Package com.cloudforge.core.annotation

Annotation Interface ComplianceFramework

@Retention(RUNTIME) @Target(TYPE) @Documented public @interface ComplianceFramework
Marks a class as a pluggable compliance framework validator.

Compliance frameworks annotated with this annotation are automatically discovered and loaded by the CloudForge compliance validation system. This enables external contributors to add new compliance frameworks without modifying core code.

Usage Example:


 @ComplianceFramework(value = "FEDRAMP", priority = 15)
 public final class FedRampRules implements FrameworkRules {
     @Override
     public void install(SystemContext ctx) {
         // FedRAMP-specific validation rules
     }
 }

Priority Ordering:

  • Negative priorities (-10, -5): Cross-framework rules (KeyManagement, DatabaseSecurity)
  • 0-50: Core compliance frameworks (HIPAA, PCI-DSS, SOC2, GDPR)
  • 50+: Extended/contributed frameworks (FedRAMP, ISO 27001, NIST 800-53)
Since:
3.0.0

  • Required Element Summary

    Required Elements
    Modifier and Type
    Required Element
    Description
    String
    value
    Framework identifier matching the value in complianceFrameworks configuration.

  • Optional Element Summary

    Optional Elements
    Modifier and Type
    Optional Element
    Description
    boolean
    alwaysLoad
    Whether this framework should always be loaded regardless of complianceFrameworks config.
    String
    description
    Description of the compliance framework for documentation purposes.
    String
    displayName
    Human-readable display name for logging and documentation.
    int
    priority
    Load priority for ordering framework installation (lower values load first).

  • Element Details

    • value

      String value
      Framework identifier matching the value in complianceFrameworks configuration.

      Examples: "HIPAA", "PCI-DSS", "SOC2", "GDPR", "FEDRAMP", "ISO-27001"

      This value is matched against the comma-separated list in the deployment context: 

      
 "complianceFrameworks": "HIPAA,SOC2,FEDRAMP"
      Returns:
      the framework identifier

    • priority

      int priority
      Load priority for ordering framework installation (lower values load first).

      Default priority is 100 for contributed frameworks.

      Recommended priorities:

      • -10: Cross-framework infrastructure rules (KeyManagement)
      • -5: Cross-framework security rules (DatabaseSecurity, AdvancedMonitoring)
      • 0: Threat protection (ThreatProtection, IncidentResponse)
      • 10-20: Core compliance frameworks (HIPAA, PCI-DSS, SOC2, GDPR)
      • 50+: Extended frameworks (FedRAMP, ISO 27001, NIST 800-53)
      Returns:
      the load priority
      Default:
      100

    • alwaysLoad

      boolean alwaysLoad
      Whether this framework should always be loaded regardless of complianceFrameworks config.

      Use true for cross-framework validators that apply to all deployments (e.g., KeyManagementRules, DatabaseSecurityRules).

      Use false for framework-specific validators that only load when explicitly enabled (e.g., HipaaRules, PciDssRules).

      Returns:
      true if this framework should always load
      Default:
      false

    • displayName

      String displayName
      Human-readable display name for logging and documentation.

      If not specified, defaults to the value of value().

      Examples:

      • "HIPAA Security Rule (45 CFR ยง164.308-316)"
      • "PCI-DSS v3.2.1"
      • "SOC 2 Trust Services Criteria"
      Returns:
      the display name
      Default:
      ""

    • description

      String description
      Description of the compliance framework for documentation purposes.
      Returns:
      the framework description
      Default:
      ""