Claude Code:
CISO Readiness
Assessment

Data Classification & DLP

"Show me exactly where code and prompts go, what classification levels exist, and what's blocked from entering AI context."

Evidence Deployed

• data-classification-gate.sh — PII/PHI/PCI scanning with base64 decode and Luhn validation
• .env Read blocker prevents secrets from entering context
• privacy-settings-gate.js — enforces data classification at tool boundaries
• 14 passing tests covering all classification patterns

Access Control & Identity

"Who can use this tool? How are they authenticated? What happens when someone leaves the organization?"

Evidence Deployed

• identity-enforcement-gate.sh — validates identity before operations
• approved-domains.yaml — allowlist of authorized email domains
• revoked-users.yaml — immediate offboarding enforcement
• Domain-based identity allowlisting, 5 passing tests

Audit Trail & Evidence

"Every AI action must be logged. Evidence must be tamper-evident and retention-compliant."

Evidence Deployed

• CDD evidence collection at every SDLC phase (4 phases, structured JSON)
• evidence-generator.py — SHA-256 integrity hashing on all evidence
• mcp-data-flow-logger.js — MCP server data flow audit trail
• Bypass audit logging — all hook bypasses recorded with justification

Third-Party Risk Management

"I need a vendor assessment. What data does Anthropic see? What are their data processing commitments?"

Evidence Deployed

• Commercial Terms analysis: no training on customer data, DPA available, Zero Data Retention
• approved-mcp-servers.yaml — allowlist-only MCP server connections
• Anthropic Trust Center documentation reviewed and referenced
• 13 tests covering MCP security gate (60+ threat patterns blocked)

Incident Response

"What happens when the AI generates vulnerable code, exposes secrets, or makes unauthorized changes?"

Evidence Deployed

• deviation-rules.md — 4-category protocol: Auto-fix, Ask First, Stop & Report, Never Do
• block-destructive-commands.sh — prevents force-push, hard reset on main
• pre-edit-validation.sh — blocks direct edits to protected files on main
• Automated escalation to human for security-class events

Change Management

"How are AI-generated changes reviewed and approved before reaching production?"

Evidence Deployed

• 4-phase SDLC enforcement with blocking quality gates at each transition
• pr-orchestrator — 9+ specialized review agents for every PR
• Multi-AI consensus: 3-of-4 model agreement required for approval
• TDD/BDD/CDD gates — no code merges without tests, scenarios, and evidence

Model Governance

"How do you monitor AI behavior changes? What if the model starts ignoring your rules?"

Evidence Deployed

• policy-change-detector.js — monitors Anthropic commercial terms for changes
• project-integrity-scanner.js — 12-file integrity baseline, detects config tampering
• stuck-detector.js — detects agent behavioral anomalies
• CAVEAT Risk #46 (model behavior drift) is structurally irreducible but monitored

Regulatory Compliance Mapping

"Prove every control maps to a framework requirement."

Evidence Deployed

• governance-bridge skill — 21 controls mapped to 10 regulatory frameworks
• Frameworks: SOC 2, HIPAA, GDPR, NIST 800-53, ISO 27001, FedRAMP, PCI DSS, CCPA, EU AI Act, OWASP
• Machine-readable mapping enables automated compliance reporting
• CAVEAT 6 additional frameworks identified as needed (see Gaps section)

Penetration Testing / Red Team

"Show me adversarial validation results."

Evidence Deployed

• 4-agent adversarial security review — 23 findings identified and remediated
• Red team assessments: docs/red-team-assessment-2026-03-25.md, 2026-03-26.md
• Code audit: docs/audit-report-latest.md (98 findings, 20 CRITICAL+HIGH remediated)
• CAVEAT All testing was self-assessment by AI agents. No independent third-party pen test has been conducted.

Acceptable Use Policy

"What can and cannot employees do with this tool?"

Evidence Deployed

• CLAUDE.md — comprehensive platform rules enforced every session
• deviation-rules.md — explicit NEVER DO list (10 forbidden actions)
• code-integrity.md — blocking rules for production code quality
• unified-sdlc-enforcement.md — mandatory workflow enforcement

23 Enforcement Hooks

Located in blaze/hooks/. 7 new hooks + 1 upgraded hook deployed during remediation. Each hook is a standalone shell or JavaScript script with explicit timeout, defined trigger, and fail behavior.

427 Tests, 32 Suites

Covering data classification, MCP security, identity enforcement, privacy settings, project integrity, audit logging, evidence generation, SDLC gates, command blocking, and more. Test infrastructure includes shared fixtures (YAML configs, MCP configs), reusable test helpers, a meta-regression test that ensures every hook has a corresponding test file, and bypass attempt tests for security-critical hooks. All passing.

4 Security YAML Configs

approved-domains.yaml, revoked-users.yaml, approved-mcp-servers.yaml, approved-regions.yaml. Declarative allowlists that define the security boundary.

Comprehensive Code Audit

docs/audit-report-latest.md — 98 findings across 12 categories. 20 CRITICAL + HIGH findings remediated. 12 specialized agents across 4 squads performed the audit.

Adversarial Assessments

docs/red-team-assessment-2026-03-25.md and 2026-03-26.md. 8 parallel attack vectors tested: IAM, network, K8s, auth, supply chain, data protection, monitoring, and active pentesting.

21 Controls × 10 Frameworks

governance-bridge skill provides machine-readable mappings from every deployed control to SOC 2, HIPAA, GDPR, NIST 800-53, ISO 27001, FedRAMP, PCI DSS, CCPA, EU AI Act, and OWASP.

DPIA / Privacy Impact Assessment

Required by: GDPR Art. 35, ISO 42001

Required before any AI tool processes personal data. A DPIA evaluates the necessity and proportionality of AI processing, assesses risks to data subjects, and documents safeguards. Without it, processing is unlawful under GDPR.

Est. effort: 6-10 hours

Vendor Security Questionnaire

Required by: SOC 2 CC9.2, enterprise vendor management

SIG Lite or CAIQ for Anthropic. Every enterprise vendor management program requires this for Tier 1 vendors (vendors that process, store, or have access to confidential data). Anthropic's Trust Center is a start, not a substitute.

Est. effort: 8-16 hours

Formal Risk Acceptance Sign-Off

Required by: ISO 27001 A.8.3, NIST 800-53 PM-9

A named executive must sign acceptance of residual risks (the 4 irreducible risks, the 3 structural/accepted risks, and the Bedrock/Vertex migration timeline). Without this, no defensible position if an incident occurs.

Est. effort: 2-4 hours

Business Continuity Plan

Required by: SOC 2 A1.2, ISO 22301

What happens if Anthropic's API is unavailable for 48 hours? No fallback plan documented. No degraded-mode procedures. No communication templates. Every enterprise continuity program requires this for critical-path tools.

Est. effort: 8-16 hours

ISO/IEC 42001:2023

THE AI management system standard. Published Dec 2023. Its absence is disqualifying for AI governance maturity claims. Defines requirements for establishing, implementing, maintaining, and improving an AI management system.

EU AI Act (Deep Mapping)

Currently name-dropped in framework list. No risk classification performed, no provider/deployer analysis, no Art. 4 AI literacy compliance analysis. Art. 4 AI literacy requirement is ALREADY IN EFFECT since Feb 2025.

DORA (Digital Operational Resilience Act)

Mandatory for EU financial entities since Jan 2025. Cannot sell to EU FinServ without this. Covers ICT risk management, incident reporting, operational resilience testing, and third-party risk management.

SR 11-7 / OCC 2011-12

US banking model risk management guidance. The first framework a bank CISO reaches for when evaluating AI tools. Covers model development, implementation, and use with emphasis on validation and governance.

ISO/IEC 23894

AI-specific risk management. Complements 42001 by providing guidance on managing risks arising from the development and use of AI systems. Aligns with ISO 31000 risk management principles.

NIST AI 600-1

GenAI-specific risk profile. Covers confabulation, data privacy, environmental impact, information integrity, IP, obscenity, and value alignment. Published July 2024. Extends NIST AI RMF for generative AI.

IP Ownership of AI-Generated Code

AI-generated code is likely not copyrightable under current US law. Competitors could use identical patterns. No legal analysis of IP implications exists in the current evidence portfolio.

Liability Chain for AI-Generated Defects

Who pays when AI code causes an outage? What are the insurance implications? The liability chain from Anthropic to platform to developer to end user is undocumented.

AI Hallucination in Compliance Evidence

The CDD system generates evidence via AI. If AI fabricates test results, coverage numbers, or security findings, the compliance record is fraudulent. The evidence integrity risk (#52) partially addresses this but not the fabrication vector.

Shadow AI Outside the Platform

A developer opens claude.ai in a browser. None of the 23 hooks apply. This is an organizational problem, not a technical one. No DLP policy for browser-based AI usage exists.

Regulatory Examination Readiness

When the OCC examiner says "show me your AI governance," this HTML presentation is not the answer. A formal risk assessment with defined methodology (FAIR, ISO 27005, or equivalent) is required.

Cross-Contamination Between Clients

Information barriers (Chinese walls) in financial services. If the platform serves multiple clients, shared model context is a regulatory violation. Multi-tenant isolation (#18) covers infrastructure but not model context.

Legal Discovery / Litigation Hold

AI conversation history is discoverable in litigation. No retention policy, no litigation hold procedure, no e-discovery integration documented. This is a legal risk, not a technical one.

Board Reporting Framework

How is AI risk reported to the board? What metrics? What thresholds trigger escalation? No board-level reporting framework for AI risk exists.

Third-Party Penetration Test

Self-assessment by AI agents is not independent validation. The same-principal trust paradox (Risk #51) applies to the assessment itself. An independent third-party pen test is required for credible security validation.

Visual Data Flow Diagrams

Code references are not DFDs. GDPR Art. 30 requires data flow documentation showing where personal data moves. No visual data flow diagrams exist for the AI processing pipeline.

Developer Training Completion Records

SOC 2 CC1.4 requires evidence of security awareness training. CLAUDE.md and rules files are training content, but no signed completion records, no assessment scores, no attendance tracking exists.

AI Model Card / System Documentation

EU AI Act Arts. 11-13 require technical documentation describing the AI system, its capabilities, limitations, and intended use. No model card or system documentation exists.

Formal Risk Assessment Report

An HTML presentation is not a formal risk assessment with defined methodology (FAIR/ISO 27005). A structured report with risk scoring methodology, assessment criteria, and sign-off chain is required for regulatory examination.

AI Ethics Committee / Governance Board

ISO 42001 and EU AI Act require an AI governance oversight body. None exists. Responsible AI decisions are currently made ad-hoc by individual developers and AI agents.

AI-Specific Incident Response Playbook

deviation-rules.md is an agent protocol, not a runbook with escalation paths, SLAs, communication templates, and post-incident review procedures. A real IR playbook includes named roles and contact trees.

Model Validation / Back-Testing Program

427 tests validate hooks, not model outputs. There is no program to validate that the AI model produces correct, safe, and unbiased code. No baseline accuracy metrics, no regression testing against known-good outputs.

Employee AI Training Program

Training content exists (CLAUDE.md, rules files, deviation protocols). But there is no curriculum, no assessment, no completion tracking, no periodic recertification. EU AI Act Art. 4 requires AI literacy training.