Government Compliance Framework Module

robots: noindex, nofollow

Government Compliance Framework Module

Separation of Duties: See Separation of Duties - Drupal modules are responsible for Drupal-specific functionality. They do NOT own agent manifests, execution, or OSSA spec.

Comprehensive government compliance with FedRAMP, HIPAA, GDPR, FISMA, and NIST cybersecurity framework support.

Module Information

Name: Government Compliance Framework
Machine Name: gov_compliance
Package: Security & Compliance
Version: 0.1.1
Drupal Compatibility: ^10.3 || ^11
Source: $LLM_ROOT/all_drupal_custom/modules/gov_compliance/

Features

Multi-Framework Support: FedRAMP, HIPAA, GDPR, FISMA, NIST
Automated Compliance Monitoring: Continuous compliance checking
GraphQL and REST APIs: Compliance data access
Audit Logging: Complete audit trails
Security Controls: Password policies, encryption, MFA support
Compliance Reporting: Generate compliance reports
ECA Integration: Event-driven compliance automation
AI-Powered Analysis: AI integration for compliance analysis

Installation

composer require drupal/gov_compliance
drush en gov_compliance -y

Dependencies

Core Modules (Required)

drupal:system, user, node, field, views
drupal:serialization, rest, jsonapi, taxonomy
drupal:eck

Security & Compliance (Required)

security_review:security_review
gdpr:gdpr
encrypt:encrypt
field_encrypt:field_encrypt
password_policy:password_policy
seckit:seckit
autologout:autologout
login_security:login_security

Audit (Required)

audit_log:audit_log
admin_audit_trail:admin_audit_trail

Integration

api_normalization:api_normalization
views_bulk_operations:views_bulk_operations

Suggested

drupal:eca, eca_base, eca_content, eca_queue
drupal:ai
llm:llm
ai_agent_orchestra:ai_agent_orchestra
graphql:graphql, graphql_compose
openapi_ui:openapi_ui, openapi_ui_redoc
drupal:key, jwt
redis:redis
advancedqueue:advancedqueue

Configuration

Navigate to: /admin/config/gov_compliance/admin_settings

# Compliance Frameworks
frameworks:
  fedramp:
    enabled: true
    level: 'moderate'
  hipaa:
    enabled: true
  gdpr:
    enabled: true
  fisma:
    enabled: true
  nist:
    enabled: true
    version: '800-53'

# Security Controls
security_controls:
  password_policy:
    min_length: 14
    character_types: 4
  encryption:
    enabled: true
    algorithm: 'AES-256'
  mfa:
    enabled: true
    methods: ['totp', 'sms']

Usage

Compliance Check

<?php

$compliance = \Drupal::service('gov_compliance.checker');
$result = $compliance->check('fedramp');

if ($result->isCompliant()) {
  // System is compliant
} else {
  $violations = $result->getViolations();
}

Generate Compliance Report

<?php

$reporter = \Drupal::service('gov_compliance.reporter');
$report = $reporter->generate('fedramp', [
  'format' => 'pdf',
  'include_evidence' => true,
]);

Audit Trail

<?php

$audit = \Drupal::service('gov_compliance.audit');
$audit->log('compliance_check', [
  'framework' => 'fedramp',
  'result' => 'compliant',
  'user_id' => $current_user->id(),
]);

API Endpoints

REST API

# Compliance status
GET /api/v1/compliance/status

# Run compliance check
POST /api/v1/compliance/check
{
  "framework": "fedramp"
}

# Generate report
POST /api/v1/compliance/report
{
  "framework": "fedramp",
  "format": "pdf"
}

GraphQL API

query {
  complianceStatus {
    framework
    status
    violations {
      control
      description
      severity
    }
  }
}

Compliance Frameworks

FedRAMP

Levels: Low, Moderate, High
Controls: AC, AU, IA, SC, SI, etc.
Continuous Monitoring: Automated compliance checks
Documentation: Auto-generated SSP

HIPAA

Administrative Safeguards
Physical Safeguards
Technical Safeguards
PHI Protection

Data Subject Rights
Consent Management
Data Breach Notification
Privacy by Design

NIST 800-53

Control Families: AC, AU, CA, CM, CP, IA, IR, MA, MP, PS, PE, PL, PM, RA, SA, SC, SI, SR
Control Baselines: Low, Moderate, High

Security Controls

Password Policy

password_policy:
  min_length: 14
  character_types: 4
  expiration_days: 90
  history_count: 10

Encryption

encryption:
  enabled: true
  algorithm: 'AES-256-GCM'
  fields:
    - field_ssn
    - field_credit_card
    - field_health_data

Auto Logout

autologout:
  timeout: 900  # 15 minutes
  max_timeout: 1800  # 30 minutes

Testing

# Run compliance tests
vendor/bin/phpunit modules/custom/gov_compliance/tests

# Security scan
drush security-review

# PHPCS check
buildkit drupal phpcs modules/custom/gov_compliance

Resources

FedRAMP: https://www.fedramp.gov/
NIST: https://csrc.nist.gov/publications
HIPAA: https://www.hhs.gov/hipaa
GDPR: https://gdpr.eu/

Government Compliance Framework Module

Government Compliance Framework Module

Module Information

Features

Installation

Dependencies

Core Modules (Required)

Security & Compliance (Required)

Audit (Required)

Integration

Suggested

Configuration

Usage

Compliance Check

Generate Compliance Report

Audit Trail

API Endpoints

REST API

GraphQL API

Compliance Frameworks

FedRAMP

HIPAA

GDPR

NIST 800-53

Security Controls

Password Policy

Encryption

Auto Logout

Testing

Resources

See Also