From 963e9070b9e14400b31747d5931516b4aa54aacf Mon Sep 17 00:00:00 2001 From: evanoseen Date: Fri, 22 May 2026 00:04:27 -0400 Subject: [PATCH 1/2] docs: add Related Resources section linking to myctrl.tools Adds a Related Resources section to the README pointing to myctrl.tools, a free cross-framework security controls search by Ethan Troy. Useful as a lookup companion while running CSF assessments and needing to cross reference against other frameworks (NIST 800-53, ISO 27001, PCI DSS, etc.). Related: CPAtoCybersecurity/catalyst#80 --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index f19cc6ae..beb0c341 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,12 @@ This tool is based on the NIST Cybersecurity Framework (CSF), developed by the N As a demonstration of how to conduct CSF profile assessment, fictional company "Alma Security" is used, inspired by Daniel Miessler's open source Telos project here: [https://github.com/danielmiessler/Telos/blob/main/corporate_telos.md](https://github.com/danielmiessler/Telos/blob/main/corporate_telos.md) +## Related Resources + +While running an assessment in this tool, you may want to cross-reference a CSF subcategory against a related control in another framework (NIST 800-53, ISO 27001, PCI DSS, CMMC, and so on). + +* **[myctrl.tools](https://myctrl.tools)** by [Ethan Troy](https://github.com/ethanolivertroy): a free, fast search across 19,000+ security controls from 94+ frameworks including NIST CSF 2.0, NIST 800-53, NIST AI RMF, FedRAMP, CMMC, DOD STIGs, PCI DSS, ISO 27001, SOC 2, EU AI Act, and GDPR. No login required. Useful as a lookup companion while working through subcategories in this tool. + ## Installation and Setup ### Walkthrough: From 8278d411a7c92f853b2d2cccdbc1ada569c9473d Mon Sep 17 00:00:00 2001 From: evanoseen Date: Sat, 23 May 2026 21:27:01 -0400 Subject: [PATCH 2/2] docs: add GRC Companion to Related Resources (catalyst#81) --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index beb0c341..faaa0c05 100644 --- a/README.md +++ b/README.md @@ -53,9 +53,10 @@ As a demonstration of how to conduct CSF profile assessment, fictional company " ## Related Resources -While running an assessment in this tool, you may want to cross-reference a CSF subcategory against a related control in another framework (NIST 800-53, ISO 27001, PCI DSS, CMMC, and so on). +While running an assessment in this tool, you may want to cross-reference a CSF subcategory against a related control in another framework (NIST 800-53, ISO 27001, PCI DSS, CMMC, and so on). You may also want to deepen your GRC skill set as you work. * **[myctrl.tools](https://myctrl.tools)** by [Ethan Troy](https://github.com/ethanolivertroy): a free, fast search across 19,000+ security controls from 94+ frameworks including NIST CSF 2.0, NIST 800-53, NIST AI RMF, FedRAMP, CMMC, DOD STIGs, PCI DSS, ISO 27001, SOC 2, EU AI Act, and GDPR. No login required. Useful as a lookup companion while working through subcategories in this tool. +* **[GRC Companion](https://github.com/grcengineering/companion)** by [Ayoub Fandi](https://github.com/grcengineering): a free, open-source AI learning companion for GRC engineers that installs into Claude Code, Cursor, Claude Projects, or Codex. Ships 31 knowledge cards and 14 learning skills (concept tutor, Socratic coach, recall quiz, Feynman explainer, lab builder, and more). Explicitly learning-only, so it does not approve vendors, sign off audits, write production policy, or score compliance programs. Useful for building GRC skill alongside running assessments here. ## Installation and Setup