Your award-winning PCI DSS compliance toolkit - Built for GRC professionals to crush audits.
"Don't let auditors cry (by passing quickly)"
cardguardian is a comprehensive PCI DSS compliance toolkit built with modern web technologies. It helps GRC professionals track requirements, collect evidence, generate reports, and maintain audit readiness throughout the year.
- β Compliance Assessment - Interactive questionnaire covering all 12 PCI DSS requirements with status tracking
- β Evidence Management - Drag-and-drop file upload with requirement tagging
- β Dashboard - Real-time compliance metrics, charts, and gap analysis
- β Timeline - Track your compliance journey and milestones
- β Reports - Generate audit-ready PDF reports and CSV exports
- β Audit Simulation - Test your PCI DSS knowledge with mock auditor questions
- β Framework Mapping - See how PCI DSS maps to SOC 2, ISO 27001, and NIST CSF
- β Documentation - Built-in docs explaining PCI DSS requirements
- β Security Dashboard - Monitor your security posture and OWASP compliance
All data is stored locally in your browser. No data is sent to external servers. Your compliance evidence stays on your machine, giving you complete control and privacy.
- Node.js 18+
- npm, yarn, or pnpm
git clone https://github.com/AnandSundar96/cardguardian.git
cd cardguardian
npm install
npm run devOr use the live demo:
npm run devThen open http://localhost:3000
cardguardian/
βββ app/
β βββ page.tsx # Landing page
β βββ layout.tsx # Root layout
β βββ globals.css # Global styles
β βββ dashboard/ # Compliance metrics
β βββ assessment/ # PCI DSS requirements
β βββ evidence/ # Evidence management
β βββ reports/ # Report generation
β βββ timeline/ # Compliance journey
β βββ security/ # Security dashboard
β βββ settings/ # User settings
βββ lib/
β βββ db.ts # Data layer (LocalStorage)
β βββ data.ts # Static data & templates
β βββ context.tsx # React context
β βββ security.ts # Security utilities
β βββ types/ # TypeScript types
βββ components/
β βββ Navigation.tsx # Navigation component
β βββ Onboarding.tsx # User onboarding
βββ middleware.ts # Security headers
βββ next.config.js # Next.js config
βββ tailwind.config.js # Tailwind config
βββ postcss.config.js # PostCSS config
βββ tsconfig.json # TypeScript config
βββ package.json # Dependencies
βββ README.md # This file
βββ .gitignore # Git ignore
All 12 PCI DSS requirements are implemented with:
- π Firewall Configuration
- π Vendor Passwords
- π Protect Stored Data
- π Encrypt Transmission
- π Malware Protection
- π Secure Systems
- π Restrict Access
- π Identify Users
- π Physical Access
- π Track Access
- π Test Security
- π Security Policy
This project implements industry-leading security practices:
- OWASP Top 10 2025 Compliance - All mitigations implemented
- Content Security Policy - CSP headers configured
- Input Sanitization - All user inputs validated
- Secure Headers - HTTP security headers active
- XSS Prevention - Output encoding enabled
- Rate Limiting - Client-side abuse prevention
- Audit Logging - Complete security event trail
- Session Management - Secure token generation and validation
- Data Integrity - Checksums and integrity verification
- Overall Compliance Score - Weighted algorithm
- Requirements Breakdown - Visual status for all 12 requirements
- Gap Analysis - Identify non-compliant areas
- Evidence Coverage - Track evidence per requirement
- Risk Level - Calculate compliance risk
- Progress Trends - Visual timeline of improvements
- Compliance Heatmap - Color-coded status grid
- Interactive Questionnaire - Guided assessment flow
- Status Tracking - Not Started, Partial, Compliant, Non-Compliant
- Progress Visualization - Real-time progress updates
- Notes System - Add detailed notes per requirement
- Evidence Templates - Know what auditors look for
- Framework Mapping - See which controls satisfy multiple frameworks
- Drag-and-Drop Upload - Drag files directly onto page
- Requirement Tagging - Auto-tag with requirement number
- File Validation - Type and size validation
- Evidence Metadata - Description, uploaded date, status
- Coverage Tracking - Visual indicator of evidence per requirement
- Bulk Operations - Upload multiple files at once
- Filter & Search - Find evidence by requirement or filename
- PDF Generation - Audit-ready reports with jsPDF
- CSV Export - Spreadsheet-compatible data export
- Evidence Manifest - File inventory for audit package
- Executive Summary - High-level overview for stakeholders
- Technical Report - Detailed findings by requirement
- Audit Package - Complete documentation package
- Event Log - Record all compliance activities
- Milestones - Track key dates (assessment, audit, renewal)
- Visual Timeline - Chronological view of your journey
- Type Indicators - Milestone, Evidence, Action, Deadline
- Search & Filter - Find events by type or date
- Practice Mode - Test your PCI DSS knowledge
- Mock Auditor Questions - Realistic audit scenarios
- Feedback System - Immediate feedback on answers
- Explanations - Learn why answers are correct or incorrect
- Score Tracking - Track your performance
- Coverage - All 12 PCI DSS requirements included
- PCI to SOC 2 - Visualize which controls map to SOC 2 Trust Services Criteria
- PCI to ISO 27001 - See alignment with ISO 27001 security controls
- PCI to NIST CSF - Understand relationship to NIST Cybersecurity Framework
- Cross-Framework Overlap - Identify controls that satisfy multiple standards
- Gap Analysis - Find areas where PCI controls don't map to other frameworks
- Coverage Visualizer - See at a glance which requirements have framework mappings
- PCI DSS Requirements Explained - Deep dive into each requirement
- Implementation Guides - How to implement controls
- Best Practices - Learn from common mistakes
- Vendor Comparisons - Understand the market landscape
- Templates - Sample policies and procedures
- FAQ - Common questions about PCI DSS compliance
- OWASP Compliance Status - Track mitigations for all 10 OWASP categories
- Dependency Security - Monitor third-party library versions
- Security Headers - Verify active security configuration
- Event Logging - Complete audit trail of all security events
- Rate Limiting Monitor - Watch for abuse prevention
- CSP Violations - Track Content Security Policy violations
The project is ready to deploy to Vercel for free hosting.
vercel --prodThen add your custom domain:
vercel domains add cardguardian.comPush to GitHub:
git add .
git commit -m "feat: Award-winning PCI DSS toolkit"
git push origin mainAnand Sundar - GRC Professional | 4 Years Experience
LinkedIn: linkedin.com/in/anandsundar96 GitHub: github.com/AnandSundar96 Email: anandsundar.96@gmail.com
Current Focus: GRC Analyst role in Canada
Goal: To leverage this award-winning project to get hired as a GRC Analyst at a top tech company.
MIT License - Free to use for commercial and personal projects
Contributions are welcome! Please fork the repository and submit a pull request.
- Fork the repository
- Create your feature branch
- Install dependencies:
npm install - Start development server:
npm run dev - Make your changes
- Submit a pull request
- Write clear commit messages
- Add tests for new features
- Ensure code quality follows existing patterns
- Update documentation as needed
- Be patient with review process
If you encounter any issues or have questions, please open an issue on GitHub or contact the author.
Built by Anand Sundar for GRC professionals worldwide.
"Don't let auditors cry (by passing quickly)"
This project is dedicated to everyone working in compliance, security, and GRC. May your audits be swift, your controls be effective, and your career be successful.
Made with β€οΈ in Edmonton, Canada π¨π¦πΈ