🛡️

Compliance & Security Pack

Compliance and security audit skills — HIPAA, GDPR, SOC 2, PCI-DSS, cloud security posture, infrastructure hardening, secrets scanning, and incident response. Run before every production deployment.

14 Skills
Compliance Overview
Framework coverage matrix, 4-tier architecture, skill summaries
CI/CD Security Gateway
Pipeline integration, GitHub Actions config, automated scanning
hipaa-audit
Scan code for HIPAA violations — PHI exposure in logs, missing encryption, audit trail gaps, BAA compliance, breach notification readiness. Maps every finding to specific §164 sections.
compliance / hipaa-audit
gdpr-audit
Audit GDPR compliance — lawful basis verification, data subject rights implementation, consent management, data minimization, cross-border transfers, cookie compliance. Maps to specific Articles.
compliance / gdpr-audit
soc2-audit
Validate SOC 2 Trust Service Criteria — Security (CC1-CC9), Availability, Confidentiality, Processing Integrity, Privacy. Covers Type I and Type II readiness with evidence collection.
compliance / soc2-audit
pci-audit
Audit PCI-DSS v4.0 compliance — CDE scoping, tokenization verification, network segmentation, encryption, access controls, monitoring. Includes SAQ determination and scope reduction.
compliance / pci-audit
cloud-security
Scan cloud infrastructure for misconfigurations — public S3 buckets, overpermissive IAM, unencrypted volumes, missing audit logs. Covers AWS, Azure, GCP with CIS benchmark mapping.
compliance / cloud-security
infra-harden
Harden containers, OS, and TLS — Docker non-root enforcement, image scanning, Kubernetes RBAC, certificate management, secrets rotation, patch SLA compliance.
compliance / infra-harden
network-audit
Audit network security — VPC topology, security groups, NACLs, WAF configuration, egress controls, flow logs, DNS security, zero-trust segmentation validation.
compliance / network-audit
secrets-scan
Deep scan for leaked credentials — API keys, tokens, passwords in code, config, and git history. Pre-commit hooks, CI integration, rotation procedures, incident response.
compliance / secrets-scan
dep-vuln
Scan dependencies for CVEs and license violations — npm audit, Snyk, SBOM generation, supply chain attack prevention, patch management with SLA tiers.
compliance / dep-vuln
privacy-review
Review data privacy across all flows — PII detection in code/logs/APIs, third-party data sharing audit, anonymization verification, consent management, retention compliance.
compliance / privacy-review
access-audit
Audit access controls — RBAC implementation, MFA enforcement, user lifecycle, service accounts, least privilege analysis, access reviews. Maps to SOC 2/HIPAA/PCI-DSS.
compliance / access-audit
audit-log
Review audit trail completeness — event taxonomy, log schema, immutability verification, retention compliance, SIEM integration, PII detection in logs.
compliance / audit-log
incident-plan
Create and audit incident response procedures — NIST 800-61 lifecycle, breach notification timelines (HIPAA 60-day, GDPR 72-hour), forensic preservation, tabletop exercises.
compliance / incident-plan
compliance-report
Generate auditor-ready compliance reports — multi-framework control mapping, automated evidence collection, gap analysis, continuous compliance monitoring.
compliance / compliance-report
Back to all packs