How does this skill help with SOC 2 compliance?

It provides specific requirements for serverless encryption standards, centralized access logging, least-privilege IAM roles, and automated change management procedures.

Does this support multiple cloud providers?

Yes, the skill offers guidance for major providers including AWS, Azure, and GCP, focusing on their native security, logging, and key management services.

Can it help me prepare for a HIPAA audit?

Yes, it outlines mandatory BAA requirements, PHI encryption at rest and in transit, audit logging retention periods, and strict network isolation protocols.

What common security mistakes can this skill identify?

It provides 'wrong vs. correct' patterns for public S3 buckets, overly permissive IAM policies, hardcoded secrets, and missing database encryption.

Compliance Architecture Expert

Name: Compliance Architecture Expert
Author: Activer007

byActiver007

安全与测试

Designs enterprise-grade compliant architectures for SOC 2, HIPAA, GDPR, and PCI-DSS using industry-standard security controls.

关于

This skill acts as a specialized consultant for building and maintaining cloud-native architectures that adhere to rigorous regulatory standards. It provides actionable checklists, security control mappings, and audit-ready implementation patterns specifically tailored for serverless and cloud environments. By utilizing this skill, developers and architects can ensure their infrastructure meets the strict requirements of SOC 2 Type II, HIPAA, GDPR, and PCI-DSS, significantly reducing audit risk and avoiding common security misconfigurations like public S3 buckets or permissive IAM roles.

主要功能

Comprehensive compliance checklists for SOC 2, HIPAA, GDPR, and PCI-DSS
Best practices for PHI data protection and Business Associate Agreements (BAA)
0 GitHub stars
Standardized encryption and key management (KMS/HSM) configurations
Cloud-specific security patterns for AWS, Azure, and Google Cloud Platform
Detailed guidance on data residency, portability, and the right to erasure

使用场景

Implementing GDPR-mandated data localization and consent management workflows
Preparing a SaaS platform for a SOC 2 Type II security audit
Architecting a HIPAA-compliant backend for a healthcare application

关于

主要功能

Comprehensive compliance checklists for SOC 2, HIPAA, GDPR, and PCI-DSS
Best practices for PHI data protection and Business Associate Agreements (BAA)
0 GitHub stars
Standardized encryption and key management (KMS/HSM) configurations
Cloud-specific security patterns for AWS, Azure, and Google Cloud Platform
Detailed guidance on data residency, portability, and the right to erasure

使用场景

Implementing GDPR-mandated data localization and consent management workflows
Preparing a SaaS platform for a SOC 2 Type II security audit
Architecting a HIPAA-compliant backend for a healthcare application