Get compliance gap analysis between current and required security levels
Optionalframework: stringGet compliance status based on security levels
Evaluates current security levels against multiple compliance frameworks (NIST 800-53, ISO 27001, GDPR, HIPAA, SOC2, PCI DSS, etc.) and provides detailed compliance status, gaps, and remediation guidance.
Availability security level
Integrity security level
Confidentiality security level
Compliance status details including compliant/non-compliant frameworks and remediation steps
const service = new ComplianceService(dataProvider);
// Check compliance for High security levels
const status = service.getComplianceStatus('High', 'High', 'High');
console.log('Overall Status:', status.status);
console.log('Compliance Score:', status.complianceScore, '%');
console.log('Compliant Frameworks:', status.compliantFrameworks);
console.log('Non-Compliant Frameworks:', status.nonCompliantFrameworks);
// Get remediation steps
status.remediationSteps.forEach(step => {
console.log('- ', step);
});
Get compliance status text
Get compliant frameworks for a specific security level
Identifies which compliance frameworks are fully met by the current security configuration. Useful for compliance reporting and gap analysis.
Availability security level
Integrity security level (optional, defaults to availabilityLevel)
Confidentiality security level (optional, defaults to availabilityLevel)
Array of compliant framework names
const service = new ComplianceService(dataProvider);
// Check which frameworks High security meets
const frameworks = service.getCompliantFrameworks('High', 'High', 'High');
console.log('Compliant with:', frameworks.join(', '));
// Output: "Compliant with: NIST 800-53, ISO 27001, NIST CSF, GDPR, HIPAA, SOC2, PCI DSS..."
// Check moderate security levels
const moderateFrameworks = service.getCompliantFrameworks('Moderate', 'Moderate', 'Moderate');
console.log('Moderate meets:', moderateFrameworks.length, 'frameworks');
Get component details for a specific component and security level
Get description of a specific compliance framework
Framework name
Framework description
Get required security level for a specific framework and component
Framework name
CIA component
Required security level
Get compliance status for a specific framework
Evaluates whether current security levels meet a specific compliance framework's requirements. Returns detailed status showing full compliance, partial compliance, or non-compliance.
Framework name (e.g., "NIST 800-53", "ISO 27001", "GDPR")
Availability security level
Integrity security level
Confidentiality security level
Compliance status for the framework ("compliant", "partially-compliant", or "non-compliant")
const service = new ComplianceService(dataProvider);
// Check GDPR compliance
const gdprStatus = service.getFrameworkStatus('GDPR', 'High', 'High', 'High');
console.log('GDPR Status:', gdprStatus); // "compliant"
// Check HIPAA with moderate levels
const hipaaStatus = service.getFrameworkStatus('HIPAA', 'Moderate', 'Moderate', 'Moderate');
console.log('HIPAA Status:', hipaaStatus); // "partially-compliant" or "non-compliant"
// Evaluate all frameworks
const frameworks = ['NIST 800-53', 'ISO 27001', 'GDPR', 'HIPAA'];
frameworks.forEach(framework => {
const status = service.getFrameworkStatus(framework, 'High', 'High', 'Moderate');
console.log(`${framework}: ${status}`);
});
Handle errors consistently across services
Error to handle
ServiceError
Validate input parameters (to be overridden by subclasses)
Input to validate
True if valid, false otherwise
Service for compliance mapping and status reporting
Compliance Perspective
This service maps security levels to compliance with various regulatory frameworks, helping organizations understand their compliance posture and identify gaps that need to be addressed to meet regulatory requirements. 📋