Overview
The CyberPulse Compliance node evaluates a given security control statement and associated evidence URLs, then maps the control against selected cybersecurity frameworks to produce a compliance score and status. It helps organizations assess how well their policies align with multiple standards such as ISO 27001, GDPR, NIST CSF, PCI DSS, SOC 2, and Essential Eight.
This node is beneficial for compliance officers, security analysts, or auditors who want to quickly gauge the maturity and compliance level of specific controls within their environment. For example, you can input a password policy requiring multi-factor authentication (MFA) and provide links to audit reports or dashboards as evidence. The node will analyze the text, identify relevant control categories, map them to framework requirements, and output a compliance score with suggested actions.
Practical scenarios include:
- Evaluating internal security policies against multiple regulatory frameworks.
- Automating compliance checks during security assessments.
- Generating actionable insights on gaps and required improvements based on textual control descriptions and evidence.
Properties
| Name | Meaning |
|---|---|
| Control Text | Your policy or control statement to evaluate. Example: "Password policy requires MFA and 12+ characters" |
| Evidence URLs | List of URLs linking to proofs such as dashboards, reports, or configuration files supporting the control |
| Frameworks | Select one or more cybersecurity frameworks to map the control against. Options: Essential Eight, GDPR, ISO 27001, NIST CSF, PCI DSS, SOC 2 |
| Crosswalk URL | Optional URL to a JSON crosswalk file that overrides the built-in mapping of controls to framework clauses |
Output
The node outputs an array of JSON objects, each representing the evaluation result for an input item. Each output JSON contains:
input_control_text: The original control text evaluated.categories: Array of identified control categories detected in the text (e.g., mfa, encryption, logging).evidence: Array of provided evidence URLs.status: Compliance status string — one of"Compliant","Partial", or"Non-Compliant".score: Numeric compliance score (0-100) combining keyword analysis and evidence count.confidence: Confidence percentage reflecting certainty in the compliance assessment.mapped_requirements: Array of framework-specific clauses and titles mapped from the control categories.frameworks_selected: Array of frameworks chosen for mapping.gaps: Array of identified gaps or warnings, e.g., missing evidence when status is Compliant.actions: Suggested next steps or actions to improve compliance based on detected categories and evidence.notes: Informational note about the prototype nature of the results.
If the node encounters errors per item and is configured to continue on failure, it outputs an error object paired with the item index.
The node does not output binary data.
Dependencies
- No external API keys or credentials are required.
- Optionally, the node can fetch a custom JSON crosswalk file from a user-provided URL to override the built-in framework mappings.
- Requires internet access if using the Crosswalk URL feature.
- Uses internal keyword matching and scoring logic embedded in the node code.
Troubleshooting
- No evidence URLs provided but status shows "Compliant": The node downgrades status to "Partial" and adds a gap warning because evidence is recommended to support compliance claims.
- Crosswalk URL unreachable or invalid JSON: The node silently falls back to the built-in mappings without failing the execution.
- Unexpected errors during execution: If "Continue On Fail" is disabled, the node throws an error stopping the workflow; enabling it allows partial results with error details.
- Low confidence or unexpected status: Adjust the control text wording or add more relevant evidence URLs to improve detection accuracy.
- Framework names mismatch: Ensure selected frameworks match the supported options exactly to get proper mapping.