GRC Knowledge

What it does

This skill adds deep Governance, Risk, and Compliance (GRC) domain knowledge to an agent. It lets the agent cite specific control IDs, map controls across frameworks (NIST, FedRAMP, ISO, PCI, SOC 2, etc.), review SSPs/POA&Ms/policies for structural completeness, and generate evidence-checklists and audit preparation guidance. It emphasizes structural, non-sensitive feedback and includes extensive reference material.

When to use it

Use this skill when preparing for audits (FedRAMP, SOC 2, ISO), drafting or reviewing SSPs and POA&Ms, mapping controls between frameworks, or when you need precise references to control IDs and expected evidence. It is intended for compliance engineers, ISSOs, and audit prep workflows rather than hands-on security configuration guidance.

What's included

• Scripts: none bundled with the SKILL.md (reference material and many markdown references live in the repo)
• References: large frameworks/, mappings/, audits/, and oscal/ collections are present in the repo
• Instructions: stepwise review approach, redaction guidance, structured checklists, and narrative scoring guidance contained in the SKILL body

Compatible agents

Best suited for agents that can handle long-form reference docs and structured prompts (Claude-style assistants, Claude Code / similar).