How It Works
Architecture and workflows for the SirosID compliance management system.
Architecture
Data Sources
| Directory | Contents |
|---|---|
catalog/technical/ | 38 platform-provided security controls |
catalog/organizational/ | 21 operator-required controls |
mappings/ | Cross-references to EUDI, ISO 27001, GDPR |
audits/ | Structured audit findings in YAML |
Workflow
- Edit controls in
catalog/*.yaml, mappings inmappings/*.yaml, or audit findings inaudits/*.yaml - Build with
make build— the generator produces OSCAL JSON and Docusaurus markdown - Review the dashboard, control pages, framework mappings, and findings pages
- Commit the YAML source files; all generated output is gitignored
- Deploy automatically via GitHub Actions on push to
main
Compliance Lifecycle
For Operators
Download the OSCAL Component Definition to import all platform-provided controls into your own GRC tool. The 21 organizational controls (governance, people, physical, operations) must be implemented per deployment.