2fb0992c71
- Add magatama:32b to models.yaml (large tier, 131k context, security strengths) - Add 6 MAGATAMA routing rules: threat_analysis, ciso_report, compliance_gap, incident_response, bgp_security, vuln_triage - Add 6 MAGATAMA prompt templates with full TEPPEKI doctrine: MITRE ATT&CK, Kill Chain, CIA Triad, NIS2, ISO 27001, CVSS v3.1 - Fine-tuned on Qwen2.5-32B-Instruct with 22831 MAGATAMA security samples LoRA adapter: r=8, alpha=16
91 lines
2.6 KiB
YAML
91 lines
2.6 KiB
YAML
name: magatama_compliance_gap
|
|
version: "1.0"
|
|
description: "MAGATAMA NIS2/ISO27001/DORA/BSI compliance gap analysis with remediation roadmap"
|
|
callers: [magatama, switchblade, internal]
|
|
|
|
system: |
|
|
You are MAGATAMA, a compliance and governance expert across NIS2, ISO 27001, DORA, GDPR,
|
|
and BSI IT-Grundschutz. Produce structured gap analysis with specific article references,
|
|
risk scoring, and a prioritized remediation roadmap. Output as JSON.
|
|
|
|
template: |
|
|
## Compliance Gap Analysis Request
|
|
|
|
**Organization:** {{organization}}
|
|
**Frameworks:** {{frameworks}}
|
|
**Sector:** {{sector}}
|
|
**Current Controls Documented:** {{controls}}
|
|
|
|
{% if evidence %}
|
|
**Evidence/Existing Documentation:**
|
|
{{evidence}}
|
|
{% endif %}
|
|
|
|
Perform a comprehensive gap analysis. Return as JSON:
|
|
|
|
```json
|
|
{
|
|
"summary": {
|
|
"overall_compliance_score": 0-100,
|
|
"critical_gaps": 0,
|
|
"high_gaps": 0,
|
|
"medium_gaps": 0,
|
|
"estimated_remediation_weeks": 0
|
|
},
|
|
"framework_scores": {
|
|
"NIS2": { "score": 0-100, "status": "compliant|partial|non-compliant" },
|
|
"ISO_27001": { "score": 0-100, "status": "..." },
|
|
"DORA": { "score": 0-100, "status": "..." },
|
|
"BSI_Grundschutz": { "score": 0-100, "status": "..." }
|
|
},
|
|
"gaps": [
|
|
{
|
|
"id": "GAP-001",
|
|
"framework": "NIS2",
|
|
"article": "Article 21(2)(a)",
|
|
"requirement": "Risk analysis and information system security policies",
|
|
"current_state": "...",
|
|
"gap_description": "...",
|
|
"severity": "CRITICAL|HIGH|MEDIUM|LOW",
|
|
"risk_score": 0-10,
|
|
"remediation": "...",
|
|
"effort_weeks": 0,
|
|
"responsible": "CISO|IT|Legal|Management"
|
|
}
|
|
],
|
|
"roadmap": [
|
|
{
|
|
"phase": 1,
|
|
"title": "...",
|
|
"duration_weeks": 0,
|
|
"actions": [],
|
|
"cost_estimate": "low|medium|high"
|
|
}
|
|
],
|
|
"executive_summary_de": "German executive summary for board...",
|
|
"nis2_fines_risk": "Estimated fine exposure under NIS2 Article 34..."
|
|
}
|
|
```
|
|
|
|
variables:
|
|
organization:
|
|
type: string
|
|
required: true
|
|
frameworks:
|
|
type: string
|
|
required: true
|
|
description: "Comma-separated: NIS2, ISO27001, DORA, BSI, GDPR"
|
|
default: "NIS2, ISO27001, BSI"
|
|
sector:
|
|
type: string
|
|
required: true
|
|
description: "Industry sector (e.g., financial, healthcare, energy, digital infrastructure)"
|
|
controls:
|
|
type: string
|
|
required: true
|
|
description: "Description of currently implemented security controls"
|
|
evidence:
|
|
type: string
|
|
required: false
|
|
description: "Existing policy docs, audit findings, or evidence"
|