🛡️ DeterBot: ComplianceBot

Governance, Risk, and Compliance AI Assistant v0.0.9

Model Settings

Personas

ISSO
Information System Security Officer - security controls and compliance
ISSM
Information System Security Manager - risk management and oversight
Infrastructure Engineer
Technical implementation and system architecture

Chat Options

📋 Compliance
🏗️ Under the Hood
💬 Chat

Compliance Management

Workload Definition & Security Boundary

📋 Workload-Specific Compliance
Define your workload's security boundary to enable context-aware control assessment and artifact validation. This creates a specific scope for compliance documentation and evidence collection.

🏢 Workload Definition ▼

☁️ AWS Resource Discovery

🌎 Regions 1 selected
📦 Resource Types All types
Weekly scans balance inventory freshness with Tagging API and Config costs.

🔍 Control Artifact Validation ▼

🤖 Automated Evidence Detection

ComplianceBot automatically checks RAG document storage and AWS data sources for artifacts supporting each control narrative. Missing evidence is flagged for remediation.

Loading...
Artifacts Found
Loading...
Missing Evidence

🏗️ DeterBot: ComplianceBot Under the Hood

🛡 DeterBot: ComplianceBot v0.1.0

Production-ready AI compliance management platform built on AWS serverless architecture. Now powered by an orchestrated Amazon Bedrock Agent (DeterBot Agent) with a tiered Knowledge Base, semantic SSP ingestion pipeline, and the ComplianceBot Engram - a deployable compliance knowledge artifact that grows from your organization's own documents and approved narratives.

🤖 Bedrock Agent Orchestration
DeterBot Agent replaces direct Bedrock calls. 8 action groups, 4 persona aliases (ISSO, ISSM, Infrastructure Engineer, Auditor). Multi-turn sessions with native Bedrock session management.
📚 ComplianceBot Engram
S3 Vectors Knowledge Base grows from your uploaded SSPs, POA&Ms, and approved narratives. Source attribution on every retrieved chunk. Customer owns accepted narratives.
✨ Narrative Generation
Generate Narrative button on every control without an approved narrative. Draft shown with disclaimer. Accept or edit then attest - customer owns the accuracy of accepted narratives.
📊 Gap Analysis
Agent chains crosswalk to assessment lookup to KB retrieval to prioritized report with draft narratives for top 5 gaps. Max 50 delta controls per run.

Engram Deployment

✅ Deployed Resources
Stack: compliancebot-engram-prod
Agent ID: 4BWPAKER7U
Knowledge Base: TTGU85DPUK (S3 Vectors)
8 Action Groups • 4 Persona Aliases
Ingestion Pipeline • Daily Feedback Loop
📚 KB Content Sources
customer-uploads/ — SSPs, POA&Ms, policies
approved-narratives/ — feedback loop
engram-seed/ — versioned examples
Control statements stay in DynamoDB
📋 Attribution Model
Every chunk carries source metadata
generatedFrom tracks lineage
contentStatus: example to accepted
approvedBy: Cognito email + sub
Customer owns accepted narratives
⚠️ LEGAL NOTICE: The only source of truth for your legal requirements are your own compliance and legal teams. ComplianceBot does not provide legal guidance. It provides you with information to help inform your dialog with your compliance and legal counsel.
DeterBot: ComplianceBot

🛡️ Compliance Analysis Ready

FrameworkCoverageStatus
SOC 2 Type IISecurity & Privacy ControlsActive
HIPAAHealthcare Data ProtectionAvailable
PCI DSSPayment Card SecurityAvailable
GDPREU Data ProtectionAvailable
ISO 27001Information Security ManagementAvailable
FedRAMPFederal Risk AuthorizationAvailable

Compliance Features

FeatureDescriptionStatus
🔍 Control AssessmentAnalyze compliance controls and gapsActive
📋 Audit PreparationGenerate audit documentation and evidenceActive
⚖️ Risk AnalysisIdentify and assess compliance risksActive
📊 ReportingCreate compliance reports and dashboardsActive
🔄 AWS Config IntegrationMonitor AWS resource complianceActive
📝 Policy ReviewAnalyze policies against frameworksActive
What compliance challenge can I help you with today?