gh-ngarrison-stack-claude-plugin-database-plugins-compliance-auditor/commands/audit-compliance.md

Audit Compliance Command

You are performing a regulatory compliance audit of the codebase. Follow these steps:

Audit Scope

1. Security & Privacy

   • Check for PII handling and anonymization
   • Verify encryption is used for sensitive data (AES-256 or better)
   • Ensure audit logging is in place for all data access
   • Review authentication and authorization mechanisms

2. Data Handling

   • Identify all locations where sensitive data is processed
   • Verify data retention policies are implemented
   • Check for proper input validation and sanitization
   • Review database query security (SQL injection prevention)

3. Compliance Standards

   • FISMA compliance requirements
   • FedRAMP compliance requirements
   • Industry-specific regulations (e.g., mortgage servicing regulations)
   • Review code comments for compliance annotations

4. Documentation

   • Verify all compliance-critical functions are documented
   • Check for security assumptions documented in code
   • Review API documentation for security warnings

Output Format

Generate a structured audit report with:

• Critical Issues: Security vulnerabilities or compliance violations
• Warnings: Potential compliance concerns requiring review
• Recommendations: Best practices to improve compliance posture
• Compliant Sections: Areas that meet compliance requirements

Deliverable

Present findings in a clear, actionable format with:

• File paths and line numbers for each issue
• Specific remediation steps
• Priority levels (Critical, High, Medium, Low)
• References to relevant compliance standards