mlunato47/claude-grc-plugin

137 stars · Last commit 2026-02-19

A Claude Code plugin that turns Claude into a senior GRC (Governance, Risk, and Compliance) analyst. 72+ reference files covering 15 frameworks, 24 slash commands, and deep domain knowledge for federal and commercial compliance work.

Workflow & Automation Documentation Design & UI DevOps & Infra Productivity AI & Prompting Data & ML Security

README preview

# GRC Knowledge Plugin

A plugin that turns your AI coding agent into a senior GRC (Governance, Risk, and Compliance) analyst. 72+ reference files covering 15 frameworks, 24 slash commands, and deep domain knowledge for federal and commercial compliance work.

**Works with**: Claude Code, OpenCode

## What It Does

Load this plugin and Claude gains expertise in:

- **15 compliance frameworks** — NIST 800-53, FedRAMP, FISMA, CMMC, SOC 2, ISO 27001, PCI DSS, HIPAA, CIS Controls, COBIT, CSA CCM, GDPR, SLSA, OSCAL, and NIST Rev 4→5 transition
- **Cross-framework mapping** — Map any control to any other framework through NIST 800-53 as the hub
- **Document review** — Feed it SSP narratives, POA&Ms, policies, CRMs and get structural quality feedback with 0-5 maturity scoring
- **Operational workflows** — Significant change analysis, inheritance modeling, SAR responses, compliance calendars, tabletop exercises

It cites specific control IDs, knows baseline assignments, understands assessment procedures, and speaks the language of auditors, ISSOs, and compliance engineers.

## Install

### From a Plugin Marketplace (Recommended)

View full repository on GitHub →