Packs & Changelog
This is the registry for the public library pack pages. Each page explains library scope, public artifacts, and claim boundaries, while the proof artifacts remain under /proof/packs/*.
| Pack name | Framework spine | Reviewer fit | Proof link |
|---|---|---|---|
| Vendor Security | CIS Controls v8 family-level mapping | Security or procurement teams reviewing a supplier baseline before onboarding or renewal. | /proof/packs/vendor-security |
| ISO 27001 Readiness | ISO/IEC 27001:2022 Annex A references | Teams preparing for an ISO 27001 programme, internal readiness push, or pre-audit evidence review. | /proof/packs/iso-27001 |
| SOC 2 Readiness | AICPA TSC CC1-CC9 spine | SaaS teams preparing for buyer scrutiny, trust reviews, or a future SOC 2 journey. | /proof/packs/soc2-readiness |
| NIST CSF Readiness | NIST CSF 1.1 subcategory IDs | Leadership or security teams that want a broad control-language view across identify, protect, detect, respond, and recover themes. | /proof/packs/nist-csf |
| DFIR Incident Response | DFIR lifecycle phases + NIST RS/RC crosswalk | Teams strengthening incident-readiness before customer diligence, tabletop work, or external scrutiny. | /proof/packs/dfir-incident-response |
Per-pack versions and release notes are still to be expanded; in this pass, the registry is aligned to the new public library proof pages.