Projects
Compliance automation tools, framework documentation, and policy-as-code projects for public safety technology. Each card links to the GitHub repo where the README, code, and detailed documentation live.
NIST 800-53 Rev 5 to AWS Service Mapping
Maps NIST 800-53 Rev 5 control families to AWS services with implementation guidance. Produces OSCAL Component Definition JSON and human-readable markdown for FedRAMP 20x machine-readable evidence requirements. Covers AC, IA, SC, AU, and CM control families.
CJIS v6.0 to FedRAMP High Gap Analysis
Analyzes the compliance delta between CJIS v6.0 and FedRAMP High baselines, both now aligned to NIST 800-53 Rev 5. Identifies where CJIS requirements exceed FedRAMP High controls, focusing on encryption, identity, and audit logging deltas.
OSCAL Evidence Pipeline
Transforms audit tool outputs into OSCAL Assessment Results JSON for FedRAMP 20x machine-readable evidence submission. Uses IBM Compliance Trestle for OSCAL model manipulation and generates valid artifacts that could be submitted directly to the FedRAMP PMO.
AWS Security Baseline (Compliance-as-Code)
CloudFormation templates and Service Control Policies for FedRAMP High compliant resource deployment. Implements preventive compliance guardrails as infrastructure-as-code with CJIS v6.0 boundary protection controls.
Unified Evidence Collector
Suite of Python audit tools for automated compliance evidence collection across IAM, S3 encryption, security groups, and CloudTrail. Consolidates five individual audit repositories into a unified evidence collection pipeline with OSCAL-formatted output.
IAM Access Review
Automated IAM access review tool with CJIS v6.0 identity control validation and AAL2 MFA verification. Built from IGA experience with privileged access monitoring and RBAC analysis in regulated financial services.
Policy-as-Code Scanner
Python CLI that validates AWS IAM policies against NIST 800-53 and CJIS v6.0. Includes checks for MFA on CJI resources, cross-account access restrictions, and inverse IAM fields. Produces audit-ready JSON evidence with framework mappings and control IDs.
CJIS Encryption Validator
Validates FIPS 140-2/3 encryption and agency-managed key controls for Criminal Justice Information at rest and in transit. Checks KMS key configuration, key rotation policies, and CJI-specific encryption requirements that go beyond standard FedRAMP High controls.
Continuous Monitoring Dashboard
Event-driven compliance monitoring with AWS Config rules, Lambda auto-remediation, and SSM automation. Provides the foundation for FedRAMP 20x Key Security Indicator tracking and continuous compliance assurance.
AI Risk Assessment Template
AI risk assessment template for public safety technology mapped to NIST AI RMF and ISO 42001 Annex A. Includes risk classification for facial recognition, predictive policing, and AI-assisted dispatch — all high-risk AI use cases under the EU AI Act.
Public Safety Reference Architecture (Capstone)
Reference architecture for a public safety cloud environment meeting FedRAMP High, CJIS v6.0, and GovRAMP requirements simultaneously. Demonstrates multi-framework compliance design thinking for AWS GovCloud with CJI enclave segmentation.