AI-Powered Compliance Mapper

Compliance Mapper ingests a system snapshot and turns risky technical signals into auditor-ready control mappings for CIS, ISO/IEC 27001, and NIST SP 800-53.

The prototype is intentionally dependency-free so it can run anywhere. It includes a deterministic analyzer that behaves like a compliance analyst and can later be replaced with a fine-tuned LLM or retrieval-augmented model.

What it maps today

• Process running from /tmp, /var/tmp, or /dev/shm to CIS 4.4, ISO A.12.2.1, and NIST SI-7.
• Recently added SSH authorized keys to ISO A.9.2.1, NIST AC-2, and CIS 5.4.
• Privileged users without MFA evidence to ISO A.9.2.3, NIST AC-6, and CIS 5.4.
• SSH root login to CIS 5.2.8, ISO A.9.2.3, and NIST AC-6.
• Unapproved externally exposed services to CIS 9.2, ISO A.13.1.1, and NIST CM-7.
• World-writable files or directories to CIS 4.4 and NIST SI-7.

Run it

python3 -m compliance_mapper samples/orin_snapshot.json --out-dir reports

The command creates:

• reports/orin-prod-01-compliance-report.html
• reports/orin-prod-01-compliance-report.pdf

Snapshot shape

Collectors can emit JSON with these top-level fields:

{
  "host": "orin-prod-01",
  "collected_at": "2026-06-06T04:55:00+03:00",
  "processes": [],
  "ssh_authorized_keys": [],
  "users": [],
  "ssh_config": {},
  "network": [],
  "files": []
}

Roadmap

• Add a collector for Linux hosts and Orin exports.
• Replace TemplateAnalyzer with a provider-backed LLM analyzer.
• Add control-pack versioning for CIS, ISO 27001:2022, and NIST profiles.
• Add report signing and evidence bundle export.