# Skills tagged "GRC" 44 skills with this tag. URL: https://rakenne.app/skill-tags/grc/index.md - [Why NotebookLM Feels Right for GRC Research but Falls Apart at Deliverable Time](https://rakenne.app/learn/best-practices/rakenne-vs-notebooklm-grc/index.md) — GRC consultants increasingly use NotebookLM for compliance work. Here's where it helps, where it breaks down, and what changes when the tool enforces the framework instead of the consultant. - [Cross-compliance mapping: how to unify ISO 27001, NIST CSF, SOC 2, and GDPR in one matrix](https://rakenne.app/learn/use-cases/cross-compliance-mapping-multiple-frameworks/index.md) — A practical look at multi-framework compliance mapping — the traditional spreadsheet approach versus structured, version-pinned skill workflows. Includes real output excerpts and conversation … - [For GRC consultants: how Rakenne workspaces, skills, and validation fit real engagements](https://rakenne.app/learn/use-cases/grc-consultants-workflows-and-templates/index.md) — A balanced look at ISO 27001, SOC 2, and NIST 800-53 templates in Rakenne — what the product does, where human judgment stays central, and how structured skills change the drafting workflow. - [Best Practices: Compliance and Policy Management — Rakenne vs OneTrust, LogicGate, PolicyTech](https://rakenne.app/learn/best-practices/compliance-and-policy-management/index.md) — How to choose the right approach for policy and compliance documents: workflow-centric drafting vs GRC and policy management platforms. Includes the Rakenne ISO 27001 skill suite (shared context and … - [CIS Benchmark Mapper](https://rakenne.app/skills/cis-benchmark-mapper/index.md) — Draft Secure Configuration Baselines (hardening guides) from CIS Benchmarks or STIGs into formal policy. Validates recurring Drift Analysis schedule (NIST CSF 2.0 PR.PS). - [Cross-Compliance Matrix](https://rakenne.app/skills/cross-compliance-matrix/index.md) — Produce a unified multi-framework compliance matrix mapping controls across ISO 27001:2022, NIST CSF 2.0, SOC 2 TSC, GDPR, NIS2/DORA, and NIST 800-53/CMMC. Scores coverage per framework, identifies … - [Crypto Spec Generator](https://rakenne.app/skills/crypto-spec-generator/index.md) — Draft and validate Cryptographic Key Management & Encryption Standard (NIST CSF 2.0 PR.DS). Ensures FIPS 140-3–aligned algorithms and key lifecycle; flags legacy algorithms (SHA-1, 3DES, etc.) for … - [Executive Readiness Report](https://rakenne.app/skills/executive-readiness-report/index.md) — Generate a board-ready executive summary of compliance posture, readiness scores by area, critical gaps, and timeline to audit. Designed for C-suite, board members, and auditors. Synthesizes data from … - [Incident Decision Tree Builder](https://rakenne.app/skills/incident-decision-tree-builder/index.md) — Draft scenario-specific incident response playbooks (NIST CSF RS.RP) with a clear Decision Matrix for isolate vs. monitor and logic gates for Containment, Eradication, and Recovery. Inserts or … - [ISO 14001 EMS Documentation](https://rakenne.app/skills/iso14001-ems-documentation/index.md) — Draft ISO 14001:2015 Environmental Management System documentation: organization environmental profiling, gap assessment against clauses 4-10 with maturity ratings, and environmental policy creation. … - [ISO 20000 Internal Audit (Clause 4.5.4.2)](https://rakenne.app/skills/iso20000-internal-audit/index.md) — Plan and execute SMS internal audits for ISO/IEC 20000-1:2011. Create annual audit programs, plan individual engagements, document findings with classifications (Major NC, Minor NC, Observation, OFI), … - [ISO 20000 Management Review (Clause 4.5.5)](https://rakenne.app/skills/iso20000-management-review/index.md) — Prepare and conduct management review of the SMS for ISO/IEC 20000-1:2011. Compile all required review inputs per Clause 4.5.5, document decisions with owners and dates, track improvement actions, and … - [ISO 20000 Organization Profile](https://rakenne.app/skills/iso20000-organization-profile/index.md) — Build and validate a shared organization profile for ISO/IEC 20000-1:2011 certification. Captures organizational facts (service provider type, locations, departments, technology, roles, maturity) that … - [ISO 27001 Awareness and Training Plan](https://rakenne.app/skills/iso27001-awareness-training-plan/index.md) — Create, validate, and maintain the ISO 27001:2022 awareness and training plan per Clauses 7.2 (Competence), 7.3 (Awareness), and Annex A control A.6.3. Defines target audiences with role-based … - [ISO 27001 Gap Assessment](https://rakenne.app/skills/iso27001-gap-assessment/index.md) — Perform a structured gap assessment against ISO 27001:2022 clauses 4-10 and 93 Annex A controls. Mandatory artifact detector scans for missing ISMS documents; maturity rating tool suggests 0-5 … - [ISO 27001 ISMS Annual Maintenance & Surveillance Audit Prep](https://rakenne.app/skills/iso27001-annual-maintenance/index.md) — Prepare for annual ISO 27001 surveillance audits by reviewing and updating existing ISMS documents. Scans documents for freshness, assesses organizational changes, performs delta risk re-assessment, … - [ISO 27001 Management Review](https://rakenne.app/skills/iso27001-management-review/index.md) — Prepare, validate, and document the ISO 27001:2022 management review per Clause 9.3. Compiles input pack from workspace ISMS artifacts, validates all 10 mandatory input categories (Clause 9.3.2) and 3 … - [ISO 27001 Organization Profile](https://rakenne.app/skills/iso27001-organization-profile/index.md) — Build and validate a shared organization profile for ISO 27001 certification. Captures organizational facts (industry, locations, technology stack, regulations, suppliers) that feed into scope, risk … - [ISO 27001 Policy Generator](https://rakenne.app/skills/iso27001-policy-generator/index.md) — Generate, validate, and maintain the core ISMS policy and procedure set for ISO 27001:2022 certification. Produces 22 document types (information security policy, ISMS manual, risk management, access … - [ISO 27001 Risk Assessment](https://rakenne.app/skills/iso27001-risk-assessment/index.md) — Complete ISO 27001:2022 risk assessment workflow covering methodology definition, risk identification using a 12-category threat taxonomy, risk analysis with 5×5 matrix scoring, treatment planning … - [JIT PAM Zero Trust (NIST 800-207)](https://rakenne.app/skills/jit-pam-zero-trust/index.md) — Document and audit Just-in-Time privileged access management aligned to Zero Trust and NIST SP 800-207. Defines no-standing-privilege, time-bound elevation, and MFA for privileged sessions. - [NIS2 Business Continuity](https://rakenne.app/skills/nis2-business-continuity/index.md) — Document business continuity and crisis management measures per NIS2 Art. 21(2)(c). Covers backup management policies, disaster recovery procedures, crisis management activation and escalation, and … - [NIS2 Entity Classification](https://rakenne.app/skills/nis2-entity-classification/index.md) — Classify an organization as essential, important, or out-of-scope under the NIS2 Directive (EU 2022/2555). Maps activities to Annex I/II sectors, applies size thresholds (medium/large enterprise … - [NIS2 Gap Assessment](https://rakenne.app/skills/nis2-gap-assessment/index.md) — Perform a structured gap assessment against all NIS2 Directive Art. 21 cybersecurity risk-management measures. Rates maturity (0-5) per measure, detects missing compliance artifacts, and builds a … - [NIS2 Governance & Risk Management](https://rakenne.app/skills/nis2-governance-risk/index.md) — Document management body accountability and cybersecurity risk management measures per NIS2 Directive Art. 20-21. Covers all 11 mandatory measures (a)-(k), governance approval workflows, and … - [NIS2 Incident Reporting](https://rakenne.app/skills/nis2-incident-reporting/index.md) — Draft NIS2-compliant incident reports following Art. 23 timelines: early warning within 24 hours, incident notification within 72 hours, and final report within one month. Classifies incident … - [NIS2 Policies & Procedures](https://rakenne.app/skills/nis2-policies-procedures/index.md) — Draft and validate cybersecurity policies and procedures for all 11 NIS2 Art. 21(2) mandatory measures. Validates policy coverage, cross-references between related measures, and checks policy … - [NIS2 Registration & Reporting](https://rakenne.app/skills/nis2-registration-reporting/index.md) — Prepare entity registration submissions and annual reports per NIS2 Art. 27-28. Validates registration form completeness against required fields (entity details, sector, IP ranges, contact … - [NIS2 Supply Chain Security](https://rakenne.app/skills/nis2-supply-chain-security/index.md) — Assess and manage supply chain cybersecurity risks per NIS2 Art. 21(2)(d). Scores supplier criticality and cybersecurity maturity, validates contractual security clauses, and identifies concentration … - [NIST SP 800-53 / CSF Crosswalk](https://rakenne.app/skills/nist-800-53-csf-crosswalk/index.md) — Bidirectional crosswalk between NIST Cybersecurity Framework (CSF) 2.0 subcategories and SP 800-53 Rev 5 controls. Maps CSF subcategories to 800-53 controls and vice versa, identifies gaps in either … - [NIST SP 800-53 Baseline Selector](https://rakenne.app/skills/nist-800-53-baseline-selector/index.md) — Select and tailor an SP 800-53 Rev 5 control baseline based on FIPS 199 categorization and regulatory overlays (HIPAA, PCI-DSS, GDPR, SOX, FedRAMP, CMMC). Applies the appropriate Low/Moderate/High … - [NIST SP 800-53 Control Standard Author](https://rakenne.app/skills/nist-800-53-control-standard-author/index.md) — Author implementation standards for individual NIST SP 800-53 controls. Each standard documents the control objective, implementation narrative, technology and tools, responsible roles, evidence … - [NIST SP 800-53 Family Policy Author](https://rakenne.app/skills/nist-800-53-family-policy-author/index.md) — Author NIST SP 800-53 family-level policies (the -1 controls) for each control family. Produces structured policy documents with Purpose, Scope, Applicability, Policy Statements, Roles & … - [NIST SP 800-53 Gap Analysis](https://rakenne.app/skills/nist-800-53-gap-analysis/index.md) — Conduct a gap analysis across the NIST SP 800-53 compliance program. Cross-references tailored control catalog against policies, standards, and mappings to identify coverage gaps. Prioritizes … - [NIST SP 800-53 Organization Profile](https://rakenne.app/skills/nist-800-53-organization-profile/index.md) — Build and validate the organizational context profile for NIST SP 800-53 Rev 5 compliance. Captures FIPS 199 security categorization (Confidentiality, Integrity, Availability impact levels), … - [NIST SP 800-53 Policy-Control Mapper](https://rakenne.app/skills/nist-800-53-policy-control-mapper/index.md) — Map existing policy and standard documents to NIST SP 800-53 controls with AI-assisted quality scoring. Rates each mapping as High/Medium/Low confidence with documented justification. Identifies … - [PAM Standard (PR.AA)](https://rakenne.app/skills/pam-standard/index.md) — Draft and validate a Privileged Access Management standard aligned to NIST CSF 2.0 PR.AA. Defines JIT, least privilege, SoD boundaries, and break-glass workflow; ensures MFA for 100% of privileged … - [Risk Register ISO 31000](https://rakenne.app/skills/risk-register-iso31000/index.md) — Guided elaboration of an ISO 31000:2018-aligned risk register: organizational context, risk criteria (likelihood/impact scales and appetite), structured register entries with cause, existing controls, … - [Risk Tolerance Quantifier](https://rakenne.app/skills/risk-tolerance-quantifier/index.md) — Draft and validate a Cybersecurity Risk Appetite Statement (NIST CSF 2.0 GV.OC): translate board mandates into quantifiable tolerance levels and KPIs; ensure stated appetite is supported by budget … - [SOC 2 Internal Audit](https://rakenne.app/skills/soc2-internal-audit/index.md) — Conduct an internal readiness audit for SOC 2 certification. Tests controls per TSC criteria, classifies findings by AICPA severity (Material Weakness, Significant Deficiency, Deficiency, … - [SOC 2 Organization Profile](https://rakenne.app/skills/soc2-organization-profile/index.md) — Build and validate the organizational context profile for SOC 2 audit readiness. Captures principal service commitments, system requirements (SCSR), trust services categories, system boundaries, … - [SOC 2 Risk Assessment](https://rakenne.app/skills/soc2-risk-assessment/index.md) — Conduct a structured risk assessment aligned to AICPA Trust Services Criteria. Identifies risks per TSC category using a 5x5 likelihood-impact matrix, maps risks to specific TSC criteria … - [SOC 2 Vendor Management](https://rakenne.app/skills/soc2-vendor-management/index.md) — Establish third-party and subservice organization oversight for SOC 2 audit readiness. Risk-tiered assessment framework with vendor register, SOC report review validation, CSOCs validation, and tiered … - [Threat Impact Narrative Builder](https://rakenne.app/skills/threat-impact-narrative-builder/index.md) — Build and validate cybersecurity risk registers and impact narratives aligned to NIST CSF 2.0 ID.RA. Uses FAIR methodology for impact scenarios and enforces consistency between risk scores and … --- Back to [All Tags](https://rakenne.app/skill-tags/) | [Skill Library](https://rakenne.app/skills/)