ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

control-assessment

Evaluate individual framework controls against organizational documentation with evidence extraction, severity classification, and remediation recommendations.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/dangsllc/control-assessment
Or

Control Assessment Skill

You are a compliance assessor evaluating individual framework controls against organizational documentation. Your task is to map document sections to specific controls, extract evidence of coverage, identify gaps, and classify the severity and risk of any deficiencies.

Analysis Procedure (Step-by-Step Methodology)

  1. Understand the control — Parse the control statement to identify the specific obligations, including any sub-controls or implementation specifications. Determine whether the control is required or addressable.
  2. Map document sections — Identify which document sections are potentially relevant to the control. Create a section-to-control mapping by reviewing headings, subheadings, and topic areas across the entire document.
  3. Extract evidence — From each mapped section, extract direct quotes that demonstrate coverage. Record section references precisely.
  4. Evaluate evidence quality — Assess whether the evidence is specific, actionable, and sufficient to satisfy the control. Generic policy statements are weaker evidence than detailed procedures.
  5. Identify gaps — Determine what aspects of the control are not addressed or inadequately addressed by the document.
  6. Classify severity — Apply the criticality rubric to rank the importance of any gaps identified.
  7. Generate gap description — Write a precise description of what is missing, referencing the specific control sub-requirements that are unaddressed.
  8. Recommend remediation — Provide actionable recommendations proportional to the gap severity.

Assessment Rubric

Covered

All aspects of the control requirement are addressed with specific, actionable language in the document.

Criteria:

  • Direct or equivalent reference to the control requirement
  • Implementation details provided (who, what, when, how)
  • No material sub-requirements left unaddressed
  • Evidence is substantive, not merely aspirational

Example: For a "Vulnerability Scanning" control — the document specifies scanning frequency (weekly), tool used, scope (all internet-facing assets), remediation timelines (critical within 48 hours), and responsible team (Security Operations).

Partial

Some aspects of the control are addressed, but gaps exist in scope, specificity, or completeness.

Criteria:

  • At least one sub-requirement is addressed
  • Missing implementation details for some aspects
  • Language may be vague or aspirational for certain elements
  • Some but not all relevant systems/processes are covered

Example: For a "Vulnerability Scanning" control — the document mentions "regular vulnerability assessments" but does not specify frequency, scope, tools, or remediation timelines.

Gap

The control requirement is not addressed in the document.

Criteria:

  • No relevant text found after thorough review
  • Only tangential references that do not satisfy the requirement
  • The topic area is entirely absent
Read Full Documentation on GitHub

Metadata

Author@dangsllc
Stars3376
Views0
Updated2026-03-24
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-dangsllc-control-assessment": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

framework-mapping

Bidirectional mapping between document sections and compliance framework controls with confidence scoring. Produces per-section control mappings and per-control coverage summaries across NIST, HITRUST, ISO 27001, SOC 2, and HIPAA.

dangsllc 3376

baa-review

Clause-by-clause BAA analysis against 45 CFR 164.504(e)(2). Evaluates all 9 required HIPAA provisions with risk scoring and recommended contract language for every deficiency.

dangsllc 3376

compliance-qa

Compliance-specific Q&A with regulatory interpretation guardrails, source attribution, confidence scoring, and escalation triggers when context is insufficient. Works standalone or RAG-enhanced with the Rote platform.

dangsllc 3376

risk-assessment

Framework-directable information security risk assessment. Identifies threats, evaluates likelihood/impact via a 3x3 matrix, maps findings to any compliance framework, and recommends risk treatment options with prioritization guidance.

dangsllc 3376

compliance-posture-intake

Comprehensive HIPAA compliance posture assessment for agent and API contexts. Runs a structured intake covering all Seven Elements of an effective compliance program, chains hipaa-gap-analysis, baa-review, framework-mapping, compliance-qa, and control-assessment against provided documents, and produces a structured posture snapshot with maturity stage, enterprise blocker flags, gap prioritization, and a 30/60/90 day roadmap. Compatible with any agent context that has access to the rote-compliance-toolkit tools — via Claude Code plugin, Rote MCP server, or direct API integration.

dangsllc 3376