Releases: Sushegaad/Claude-Skills-Governance-Risk-and-Compliance
v0.2.0
Changelog — release v0.2.0 (March 2026)
🆕 New Claude AI Skills (4)
NIST Cybersecurity Framework (CSF)
Full CSF 2.0 advisor covering all six functions (Govern, Identify, Protect, Detect, Respond, Recover), gap assessments with implementation tier scoring, organisational and target profile generation, and cross-framework mapping to ISO 27001, NIST SP 800-53, and CIS Controls. Includes CSF 1.1 → 2.0 migration guidance.
PCI DSS Compliance
Complete PCI DSS v4.0.1 advisor covering all 12 requirements, all 8 SAQ types, merchant and service provider level scoping, CDE boundary analysis, and QSA audit preparation. Includes detailed coverage of all requirements that became mandatory on 31 March 2025 (Req 6.4.3, 8.4.2, 11.6.1, 10.4.1.1, 5.4.1).
TSA Cybersecurity (Critical Infrastructure)
Expert advisor for pipeline, freight rail, passenger rail, and transit operators subject to TSA Security Directives. Covers the full Cyber Risk Management Program (CRMP) lifecycle: Cybersecurity Implementation Plan (CIP), Operational Implementation Plan (COIP), Incident Response Plan (IRP), Assessment Plan (CAP), Critical Cyber Systems identification, and CISA 24-hour incident reporting obligations.
ISO 42001 AI Management System
First-of-its-kind AI governance skill based on ISO/IEC 42001:2023 — the international AI management system standard. Covers gap analysis across all 9 mandatory clauses, all 38 Annex A controls, AISIA (AI System Impact Assessment), AI risk assessment, role detection (AI provider vs AI user), Statement of Applicability generation, and EU AI Act / NIST AI RMF alignment.
🐛 Bug Fix
Plugin loader path mismatch (issue [#8])
The original marketplace.json contained explicit skills arrays pointing to full repo-relative paths (e.g. ./plugins/iso27001/skills/iso27001). The Claude Code installer extracts only the plugin subdirectory into the local cache, so the loader was constructing a doubled path that didn't exist. Fixed by removing the skills arrays and relying on Claude Code's auto-discovery of the skills/ directory. Version bumped to force cache invalidation for affected users.
📊 Eval Coverage Expanded
Benchmark updated from 10 test cases (5 skills) to 18 test cases across all 9 skills. With-skill pass rate: 94% ± 10% vs baseline 72% ± 28% (+22 points). The expanded evaluation covers gap analysis, SSP narratives, DPA drafting, breach response, CRMP section drafting, and AISIA assessments.
📁 Files Updated in This Release
All 9 plugin manifests (plugin.json), marketplace.json, 5 skill READMEs, and the main README.md badge updated to v0.2.0.
v0.1.0-alpha
Expert-level compliance guidance for ISO 27001, SOC 2, FedRAMP, GDPR, and HIPAA.