Open-source GRC toolkit from the GRC Engineering Club. Claude Code plugins for evidence collection, SCF crosswalks, multi-framework gap reports, OSCAL workflows.

Security architecture patterns and NIST 800-53 controls from opensecurityarchitecture.org

Unified NIST + OWASP security framework MCP server — 36 tools, 3439+ records, live NVD/KEV, PDF reading, STRIDE threat modeling, compliance mapping

Centralized STIG & NIST 800-53 compliance knowledge, playbooks, and secure code templates for federal systems development.

Terraform provider for Technitium DNS Server with STIG-hardened defaults and CNSSI 1253 compliance support

Compliance-as-Code lab using AWS Config, EventBridge, and Lambda auto-remediation with CloudFormation.

Fledge: hardened macOS platform for autonomous AI agents. Security-first n8n orchestration from hello world to production.

Automated compliance as code for hybrid cloud hardening. NIST Hardening Suite converts NIST 800-53 controls into executable, auditable Ansible workflows that reduce drift and support SOC 2 and DORA evidence mapping.

Read-only, evidence-grade automation for FedRAMP 20x & Rev5: a TypeScript collector that captures AWS/GCP/Kubernetes config evidence for all 63 KSIs (223 requirements), benchmarks against NIST 800-53 at Low/Moderate/High, and signs it (Ed25519 + OSCAL) — plus a local multi-user tracker over the FRMR catalog.

Open-source agent skills, agents, and reference connectors for compliance engineers. SOC 2, ISO 27001, NIST 800-53.

A browser-based Microsoft Defender for Endpoint audit tracker for MSSP security engineers, mapping ~270 tasks across multiple frameworks including — NIST CSF 2.0, Cyber Essentials, SOC 2, and NIST 800-53. Features per-task status, notes, live progress metrics, framework switching, dark/light mode, and CSV, HTML, and JSON export.

ALX System Engineering & DevOps portfolio with cybersecurity enhancements. Bash automation for log analysis, system hardening, incident response, zero-trust SSH, compliance auditing (CIS/NIST), threat hunting, and DevSecOps pipelines. Proven SOC analyst toolkit – built on Ubuntu 20.04.

IAM Authentication Audit Tracker is a Terraform-based AWS security lab that detects IAM login anomalies using CloudTrail, CloudWatch, SNS, and Athena. It integrates tfsec scans through GitHub Actions and demonstrates alerting, audit log analysis, and compliance mapping to NIST 800-53 (AU-6, AC-7) and ISO 27001 A.12.4 using secure IaC

Databricks lakehouse for GRC compliance automation — NIST 800-53 and SOC 2 controls, cross-framework mapping, rule engine, and ML risk prediction

Lightweight Python CLI tool that scans AWS IAM policy JSON files for overly permissive statements and maps findings to CJIS v6.0, FedRAMP, and NIST 800-53 compliance controls.

AWS Organization baseline configuration

Security-focused agent skills for service mesh analysis, compliance reporting, and remediation

NIST SP 800-53 Rev 5 security control mapping, gap analysis, risk scoring, and POA&M development

ATLAS.Compliance.Logging — federal-grade audit logging library for UiPath. Part of the ATLAS suite.