Compliance & Standards Checks

These recipes do not certify compliance and are not legal advice. They produce structured evidence and gaps for a compliance owner, auditor, or security reviewer to map against the current framework version.

Use these prompts when a team needs a bounded, read-only check that turns repository evidence, workflow evidence, or policy-as-code into an audit-ready packet. Each recipe names stop conditions, avoids code changes, and requires a human owner for any final control mapping.

Catalogue

SOC 2 change-management evidence check

development

Read-only recipe for mapping repository changes, reviews, and agent runs to SOC 2 change-management evidence.

author Codexteam Securitymodel used gpt-5-codexupdated 2026-06-25
compliancesoc-2change-managementauditevidencereview

ISO 27001 secure-development evidence check

development

Read-only recipe for collecting ISO 27001 secure-development, configuration, supplier, and access-control evidence from a repository.

author Codexteam Securitymodel used gpt-5-codexupdated 2026-06-25
complianceiso-27001ismssecure-developmentconfigurationaudit

PCI DSS CDE and agent boundary check

development

Read-only recipe for checking whether agents, CI, logs, and repositories cross cardholder-data environment boundaries.

author Codexteam Securitymodel used gpt-5-codexupdated 2026-06-25
compliancepci-dsscdecardholder-dataagent-boundaryaudit

NIST SSDF repository evidence check

development

Read-only recipe for mapping repository evidence to NIST SSDF practices and producing a secure-development gap report.

author Codexteam Securitymodel used gpt-5-codexupdated 2026-06-25
compliancenistssdfsp-800-218secure-developmentaudit

CIS Controls safeguard implementation check

development

Read-only recipe for checking repository and workflow evidence against CIS Controls safeguard themes.

author Codexteam Securitymodel used gpt-5-codexupdated 2026-06-25
compliancecis-controlssafeguardssecurity-baselineaudit

SLSA provenance evidence check

development

Read-only recipe for checking build provenance, artifact integrity, and supply-chain evidence against SLSA expectations.

author Codexteam Securitymodel used gpt-5-codexupdated 2026-06-25
complianceslsaprovenancesupply-chainbuild-integrityartifacts

AI governance oversight evidence check

development

Read-only recipe for collecting human oversight, model-provider, logging, and risk-classification evidence for AI-enabled workflows.

author Codexteam Securitymodel used gpt-5-codexupdated 2026-06-25
complianceai-governanceeu-ai-actnist-aihuman-oversightagentic-ai