Control Assessment
Deep-dive assessment of individual controls
Evaluate individual framework controls against organizational documentation with evidence extraction, quality evaluation, severity classification, and actionable remediation recommendations.
From document to output
Provide the control ID (e.g., AC-2, 164.312(a)(1), A.9.4.1)
The policy or procedure document to assess against
Direct quotes are pulled from every relevant section
Evidence is rated: specific procedures > general policy statements
Gaps rated critical/high/medium/low with remediation timelines
What you get back
Every finding is structured JSON: status, evidence, risk level, and remediation in one package. No interpretation required before acting on it.
{
"control_id": "AU-6",
"control_name": "Audit Record Review, Analysis, and Reporting",
"status": "partial",
"severity": "high",
"confidence": 0.85,
"gap_description": "Log storage exists but no review schedule, responsible parties, or escalation procedures defined."
} Two ways to run this skill
One-click install for Claude and Cowork users. The skill runs as a native tool in your Claude environment — no configuration, no MCP setup. Apache 2.0.
Get on ClawHub →Install as an MCP server in Claude Code, or download the SKILL.md and use it as a system prompt with any LLM. Runs the full methodology against documents you provide. Apache 2.0. No account required.
The Snapshot runs these skills against your full document corpus using workspace-isolated RAG: every finding is sourced to a specific document section, cross-referenced across your entire policy library, and delivered with a maturity score and remediation roadmap. Free. Delivered by Dan within a week.
Get a free SnapshotSeven more skills in the methodology.
HIPAA Gap Analysis, BAA Review, Framework Mapping, Control Assessment, Risk Assessment, Compliance Q&A, Compliance Posture Intake, and Document Finder. All open source under Apache 2.0.