Policy

Stable public contract — exactly these five fields. Clients should ignore any additional fields a future response may contain.

codestringrequired

Example: SEC-1

titlestringrequired

categorystringrequired

Possible values: [security, access_control, data_integrity, architecture, monitoring, cost_management]

severitystringrequired

Possible values: [critical, high, medium, low]

compliance_frameworks object[]required

Array [

oneOf

object
object
object
object
object

frameworkstringrequired

Possible values: [SOC 2]

controlstringrequired

Example: CC6.1

]

Policy
{
  "code": "SEC-1",
  "title": "string",
  "category": "security",
  "severity": "critical",
  "compliance_frameworks": [
    {
      "framework": "SOC 2",
      "control": "CC6.1"
    },
    {
      "framework": "GDPR",
      "article": "Art.32"
    },
    {
      "framework": "PCI-DSS",
      "requirement": "Req.3.4"
    },
    {
      "framework": "HIPAA",
      "section": "164.312(a)(1)"
    },
    {
      "framework": "ISO 27001",
      "control": "A.14.2"
    }
  ]
}