Draft SSP sections, SAR responses, boundary definitions, inheritance models, OSCAL guidance, and multi-framework coverage analyses.
Assist with writing and drafting compliance artifacts including SSP sections, SAR responses, authorization boundary definitions, control inheritance documentation, OSCAL guidance, and multi-framework coverage analyses.
| Command | Description |
|---|---|
/grc:ssp-section | SSP section-by-section writing guidance |
/grc:sar-response | SAR finding response patterns and templates |
/grc:boundary-guidance | Authorization boundary definition and diagram requirements |
/grc:inheritance | Control inheritance analysis by service model |
/grc:oscal-guide | OSCAL model guidance and best practices |
/grc:multi-framework | Multi-framework comparison and coverage analysis |
Use this skill when the user needs to:
grc-pro/knowledge/audits/document-section-requirements.md — SSP, POA&M, policy section structuregrc-pro/knowledge/audits/sar-response-patterns.md — SAR response templatesgrc-pro/knowledge/audits/boundary-guidance.md — Authorization boundary requirementsgrc-pro/knowledge/audits/control-inheritance.md — Inheritance patterns by service modelgrc-pro/knowledge/frameworks/oscal-reference.md — OSCAL model referencegrc-pro/knowledge/frameworks/*.md — Framework-specific requirementsgrc-pro/knowledge/mappings/cross-framework-matrix.md — Cross-framework family indexWhen the grc-mcp-server is available:
| MCP Tool | Use For |
|---|---|
grc_get_oscal_control | Get authoritative control statement, params, and assessment objectives for SSP writing |
grc_search_oscal | Find OSCAL controls by keyword for multi-control SSP sections |
grc_lookup_control | Control metadata for authoring context |
grc_map_control | Cross-framework mapping for multi-framework coverage analysis |
grc_strm_analyze | IR 8477 STRM detail for documenting cross-framework alignment rationale |
grc_coverage_report | Analyze coverage gaps between frameworks |
grc_lookup_risk | Risk context for SAR response drafting |
Fallback: If MCP tools are unavailable, read OSCAL JSON files from grc-pro/knowledge/oscal/ and knowledge files from grc-pro/knowledge/.