Compliance Framework Mapping #42
Description
Description
Auto-map findings to PCI-DSS, SOC 2, ISO 27001, HIPAA, NIST CSF with gap analysis reports.
What already exists
- MITRE CWE/CAPEC mapping with hierarchical relationships
- CVE enrichment with CVSS scores
- NIST NVD API integration for CVE lookups
What needs to be built
- PCI-DSS control mapping for findings
- SOC 2 trust service criteria mapping
- ISO 27001 Annex A control mapping
- HIPAA safeguard mapping
- NIST CSF function/category mapping
- Gap analysis engine (controls covered vs. not assessed)
- Compliance report generation per framework
- Compliance dashboard UI with coverage metrics