A modern, extensible framework for defining and enforcing security policies across your digital infrastructure.

A platform to automate and orchestrate security rules for governance, risk and compliance, and continuous assurance.

MCP Documentation Server Using the Official FedRAMP/docs Repo

Create a domain specific (GRC) agent with the Claude Agent SDK

A Rust-based diagramming-as-code API that allows you to turn your .tfstate file into details architecture boundary diagrams.

Simple CLI script to assist GRC analysts with risk ranking vendors.

Compliance-as-Code lab using AWS Config, EventBridge, and Lambda auto-remediation with CloudFormation.

GovSCH is an Open-Source Schema for Authoring Cybersecurity & AI Governance Documents

Lightweight Python CLI tool that scans AWS IAM policy JSON files for overly permissive statements and maps findings to CJIS v6.0, FedRAMP, and NIST 800-53 compliance controls.

An end-to-end Compliance-as-Code pipeline built with Terraform, AWS Config, and Python. Automates compliance checks, Slack reporting, and audit evidence collection.

simple go tool for exporting evidence from Vanta

Cloud security policy-as-code with AWS Config, Lambda remediation, and Terraform.

GRC Mapping Analyst is a NIST IR 8477-based toolkit for AI-assisted cybersecurity crosswalks, producing deterministic set-theory mappings (equal, subset_of, superset_of, intersects_with, not_related) and 12-column STRM CSV outputs across frameworks, regulations, and control catalogs.

Simulated multi-region AWS lab for RPO/RTO validation and disaster recovery control mapping.

Automated AWS compliance guardrails using Service Control Policies and CloudFormation. Controls enforce audit log protection, encryption at rest, boundary protection, and least functionality, mapped to CJIS Security Policy v6.0, FedRAMP High baseline, and NIST 800-53 Rev. 5.

Simulated 6-week HIPAA GRC assessment engagement for a small private healthcare clinic. Structured, client-grade governance and risk documentation aligned to HIPAA and NIST CSF.

SecAI-Nexus is a free, centralized dashboard that delivers real-time cyber threat intelligence — giving security and GRC professionals instant visibility into emerging attack vectors, AI-driven risks, and the latest cybersecurity trends — all without subscriptions or complex setup.

The code, documentation, and build assets for ORION V2 for the Ghana Robotics Competition (Engineers League, Smart City Builders Challenge).

Network security design & implementation — VLAN · pfSense · STRIDE · SOC IR playbook · ISO 27001 · NIST CSF · Master School Institute of Technology (MSIT)