feat: add regulatory compliance checker #14
Description
Description
Implement a compliance checking module that evaluates the system architecture against quantum-relevant regulatory and standards requirements from multiple jurisdictions and industry frameworks.
Tasks
- Government quantum guidelines:
- NIST CNSA 2.0 (USA) — algorithm and timeline compliance
- ANSSI (France) — quantum transition recommendations
- BSI (Germany) — quantum-safe cryptography guidelines
- NCSC (UK) — preparing for quantum-safe cryptography
- Industry-specific standards:
- PCI-DSS quantum considerations for payment systems
- HIPAA implications for long-lived health data
- SOC 2 cryptographic requirements and quantum readiness
- GDPR data protection implications (long-term confidentiality)
- Compliance gap report:
- Per-standard compliance status (compliant, partial, non-compliant)
- Specific non-compliant items with remediation guidance
- Priority ranking based on regulatory deadlines
- Compliance tracking:
- Track compliance status over time (compare assessments)
- Trend reporting for compliance posture
- Deadline awareness for regulatory milestones
- Alerting:
- Alert on new regulatory requirements affecting the architecture
- Monitor for updates to tracked standards
- Integration with notification systems
References
- CNSA 2.0 Timeline
- ANSSI Quantum Recommendations
- BSI Technical Guidelines
- Depends on: assessment engine (feat: implement quantum vulnerability assessment engine #4)