0
icdev/data/hardprompts/compliance/cui_marking.md +86 -0
icdev/data/hardprompts/compliance/fedramp_assessment.md +55 -0
icdev/data/hardprompts/compliance/ivv_assessment.md +96 -0
icdev/data/hardprompts/compliance/poam_generation.md +57 -0
icdev/data/hardprompts/compliance/sbd_assessment.md +101 -0
icdev/data/hardprompts/compliance/security_categorization.md +74 -0
icdev/data/hardprompts/compliance/ssp_generation.md +56 -0
icdev/data/hardprompts/compliance/stig_evaluation.md +63 -0
icdev/data/hardprompts/dashboard/__init__.py +1 -0
icdev/data/hardprompts/dashboard/nlq_system_prompt.md +26 -0
icdev/data/hardprompts/infra/__init__.py +1 -0
icdev/data/hardprompts/infra/k8s_manifests.md +118 -0
icdev/data/hardprompts/infra/pipeline_generation.md +160 -0
icdev/data/hardprompts/infra/terraform_generation.md +92 -0
icdev/data/hardprompts/integration/__init__.py +1 -0
icdev/data/hardprompts/integration/approval_review.md +17 -0
icdev/data/hardprompts/integration/jira_mapping.md +25 -0
icdev/data/hardprompts/integration/servicenow_mapping.md +14 -0
icdev/data/hardprompts/knowledge/__init__.py +1 -0
icdev/data/hardprompts/knowledge/pattern_detection.md +73 -0
icdev/data/hardprompts/knowledge/recommendation_engine.md +90 -0
icdev/data/hardprompts/knowledge/root_cause_analysis.md +91 -0
icdev/data/hardprompts/maintenance/__init__.py +1 -0
icdev/data/hardprompts/maintenance/maintenance_assessment.md +82 -0
icdev/data/hardprompts/mbse/__init__.py +1 -0
icdev/data/hardprompts/mbse/digital_thread.md +67 -0
icdev/data/hardprompts/mbse/model_import.md +62 -0
icdev/data/hardprompts/mbse/model_to_code.md +65 -0
icdev/data/hardprompts/modernization/__init__.py +1 -0
icdev/data/hardprompts/modernization/legacy_analysis.md +93 -0
icdev/data/hardprompts/modernization/migration_planning.md +150 -0
icdev/data/hardprompts/modernization/seven_r_assessment.md +107 -0
icdev/data/hardprompts/requirements/__init__.py +1 -0
icdev/data/hardprompts/requirements/bdd_generation.md +35 -0
icdev/data/hardprompts/requirements/clarification_prioritization.md +29 -0
icdev/data/hardprompts/requirements/decomposition.md +60 -0
icdev/data/hardprompts/requirements/document_extraction.md +45 -0
icdev/data/hardprompts/requirements/gap_detection.md +70 -0
icdev/data/hardprompts/requirements/intake_conversation.md +101 -0
icdev/data/hardprompts/requirements/readiness_assessment.md +39 -0
icdev/data/hardprompts/requirements/spec_quality.md +33 -0
icdev/data/hardprompts/requirements/traceability_analysis.md +23 -0
icdev/data/hardprompts/security/__init__.py +1 -0
icdev/data/hardprompts/security/endpoint_security.md +78 -0
icdev/data/hardprompts/security/threat_model.md +70 -0
icdev/data/hardprompts/security/vulnerability_assessment.md +81 -0
icdev/data/hardprompts/simulation/__init__.py +1 -0
icdev/data/hardprompts/simulation/architecture_impact.md +27 -0
icdev/data/hardprompts/simulation/coa_alternative.md +27 -0
icdev/data/hardprompts/simulation/coa_generation.md +25 -0
icdev/data/hardprompts/simulation/compliance_impact.md +28 -0
icdev/data/hardprompts/simulation/cost_estimation.md +33 -0
icdev/data/hardprompts/simulation/risk_assessment.md +28 -0
icdev/data/hardprompts/translation/code_translation.md +68 -0
icdev/data/hardprompts/translation/dependency_suggestion.md +44 -0
icdev/data/hardprompts/translation/test_translation.md +64 -0
icdev/data/hardprompts/translation/translation_repair.md +59 -0
icdev/py.typed +0 -0
icdev/tools/__init__.py +1 -0
icdev/tools/_gen_formatter.py +12 -0
icdev/tools/a2a/__init__.py +1 -0
icdev/tools/a2a/agent_cards/architect.json +43 -0
icdev/tools/a2a/agent_cards/builder.json +50 -0
icdev/tools/a2a/agent_cards/compliance.json +57 -0
icdev/tools/a2a/agent_cards/devsecops.json +71 -0
icdev/tools/a2a/agent_cards/infra.json +57 -0
icdev/tools/a2a/agent_cards/integration.json +57 -0
icdev/tools/a2a/agent_cards/knowledge.json +43 -0
icdev/tools/a2a/agent_cards/mbse.json +57 -0
icdev/tools/a2a/agent_cards/modernization.json +50 -0
icdev/tools/a2a/agent_cards/monitor.json +43 -0
icdev/tools/a2a/agent_cards/orchestrator.json +36 -0
icdev/tools/a2a/agent_cards/requirements_analyst.json +64 -0
icdev/tools/a2a/agent_cards/security.json +50 -0
icdev/tools/a2a/agent_cards/simulation.json +57 -0
icdev/tools/a2a/agent_cards/supply_chain.json +50 -0
icdev/tools/a2a/agent_client.py +349 -0
icdev/tools/a2a/agent_registry.py +412 -0
icdev/tools/a2a/agent_server.py +579 -0
icdev/tools/a2a/task.py +200 -0
icdev/tools/agent/__init__.py +2 -0
icdev/tools/agent/a2a_agent_card_generator.py +285 -0
icdev/tools/agent/a2a_discovery_server.py +250 -0
icdev/tools/agent/agent_executor.py +529 -0
icdev/tools/agent/agent_memory.py +557 -0
icdev/tools/agent/agent_models.py +51 -0
icdev/tools/agent/atlas_critique.py +908 -0
icdev/tools/agent/authority.py +443 -0
icdev/tools/agent/bedrock_client.py +1075 -0
icdev/tools/agent/collaboration.py +871 -0
icdev/tools/agent/dispatcher_mode.py +665 -0
icdev/tools/agent/mailbox.py +575 -0
icdev/tools/agent/prompt_chain_executor.py +1064 -0
icdev/tools/agent/session_purpose.py +350 -0
icdev/tools/agent/skill_router.py +638 -0
icdev/tools/agent/skill_selector.py +486 -0
icdev/tools/agent/team_orchestrator.py +1108 -0
icdev/tools/agent/token_tracker.py +290 -0
icdev/tools/analysis/__init__.py +1 -0
icdev/tools/analysis/code_analyzer.py +780 -0
icdev/tools/analysis/runtime_feedback.py +389 -0
icdev/tools/audit/__init__.py +1 -0
icdev/tools/audit/audit_logger.py +196 -0
icdev/tools/audit/audit_query.py +157 -0
icdev/tools/audit/decision_recorder.py +72 -0
icdev/tools/builder/__init__.py +1 -0
icdev/tools/builder/agentic_fitness.py +534 -0
icdev/tools/builder/agentic_test_templates/test_a2a_callback.py +117 -0
icdev/tools/builder/agentic_test_templates/test_a2a_lifecycle.feature +52 -0
icdev/tools/builder/agentic_test_templates/test_agent_card.feature +37 -0
icdev/tools/builder/agentic_test_templates/test_agent_health.py +128 -0
icdev/tools/builder/agentic_test_templates/test_memory_system.feature +50 -0
icdev/tools/builder/agentic_test_templates/test_skill_execution.feature +40 -0
icdev/tools/builder/app_blueprint.py +1583 -0
icdev/tools/builder/child_app_generator.py +2852 -0
icdev/tools/builder/claude_md_generator.py +1734 -0
icdev/tools/builder/code_generator.py +3703 -0
icdev/tools/builder/db_init_generator.py +1709 -0
icdev/tools/builder/dev_profile_manager.py +954 -0
icdev/tools/builder/formatter.py +768 -0
icdev/tools/builder/goal_adapter.py +592 -0
icdev/tools/builder/gotcha_validator.py +812 -0
icdev/tools/builder/language_support.py +441 -0
icdev/tools/builder/linter.py +976 -0
icdev/tools/builder/profile_detector.py +657 -0
icdev/tools/builder/profile_md_generator.py +723 -0
icdev/tools/builder/scaffolder.py +1590 -0
icdev/tools/builder/scaffolder_extended.py +1771 -0
icdev/tools/builder/test_writer.py +950 -0
icdev/tools/ci/__init__.py +2 -0
icdev/tools/ci/connectors/__init__.py +2 -0
icdev/tools/ci/connectors/base_connector.py +80 -0
icdev/tools/ci/connectors/connector_registry.py +188 -0
icdev/tools/ci/connectors/mattermost_connector.py +159 -0
icdev/tools/ci/connectors/slack_connector.py +197 -0
icdev/tools/ci/core/__init__.py +2 -0
icdev/tools/ci/core/air_gap_detector.py +115 -0
icdev/tools/ci/core/comment_handler.py +192 -0
icdev/tools/ci/core/conversation_manager.py +479 -0
icdev/tools/ci/core/event_envelope.py +500 -0
icdev/tools/ci/core/event_router.py +443 -0
icdev/tools/ci/core/failure_parser.py +397 -0
icdev/tools/ci/core/recovery_engine.py +527 -0
icdev/tools/ci/modules/__init__.py +2 -0
icdev/tools/ci/modules/agent.py +271 -0
icdev/tools/ci/modules/git_ops.py +175 -0
icdev/tools/ci/modules/state.py +117 -0
icdev/tools/ci/modules/vcs.py +303 -0
icdev/tools/ci/modules/workflow_ops.py +295 -0
icdev/tools/ci/modules/worktree.py +340 -0
icdev/tools/ci/pipeline_config_generator.py +558 -0
icdev/tools/ci/triggers/__init__.py +2 -0
icdev/tools/ci/triggers/gitlab_task_monitor.py +330 -0
icdev/tools/ci/triggers/poll_trigger.py +237 -0
icdev/tools/ci/triggers/webhook_server.py +356 -0
icdev/tools/ci/workflows/__init__.py +2 -0
icdev/tools/ci/workflows/icdev_build.py +140 -0
icdev/tools/ci/workflows/icdev_comply.py +284 -0
icdev/tools/ci/workflows/icdev_document.py +152 -0
icdev/tools/ci/workflows/icdev_e2e.py +188 -0
icdev/tools/ci/workflows/icdev_patch.py +186 -0
icdev/tools/ci/workflows/icdev_plan.py +202 -0
icdev/tools/ci/workflows/icdev_plan_build.py +41 -0
icdev/tools/ci/workflows/icdev_plan_build_test.py +46 -0
icdev/tools/ci/workflows/icdev_plan_build_test_review.py +47 -0
icdev/tools/ci/workflows/icdev_review.py +126 -0
icdev/tools/ci/workflows/icdev_sdlc.py +261 -0
icdev/tools/ci/workflows/icdev_test.py +240 -0
icdev/tools/cli/__init__.py +1 -0
icdev/tools/cli/output_formatter.py +756 -0
icdev/tools/cli_formatter.py +42 -0
icdev/tools/cloud/__init__.py +11 -0
icdev/tools/cloud/cloud_mode_manager.py +364 -0
icdev/tools/cloud/csp_changelog.py +383 -0
icdev/tools/cloud/csp_health_checker.py +268 -0
icdev/tools/cloud/csp_monitor.py +951 -0
icdev/tools/cloud/iam_provider.py +593 -0
icdev/tools/cloud/kms_provider.py +346 -0
icdev/tools/cloud/monitoring_provider.py +628 -0
icdev/tools/cloud/provider_factory.py +376 -0
icdev/tools/cloud/region_validator.py +345 -0
icdev/tools/cloud/registry_provider.py +563 -0
icdev/tools/cloud/secrets_provider.py +486 -0
icdev/tools/cloud/storage_provider.py +446 -0
icdev/tools/compat/__init__.py +21 -0
icdev/tools/compat/cli_harmonizer.py +251 -0
icdev/tools/compat/datetime_utils.py +18 -0
icdev/tools/compat/db_utils.py +160 -0
icdev/tools/compat/platform_utils.py +123 -0
icdev/tools/compliance/__init__.py +1 -0
icdev/tools/compliance/accountability_manager.py +397 -0
icdev/tools/compliance/ai_accountability_audit.py +294 -0
icdev/tools/compliance/ai_impact_assessor.py +273 -0
icdev/tools/compliance/ai_incident_response.py +301 -0
icdev/tools/compliance/ai_inventory_manager.py +239 -0
icdev/tools/compliance/ai_reassessment_scheduler.py +256 -0
icdev/tools/compliance/ai_transparency_audit.py +248 -0
icdev/tools/compliance/atlas_assessor.py +278 -0
icdev/tools/compliance/atlas_report_generator.py +1211 -0
icdev/tools/compliance/base_assessor.py +597 -0
icdev/tools/compliance/cato_monitor.py +1385 -0
icdev/tools/compliance/cato_scheduler.py +699 -0
icdev/tools/compliance/cjis_assessor.py +76 -0
icdev/tools/compliance/classification_manager.py +1353 -0
icdev/tools/compliance/cmmc_assessor.py +1491 -0
icdev/tools/compliance/cmmc_report_generator.py +1100 -0
icdev/tools/compliance/compliance_detector.py +463 -0
icdev/tools/compliance/compliance_exporter.py +427 -0
icdev/tools/compliance/compliance_status.py +825 -0
icdev/tools/compliance/control_mapper.py +505 -0
icdev/tools/compliance/crosswalk_engine.py +1203 -0
icdev/tools/compliance/cssp_assessor.py +1045 -0
icdev/tools/compliance/cssp_evidence_collector.py +729 -0
icdev/tools/compliance/cssp_report_generator.py +1116 -0
icdev/tools/compliance/cui_marker.py +388 -0
icdev/tools/compliance/diagram_validator.py +600 -0
icdev/tools/compliance/emass/__init__.py +2 -0
icdev/tools/compliance/emass/emass_client.py +840 -0
icdev/tools/compliance/emass/emass_export.py +777 -0
icdev/tools/compliance/emass/emass_sync.py +826 -0
icdev/tools/compliance/eu_ai_act_classifier.py +194 -0
icdev/tools/compliance/evidence_collector.py +468 -0
icdev/tools/compliance/fairness_assessor.py +316 -0
icdev/tools/compliance/fedramp_assessor.py +1808 -0
icdev/tools/compliance/fedramp_authorization_packager.py +137 -0
icdev/tools/compliance/fedramp_ksi_generator.py +355 -0
icdev/tools/compliance/fedramp_report_generator.py +1128 -0
icdev/tools/compliance/fips199_categorizer.py +881 -0
icdev/tools/compliance/fips200_validator.py +315 -0
icdev/tools/compliance/gao_ai_assessor.py +231 -0
icdev/tools/compliance/gao_evidence_builder.py +308 -0
icdev/tools/compliance/hipaa_assessor.py +78 -0
icdev/tools/compliance/hitrust_assessor.py +49 -0
icdev/tools/compliance/incident_response_plan.py +718 -0
icdev/tools/compliance/iso27001_assessor.py +92 -0
icdev/tools/compliance/iso42001_assessor.py +114 -0
icdev/tools/compliance/ivv_assessor.py +2327 -0
icdev/tools/compliance/ivv_report_generator.py +1662 -0
icdev/tools/compliance/model_card_generator.py +297 -0
icdev/tools/compliance/mosa_assessor.py +117 -0
icdev/tools/compliance/multi_regime_assessor.py +451 -0
icdev/tools/compliance/narrative_generator.py +1013 -0
icdev/tools/compliance/nist_800_207_assessor.py +191 -0
icdev/tools/compliance/nist_ai_600_1_assessor.py +188 -0
icdev/tools/compliance/nist_ai_rmf_assessor.py +110 -0
icdev/tools/compliance/nist_lookup.py +245 -0
icdev/tools/compliance/omb_m25_21_assessor.py +228 -0
icdev/tools/compliance/omb_m26_04_assessor.py +188 -0
icdev/tools/compliance/oscal_catalog_adapter.py +395 -0
icdev/tools/compliance/oscal_generator.py +2170 -0
icdev/tools/compliance/oscal_tools.py +1182 -0
icdev/tools/compliance/owasp_agentic_assessor.py +226 -0
icdev/tools/compliance/owasp_asi_assessor.py +200 -0
icdev/tools/compliance/owasp_llm_assessor.py +244 -0
icdev/tools/compliance/pci_dss_assessor.py +80 -0
icdev/tools/compliance/pi_compliance_tracker.py +1461 -0
icdev/tools/compliance/poam_generator.py +405 -0
icdev/tools/compliance/resolve_marking.py +283 -0
icdev/tools/compliance/sbd_assessor.py +2068 -0
icdev/tools/compliance/sbd_report_generator.py +1236 -0
icdev/tools/compliance/sbom_generator.py +1008 -0
icdev/tools/compliance/siem_config_generator.py +674 -0
icdev/tools/compliance/slsa_attestation_generator.py +490 -0
icdev/tools/compliance/soc2_assessor.py +77 -0
icdev/tools/compliance/ssp_generator.py +573 -0
icdev/tools/compliance/stig_checker.py +727 -0
icdev/tools/compliance/swft_evidence_bundler.py +337 -0
icdev/tools/compliance/system_card_generator.py +309 -0
icdev/tools/compliance/traceability_matrix.py +1281 -0
icdev/tools/compliance/universal_classification_manager.py +1172 -0
icdev/tools/compliance/xacta/__init__.py +2 -0
icdev/tools/compliance/xacta/xacta_client.py +449 -0
icdev/tools/compliance/xacta/xacta_export.py +557 -0
icdev/tools/compliance/xacta/xacta_sync.py +333 -0
icdev/tools/compliance/xai_assessor.py +231 -0
icdev/tools/dashboard/__init__.py +1 -0
icdev/tools/dashboard/api/__init__.py +1 -0
icdev/tools/dashboard/api/_pipeline_state.py +17 -0
icdev/tools/dashboard/api/activity.py +206 -0
icdev/tools/dashboard/api/admin.py +176 -0
icdev/tools/dashboard/api/agents.py +53 -0
icdev/tools/dashboard/api/ai_accountability.py +163 -0
icdev/tools/dashboard/api/ai_transparency.py +198 -0
icdev/tools/dashboard/api/audit.py +58 -0
icdev/tools/dashboard/api/batch.py +666 -0
icdev/tools/dashboard/api/chat.py +241 -0
icdev/tools/dashboard/api/cicd.py +219 -0
icdev/tools/dashboard/api/code_quality.py +223 -0
icdev/tools/dashboard/api/compliance.py +171 -0
icdev/tools/dashboard/api/cpmp.py +915 -0
icdev/tools/dashboard/api/diagrams.py +65 -0
icdev/tools/dashboard/api/events.py +250 -0
icdev/tools/dashboard/api/evidence.py +99 -0
icdev/tools/dashboard/api/fedramp_20x.py +77 -0
icdev/tools/dashboard/api/govcon.py +1095 -0
icdev/tools/dashboard/api/intake.py +1171 -0
icdev/tools/dashboard/api/lineage.py +163 -0
icdev/tools/dashboard/api/metrics.py +155 -0
icdev/tools/dashboard/api/nlq.py +72 -0
icdev/tools/dashboard/api/orchestration.py +472 -0
icdev/tools/dashboard/api/oscal.py +183 -0
icdev/tools/dashboard/api/prod_audit.py +183 -0
icdev/tools/dashboard/api/projects.py +191 -0
icdev/tools/dashboard/api/proposals.py +1084 -0
icdev/tools/dashboard/api/traces.py +363 -0
icdev/tools/dashboard/api/usage.py +234 -0
icdev/tools/dashboard/app.py +1986 -0
icdev/tools/dashboard/auth.py +500 -0
icdev/tools/dashboard/byok.py +245 -0
icdev/tools/dashboard/chat_manager.py +675 -0
icdev/tools/dashboard/config.py +116 -0
icdev/tools/dashboard/diagram_definitions.py +642 -0
icdev/tools/dashboard/nlq_processor.py +323 -0
icdev/tools/dashboard/phase_loader.py +136 -0
icdev/tools/dashboard/sse_manager.py +89 -0
icdev/tools/dashboard/state_tracker.py +267 -0
icdev/tools/dashboard/static/css/style.css +706 -0
icdev/tools/dashboard/static/css/ux.css +2047 -0
icdev/tools/dashboard/static/js/activity.js +322 -0
icdev/tools/dashboard/static/js/api.js +161 -0
icdev/tools/dashboard/static/js/batch.js +814 -0
icdev/tools/dashboard/static/js/charts.js +618 -0
icdev/tools/dashboard/static/js/chat.js +1514 -0
icdev/tools/dashboard/static/js/kanban.js +113 -0
icdev/tools/dashboard/static/js/live.js +569 -0
icdev/tools/dashboard/static/js/mermaid-icdev.js +332 -0
icdev/tools/dashboard/static/js/proposals.js +588 -0
icdev/tools/dashboard/static/js/shortcuts.js +544 -0
icdev/tools/dashboard/static/js/tables.js +652 -0
icdev/tools/dashboard/static/js/tour.js +524 -0
icdev/tools/dashboard/static/js/ux.js +942 -0
icdev/tools/dashboard/templates/404.html +10 -0
icdev/tools/dashboard/templates/activity.html +80 -0
icdev/tools/dashboard/templates/admin/users.html +144 -0
icdev/tools/dashboard/templates/ai_accountability.html +235 -0
icdev/tools/dashboard/templates/ai_transparency.html +263 -0
icdev/tools/dashboard/templates/base.html +104 -0
icdev/tools/dashboard/templates/batch.html +23 -0
icdev/tools/dashboard/templates/chat.html +332 -0
icdev/tools/dashboard/templates/children.html +149 -0
icdev/tools/dashboard/templates/cicd.html +253 -0
icdev/tools/dashboard/templates/code_quality.html +214 -0
icdev/tools/dashboard/templates/cpmp/cor_detail.html +220 -0
icdev/tools/dashboard/templates/cpmp/cor_portal.html +91 -0
icdev/tools/dashboard/templates/cpmp/deliverable_detail.html +197 -0
icdev/tools/dashboard/templates/cpmp/detail.html +578 -0
icdev/tools/dashboard/templates/cpmp/portfolio.html +202 -0
icdev/tools/dashboard/templates/dev_profiles.html +304 -0
icdev/tools/dashboard/templates/diagrams.html +224 -0
icdev/tools/dashboard/templates/events/timeline.html +232 -0
icdev/tools/dashboard/templates/evidence.html +134 -0
icdev/tools/dashboard/templates/fedramp_20x.html +207 -0
icdev/tools/dashboard/templates/gateway.html +244 -0
icdev/tools/dashboard/templates/govcon/capabilities.html +135 -0
icdev/tools/dashboard/templates/govcon/pipeline.html +214 -0
icdev/tools/dashboard/templates/govcon/requirements.html +120 -0
icdev/tools/dashboard/templates/index.html +254 -0
icdev/tools/dashboard/templates/lineage.html +141 -0
icdev/tools/dashboard/templates/login.html +51 -0
icdev/tools/dashboard/templates/monitoring/overview.html +193 -0
icdev/tools/dashboard/templates/orchestration/dashboard.html +545 -0
icdev/tools/dashboard/templates/oscal.html +263 -0
icdev/tools/dashboard/templates/phases.html +150 -0
icdev/tools/dashboard/templates/prod_audit.html +280 -0
icdev/tools/dashboard/templates/profile.html +183 -0
icdev/tools/dashboard/templates/projects/detail.html +583 -0
icdev/tools/dashboard/templates/projects/list.html +47 -0
icdev/tools/dashboard/templates/proposals/detail.html +1253 -0
icdev/tools/dashboard/templates/proposals/list.html +179 -0
icdev/tools/dashboard/templates/proposals/section_detail.html +193 -0
icdev/tools/dashboard/templates/provenance.html +181 -0
icdev/tools/dashboard/templates/query/nlq.html +234 -0
icdev/tools/dashboard/templates/quick_paths.html +69 -0
icdev/tools/dashboard/templates/traces.html +155 -0
icdev/tools/dashboard/templates/translation_detail.html +199 -0
icdev/tools/dashboard/templates/translations.html +162 -0
icdev/tools/dashboard/templates/usage.html +225 -0
icdev/tools/dashboard/templates/wizard.html +539 -0
icdev/tools/dashboard/templates/xai.html +208 -0
icdev/tools/dashboard/ux_helpers.py +962 -0
icdev/tools/dashboard/websocket.py +81 -0
icdev/tools/db/__init__.py +1 -0
icdev/tools/db/backup.py +312 -0
icdev/tools/db/backup_manager.py +832 -0
icdev/tools/db/init_icdev_db.py +5900 -0
icdev/tools/db/migrate.py +178 -0
icdev/tools/db/migration_runner.py +549 -0
icdev/tools/db/migrations/001_baseline/meta.json +9 -0
icdev/tools/db/migrations/001_baseline/up.py +68 -0
icdev/tools/db/migrations/002_memory_enhancements/down.sql +8 -0
icdev/tools/db/migrations/002_memory_enhancements/meta.json +9 -0
icdev/tools/db/migrations/002_memory_enhancements/up.py +118 -0
icdev/tools/db/migrations/003_dev_profiles/meta.json +8 -0
icdev/tools/db/migrations/003_dev_profiles/up.py +93 -0
icdev/tools/db/migrations/004_innovation_engine/down.py +19 -0
icdev/tools/db/migrations/004_innovation_engine/up.py +227 -0
icdev/tools/db/migrations/005_phase_37_ai_security/down.py +19 -0
icdev/tools/db/migrations/005_phase_37_ai_security/up.py +258 -0
icdev/tools/db/migrations/006_phase_36_evolution/down.py +21 -0
icdev/tools/db/migrations/006_phase_36_evolution/up.py +323 -0
icdev/tools/db/migrations/007_phase_38_cloud/down.py +14 -0
icdev/tools/db/migrations/007_phase_38_cloud/up.py +110 -0
icdev/tools/db/migrations/008_phase36_37_integration/up.py +55 -0
icdev/tools/db/migrations/__init__.py +2 -0
icdev/tools/devsecops/__init__.py +2 -0
icdev/tools/devsecops/attestation_manager.py +458 -0
icdev/tools/devsecops/network_segmentation_generator.py +614 -0
icdev/tools/devsecops/pdp_config_generator.py +1256 -0
icdev/tools/devsecops/pipeline_security_generator.py +484 -0
icdev/tools/devsecops/policy_generator.py +653 -0
icdev/tools/devsecops/profile_manager.py +388 -0
icdev/tools/devsecops/service_mesh_generator.py +1073 -0
icdev/tools/devsecops/zta_maturity_scorer.py +368 -0
icdev/tools/devsecops/zta_terraform_generator.py +1303 -0
icdev/tools/dx/__init__.py +3 -0
icdev/tools/dx/companion.py +266 -0
icdev/tools/dx/instruction_generator.py +753 -0
icdev/tools/dx/mcp_config_generator.py +282 -0
icdev/tools/dx/skill_translator.py +425 -0
icdev/tools/dx/tool_detector.py +144 -0
icdev/tools/extensions/__init__.py +21 -0
icdev/tools/extensions/builtins/010_ai_governance_chat.py +277 -0
icdev/tools/extensions/builtins/__init__.py +2 -0
icdev/tools/extensions/extension_manager.py +455 -0
icdev/tools/infra/__init__.py +1 -0
icdev/tools/infra/ansible_generator.py +869 -0
icdev/tools/infra/dockerfile_generator.py +361 -0
icdev/tools/infra/infra_status.py +393 -0
icdev/tools/infra/ironbank_metadata_generator.py +411 -0
icdev/tools/infra/k8s_generator.py +1002 -0
icdev/tools/infra/pipeline_generator.py +832 -0
icdev/tools/infra/rollback.py +400 -0
icdev/tools/infra/terraform_generator.py +1142 -0
icdev/tools/infra/terraform_generator_azure.py +1254 -0
icdev/tools/infra/terraform_generator_gcp.py +953 -0
icdev/tools/infra/terraform_generator_ibm.py +360 -0
icdev/tools/infra/terraform_generator_oci.py +919 -0
icdev/tools/infra/terraform_generator_onprem.py +319 -0
icdev/tools/innovation/__init__.py +8 -0
icdev/tools/innovation/competitive_intel.py +492 -0
icdev/tools/innovation/innovation_manager.py +681 -0
icdev/tools/innovation/introspective_analyzer.py +774 -0
icdev/tools/innovation/register_external_patterns.py +440 -0
icdev/tools/innovation/signal_ranker.py +1038 -0
icdev/tools/innovation/solution_generator.py +697 -0
icdev/tools/innovation/standards_monitor.py +466 -0
icdev/tools/innovation/trend_detector.py +1046 -0
icdev/tools/innovation/triage_engine.py +1149 -0
icdev/tools/innovation/web_scanner.py +894 -0
icdev/tools/installer/__init__.py +1 -0
icdev/tools/installer/compliance_configurator.py +637 -0
icdev/tools/installer/installer.py +1711 -0
icdev/tools/installer/module_registry.py +805 -0
icdev/tools/installer/platform_setup.py +961 -0
icdev/tools/integration/__init__.py +2 -0
icdev/tools/integration/approval_manager.py +561 -0
icdev/tools/integration/doors_exporter.py +627 -0
icdev/tools/integration/gitlab_connector.py +784 -0
icdev/tools/integration/jira_connector.py +774 -0
icdev/tools/integration/servicenow_connector.py +693 -0
icdev/tools/knowledge/__init__.py +1 -0
icdev/tools/knowledge/knowledge_ingest.py +293 -0
icdev/tools/knowledge/pattern_detector.py +693 -0
icdev/tools/knowledge/recommendation_engine.py +461 -0
icdev/tools/knowledge/self_heal_analyzer.py +504 -0
icdev/tools/llm/__init__.py +72 -0
icdev/tools/llm/anthropic_provider.py +170 -0
icdev/tools/llm/azure_openai_provider.py +338 -0
icdev/tools/llm/bedrock_provider.py +315 -0
icdev/tools/llm/embedding_provider.py +438 -0
icdev/tools/llm/gemini_provider.py +381 -0
icdev/tools/llm/ibm_watsonx_provider.py +232 -0
icdev/tools/llm/oci_genai_provider.py +462 -0
icdev/tools/llm/ollama_provider.py +340 -0
icdev/tools/llm/openai_provider.py +225 -0
icdev/tools/llm/provider.py +355 -0
icdev/tools/llm/provider_sdk.py +175 -0
icdev/tools/llm/router.py +780 -0
icdev/tools/llm/vertex_ai_provider.py +374 -0
icdev/tools/maintenance/__init__.py +2 -0
icdev/tools/maintenance/dependency_scanner.py +1030 -0
icdev/tools/maintenance/maintenance_auditor.py +815 -0
icdev/tools/maintenance/remediation_engine.py +966 -0
icdev/tools/maintenance/vulnerability_checker.py +987 -0
icdev/tools/mbse/__init__.py +3 -0
icdev/tools/mbse/des_assessor.py +1186 -0
icdev/tools/mbse/des_report_generator.py +800 -0
icdev/tools/mbse/diagram_extractor.py +811 -0
icdev/tools/mbse/digital_thread.py +1665 -0
icdev/tools/mbse/model_code_generator.py +1122 -0
icdev/tools/mbse/model_control_mapper.py +420 -0
icdev/tools/mbse/pi_model_tracker.py +1093 -0
icdev/tools/mbse/reqif_parser.py +1483 -0
icdev/tools/mbse/sync_engine.py +1805 -0
icdev/tools/mbse/xmi_parser.py +1573 -0
icdev/tools/mcp/__init__.py +1 -0
icdev/tools/mcp/base_server.py +535 -0
icdev/tools/mcp/builder_server.py +725 -0
icdev/tools/mcp/compliance_server.py +1407 -0
icdev/tools/mcp/context_indexer.py +199 -0
icdev/tools/mcp/context_server.py +305 -0
icdev/tools/mcp/core_server.py +679 -0
icdev/tools/mcp/devsecops_server.py +432 -0
icdev/tools/mcp/gap_handlers.py +1079 -0
icdev/tools/mcp/gateway_server.py +339 -0
icdev/tools/mcp/generate_registry.py +623 -0
icdev/tools/mcp/infra_server.py +264 -0
icdev/tools/mcp/innovation_server.py +316 -0
icdev/tools/mcp/integration_server.py +527 -0
icdev/tools/mcp/knowledge_server.py +429 -0
icdev/tools/mcp/maintenance_server.py +248 -0
icdev/tools/mcp/marketplace_server.py +499 -0
icdev/tools/mcp/mbse_server.py +398 -0
icdev/tools/mcp/modernization_server.py +496 -0
icdev/tools/mcp/observability_server.py +354 -0
icdev/tools/mcp/requirements_server.py +415 -0
icdev/tools/mcp/simulation_server.py +468 -0
icdev/tools/mcp/standalone/__init__.py +2 -0
icdev/tools/mcp/standalone/builder.py +59 -0
icdev/tools/mcp/standalone/compliance.py +59 -0
icdev/tools/mcp/standalone/core.py +59 -0
icdev/tools/mcp/standalone/knowledge.py +59 -0
icdev/tools/mcp/standalone/maintenance.py +59 -0
icdev/tools/mcp/supply_chain_server.py +476 -0
icdev/tools/mcp/tool_registry.py +2008 -0
icdev/tools/mcp/unified_server.py +158 -0
icdev/tools/memory/__init__.py +2 -0
icdev/tools/memory/auto_capture.py +347 -0
icdev/tools/memory/embed_memory.py +158 -0
icdev/tools/memory/history_compressor.py +334 -0
icdev/tools/memory/hybrid_search.py +236 -0
icdev/tools/memory/maintenance_cron.py +289 -0
icdev/tools/memory/memory_consolidation.py +444 -0
icdev/tools/memory/memory_db.py +133 -0
icdev/tools/memory/memory_read.py +102 -0
icdev/tools/memory/memory_write.py +222 -0
icdev/tools/memory/semantic_search.py +139 -0
icdev/tools/memory/time_decay.py +435 -0
icdev/tools/modernization/__init__.py +3 -0
icdev/tools/modernization/architecture_extractor.py +734 -0
icdev/tools/modernization/compliance_bridge.py +1499 -0
icdev/tools/modernization/db_migration_planner.py +1385 -0
icdev/tools/modernization/doc_generator.py +1428 -0
icdev/tools/modernization/framework_migrator.py +1525 -0
icdev/tools/modernization/legacy_analyzer.py +1948 -0
icdev/tools/modernization/migration_code_generator.py +1639 -0
icdev/tools/modernization/migration_report_generator.py +1653 -0
icdev/tools/modernization/migration_tracker.py +1726 -0
icdev/tools/modernization/monolith_decomposer.py +1508 -0
icdev/tools/modernization/seven_r_assessor.py +1658 -0
icdev/tools/modernization/strangler_fig_manager.py +1705 -0
icdev/tools/modernization/ui_analyzer.py +771 -0
icdev/tools/modernization/version_migrator.py +1392 -0
icdev/tools/monitor/__init__.py +1 -0
icdev/tools/monitor/alert_correlator.py +495 -0
icdev/tools/monitor/auto_resolver.py +612 -0
icdev/tools/monitor/health_checker.py +509 -0
icdev/tools/monitor/heartbeat_daemon.py +792 -0
icdev/tools/monitor/log_analyzer.py +516 -0
icdev/tools/monitor/metric_collector.py +496 -0
icdev/tools/mosa/__init__.py +10 -0
icdev/tools/mosa/icd_generator.py +370 -0
icdev/tools/mosa/modular_design_analyzer.py +683 -0
icdev/tools/mosa/mosa_code_enforcer.py +349 -0
icdev/tools/mosa/tsp_generator.py +265 -0
icdev/tools/observability/__init__.py +100 -0
icdev/tools/observability/genai_attributes.py +88 -0
icdev/tools/observability/instrumentation.py +140 -0
icdev/tools/observability/mlflow_exporter.py +194 -0
icdev/tools/observability/otel_tracer.py +168 -0
icdev/tools/observability/provenance/__init__.py +3 -0
icdev/tools/observability/provenance/prov_recorder.py +324 -0
icdev/tools/observability/shap/__init__.py +3 -0
icdev/tools/observability/shap/agent_shap.py +275 -0
icdev/tools/observability/sqlite_tracer.py +361 -0
icdev/tools/observability/trace_context.py +205 -0
icdev/tools/observability/tracer.py +230 -0
icdev/tools/orchestration/__init__.py +2 -0
icdev/tools/orchestration/workflow_composer.py +361 -0
icdev/tools/project/__init__.py +1 -0
icdev/tools/project/manifest_loader.py +418 -0
icdev/tools/project/project_create.py +350 -0
icdev/tools/project/project_list.py +174 -0
icdev/tools/project/project_scaffold.py +1715 -0
icdev/tools/project/project_status.py +479 -0
icdev/tools/project/session_context_builder.py +757 -0
icdev/tools/project/validate_manifest.py +55 -0
icdev/tools/registry/__init__.py +10 -0
icdev/tools/registry/absorption_engine.py +832 -0
icdev/tools/registry/capability_evaluator.py +668 -0
icdev/tools/registry/child_registry.py +617 -0
icdev/tools/registry/cross_pollinator.py +1065 -0
icdev/tools/registry/genome_manager.py +671 -0
icdev/tools/registry/learning_collector.py +912 -0
icdev/tools/registry/propagation_manager.py +942 -0
icdev/tools/registry/staging_manager.py +742 -0
icdev/tools/registry/telemetry_collector.py +423 -0
icdev/tools/requirements/__init__.py +1 -0
icdev/tools/requirements/ai_governance_scorer.py +208 -0
icdev/tools/requirements/boundary_analyzer.py +1293 -0
icdev/tools/requirements/clarification_engine.py +618 -0
icdev/tools/requirements/complexity_scorer.py +387 -0
icdev/tools/requirements/consistency_analyzer.py +803 -0
icdev/tools/requirements/constitution_manager.py +605 -0
icdev/tools/requirements/decomposition_engine.py +778 -0
icdev/tools/requirements/document_extractor.py +1016 -0
icdev/tools/requirements/elicitation_techniques.py +519 -0
icdev/tools/requirements/gap_detector.py +271 -0
icdev/tools/requirements/intake_engine.py +2188 -0
icdev/tools/requirements/prd_generator.py +847 -0
icdev/tools/requirements/prd_validator.py +595 -0
icdev/tools/requirements/readiness_scorer.py +313 -0
icdev/tools/requirements/spec_organizer.py +1029 -0
icdev/tools/requirements/spec_quality_checker.py +1097 -0
icdev/tools/requirements/traceability_builder.py +579 -0
icdev/tools/resilience/__init__.py +34 -0
icdev/tools/resilience/circuit_breaker.py +340 -0
icdev/tools/resilience/correlation.py +150 -0
icdev/tools/resilience/errors.py +81 -0
icdev/tools/resilience/retry.py +95 -0
icdev/tools/schemas/__init__.py +27 -0
icdev/tools/schemas/chat.py +61 -0
icdev/tools/schemas/compliance.py +56 -0
icdev/tools/schemas/core.py +85 -0
icdev/tools/schemas/innovation.py +37 -0
icdev/tools/schemas/validation.py +109 -0
icdev/tools/sdk/__init__.py +3 -0
icdev/tools/sdk/icdev_client.py +218 -0
icdev/tools/security/__init__.py +1 -0
icdev/tools/security/agent_output_validator.py +330 -0
icdev/tools/security/agent_trust_scorer.py +466 -0
icdev/tools/security/ai_bom_generator.py +725 -0
icdev/tools/security/ai_telemetry_logger.py +469 -0
icdev/tools/security/atlas_red_team.py +543 -0
icdev/tools/security/code_pattern_scanner.py +378 -0
icdev/tools/security/confabulation_detector.py +271 -0
icdev/tools/security/container_scanner.py +491 -0
icdev/tools/security/dependency_auditor.py +944 -0
icdev/tools/security/endpoint_security_scanner.py +579 -0
icdev/tools/security/mcp_tool_authorizer.py +243 -0
icdev/tools/security/prompt_injection_detector.py +737 -0
icdev/tools/security/sast_runner.py +948 -0
icdev/tools/security/secret_detector.py +378 -0
icdev/tools/security/tool_chain_validator.py +357 -0
icdev/tools/security/vuln_scanner.py +539 -0
icdev/tools/simulation/__init__.py +2 -0
icdev/tools/simulation/coa_generator.py +1552 -0
icdev/tools/simulation/monte_carlo.py +758 -0
icdev/tools/simulation/scenario_manager.py +1073 -0
icdev/tools/simulation/simulation_engine.py +1104 -0
icdev/tools/supply_chain/__init__.py +2 -0
icdev/tools/supply_chain/cve_triager.py +705 -0
icdev/tools/supply_chain/dependency_graph.py +645 -0
icdev/tools/supply_chain/isa_manager.py +540 -0
icdev/tools/supply_chain/scrm_assessor.py +546 -0
icdev/tools/testing/__init__.py +2 -0
icdev/tools/testing/acceptance_validator.py +411 -0
icdev/tools/testing/claude_dir_validator.py +831 -0
icdev/tools/testing/data_types.py +199 -0
icdev/tools/testing/e2e_runner.py +715 -0
icdev/tools/testing/fuzz_cli.py +306 -0
icdev/tools/testing/health_check.py +483 -0
icdev/tools/testing/platform_check.py +143 -0
icdev/tools/testing/production_audit.py +1862 -0
icdev/tools/testing/production_remediate.py +804 -0
icdev/tools/testing/screenshot_validator.py +539 -0
icdev/tools/testing/smoke_test.py +283 -0
icdev/tools/testing/test_agent_models.py +117 -0
icdev/tools/testing/test_orchestrator.py +957 -0
icdev/tools/testing/utils.py +229 -0
icdev/tools/translation/__init__.py +17 -0
icdev/tools/translation/code_translator.py +550 -0
icdev/tools/translation/dependency_mapper.py +277 -0
icdev/tools/translation/feature_map.py +395 -0
icdev/tools/translation/project_assembler.py +439 -0
icdev/tools/translation/source_extractor.py +609 -0
icdev/tools/translation/test_translator.py +333 -0
icdev/tools/translation/translation_manager.py +582 -0
icdev/tools/translation/translation_validator.py +662 -0
icdev/tools/translation/type_checker.py +371 -0
icdev-1.0.0.dist-info/METADATA +868 -0
icdev-1.0.0.dist-info/RECORD +1105 -0
icdev-1.0.0.dist-info/WHEEL +5 -0
icdev-1.0.0.dist-info/entry_points.txt +9 -0
icdev-1.0.0.dist-info/licenses/LICENSE +254 -0
icdev-1.0.0.dist-info/licenses/NOTICE +268 -0
icdev-1.0.0.dist-info/top_level.txt +1 -0

icdev/data/context/compliance/iso27001_nist_bridge.json ADDED Viewed

@@ -0,0 +1,382 @@
+{
+  "metadata": {
+    "title": "ISO/IEC 27001:2022 to NIST SP 800-53 Rev 5 Bidirectional Bridge",
+    "description": "Dual-hub crosswalk bridge enabling control mappings between ISO 27001 Annex A and NIST 800-53 Rev 5. ADR D111: International frameworks hub through ISO 27001, US frameworks hub through NIST 800-53, this bridge connects both.",
+    "version": "1.0",
+    "last_updated": "2026-02-18",
+    "sources": [
+      "NIST SP 800-53 Rev 5 to ISO 27001:2013 mapping (NIST published)",
+      "ISO 27002:2022 cross-reference annex",
+      "NIST Cybersecurity Framework to ISO 27001 crosswalk"
+    ],
+    "adr_reference": "D111"
+  },
+  "bridge_mappings": [
+    {
+      "iso_27001": "A.5.1",
+      "iso_title": "Policies for information security",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["AC-1", "AT-1", "AU-1", "CA-1", "CM-1", "CP-1", "IA-1", "IR-1", "MA-1", "MP-1", "PE-1", "PL-1", "PS-1", "RA-1", "SA-1", "SC-1", "SI-1"],
+      "mapping_type": "superset",
+      "notes": "ISO A.5.1 covers all NIST -1 (policy) controls across families"
+    },
+    {
+      "iso_27001": "A.5.2",
+      "iso_title": "Information security roles and responsibilities",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["PM-2", "PS-7"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.3",
+      "iso_title": "Segregation of duties",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["AC-5"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.4",
+      "iso_title": "Management responsibilities",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["PM-1", "PM-2"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.5",
+      "iso_title": "Contact with authorities",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["IR-6", "SI-5"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.6",
+      "iso_title": "Contact with special interest groups",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["PM-15", "SI-5"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.7",
+      "iso_title": "Threat intelligence",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["RA-3", "PM-16", "SI-5"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.8",
+      "iso_title": "Information security in project management",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["SA-3", "PL-7"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.9",
+      "iso_title": "Inventory of information and other associated assets",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["CM-8", "PM-5"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.10",
+      "iso_title": "Acceptable use of information and other associated assets",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["PL-4", "AC-20"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.23",
+      "iso_title": "Information security for use of cloud services",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["SA-9", "AC-20"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.24",
+      "iso_title": "Information security incident management planning and preparation",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["IR-1", "IR-8"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.25",
+      "iso_title": "Assessment and decision on information security events",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["IR-4", "IR-5"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.26",
+      "iso_title": "Response to information security incidents",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["IR-4", "IR-6"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.29",
+      "iso_title": "Information security during disruption",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["CP-2", "CP-4"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.30",
+      "iso_title": "ICT readiness for business continuity",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["CP-2", "CP-7", "CP-8"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.5.36",
+      "iso_title": "Compliance with policies, rules and standards for information security",
+      "iso_clause": "A.5",
+      "iso_clause_name": "Organizational controls",
+      "nist_800_53": ["CA-2", "CA-7"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.6.1",
+      "iso_title": "Screening",
+      "iso_clause": "A.6",
+      "iso_clause_name": "People controls",
+      "nist_800_53": ["PS-3"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.6.2",
+      "iso_title": "Terms and conditions of employment",
+      "iso_clause": "A.6",
+      "iso_clause_name": "People controls",
+      "nist_800_53": ["PS-6", "PL-4"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.6.3",
+      "iso_title": "Information security awareness, education and training",
+      "iso_clause": "A.6",
+      "iso_clause_name": "People controls",
+      "nist_800_53": ["AT-2", "AT-3"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.6.5",
+      "iso_title": "Responsibilities after termination or change of employment",
+      "iso_clause": "A.6",
+      "iso_clause_name": "People controls",
+      "nist_800_53": ["PS-4", "PS-5"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.7.1",
+      "iso_title": "Physical security perimeters",
+      "iso_clause": "A.7",
+      "iso_clause_name": "Physical controls",
+      "nist_800_53": ["PE-3"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.7.2",
+      "iso_title": "Physical entry",
+      "iso_clause": "A.7",
+      "iso_clause_name": "Physical controls",
+      "nist_800_53": ["PE-2", "PE-3"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.7.4",
+      "iso_title": "Physical security monitoring",
+      "iso_clause": "A.7",
+      "iso_clause_name": "Physical controls",
+      "nist_800_53": ["PE-6"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.7.7",
+      "iso_title": "Clear desk and clear screen",
+      "iso_clause": "A.7",
+      "iso_clause_name": "Physical controls",
+      "nist_800_53": ["AC-11", "MP-2"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.7.10",
+      "iso_title": "Storage media",
+      "iso_clause": "A.7",
+      "iso_clause_name": "Physical controls",
+      "nist_800_53": ["MP-2", "MP-4", "MP-6"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.1",
+      "iso_title": "User endpoint devices",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["AC-19", "CM-7"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.2",
+      "iso_title": "Privileged access rights",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["AC-6"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.3",
+      "iso_title": "Information access restriction",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["AC-3"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.5",
+      "iso_title": "Secure authentication",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["IA-2", "IA-5"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.7",
+      "iso_title": "Protection against malware",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["SI-3"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.8",
+      "iso_title": "Management of technical vulnerabilities",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["RA-5", "SI-2"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.9",
+      "iso_title": "Configuration management",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["CM-2", "CM-6", "CM-7"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.15",
+      "iso_title": "Logging",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["AU-2", "AU-3", "AU-6"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.16",
+      "iso_title": "Monitoring activities",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["CA-7", "SI-4"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.20",
+      "iso_title": "Networks security",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["SC-7"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.24",
+      "iso_title": "Use of cryptography",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["SC-12", "SC-13"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.25",
+      "iso_title": "Secure development life cycle",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["SA-3", "SA-15"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.26",
+      "iso_title": "Application security requirements",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["SA-11", "SA-15"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.28",
+      "iso_title": "Secure coding",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["SA-11", "SI-10"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.31",
+      "iso_title": "Separation of development, test and production environments",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["CM-4", "SA-11"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.32",
+      "iso_title": "Change management",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["CM-3", "CM-4", "CM-5"],
+      "mapping_type": "equivalent"
+    },
+    {
+      "iso_27001": "A.8.33",
+      "iso_title": "Test information",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["SA-11"],
+      "mapping_type": "partial"
+    },
+    {
+      "iso_27001": "A.8.34",
+      "iso_title": "Protection of information systems during audit testing",
+      "iso_clause": "A.8",
+      "iso_clause_name": "Technological controls",
+      "nist_800_53": ["CA-8", "AU-6"],
+      "mapping_type": "equivalent"
+    }
+  ],
+  "iso_clause_summary": {
+    "A.5": {"name": "Organizational controls", "control_count": 37, "nist_families": ["AC", "AT", "AU", "CA", "CM", "CP", "IA", "IR", "MA", "MP", "PE", "PL", "PM", "PS", "PT", "RA", "SA", "SC", "SI", "SR"]},
+    "A.6": {"name": "People controls", "control_count": 8, "nist_families": ["AT", "PS", "PL"]},
+    "A.7": {"name": "Physical controls", "control_count": 14, "nist_families": ["PE", "MP", "AC"]},
+    "A.8": {"name": "Technological controls", "control_count": 34, "nist_families": ["AC", "AU", "CA", "CM", "IA", "RA", "SA", "SC", "SI"]}
+  },
+  "coverage_statistics": {
+    "total_iso_controls": 93,
+    "mapped_iso_controls": 42,
+    "coverage_percentage": 45.2,
+    "total_nist_controls_referenced": 78,
+    "notes": "Partial mapping -- covers highest-priority controls. Full 93-control mapping planned for v2.0"
+  }
+}

icdev/data/context/compliance/iso42001_controls.json ADDED Viewed

@@ -0,0 +1,254 @@
+{
+  "metadata": {
+    "title": "ISO/IEC 42001:2023 — Artificial Intelligence Management System",
+    "source": "International Organization for Standardization, ISO/IEC 42001:2023 Information technology — Artificial intelligence — Management system, December 2023",
+    "classification": "CUI // SP-CTI",
+    "version": "1.0",
+    "last_updated": "2026-02-21",
+    "description": "ISO/IEC 42001:2023 AI Management System (AIMS) requirements catalog covering management system clauses (4-10) and Annex A controls. Bridged through ISO 27001 international hub (D111) and crosswalked to NIST 800-53 Rev 5 for multi-regime deduplication (D113)."
+  },
+  "clause_categories": [
+    {
+      "code": "5",
+      "name": "Leadership",
+      "requirement_count": 2,
+      "description": "Leadership commitment and AI policy establishment for the AI management system"
+    },
+    {
+      "code": "6",
+      "name": "Planning",
+      "requirement_count": 2,
+      "description": "Actions to address AI risks and opportunities, and planning of AI management system objectives"
+    },
+    {
+      "code": "7",
+      "name": "Support",
+      "requirement_count": 2,
+      "description": "Resources, competence, awareness, and communication for the AI management system"
+    },
+    {
+      "code": "8",
+      "name": "Operation",
+      "requirement_count": 2,
+      "description": "Operational planning, control, and AI system lifecycle processes"
+    },
+    {
+      "code": "9",
+      "name": "Performance Evaluation",
+      "requirement_count": 1,
+      "description": "Monitoring, measurement, analysis, and evaluation of the AI management system"
+    },
+    {
+      "code": "10",
+      "name": "Improvement",
+      "requirement_count": 1,
+      "description": "Continual improvement of the AI management system"
+    },
+    {
+      "code": "A",
+      "name": "Annex A Controls",
+      "requirement_count": 8,
+      "description": "Reference control objectives and controls specific to AI systems"
+    }
+  ],
+  "requirements": [
+    {
+      "id": "ISO42001-5.1",
+      "family": "Leadership",
+      "title": "Leadership and Commitment",
+      "description": "Top management shall demonstrate leadership and commitment with respect to the AI management system by establishing the AI policy, ensuring integration of AIMS requirements into business processes, ensuring resources are available, communicating the importance of effective AI management, directing and supporting persons to contribute to AIMS effectiveness, and promoting continual improvement.",
+      "evidence_required": "Documented AI policy endorsed by top management, management review meeting minutes, resource allocation evidence, AIMS integration into business processes.",
+      "priority": "P1",
+      "iso_27001_crosswalk": "5.1",
+      "nist_800_53_crosswalk": ["PM-1", "PM-9"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-5.2",
+      "family": "Leadership",
+      "title": "AI Policy",
+      "description": "Top management shall establish an AI policy that is appropriate to the purpose of the organization, provides a framework for setting AI objectives, includes a commitment to satisfy applicable requirements, includes a commitment to responsible AI principles (fairness, transparency, accountability, safety), and is communicated within the organization and available to interested parties as appropriate.",
+      "evidence_required": "Documented AI policy covering responsible AI principles, evidence of policy communication, periodic policy review records.",
+      "priority": "P1",
+      "iso_27001_crosswalk": "5.2",
+      "nist_800_53_crosswalk": ["PL-1", "PM-1", "PM-11"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-6.1",
+      "family": "Planning",
+      "title": "Actions to Address AI Risks and Opportunities",
+      "description": "The organization shall determine AI-specific risks and opportunities that need to be addressed to ensure the AIMS can achieve its intended outcomes, prevent or reduce undesired effects, and achieve continual improvement. Risk assessment shall consider AI-specific factors including bias, fairness, data quality, adversarial threats, model robustness, explainability limitations, and societal impact. Risk treatment plans shall be established and implemented.",
+      "evidence_required": "AI risk assessment documentation, risk treatment plans, risk register with AI-specific risk categories, opportunity assessment records.",
+      "priority": "P1",
+      "iso_27001_crosswalk": "6.1",
+      "nist_800_53_crosswalk": ["RA-1", "RA-3", "PM-9"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-6.2",
+      "family": "Planning",
+      "title": "AI Objectives and Planning to Achieve Them",
+      "description": "The organization shall establish AI objectives at relevant functions, levels, and processes. AI objectives shall be consistent with the AI policy, measurable, take into account applicable requirements and risk assessment results, be monitored, communicated, and updated as appropriate. The organization shall determine what will be done, what resources will be required, who will be responsible, when it will be completed, and how results will be evaluated.",
+      "evidence_required": "Documented AI objectives with measurable targets, action plans with timelines and responsibilities, progress monitoring records, objective achievement evidence.",
+      "priority": "P2",
+      "iso_27001_crosswalk": "6.2",
+      "nist_800_53_crosswalk": ["PM-4", "PL-2"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-7.1",
+      "family": "Support",
+      "title": "Resources and Competence for AI",
+      "description": "The organization shall determine and provide the resources needed for the establishment, implementation, maintenance, and continual improvement of the AIMS. This includes AI-specific infrastructure (compute resources, model training environments, LLM providers), personnel with AI competencies, and tools for AI development, testing, and monitoring. The organization shall ensure that persons doing work under its control that affects AI system performance are competent on the basis of appropriate education, training, or experience.",
+      "evidence_required": "Resource allocation records for AI infrastructure, AI competency requirements, training records for AI personnel, AI tool and platform inventory.",
+      "priority": "P1",
+      "iso_27001_crosswalk": "7.1",
+      "nist_800_53_crosswalk": ["PM-2", "AT-2", "AT-3"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-7.2",
+      "family": "Support",
+      "title": "AI Awareness and Communication",
+      "description": "The organization shall ensure that persons doing work under the organization's control are aware of the AI policy, their contribution to AIMS effectiveness, the implications of not conforming with AIMS requirements, and AI-specific ethical considerations. Internal and external communications relevant to the AIMS shall be determined and managed, including communication with affected stakeholders about AI system capabilities and limitations.",
+      "evidence_required": "AI awareness program documentation, communication plan for AIMS, stakeholder communication records, evidence of ethical AI training.",
+      "priority": "P2",
+      "iso_27001_crosswalk": "7.3",
+      "nist_800_53_crosswalk": ["AT-1", "AT-2", "PM-15"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-8.1",
+      "family": "Operation",
+      "title": "Operational Planning and Control",
+      "description": "The organization shall plan, implement, and control the processes needed to meet AIMS requirements and to implement AI risk treatment actions. Operational controls for AI systems shall address the AI system development lifecycle, data governance (collection, preparation, labeling, storage, disposal), model training, validation and verification, deployment procedures, and ongoing operation. AI security gates shall be configured and enforced throughout the lifecycle.",
+      "evidence_required": "AI development lifecycle documentation, data governance procedures, model training records, validation and verification evidence, deployment checklists, security gate configuration.",
+      "priority": "P1",
+      "iso_27001_crosswalk": "8.1",
+      "nist_800_53_crosswalk": ["SA-3", "SA-8", "SA-11", "CM-3"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-8.4",
+      "family": "Operation",
+      "title": "AI System Impact Assessment",
+      "description": "The organization shall conduct an AI impact assessment for AI systems to identify and evaluate impacts on individuals, groups, communities, and society. The impact assessment shall consider potential harms from AI system outputs, fairness and non-discrimination impacts, privacy implications of data processing, environmental impact of AI training and operation, effects on human autonomy and decision-making, and impacts on labor and employment. Impact assessments shall be reviewed when significant changes occur.",
+      "evidence_required": "AI impact assessment reports, harm evaluation documentation, fairness assessment results, privacy impact analysis, environmental impact consideration, periodic review records.",
+      "priority": "P1",
+      "iso_27001_crosswalk": "8.2",
+      "nist_800_53_crosswalk": ["RA-3", "RA-5", "RA-8"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-9.1",
+      "family": "Performance Evaluation",
+      "title": "Monitoring, Measurement, and Analysis of AI Systems",
+      "description": "The organization shall determine what needs to be monitored and measured for AI systems, the methods for monitoring, measurement, analysis, and evaluation, when monitoring and measuring shall be performed, and who shall analyze and evaluate the results. AI-specific monitoring shall include model performance metrics, bias and fairness metrics, system availability and reliability, data quality metrics, and AI-related security events including adversarial attack detection.",
+      "evidence_required": "AI monitoring framework documentation, performance metric definitions, monitoring dashboards or reports, bias tracking records, security event logs for AI systems.",
+      "priority": "P1",
+      "iso_27001_crosswalk": "9.1",
+      "nist_800_53_crosswalk": ["CA-7", "SI-4", "AU-6"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-10.1",
+      "family": "Improvement",
+      "title": "Continual Improvement of AI Management",
+      "description": "The organization shall continually improve the suitability, adequacy, and effectiveness of the AI management system. This includes incorporating lessons learned from AI incidents, updating risk assessments based on emerging AI threats and vulnerabilities, improving AI development processes based on performance data, and adopting new best practices for responsible AI. The organization shall leverage internal and external intelligence sources to identify improvement opportunities for AI capabilities and risk management.",
+      "evidence_required": "Improvement action records, lessons learned documentation from AI incidents, updated risk assessments, process improvement evidence, innovation tracking records.",
+      "priority": "P2",
+      "iso_27001_crosswalk": "10.1",
+      "nist_800_53_crosswalk": ["PM-4", "CA-5", "PM-16"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-A.2",
+      "family": "Annex A",
+      "title": "AI Impact Assessment",
+      "description": "The organization shall perform and document an impact assessment for AI systems covering potential effects on individuals, groups, communities, and the broader society. The assessment shall evaluate risks of harm from AI outputs, potential for discriminatory outcomes, privacy implications, transparency and explainability needs, and environmental considerations. Results of the impact assessment shall inform risk treatment decisions.",
+      "evidence_required": "AI impact assessment reports, discrimination risk analysis, privacy assessment, transparency evaluation, environmental impact documentation.",
+      "priority": "P1",
+      "iso_27001_crosswalk": "A.5.7",
+      "nist_800_53_crosswalk": ["RA-3", "RA-5"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-A.3",
+      "family": "Annex A",
+      "title": "AI System Lifecycle Management",
+      "description": "The organization shall manage the AI system throughout its lifecycle from conception through retirement. Lifecycle stages shall include requirements definition, design, development, testing, deployment, operation, monitoring, and decommissioning. Each stage shall have defined processes, quality criteria, and approval gates. Model versioning, configuration management, and change control shall be implemented.",
+      "evidence_required": "AI lifecycle management framework, stage gate documentation, model version control records, change management logs, decommissioning procedures.",
+      "priority": "P1",
+      "iso_27001_crosswalk": "A.5.8",
+      "nist_800_53_crosswalk": ["SA-3", "SA-8", "CM-3", "CM-9"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-A.4",
+      "family": "Annex A",
+      "title": "AI Data Quality and Governance",
+      "description": "The organization shall establish data quality and governance processes for AI systems covering data collection, labeling, preprocessing, storage, and disposal. Data provenance shall be documented. Training data shall be assessed for representativeness, bias, completeness, and accuracy. Data handling shall comply with applicable privacy and data protection requirements. Synthetic data usage shall be documented and validated.",
+      "evidence_required": "Data governance policy, data provenance documentation, training data quality assessment, bias analysis of data, privacy compliance evidence, synthetic data validation records.",
+      "priority": "P1",
+      "iso_27001_crosswalk": "A.5.10",
+      "nist_800_53_crosswalk": ["SI-12", "SA-3", "PM-25"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-A.5",
+      "family": "Annex A",
+      "title": "AI Transparency and Explainability",
+      "description": "The organization shall provide appropriate transparency about AI systems to relevant stakeholders. Information provided shall include the purpose and intended use of the AI system, the type of AI technology used, the role of AI in decision-making, known limitations and failure modes, and how to contest AI-assisted decisions. Explainability methods appropriate to the AI system's risk level and stakeholder needs shall be implemented.",
+      "evidence_required": "AI transparency disclosures, system documentation for stakeholders, explainability method implementation, known limitations documentation, contestation mechanisms.",
+      "priority": "P2",
+      "iso_27001_crosswalk": "A.5.13",
+      "nist_800_53_crosswalk": ["PL-2", "AC-4", "AU-2"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-A.6",
+      "family": "Annex A",
+      "title": "AI Data Management and Classification",
+      "description": "The organization shall classify and manage data used by AI systems according to its sensitivity, confidentiality requirements, and applicable regulations. AI training data, model weights, inference inputs, and outputs shall be classified using the organization's data classification scheme. Data handling procedures shall be defined for each classification level. Cross-border data transfer requirements shall be addressed.",
+      "evidence_required": "Data classification scheme applied to AI data, data handling procedures per classification level, classification manager configuration, cross-border transfer documentation.",
+      "priority": "P1",
+      "iso_27001_crosswalk": "A.5.12",
+      "nist_800_53_crosswalk": ["RA-2", "SC-16", "MP-4"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-A.7",
+      "family": "Annex A",
+      "title": "AI Security and Robustness",
+      "description": "The organization shall implement security controls specific to AI systems including protection against adversarial attacks (prompt injection, data poisoning, model extraction, membership inference), model integrity verification, secure model storage and distribution, access control for AI models and training data, and secure API interfaces. AI systems shall be tested for robustness against adversarial inputs.",
+      "evidence_required": "AI security controls documentation, adversarial testing results, model integrity verification records, access control configuration for AI assets, secure API configuration.",
+      "priority": "P1",
+      "iso_27001_crosswalk": "A.8.9",
+      "nist_800_53_crosswalk": ["SI-3", "SI-7", "SI-10", "SC-7"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-A.8",
+      "family": "Annex A",
+      "title": "AI Fairness and Bias Management",
+      "description": "The organization shall establish processes to identify, assess, and mitigate bias in AI systems throughout the lifecycle. Bias evaluation shall consider training data bias, algorithmic bias, and outcome bias across protected attributes. Fairness metrics appropriate to the application context shall be defined, monitored, and reported. Remediation actions shall be implemented when unacceptable bias is detected.",
+      "evidence_required": "Bias assessment methodology, fairness metric definitions, bias evaluation results, remediation action records, ongoing bias monitoring configuration.",
+      "priority": "P2",
+      "iso_27001_crosswalk": "A.5.9",
+      "nist_800_53_crosswalk": ["PM-25", "CA-2", "SI-4"],
+      "ai_specific": true
+    },
+    {
+      "id": "ISO42001-A.9",
+      "family": "Annex A",
+      "title": "AI Third-Party and Supply Chain Management",
+      "description": "The organization shall manage risks associated with third-party AI components, services, and data sources. Due diligence shall be performed on AI model providers, data suppliers, and cloud AI service providers. Contractual agreements shall address AI-specific requirements including data usage rights, model performance guarantees, liability for AI-related harms, and compliance obligations. Third-party AI components shall be inventoried and monitored.",
+      "evidence_required": "Third-party AI component inventory, vendor due diligence records, contractual agreements with AI provisions, supply chain risk assessment, ongoing monitoring evidence.",
+      "priority": "P2",
+      "iso_27001_crosswalk": "A.5.19",
+      "nist_800_53_crosswalk": ["SA-9", "SR-3", "SR-5", "PM-30"],
+      "ai_specific": true
+    }
+  ]
+}