The CIA Compliance Manager is an open-source security assessment platform designed to help organizations evaluate and document their security posture across the CIA triad: Confidentiality, Integrity, and Availability README.md25-30 The system provides automated compliance mapping to seven major frameworks (NIST 800-53, ISO 27001, GDPR, HIPAA, PCI DSS, SOC2, and the EU Cyber Resilience Act), business impact analysis, and cost estimation for security implementations README.md42-88
Developed by Hack23 AB, this tool serves as a live demonstration of security-by-design principles, following the company's internal Secure Development Policy and Classification Framework README.md28-31
Key Characteristics:
localStorage package.json44-46 docs/architecture/STATEDIAGRAM.md34-39Sources: README.md25-88 package.json34-118 docs/index.html24-44 docs/architecture/STATEDIAGRAM.md34-39
The CIA Compliance Manager implements a serverless static web application architecture. By eliminating backend infrastructure, the platform minimizes its attack surface while providing real-time calculations for security scores and compliance gaps README.md27-30 docs/index.html24-36
Architecture Principles:
tsconfig.json tsconfig.json1-36react-error-boundary) prevent component failures from crashing the entire app package.json46-162 docs/architecture/STATEDIAGRAM.md37-38widgets-assessment, widgets-business, and react-vendor vite.config.ts71-115Sources: README.md27-30 package.json46-162 docs/index.html24-31 tsconfig.json1-36 vite.config.ts71-115 docs/architecture/STATEDIAGRAM.md37-38
The system initializes through a React-based orchestrator that manages global state and component lifecycle package.json44-45
Key Implementation Details:
#root div in index.html docs/index.html48-49APP_VERSION is injected globally during the build process from package.json vite.config.ts50-52Sources: docs/index.html24-49 vite.config.ts38-52 package.json44-45 src/index.ts1-10
The application implements specialized widgets organized into functional categories to handle different aspects of the security assessment README.md46-88
Widget Categories (Vite Chunking Strategy):
| Chunk Name | Functional Scope | Source Pattern |
|---|---|---|
widgets-assessment | Core CIA level setting and summary metrics | /widgets/assessmentcenter/ vite.config.ts93-95 |
widgets-business | ROI, Cost Estimation, and Value Creation | /widgets/businessvalue/ vite.config.ts98-100 |
widgets-impact | CIA Triad specific impact analysis | /widgets/impactanalysis/ vite.config.ts103-105 |
widgets-implementation | Technical guidance and resource mapping | /widgets/implementationguide/ vite.config.ts108-114 |
Sources: README.md46-88 vite.config.ts91-115
The application uses unidirectional data flow with persistence in browser storage. Quality is maintained through a multi-layered testing strategy docs/architecture/STATEDIAGRAM.md43-64
Sources: package.json27-136 vite.config.ts156-161 docs/architecture/STATEDIAGRAM.md43-64 docs/architecture/WORKFLOWS.md88-90
The project maintains a "Living on the Edge" philosophy, using the latest stable versions of core dependencies package.json12-56
| Component | Technology | Version |
|---|---|---|
| UI Framework | React | 19.2.5 package.json44 |
| Language | TypeScript | 6.0.3 package.json53 |
| Build Tool | Vite | 8.0.10 package.json55 |
| Unit Testing | Vitest | 4.1.5 package.json56 |
| E2E Testing | Cypress | 15.14.1 package.json27 |
| Styling | Tailwind CSS | 4.2.4 package.json49 |
| Charts | Chart.js | 4.5.1 package.json25 |
Sources: package.json25-56
Refresh this wiki
This wiki was recently refreshed. Please wait 6 days to refresh again.