Compliance mapping, automated audit evidence, and gap analysis in one toolkit

If you're running an MSSP or preparing for an audit, lc-compliance automatically documents relevant compliance evidence directly into your case records as they're created.

Service providers work in a regulated environment, and already know compliance is a grind. Audits produce a pile of evidence requests. Your team pulls logs, traces detections back to controls, and writes documentation that no one reads until the QSA asks for it.

Then you do it again next year.

LimaCharlie's lc-compliance plugin takes a different approach. It maps seven major compliance frameworks directly onto your deployed sensors, detections, and case queue. It is delivered as a Claude Code plugin sourced from the public lc-ai marketplace.

lc-compliance does two distinct jobs that are easy to confuse, but are quite different upon closer examination.

Case review vs. pre-audit coverage analysis

The first job is done by an agent that acts as a continuous case-reviewer. It runs inside your LimaCharlie org and fires every time a new case is created. It classifies each new case against relevant control citations. Audit-grade documentation is written directly into the case record automatically.

The second job, on-demand coverage analysis, is done by a set of four Claude Code skills. These handle the engineering work that surrounds an audit:

• Looking up how a specific control maps to LC capabilities

• Running a gap analysis before the audit window opens

• Deploying the case-reviewer agent to a new tenant

• Pushing a full framework rule baseline into an org

These Claude Code Skills are interactive, leave no artifacts behind in the org, and are designed to answer questions quickly.

To summarize, the agent owns continuous evidence production. The skills own the engineering workflow.

Seven frameworks out of the box

lc-compliance ships coverage for seven compliance frameworks: CMMC v2, NIST SP 800-53 Rev 5, PCI DSS v4.0, HIPAA, SOC 2, ISO/IEC 27001:2022, and CIS Critical Security Controls v8.

Each framework ships with a control-to-capability mapping document and a case-reviewer agent manifest ready to deploy. You also get a recommended-rules baseline used by the gap analysis skill, and a full set of deployable rules covering D&R, file integrity, artifact collection, and exfil across Windows, Linux, and macOS.

Four compliance skills defined

The four Claude Code skills included in the plugin are used in the following ways:

compliance-lookup answers "how does LimaCharlie cover this one control?" on demand. Pass it a framework and a control ID and it returns the mapping.

compliance-gap runs a gap analysis against a specific org. It compares your deployed rules against a framework's recommended baseline and produces a punch list of what's missing before an audit. It's skill-only by design because a gap report is an engineering artifact, not audit evidence. If you want auditors to see it, create a case manually and paste the output.

compliance-deploy handles first-time deployment of the case-reviewer agent.

compliance-baseline-deploy pushes the full framework rule baseline into an org. It defaults to dry-run; you need --apply to write any rules.

What it does not do

A few things worth being clear about. The plugin reports evidence, it does not issue attestations. The human auditor, QSA, or ISSO decides compliance status.

It also does not modify your deployed configuration without permission. Every write operation requires explicit confirmation. The case-reviewer agent classifies cases for compliance impact. It does not affect your triage flow, and it does not contain, isolate, or remediate.

Getting started

Installing lc-compliance takes two commands:

/plugin marketplace add https://github.com/refractionPOINT/lc-ai

/plugin install lc-compliance@lc-marketplace

The four skills are immediately available after install.

Read more about lc-compliance in our documentation.

See it operate in real time during the Continuous Compliance at Scale with Agentic AI session on June 10th at 10am PT.