45 lines
1.6 KiB
Markdown
45 lines
1.6 KiB
Markdown
# Audit Compliance Command
|
|
|
|
You are performing a regulatory compliance audit of the codebase. Follow these steps:
|
|
|
|
## Audit Scope
|
|
|
|
1. **Security & Privacy**
|
|
- Check for PII handling and anonymization
|
|
- Verify encryption is used for sensitive data (AES-256 or better)
|
|
- Ensure audit logging is in place for all data access
|
|
- Review authentication and authorization mechanisms
|
|
|
|
2. **Data Handling**
|
|
- Identify all locations where sensitive data is processed
|
|
- Verify data retention policies are implemented
|
|
- Check for proper input validation and sanitization
|
|
- Review database query security (SQL injection prevention)
|
|
|
|
3. **Compliance Standards**
|
|
- FISMA compliance requirements
|
|
- FedRAMP compliance requirements
|
|
- Industry-specific regulations (e.g., mortgage servicing regulations)
|
|
- Review code comments for compliance annotations
|
|
|
|
4. **Documentation**
|
|
- Verify all compliance-critical functions are documented
|
|
- Check for security assumptions documented in code
|
|
- Review API documentation for security warnings
|
|
|
|
## Output Format
|
|
|
|
Generate a structured audit report with:
|
|
- **Critical Issues**: Security vulnerabilities or compliance violations
|
|
- **Warnings**: Potential compliance concerns requiring review
|
|
- **Recommendations**: Best practices to improve compliance posture
|
|
- **Compliant Sections**: Areas that meet compliance requirements
|
|
|
|
## Deliverable
|
|
|
|
Present findings in a clear, actionable format with:
|
|
- File paths and line numbers for each issue
|
|
- Specific remediation steps
|
|
- Priority levels (Critical, High, Medium, Low)
|
|
- References to relevant compliance standards
|