Claude Code Skills·Claude Skills·The open SKILL.md registry for Claude
ClaudSkillsAuthors › GRCEngClub › Page 2

GRCEngClub

@GRCEngClub on GitHub →

91 Claude Code skills authored by GRCEngClub.

updated 2026-07-06 · showing 61–91 of 91 by quality score

Average Pro QualityScore: 67.9/100

For the full experience including quality scoring and one-click install features for each skill — upgrade to Pro.

Expertise in evaluating Okta configurations for compliance — policies, MFA, session management, admin accounts, lifecycle. Maps to FedRAMP/NIST/SOC2/PCI identity controls.
ISO 27001 ISMS expert. Provides guidance on management system requirements, Annex A controls, certification process, and continuous improvement for information security.
Audience-specific tone and format guidance for leadership communications. Use when drafting any /report:* output to tune length, framing, and technical depth to the reader (board,…
SOC 2 Trust Service Criteria expert. Provides guidance on Type I/II audits, control mapping, evidence requirements, and audit preparation for all Trust Service Categories.
Sarbanes-Oxley Act of 2002 (SOX) expert for ICFR-relevant IT and security work. Deep knowledge of 15 U.S.C.
Singapore MAS Technology Risk Management Guidelines expert. Reference-depth framework plugin with scope determination, evidence checklist, and SCF-backed assessment guidance for…
Expertise on OSCAL (Open Security Controls Assessment Language) — what document types exist, when to use each, schema versioning, FedRAMP/eMASS/CSPM integration, round-trip…
Track regulatory compliance for construction projects. Monitor permits, certifications, inspections, and regulatory requirements with automated alerts and reporting.
Composes week-over-week automation coverage narratives. Use when /report:automation-coverage is running.
Japan APPI expert for the Act on the Protection of Personal Information. Reference-depth framework plugin with scope determination, evidence checklist, and SCF-backed assessment…
Interpret drata-inspector findings generated from drata-cli workflows and turn Drata control, monitor, evidence, personnel, and integration posture into GRC action.
EU NIS2 Directive (Directive (EU) 2022/2555) expert. Reference-depth knowledge of essential vs important entity classification, Article 20 governance, the Article 21 ten…
NERC Critical Infrastructure Protection expert. Reference-depth framework plugin with scope determination, evidence checklist, and SCF-backed assessment guidance for BES Cyber…
Australian IRAP (Information Security Registered Assessors Program) expert. Provides guidance on ISM controls, Essential Eight maturity levels, ACSC guidelines, and Australian…
Validates AWS readiness for website deployment. Checks CLI tools, credentials, SES, Route 53, and ACM. Produces a report with pass/fail and action items.
Converts natural language compliance requirements into executable policies (OPA Rego, AWS Config Rules, Sentinel, Terraform).
GLBA expert for financial institutions. Deep knowledge of Gramm-Leach-Bliley Act including Safeguards Rule (16 CFR Part 314), Privacy Rule (16 CFR Part 313), FTC enforcement,…
FedRAMP 20X modernization expert. Provides guidance on Key Security Indicators (KSIs), continuous monitoring automation, machine-readable policies, and the new automated…
Use when creating a draw.io diagram for audit planning, request lists, evidence, testing, exceptions, remediation, and reporting in a GRC, security, audit, compliance, privacy,…
UK NCSC Cyber Essentials Plus (CE+) v3.3 Danzell expert. Reference-depth framework plugin with assessment, scope determination, and evidence checklist — backed by the SCF…
HITRUST CSF expert for healthcare security. Implementation guidance, assessment workflow, and mapping to HIPAA/NIST/ISO/PCI frameworks.
Validates audit evidence artifacts for completeness, timeliness, relevance, and authenticity. Reviews screenshots, logs, configurations, and policies against control requirements.
DORA expert for EU financial entities. Deep knowledge of Digital Operational Resilience Act including 5 pillars, ICT risk management, incident reporting, resilience testing,…
Sets up GitHub Actions CI/CD workflow for automatic deployment to AWS on push to main. Uses GitHub OIDC for keyless AWS authentication.
Converts unstructured risk assessments into structured Jira tickets. Extracts Likelihood, Impact, Mitigation from natural language and generates JSON formatted for Jira API with…
Reviews pull requests for compliance regressions. Scans code diffs for security and compliance violations, flags issues, and suggests fixes aligned with frameworks like SOC 2, ISO…
NIST Cybersecurity Framework v2.0 expert. Reference-depth knowledge of the six Functions (Govern, Identify, Protect, Detect, Respond, Recover), Categories and Subcategories,…
Conducts comprehensive vendor security assessments. Evaluates vendor security posture, identifies risks, and generates assessment reports with recommendations.
NIST 800-53 control framework expert. Provides guidance on control families, baseline selection, tailoring, and federal compliance requirements including FedRAMP alignment.
Interpret slack-inspector findings, explain Slack API coverage limits, and turn Slack workspace posture results into control evidence or remediation.
Use when creating a draw.io diagram for controls mapped across frameworks, systems, owners, risks, and evidence sources in a GRC, security, audit, compliance, privacy, cloud, or…
Search all 91 skills by GRCEngClub →