← All tools
Compliance Skill

Control Assessment

Deep-dive assessment of individual controls

Try it in the platform
What It Does

Evaluate individual framework controls against organizational documentation with evidence extraction, quality evaluation, severity classification, and actionable remediation recommendations.

How It Works

From document to output

Specify the control

Provide the control ID (e.g., AC-2, 164.312(a)(1), A.9.4.1)

Provide your document

The policy or procedure document to assess against

Evidence is extracted

Direct quotes are pulled from every relevant section

Quality is evaluated

Evidence is rated: specific procedures > general policy statements

Severity is classified

Gaps rated critical/high/medium/low with remediation timelines

Sample Output

What you get back

Every finding is structured JSON — status, evidence, risk level, and remediation in one package. No interpretation required before acting on it.

Example response 
{
  "control_id": "AU-6",
  "control_name": "Audit Record Review, Analysis, and Reporting",
  "status": "partial",
  "severity": "high",
  "confidence": 0.85,
  "gap_description": "Log storage exists but no review schedule, responsible parties, or escalation procedures defined."
}
Get Started

Two ways to run this skill

Open Source
Control Assessment SKILL.md

Download the skill file and run it with any LLM that supports structured instructions. Apache 2.0 licensed. No account required.

Rote Platform
Run with workspace context

Inside a Rote workspace, this skill runs against your organization's documents, prior analyses, and policies. RAG-backed answers. Audit trail included.

Start free trial →
More Workflows

Five other skills in the platform.

HIPAA Gap Analysis, BAA Review, Framework Mapping, Control Assessment, Compliance Q&A — and Sentinel for continuous monitoring.

See all tools Start free trial