{ "name": "Compliance Control", "description": "Structure documentation for a compliance control mapped to regulatory frameworks used in compliance automation platforms.", "fields": [ { "name": "controlId", "type": "string", "required": true, "description": "Unique control identifier." }, { "name": "name", "type": "string", "required": true, "description": "Short name or title of the control." }, { "name": "description", "type": "string", "required": false, "description": "Detailed description of what the control requires." }, { "name": "domain", "type": "string", "required": true, "description": "Compliance domain (Access Control, Encryption, Incident Response, etc.)." }, { "name": "frameworks", "type": "array[object]", "required": true, "description": "Frameworks this control satisfies.", "fields": [ { "name": "frameworkId", "type": "string", "required": true, "description": "Framework identifier (SOC2, ISO27001, HIPAA, GDPR, PCIDSS)." }, { "name": "controlReference", "type": "string", "required": true, "description": "Framework-specific control reference." }, { "name": "requirementText", "type": "string", "required": false, "description": "Verbatim requirement text from the framework." } ] }, { "name": "implementationGuidance", "type": "string", "required": false, "description": "Guidance on implementing the control." }, { "name": "evidenceTypes", "type": "array[string]", "required": false, "description": "Types of evidence that satisfy this control." }, { "name": "automatable", "type": "boolean", "required": false, "description": "Whether evidence collection can be automated via API." }, { "name": "status", "type": "string", "required": false, "description": "Implementation status (Not Started, In Progress, Implemented, etc.)." }, { "name": "owner", "type": "string", "required": false, "description": "Responsible team or individual." }, { "name": "tags", "type": "array[string]", "required": false, "description": "Categorization tags." } ] }