What frameworks are supported?

Supported frameworks include SOC2, HIPAA, and PCI, with the ability to extend via policy tooling and custom controls.

What output does the validator generate?

The Output Schema includes validationId, timestamp, frameworks, results (passed/failed/notApplicable), controls with status and evidence, and an auditTrail entry.

How do I integrate with migration pipelines?

Integrate with cloud-migration and security-remediation-migration processes and leverage tools like AWS Config, Azure Policy, Chef InSpec, OPA, Prowler, and ScoutSuite to enforce policies and generate audit evidence.

compliance-validator

npx machina-cli add skill a5c-ai/babysitter/compliance-validator --openclaw

Files (1)

SKILL.md

2.4 KB

Compliance Validator Skill

Validates compliance requirements during migration activities, checking rules, generating audit trails, and verifying security controls.

Purpose

Enable compliance verification for:

Compliance rule checking
Audit trail generation
Security control validation
Policy enforcement
Gap analysis

Capabilities

1. Compliance Rule Checking

Check against frameworks (SOC2, HIPAA, PCI)
Verify organizational policies
Validate technical controls
Flag violations

2. Audit Trail Generation

Log migration activities
Track changes
Document approvals
Preserve evidence

3. Security Control Validation

Verify encryption
Check access controls
Validate logging
Test security measures

4. Policy Enforcement

Apply security policies
Enforce standards
Block violations
Alert on issues

5. Compliance Report Generation

Generate audit reports
Document controls
Track remediation
Produce evidence

6. Gap Analysis

Identify compliance gaps
Prioritize remediation
Track closure
Report progress

Tool Integrations

Tool	Purpose	Integration Method
AWS Config	AWS compliance	API
Azure Policy	Azure compliance	API
Chef InSpec	Infrastructure testing	CLI
OPA	Policy as code	CLI
Prowler	Security auditing	CLI
ScoutSuite	Multi-cloud audit	CLI

Output Schema

{
  "validationId": "string",
  "timestamp": "ISO8601",
  "frameworks": ["SOC2", "HIPAA"],
  "results": {
    "passed": "number",
    "failed": "number",
    "notApplicable": "number"
  },
  "controls": [
    {
      "id": "string",
      "framework": "string",
      "status": "passed|failed|na",
      "evidence": "string",
      "remediation": "string"
    }
  ],
  "auditTrail": {
    "location": "string",
    "entries": "number"
  }
}

Integration with Migration Processes

cloud-migration: Cloud compliance
security-remediation-migration: Security compliance

Related Skills

vulnerability-scanner: Security scanning

Related Agents

compliance-migration-agent: Compliance orchestration
security-vulnerability-assessor: Security assessment

Source

git clone https://github.com/a5c-ai/babysitter/blob/main/plugins/babysitter/skills/babysit/process/specializations/code-migration-modernization/skills/compliance-validator/SKILL.md

View on GitHub

Overview

The compliance-validator ensures migration activities meet defined frameworks (SOC2, HIPAA, PCI) by performing rule checks, generating audit trails, and validating security controls. It supports policy enforcement, gap analysis, and comprehensive reporting to prove compliance throughout the migration lifecycle.

How This Skill Works

During migration, the validator checks against prescribed frameworks and organizational policies, collects evidence, and compiles an Output Schema that includes a validationId, timestamp, frameworks, and detailed control statuses. It integrates with migration tooling (AWS Config, Azure Policy, Chef InSpec, OPA, Prowler, ScoutSuite) to enforce policies, log actions, and produce remediation and audit trail data for governance.

When to Use It

During cloud or on-prem migration to verify SOC2/HIPAA/PCI compliance before cutover
To routinely generate and archive audit trails of migration activities and approvals
When validating encryption, access controls, and logging across migrated resources
To enforce security policies during migration and block policy violations in real time
To perform gap analysis and track remediation progress with evidence-backed reports

Quick Start

Step 1: Define the frameworks and controls to validate (e.g., SOC2, HIPAA, PCI) and enable integrations with AWS Config, Azure Policy, InSpec, and OPA
Step 2: Run compliance-validator within the migration pipeline to generate an Output Schema and an audit trail
Step 3: Review the results, address any failed controls, attach evidence, and re-run until all controls pass

Best Practices

Map each migration control to a specific framework (SOC2, HIPAA, PCI) and policy requirements
Integrate with AWS Config, Azure Policy, Chef InSpec, and OPA to codify rules as code
Require audit trails and preserve evidence for all migration steps and approvals
Run validations at multiple stages (pre-cutover, during remediation, post-migration) and re-run until status is passed
Use the Output Schema to document controls, remediation actions, and remediation closures

Example Use Cases

During a cloud migration, compliance-validator checks SOC2 controls, logs actions to an auditTrail, and confirms encryption at rest and proper access controls before go-live
HIPAA-mandated data handling is validated with policy enforcement, producing evidence-rich reports for governance reviews
PCI-DSS scope is trimmed by validating cardholder data controls and generating remediation progress reports
Policy-as-code tools (OPA, InSpec) are integrated to enforce standards and block violations in the migration pipeline
Comprehensive audit reports are generated, including controls documentation, remediation tracking, and evidence for auditors

Frequently Asked Questions

Add this skill to your agents