Final Push after major set of changes - reviewed!

README.md

@@ -113,6 +113,7 @@ openshield/
 
 ---
 
+
 ## Quick Start
 
 ```bash
@@ -185,4 +186,20 @@ MIT — free to use, modify, and distribute.
 
 ---
 
+> Built with ❤️ by security engineers and students who believe cloud security tooling should be accessible to everyone.
+
+---
+
+## Learn OpenShield
+
+Explore the OpenShield learning portal to understand:
+
+- Azure CSPM fundamentals
+- OpenShield architecture
+- Compliance mappings
+- Remediation workflows
+- Contributor onboarding
+- Documentation navigation
+
+👉 [OpenShield Learn](docs/learn/index.html)
 > Built by security engineers and students who believe cloud security tooling should be accessible to everyone.

compliance/frameworks/cis_azure_benchmark.json

@@ -98,6 +98,11 @@
       "control_name": "Ensure that 'OS disk' are encrypted",
       "description": "Virtual machine OS and data disks are using platform-managed encryption only (EncryptionAtRestWithPlatformKey). CIS 7.2 requires disks to be protected using customer-managed keys or Azure Disk Encryption. Platform-managed encryption does not give the organisation control over the encryption keys and does not satisfy this control."
     },
+    "AZ-CMP-003": {
+      "control_id": "8.2",
+      "control_name": "Ensure that 'Endpoint protection solution' is installed on VMs",
+      "description": "The virtual machine does not have a recognised endpoint protection extension installed. CIS 8.2 requires that an approved endpoint protection solution is installed and running on all virtual machines. Without endpoint protection, malware and ransomware can execute without detection."
+    },
     "AZ-KV-001": {
       "control_id": "8.5",
       "control_name": "Ensure the Key Vault is Recoverable",

compliance/frameworks/iso27001.json

@@ -98,6 +98,11 @@
       "control_name": "Policy on the use of cryptographic controls",
       "description": "Virtual machine OS and data disks are using platform-managed encryption only (EncryptionAtRestWithPlatformKey). A.10.1.1 requires that a policy on the use of cryptographic controls is developed and implemented. Platform-managed encryption does not give the organisation control over the encryption keys. Customer-managed keys or Azure Disk Encryption are required to satisfy this control."
     },
+    "AZ-CMP-003": {
+      "control_id": "A.12.2.1",
+      "control_name": "Controls against malware",
+      "description": "The virtual machine does not have a recognised endpoint protection extension installed. A.12.2.1 requires that detection, prevention and recovery controls are implemented to protect against malware. Without endpoint protection, malware executing on the VM will not be detected or prevented."
+    },
     "AZ-KV-001": {
       "control_id": "A.17.2.1",
       "control_name": "Availability of information processing facilities",

compliance/frameworks/nist_csf.json

@@ -98,6 +98,11 @@
       "control_name": "Data-at-rest is protected",
       "description": "Virtual machine OS and data disks are using platform-managed encryption only (EncryptionAtRestWithPlatformKey). PR.DS-1 requires that data at rest is protected using appropriate controls. Platform-managed encryption does not give the organisation control over the encryption keys. Customer-managed keys or Azure Disk Encryption are required to satisfy this control."
     },
+    "AZ-CMP-003": {
+      "control_id": "DE.CM-4",
+      "control_name": "Malicious code is detected",
+      "description": "The virtual machine does not have a recognised endpoint protection extension installed. DE.CM-4 requires that malicious code is detected on organisational systems. Without endpoint protection, malware and ransomware executing on the VM will not be detected or blocked."
+    },
     "AZ-KV-001": {
       "control_id": "PR.IP-4",
       "control_name": "Backups of information are conducted, maintained, and tested",

compliance/frameworks/soc2.json

@@ -103,6 +103,11 @@
       "control_name": "Protects Data in Transit and At Rest",
       "description": "Virtual machine OS and data disks are using platform-managed encryption only (EncryptionAtRestWithPlatformKey). CC6.7 requires that data is protected using encryption. Platform-managed encryption does not give the organisation control over the encryption keys. Customer-managed keys or Azure Disk Encryption are required to satisfy this control."
     },
+    "AZ-CMP-003": {
+      "control_id": "CC6.8",
+      "control_name": "Prevents or Detects Unauthorized or Malicious Software",
+      "description": "The virtual machine does not have a recognised endpoint protection extension installed. CC6.8 requires that controls are implemented to prevent or detect and act upon the introduction of unauthorized or malicious software. Without endpoint protection, malicious code executing on the VM will not be detected or blocked."
+    },
     "AZ-KV-001": {
       "control_id": "A1.2",
       "control_name": "Environmental Threats and Recovery",