Skip to content

feat: implement NIST compliance mapping and gap analysis #7

New issue
New issue
Open
Open
feat: implement NIST compliance mapping and gap analysis#7
Labels
analyticsAnalytics and scoringcomplianceCompliance and regulatory
@leoneperdigao

Description

@leoneperdigao
leoneperdigao
opened on Mar 15, 2026

Description

Map cryptographic findings to NIST compliance requirements and generate gap analysis reports. This enables organizations to understand their compliance posture relative to NIST SP 800-131A Rev 2 and CNSA 2.0 timelines, and track progress toward full compliance.

Tasks

  • Define compliance framework data model (framework, requirements, controls)
  • Map NIST SP 800-131A Rev 2 requirements to finding attributes
  • Map CNSA 2.0 timeline milestones:
    • 2025: begin transition planning
    • 2030: deprecate RSA, DH, ECDH, ECDSA for key establishment
    • 2033: deprecate SHA-256 for digital signatures
    • 2035: disallow all quantum-vulnerable algorithms
  • Generate gap analysis report: list of non-compliant components per requirement
  • Calculate compliance percentage (compliant findings / total findings)
  • Track compliance percentage over time (historical trend)
  • Support custom compliance frameworks (user-defined requirements and mappings)
  • Export gap analysis as PDF/CSV report
  • Create API endpoints for compliance data
  • Write tests for compliance mapping logic

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    analyticsAnalytics and scoringcomplianceCompliance and regulatory

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions