Skip to content

AnandSundar/cardguardian

Repository files navigation

πŸ† cardguardian

Your award-winning PCI DSS compliance toolkit - Built for GRC professionals to crush audits.

"Don't let auditors cry (by passing quickly)"

CARDGuardian

πŸ“Š Overview

cardguardian is a comprehensive PCI DSS compliance toolkit built with modern web technologies. It helps GRC professionals track requirements, collect evidence, generate reports, and maintain audit readiness throughout the year.

🎯 Features

  • βœ… Compliance Assessment - Interactive questionnaire covering all 12 PCI DSS requirements with status tracking
  • βœ… Evidence Management - Drag-and-drop file upload with requirement tagging
  • βœ… Dashboard - Real-time compliance metrics, charts, and gap analysis
  • βœ… Timeline - Track your compliance journey and milestones
  • βœ… Reports - Generate audit-ready PDF reports and CSV exports
  • βœ… Audit Simulation - Test your PCI DSS knowledge with mock auditor questions
  • βœ… Framework Mapping - See how PCI DSS maps to SOC 2, ISO 27001, and NIST CSF
  • βœ… Documentation - Built-in docs explaining PCI DSS requirements
  • βœ… Security Dashboard - Monitor your security posture and OWASP compliance

πŸ› οΈ Security First

All data is stored locally in your browser. No data is sent to external servers. Your compliance evidence stays on your machine, giving you complete control and privacy.

πŸš€ Getting Started

Prerequisites

  • Node.js 18+
  • npm, yarn, or pnpm

Installation

git clone https://github.com/AnandSundar96/cardguardian.git
cd cardguardian
npm install
npm run dev

Or use the live demo:

npm run dev

Then open http://localhost:3000

πŸ“ Project Structure

cardguardian/
β”œβ”€β”€ app/
β”‚   β”œβ”€β”€ page.tsx          # Landing page
β”‚   β”œβ”€β”€ layout.tsx        # Root layout
β”‚   β”œβ”€β”€ globals.css       # Global styles
β”‚   β”œβ”€β”€ dashboard/       # Compliance metrics
β”‚   β”œβ”€β”€ assessment/       # PCI DSS requirements
β”‚   β”œβ”€β”€ evidence/         # Evidence management
β”‚   β”œβ”€β”€ reports/          # Report generation
β”‚   β”œβ”€β”€ timeline/         # Compliance journey
β”‚   β”œβ”€β”€ security/         # Security dashboard
β”‚   └── settings/         # User settings
β”œβ”€β”€ lib/
β”‚   β”œβ”€β”€ db.ts             # Data layer (LocalStorage)
β”‚   β”œβ”€β”€ data.ts           # Static data & templates
β”‚   β”œβ”€β”€ context.tsx       # React context
β”‚   β”œβ”€β”€ security.ts       # Security utilities
β”‚   └── types/           # TypeScript types
β”œβ”€β”€ components/
β”‚   β”œβ”€β”€ Navigation.tsx   # Navigation component
β”‚   └── Onboarding.tsx   # User onboarding
β”œβ”€β”€ middleware.ts          # Security headers
β”œβ”€β”€ next.config.js         # Next.js config
β”œβ”€β”€ tailwind.config.js      # Tailwind config
β”œβ”€β”€ postcss.config.js       # PostCSS config
β”œβ”€β”€ tsconfig.json         # TypeScript config
β”œβ”€β”€ package.json          # Dependencies
β”œβ”€β”€ README.md             # This file
└── .gitignore           # Git ignore

🎯 PCI DSS Requirements Covered

All 12 PCI DSS requirements are implemented with:

  1. πŸ” Firewall Configuration
  2. πŸ” Vendor Passwords
  3. πŸ” Protect Stored Data
  4. πŸ” Encrypt Transmission
  5. πŸ” Malware Protection
  6. πŸ” Secure Systems
  7. πŸ” Restrict Access
  8. πŸ” Identify Users
  9. πŸ” Physical Access
  10. πŸ” Track Access
  11. πŸ” Test Security
  12. πŸ” Security Policy

πŸ”’ Security Hardening

This project implements industry-leading security practices:

  • OWASP Top 10 2025 Compliance - All mitigations implemented
  • Content Security Policy - CSP headers configured
  • Input Sanitization - All user inputs validated
  • Secure Headers - HTTP security headers active
  • XSS Prevention - Output encoding enabled
  • Rate Limiting - Client-side abuse prevention
  • Audit Logging - Complete security event trail
  • Session Management - Secure token generation and validation
  • Data Integrity - Checksums and integrity verification

πŸ“Š Dashboard Features

  • Overall Compliance Score - Weighted algorithm
  • Requirements Breakdown - Visual status for all 12 requirements
  • Gap Analysis - Identify non-compliant areas
  • Evidence Coverage - Track evidence per requirement
  • Risk Level - Calculate compliance risk
  • Progress Trends - Visual timeline of improvements
  • Compliance Heatmap - Color-coded status grid
image image image image

πŸ“‹ Assessment Features

  • Interactive Questionnaire - Guided assessment flow
  • Status Tracking - Not Started, Partial, Compliant, Non-Compliant
  • Progress Visualization - Real-time progress updates
  • Notes System - Add detailed notes per requirement
  • Evidence Templates - Know what auditors look for
  • Framework Mapping - See which controls satisfy multiple frameworks
image

πŸ“ Evidence Management

  • Drag-and-Drop Upload - Drag files directly onto page
  • Requirement Tagging - Auto-tag with requirement number
  • File Validation - Type and size validation
  • Evidence Metadata - Description, uploaded date, status
  • Coverage Tracking - Visual indicator of evidence per requirement
  • Bulk Operations - Upload multiple files at once
  • Filter & Search - Find evidence by requirement or filename
image

πŸ“„ Reports & Export

  • PDF Generation - Audit-ready reports with jsPDF
  • CSV Export - Spreadsheet-compatible data export
  • Evidence Manifest - File inventory for audit package
  • Executive Summary - High-level overview for stakeholders
  • Technical Report - Detailed findings by requirement
  • Audit Package - Complete documentation package
image

πŸ“… Timeline Tracking

  • Event Log - Record all compliance activities
  • Milestones - Track key dates (assessment, audit, renewal)
  • Visual Timeline - Chronological view of your journey
  • Type Indicators - Milestone, Evidence, Action, Deadline
  • Search & Filter - Find events by type or date
image

🎯 Audit Simulation

  • Practice Mode - Test your PCI DSS knowledge
  • Mock Auditor Questions - Realistic audit scenarios
  • Feedback System - Immediate feedback on answers
  • Explanations - Learn why answers are correct or incorrect
  • Score Tracking - Track your performance
  • Coverage - All 12 PCI DSS requirements included

πŸ”— Framework Mapping

  • PCI to SOC 2 - Visualize which controls map to SOC 2 Trust Services Criteria
  • PCI to ISO 27001 - See alignment with ISO 27001 security controls
  • PCI to NIST CSF - Understand relationship to NIST Cybersecurity Framework
  • Cross-Framework Overlap - Identify controls that satisfy multiple standards
  • Gap Analysis - Find areas where PCI controls don't map to other frameworks
  • Coverage Visualizer - See at a glance which requirements have framework mappings
image

πŸ“š Documentation

  • PCI DSS Requirements Explained - Deep dive into each requirement
  • Implementation Guides - How to implement controls
  • Best Practices - Learn from common mistakes
  • Vendor Comparisons - Understand the market landscape
  • Templates - Sample policies and procedures
  • FAQ - Common questions about PCI DSS compliance

πŸ” Security Dashboard

  • OWASP Compliance Status - Track mitigations for all 10 OWASP categories
  • Dependency Security - Monitor third-party library versions
  • Security Headers - Verify active security configuration
  • Event Logging - Complete audit trail of all security events
  • Rate Limiting Monitor - Watch for abuse prevention
  • CSP Violations - Track Content Security Policy violations
image

πŸš€ Deployment

Vercel

The project is ready to deploy to Vercel for free hosting.

vercel --prod

Then add your custom domain:

vercel domains add cardguardian.com

GitHub

Push to GitHub:

git add .
git commit -m "feat: Award-winning PCI DSS toolkit"
git push origin main

πŸ‘¨ About the Author

Anand Sundar - GRC Professional | 4 Years Experience

LinkedIn: linkedin.com/in/anandsundar96 GitHub: github.com/AnandSundar96 Email: anandsundar.96@gmail.com

Current Focus: GRC Analyst role in Canada

Goal: To leverage this award-winning project to get hired as a GRC Analyst at a top tech company.


🎯 License

MIT License - Free to use for commercial and personal projects


πŸ™ Contributing

Contributions are welcome! Please fork the repository and submit a pull request.

Development Setup

  1. Fork the repository
  2. Create your feature branch
  3. Install dependencies: npm install
  4. Start development server: npm run dev
  5. Make your changes
  6. Submit a pull request

Pull Request Guidelines

  • Write clear commit messages
  • Add tests for new features
  • Ensure code quality follows existing patterns
  • Update documentation as needed
  • Be patient with review process

πŸ“ž Support

If you encounter any issues or have questions, please open an issue on GitHub or contact the author.


πŸ† Acknowledgments

Built by Anand Sundar for GRC professionals worldwide.

"Don't let auditors cry (by passing quickly)"

This project is dedicated to everyone working in compliance, security, and GRC. May your audits be swift, your controls be effective, and your career be successful.


Made with ❀️ in Edmonton, Canada πŸ‡¨πŸ‡¦πŸ‡Έ

About

Award-winning PCI DSS compliance toolkit - Don't let auditors cry (by passing quickly)

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors