-
Notifications
You must be signed in to change notification settings - Fork 2.3k
CLAUDE MD Compliance
rUv edited this page Jul 30, 2025
·
2 revisions
MANDATORY RULE: All compliance operations MUST be executed in parallel for comprehensive coverage:
- Regulatory scanning → Check all standards simultaneously (HIPAA, SOX, GDPR, PCI-DSS)
- Audit trail creation → Generate all documentation concurrently
- Policy validation → Verify all controls in parallel
- Evidence collection → Gather all compliance artifacts together
- Report generation → Create all compliance reports at once
ABSOLUTE RULE: ALL compliance operations MUST be concurrent in single messages:
// ✅ CORRECT: Compliance validation in ONE message
[Single Message]:
// Initialize compliance swarm
- mcp__claude-flow__swarm_init { topology: "hierarchical", maxAgents: 12, strategy: "parallel" }
- mcp__claude-flow__agent_spawn { type: "specialist", name: "HIPAA Compliance Officer", capabilities: ["PHI protection", "healthcare standards"] }
- mcp__claude-flow__agent_spawn { type: "specialist", name: "SOX Auditor", capabilities: ["financial controls", "audit trails"] }
- mcp__claude-flow__agent_spawn { type: "specialist", name: "GDPR Officer", capabilities: ["data privacy", "consent management"] }
- mcp__claude-flow__agent_spawn { type: "specialist", name: "PCI-DSS Assessor", capabilities: ["payment security", "cardholder data"] }
- mcp__claude-flow__agent_spawn { type: "analyst", name: "Risk Assessor", capabilities: ["risk analysis", "control mapping"] }
- mcp__claude-flow__agent_spawn { type: "documenter", name: "Compliance Reporter", capabilities: ["report generation", "evidence collection"] }
// Compliance scanning tools
- Bash("prowler aws -c hipaa_controls --json-file hipaa_compliance.json")
- Bash("inspec exec sox-compliance-profile --reporter json > sox_results.json")
- Bash("gdpr-scanner --full-scan --output gdpr_findings.json .")
- Bash("pci-compliance-validator --level 1 --json > pci_assessment.json")
// Audit trail generation
- Write("compliance/audit-trails/access-log.json", accessAuditTrail)
- Write("compliance/audit-trails/change-log.json", changeAuditTrail)
- Write("compliance/audit-trails/data-processing.json", dataProcessingLog)
- Write("compliance/audit-trails/consent-records.json", consentManagement)
// Policy documentation
- Write("compliance/policies/data-retention.md", dataRetentionPolicy)
- Write("compliance/policies/access-control.md", accessControlPolicy)
- Write("compliance/policies/incident-response.md", incidentResponsePolicy)
- Write("compliance/policies/encryption.md", encryptionPolicy)Task(`You are the HIPAA Compliance Officer agent in a compliance assessment swarm.
MANDATORY COORDINATION:
1. START: npx claude-flow@alpha hooks pre-task --description "HIPAA compliance validation"
2. DURING: After EVERY check, run npx claude-flow@alpha hooks post-edit --file "hipaa_findings.json" --memory-key "compliance/hipaa"
3. MEMORY: Store ALL findings using npx claude-flow@alpha hooks notify --message "[HIPAA requirement status]"
4. END: npx claude-flow@alpha hooks post-task --task-id "hipaa-compliance" --analyze-performance true
Your specific tasks:
- Validate PHI protection mechanisms
- Verify access controls for healthcare data
- Check encryption at rest and in transit
- Audit user activity logs
- Validate backup and disaster recovery procedures
- Ensure Business Associate Agreements (BAAs) are in place
COORDINATE with other compliance agents to avoid control overlap!`)Task(`You are the GDPR Officer agent in a compliance assessment swarm.
MANDATORY COORDINATION:
1. START: npx claude-flow@alpha hooks pre-task --description "GDPR compliance assessment"
2. DURING: After EVERY check, run npx claude-flow@alpha hooks post-edit --file "gdpr_findings.json" --memory-key "compliance/gdpr"
3. MEMORY: Store ALL findings using npx claude-flow@alpha hooks notify --message "[GDPR article compliance]"
4. END: npx claude-flow@alpha hooks post-task --task-id "gdpr-compliance" --analyze-performance true
Your specific tasks:
- Verify data subject rights implementation
- Check consent management systems
- Validate data processing records
- Ensure privacy by design principles
- Verify data breach notification procedures
- Check cross-border data transfer mechanisms
REMEMBER: Coordinate with Risk Assessor for DPIA requirements!`)# compliance-controls.yaml
compliance_framework:
controls:
- id: "ACC-001"
name: "Access Control"
regulations:
hipaa: ["164.308(a)(4)", "164.312(a)(1)"]
sox: ["Section 404", "COBIT DS5.3"]
gdpr: ["Article 32", "Article 25"]
pci_dss: ["Requirement 7", "Requirement 8"]
implementation:
technical:
- "Multi-factor authentication"
- "Role-based access control"
- "Privileged access management"
administrative:
- "Access review procedures"
- "Termination procedures"
- "Training requirements"
- id: "ENC-001"
name: "Encryption"
regulations:
hipaa: ["164.312(a)(2)(iv)", "164.312(e)(2)(ii)"]
sox: ["IT General Controls"]
gdpr: ["Article 32(1)(a)"]
pci_dss: ["Requirement 3.4", "Requirement 4"]
implementation:
technical:
- "AES-256 encryption at rest"
- "TLS 1.3 for data in transit"
- "Key management system"#!/usr/bin/env python3
# compliance-scanner.py - Parallel multi-regulation scanner
import asyncio
import json
from concurrent.futures import ThreadPoolExecutor
from typing import Dict, List, Any
class ComplianceScanner:
def __init__(self):
self.regulations = {
'hipaa': HIPAAScanner(),
'sox': SOXScanner(),
'gdpr': GDPRScanner(),
'pci_dss': PCIDSSScanner(),
'iso27001': ISO27001Scanner(),
'nist': NISTScanner()
}
self.executor = ThreadPoolExecutor(max_workers=10)
async def scan_all_regulations(self) -> Dict[str, Any]:
"""Run all compliance scans in parallel"""
tasks = []
# Create tasks for each regulation
for reg_name, scanner in self.regulations.items():
task = asyncio.create_task(self.scan_regulation(reg_name, scanner))
tasks.append(task)
# Execute all scans in parallel
results = await asyncio.gather(*tasks)
# Consolidate results
return self.consolidate_results(results)
async def scan_regulation(self, name: str, scanner: Any) -> Dict:
"""Scan for specific regulation compliance"""
return await asyncio.to_thread(scanner.scan)
def consolidate_results(self, results: List[Dict]) -> Dict:
"""Merge all compliance scan results"""
consolidated = {
'overall_compliance': self.calculate_overall_score(results),
'regulations': {},
'critical_findings': [],
'remediation_priority': []
}
for result in results:
consolidated['regulations'][result['regulation']] = result
consolidated['critical_findings'].extend(result.get('critical', []))
return consolidated
class HIPAAScanner:
def scan(self) -> Dict:
"""HIPAA-specific compliance checks"""
return {
'regulation': 'HIPAA',
'requirements': {
'administrative_safeguards': self.check_administrative(),
'physical_safeguards': self.check_physical(),
'technical_safeguards': self.check_technical(),
'organizational_requirements': self.check_organizational(),
'policies_procedures': self.check_policies()
},
'score': 0.0,
'findings': []
}
def check_technical(self) -> Dict:
"""Technical safeguards validation"""
checks = {
'access_control': self.validate_access_control(),
'audit_controls': self.validate_audit_logs(),
'integrity': self.validate_data_integrity(),
'transmission_security': self.validate_encryption()
}
return checks// audit-trail-system.js
class AuditTrailSystem {
constructor() {
this.trails = {
access: new AccessAuditTrail(),
data: new DataAuditTrail(),
system: new SystemAuditTrail(),
compliance: new ComplianceAuditTrail()
};
}
// Parallel audit trail generation
async generateAllTrails(timeRange) {
const trails = await Promise.all([
this.trails.access.generate(timeRange),
this.trails.data.generate(timeRange),
this.trails.system.generate(timeRange),
this.trails.compliance.generate(timeRange)
]);
return this.consolidateTrails(trails);
}
// Tamper-proof logging
async logComplianceEvent(event) {
const entry = {
timestamp: new Date().toISOString(),
eventType: event.type,
userId: event.userId,
action: event.action,
resource: event.resource,
result: event.result,
metadata: event.metadata,
hash: await this.calculateHash(event)
};
// Store in multiple locations for redundancy
await Promise.all([
this.storeInDatabase(entry),
this.storeInSIEM(entry),
this.storeInBlockchain(entry),
this.storeInCloudAudit(entry)
]);
}
}
// Data processing audit for GDPR
class DataProcessingAudit {
async recordProcessingActivity(activity) {
return {
processingId: crypto.randomUUID(),
timestamp: new Date().toISOString(),
purpose: activity.purpose,
legalBasis: activity.legalBasis,
dataCategories: activity.dataCategories,
dataSubjects: activity.dataSubjects,
recipients: activity.recipients,
retentionPeriod: activity.retentionPeriod,
safeguards: activity.safeguards,
transfers: activity.internationalTransfers,
dpia: activity.dpiaRequired ? activity.dpiaId : null
};
}
}#!/bin/bash
# evidence-collector.sh - Parallel evidence collection for compliance
# Create evidence structure
mkdir -p compliance-evidence/{screenshots,logs,configs,reports,attestations}
# Parallel evidence collection
{
# System configuration evidence
{
# Security configurations
cat /etc/ssh/sshd_config > compliance-evidence/configs/ssh_config.txt
iptables -L -n -v > compliance-evidence/configs/firewall_rules.txt
sestatus -v > compliance-evidence/configs/selinux_status.txt
# Access control evidence
getfacl -R /sensitive/data > compliance-evidence/configs/file_permissions.txt
sudo -l -U all > compliance-evidence/configs/sudo_permissions.txt
} &
# Log evidence collection
{
# Collect audit logs
ausearch -ts today -m USER_LOGIN > compliance-evidence/logs/user_logins.log
journalctl -u sshd --since today > compliance-evidence/logs/ssh_access.log
# Database audit logs
mysql -e "SELECT * FROM audit_log WHERE date > NOW() - INTERVAL 30 DAY" > compliance-evidence/logs/db_audit.log
} &
# Screenshot evidence
{
# Capture UI compliance features
python3 capture_compliance_ui.py --output compliance-evidence/screenshots/
} &
# Generate attestations
{
# Digital signatures for evidence
for file in compliance-evidence/**/*; do
openssl dgst -sha256 -sign private_key.pem -out "$file.sig" "$file"
done
} &
wait
}
# Create evidence manifest
python3 create_evidence_manifest.py > compliance-evidence/manifest.json
# Create tamper-evident package
tar -czf compliance-evidence-$(date +%Y%m%d).tar.gz compliance-evidence/
openssl dgst -sha256 compliance-evidence-*.tar.gz > evidence-hash.txt# Compliance Status Report
**Report Date**: {{date}}
**Organization**: {{org_name}}
## Executive Summary
### Overall Compliance Score: {{score}}%
| Regulation | Status | Score | Critical Findings |
|------------|--------|-------|-------------------|
| HIPAA | {{hipaa_status}} | {{hipaa_score}}% | {{hipaa_critical}} |
| SOX | {{sox_status}} | {{sox_score}}% | {{sox_critical}} |
| GDPR | {{gdpr_status}} | {{gdpr_score}}% | {{gdpr_critical}} |
| PCI-DSS | {{pci_status}} | {{pci_score}}% | {{pci_critical}} |
## Risk Heat Map
[Visual representation of compliance risks across regulations]
## Key Metrics
- **Controls Tested**: {{total_controls}}
- **Controls Passed**: {{passed_controls}}
- **Open Findings**: {{open_findings}}
- **Remediation Progress**: {{remediation_progress}}%
## Critical Action Items
1. {{critical_action_1}}
2. {{critical_action_2}}
3. {{critical_action_3}}# .github/workflows/continuous-compliance.yml
name: Continuous Compliance Monitoring
on:
push:
branches: [main, develop]
schedule:
- cron: '0 */4 * * *' # Every 4 hours
workflow_dispatch:
jobs:
compliance-scan:
runs-on: ubuntu-latest
strategy:
matrix:
regulation: [hipaa, sox, gdpr, pci-dss]
steps:
- name: Parallel Compliance Check
run: |
npx claude-flow@alpha --agents 10 --mode compliance \
--regulation ${{ matrix.regulation }} \
--parallel-scan --evidence-collection
- name: Generate Compliance Report
run: |
python3 generate_compliance_report.py \
--regulation ${{ matrix.regulation }} \
--format html,pdf,json
- name: Update Compliance Dashboard
run: |
curl -X POST ${{ secrets.COMPLIANCE_DASHBOARD_URL }} \
-H "Authorization: Bearer ${{ secrets.API_TOKEN }}" \
-d @compliance-results.json-
Regulatory Compliance Score
- Overall compliance percentage
- Per-regulation scores
- Control effectiveness rating
- Trend analysis
-
Audit Readiness Metrics
- Evidence completeness
- Documentation currency
- Control testing frequency
- Remediation velocity
-
Risk Metrics
- Open findings by severity
- Time to remediation
- Repeat findings rate
- Risk exposure value
-
Operational Metrics
- Compliance scanning frequency
- Automated vs manual controls
- Policy update frequency
- Training completion rates
// compliance-automation.js
class ComplianceAutomation {
async implementControls(regulations) {
// Parallel control implementation
const implementations = await Promise.all(
regulations.map(reg => this.implementRegulationControls(reg))
);
return this.validateImplementations(implementations);
}
async implementRegulationControls(regulation) {
const controls = {
'HIPAA': this.implementHIPAAControls,
'SOX': this.implementSOXControls,
'GDPR': this.implementGDPRControls,
'PCI-DSS': this.implementPCIControls
};
return await controls[regulation]();
}
async implementHIPAAControls() {
return await Promise.all([
this.enableEncryption('PHI'),
this.configureAccessControls('healthcare'),
this.setupAuditLogging('HIPAA'),
this.implementBackupProcedures(),
this.configureIncidentResponse('medical')
]);
}
}Remember: All compliance operations execute in parallel for comprehensive coverage and real-time validation!