Compliance Report Generator
by euCann
Generate compliance reports from OSCAL assessment results, SSPs, and POA&Ms in various formats. Use this skill to create audit-ready documentation, executive summaries, and detailed compliance status reports.
Skill Details
Repository Files
1 file in this skill directory
name: compliance-report-generator description: Generate compliance reports from OSCAL assessment results, SSPs, and POA&Ms in various formats. Use this skill to create audit-ready documentation, executive summaries, and detailed compliance status reports.
Compliance Report Generator Skill
Generate professional compliance reports from OSCAL documents for audits, management reviews, and continuous monitoring.
When to Use This Skill
Use this skill when you need to:
- Create audit-ready compliance documentation
- Generate executive summary reports
- Produce detailed control implementation reports
- Create POA&M status reports
- Build compliance dashboards data
⛔ Authoritative Data Requirement
Compliance reports are generated only from user-provided documents.
What This Skill Does
- Formats data FROM documents you provide into professional reports
- Calculates metrics based on YOUR document content
- Structures output for auditors and leadership
What This Skill Does NOT Do
- Generate compliance status from training knowledge
- Make up control implementation data
- Assume compliance percentages without source documents
Required Inputs
| Report Type | Required Documents |
|---|---|
| Compliance Status | SSP |
| Gap Analysis | Baseline Profile + SSP |
| Assessment Report | SAR (Assessment Results) |
| POA&M Report | POA&M document |
All Data Comes From Your Documents
To generate a compliance report, I need:
• Your SSP, POA&M, or assessment results document
• [For gap analysis] Your baseline profile
All metrics and status information will come directly from these
documents. I will not generate compliance data from assumptions.
Report Types
| Type | Audience | Content |
|---|---|---|
| Executive Summary | Leadership | High-level metrics, risks, status |
| Compliance Status | Auditors | Control-by-control status |
| Assessment Report | Security Team | Detailed findings |
| POA&M Report | Program Managers | Remediation tracking |
| Gap Analysis | Implementers | Missing controls, recommendations |
Report Formats
- Markdown - Portable, version-controllable
- HTML - Interactive, shareable
- JSON - Machine-readable, API-friendly
- Text - Simple, universal
Report Components
Executive Summary
- Overall compliance percentage
- Risk level summary
- Key findings (top 3-5)
- Trend comparison
- Next steps
Compliance Metrics
Total Controls: 325
Implemented: 287 (88%)
Partially Implemented: 25 (8%)
Planned: 10 (3%)
Not Applicable: 3 (1%)
Control Status Table
| Control | Title | Status | Evidence | Notes |
|---|---|---|---|---|
| AC-1 | Policy | ✅ Implemented | DOC-001 | Complete |
| AC-2 | Account Mgmt | ⚠️ Partial | DOC-002 | MFA pending |
Findings Summary
| Severity | Count | Description |
|---|---|---|
| Critical | 2 | Immediate action required |
| High | 5 | 30-day remediation |
| Moderate | 12 | 60-day remediation |
| Low | 8 | Monitor and address |
How to Generate Reports
Step 1: Gather Data
From the OSCAL document, extract:
- Metadata (system name, date, version)
- Control implementations
- Assessment results (if available)
- POA&M items (if available)
Step 2: Calculate Metrics
Compute:
- Implementation percentages by status
- Controls by family
- Findings by severity
- Trend data (if historical data available)
Step 3: Structure Content
For Executive Summary:
- System identification
- Overall compliance score
- Risk level
- Top findings
- Recommendations
For Detailed Report:
- Introduction and scope
- Methodology
- Compliance by control family
- Detailed findings
- Evidence references
- Recommendations
- Appendices
Step 4: Format Output
Markdown Format:
# Compliance Assessment Report
## Executive Summary
**System:** Cloud Infrastructure
**Assessment Date:** 2024-01-15
**Overall Compliance:** 88%
**Risk Level:** Moderate
## Key Findings
1. **MFA Not Fully Deployed** (HIGH)
- Impact: Credential theft risk
- Recommendation: Deploy MFA to all users by Q1
2. **Log Retention Below Policy** (MODERATE)
- Impact: Forensic capability limited
- Recommendation: Extend retention to 90 days
Document-Specific Reports
From SSP
- System description
- Control implementation status
- Responsible parties
- Implementation narratives
From Assessment Results
- Assessment findings
- Risk determinations
- Evidence collected
- Assessor observations
From POA&M
- Open findings
- Remediation status
- Milestone tracking
- Resource allocation
Compliance Score Calculation
Compliance Score = (Implemented + (Partial × 0.5)) / (Total - Not_Applicable) × 100
Example:
- Implemented: 280
- Partial: 20
- Planned: 10
- N/A: 15
- Total: 325
Score = (280 + (20 × 0.5)) / (325 - 15) × 100 = 93.5%
Report Templates
FedRAMP Status Report
AUTHORIZATION STATUS REPORT
===========================
System: [Name]
Authorization Date: [Date]
Sponsor: [Agency]
Current Status: [Authorized/In Progress]
Continuous Monitoring: [Active/Issues]
Control Summary:
- Baseline: [Moderate/High]
- Total Controls: [N]
- Implemented: [N] ([%])
POA&M Summary:
- Open Items: [N]
- Overdue: [N]
- Closed (30 days): [N]
ISO 27001 Compliance Report
ISO 27001 COMPLIANCE REPORT
===========================
Organization: [Name]
Scope: [Description]
Report Date: [Date]
Statement of Applicability:
- Applicable Controls: [N]
- Implemented: [N] ([%])
- Excluded: [N] (with justification)
By Domain:
- A.5 Information Security Policies: [%]
- A.6 Organization of Information Security: [%]
...
Example Usage
When asked "Generate a compliance report for this SSP":
- Parse the SSP document
- Extract metadata and system info
- Count controls by implementation status
- Calculate compliance percentage
- Identify top risks and gaps
- Generate formatted report
- Include recommendations
Related Skills
Dbt Transformation Patterns
Master dbt (data build tool) for analytics engineering with model organization, testing, documentation, and incremental strategies. Use when building data transformations, creating data models, or implementing analytics engineering best practices.
Clinical Decision Support
Generate professional clinical decision support (CDS) documents for pharmaceutical and clinical research settings, including patient cohort analyses (biomarker-stratified with outcomes) and treatment recommendation reports (evidence-based guidelines with decision algorithms). Supports GRADE evidence grading, statistical analysis (hazard ratios, survival curves, waterfall plots), biomarker integration, and regulatory compliance. Outputs publication-ready LaTeX/PDF format optimized for drug develo
Scientific Schematics
Create publication-quality scientific diagrams using Nano Banana Pro AI with smart iterative refinement. Uses Gemini 3 Pro for quality review. Only regenerates if quality is below threshold for your document type. Specialized in neural network architectures, system diagrams, flowcharts, biological pathways, and complex scientific visualizations.
Mermaid Diagrams
Comprehensive guide for creating software diagrams using Mermaid syntax. Use when users need to create, visualize, or document software through diagrams including class diagrams (domain modeling, object-oriented design), sequence diagrams (application flows, API interactions, code execution), flowcharts (processes, algorithms, user journeys), entity relationship diagrams (database schemas), C4 architecture diagrams (system context, containers, components), state diagrams, git graphs, pie charts,
Diagram Generation
Mermaid diagram generation for architecture visualization, data flow diagrams, and component relationships. Use for documentation, PR descriptions, and architectural analysis.
Scientific Schematics
Create publication-quality scientific diagrams using Nano Banana Pro AI with smart iterative refinement. Uses Gemini 3 Pro for quality review. Only regenerates if quality is below threshold for your document type. Specialized in neural network architectures, system diagrams, flowcharts, biological pathways, and complex scientific visualizations.
Clinical Decision Support
Generate professional clinical decision support (CDS) documents for pharmaceutical and clinical research settings, including patient cohort analyses (biomarker-stratified with outcomes) and treatment recommendation reports (evidence-based guidelines with decision algorithms). Supports GRADE evidence grading, statistical analysis (hazard ratios, survival curves, waterfall plots), biomarker integration, and regulatory compliance. Outputs publication-ready LaTeX/PDF format optimized for drug develo
Materialize Docs
Materialize documentation for SQL syntax, data ingestion, concepts, and best practices. Use when users ask about Materialize queries, sources, sinks, views, or clusters.
Dbt Transformation Patterns
Master dbt (data build tool) for analytics engineering with model organization, testing, documentation, and incremental strategies. Use when building data transformations, creating data models, or implementing analytics engineering best practices.
Mermaidjs V11
Create diagrams and visualizations using Mermaid.js v11 syntax. Use when generating flowcharts, sequence diagrams, class diagrams, state diagrams, ER diagrams, Gantt charts, user journeys, timelines, architecture diagrams, or any of 24+ diagram types. Supports JavaScript API integration, CLI rendering to SVG/PNG/PDF, theming, configuration, and accessibility features. Essential for documentation, technical diagrams, project planning, system architecture, and visual communication.