0xBahalaNa
GRC Engineer
FedRAMP High · CJIS v6.0 · NIST 800-53 · Public Safety Technology
Building compliance automation tools and machine-readable evidence pipelines for public safety technology. Specializing in the intersection of FedRAMP, CJIS, and OSCAL for federal and state/local government cloud environments.
Featured Projects
NIST 800-53 Rev 5 to AWS Service Mapping
Maps NIST 800-53 Rev 5 control families to AWS services with implementation guidance. Produces OSCAL Component Definition JSON and human-readable markdown for FedRAMP 20x machine-readable evidence requirements. Covers AC, IA, SC, AU, and CM control families.
CJIS v6.0 to FedRAMP High Gap Analysis
Analyzes the compliance delta between CJIS v6.0 and FedRAMP High baselines, both now aligned to NIST 800-53 Rev 5. Identifies where CJIS requirements exceed FedRAMP High controls, focusing on encryption, identity, and audit logging deltas.
OSCAL Evidence Pipeline
Transforms audit tool outputs into OSCAL Assessment Results JSON for FedRAMP 20x machine-readable evidence submission. Uses IBM Compliance Trestle for OSCAL model manipulation and generates valid artifacts that could be submitted directly to the FedRAMP PMO.
Policy-as-Code Scanner
Python CLI that validates AWS IAM policies against NIST 800-53 and CJIS v6.0. Includes checks for MFA on CJI resources, cross-account access restrictions, and inverse IAM fields. Produces audit-ready JSON evidence with framework mappings and control IDs.