Compliance Engine (SOC2/ISO27001/PCI-DSS/HIPAA/FedRAMP/GDPR with Framework Mapping and Reporting)

Module

ReleaseOrchestrator

Status

IMPLEMENTED

Description

Multi-framework compliance engine that maps release controls to regulatory requirements across SOC2, ISO 27001, PCI-DSS, HIPAA, FedRAMP, and GDPR. Includes framework mapper for automated control alignment and gap analysis, multi-format report generation with evidence linking, and control implementation status tracking per framework.

Implementation Details

Modules: src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Compliance/
Key Classes:
- ComplianceEngine (src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Compliance/ComplianceEngine.cs) - multi-framework compliance evaluation engine
- FrameworkMapper (src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Compliance/FrameworkMapper.cs) - maps release controls to regulatory framework requirements
- ControlValidator (src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Compliance/ControlValidator.cs) - validates control implementation status
- ReportGenerator (src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Compliance/ReportGenerator.cs) - multi-format compliance report generation
- ComplianceController (src/ReleaseOrchestrator/StellaOps.ReleaseOrchestrator.Api/Controllers/ComplianceController.cs) - REST API for compliance queries
Source: SPRINT_20260117_039_ReleaseOrchestrator_compliance.md

E2E Test Plan

Run compliance evaluation against SOC2 framework and verify control mapping output
Verify gap analysis: identify unimplemented controls via FrameworkMapper for PCI-DSS
Verify multi-framework: evaluate a release against both ISO 27001 and HIPAA simultaneously
Verify report generation: generate a compliance report and verify evidence linking
Verify API: call ComplianceController endpoint and verify compliance status response

2.0 KiB Raw Blame History