Skip to content

Community-verify one CWE to SOC 2 or ISO 27001 mapping #5

Description

@Synvoya

Goal

Independently verify one existing CWE mapping to either SOC 2 or ISO/IEC 27001 and move it from maintainer-policy-reviewed to community-verified.

This is evidence work, not a request to claim certification or compliance.

Acceptance criteria

  • Choose one mapping currently documented in docs/COMPLIANCE-RATIONALE.md.
  • Cite an authoritative control source that contributors can legally reference.
  • Explain the relationship between the finding and the control objective, including any limitation or indirectness.
  • Preserve the standing disclaimer: CodeInspectus provides code-visible evidence only and does not establish organizational compliance.
  • Update the mapping state and aggregate verification count consistently.
  • Use the compliance-mapping PR template.
  • Do not change detection behavior in this contribution.

Metadata

Metadata

Assignees

Labels

documentationImprovements or additions to documentationgood first issueGood for newcomershelp wantedExtra attention is needed

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions