What is the CATAAM Claude plugin?

The CATAAM Claude plugin is an official integration that connects Claude to the CATAAM GRC platform. It bundles a Model Context Protocol (MCP) server and a set of slash-command workflows so you can review SOC 2, GDPR and ISO 27001 audit readiness, triage failing controls, and remediate — directly inside Claude Code, Claude Desktop, or a supported IDE. It is free and open source under the MIT license.

What is an MCP server?

MCP (Model Context Protocol) is an open standard that lets AI assistants like Claude securely connect to external tools and data. The CATAAM MCP server (published on npm as cataam-mcp-server) exposes a small set of precise tools that Claude can call to read your compliance data and perform remediation actions against the CATAAM API.

How do I install CATAAM in Claude?

In Claude Code, run “/plugin marketplace add themarkups/claude-plugin” and then “/plugin install cataam@cataam-marketplace”. Set your CATAAM API key (or username and password) as environment variables, and the plugin is ready. Installation takes about three minutes and requires no build step.

What can I do with the CATAAM plugin?

You can check your overall audit-readiness score and per-framework pass rates, list and filter compliance tests and controls, triage failing tests and continuous-control-monitoring alerts, re-run a test to verify a remediation, set due dates, and link controls to Jira issues — all from a chat prompt or a slash command.

Is the CATAAM Claude plugin free?

Yes. The plugin and the cataam-mcp-server package are free and open source under the MIT license. You need an active CATAAM account to connect to your compliance data; the plugin itself has no additional cost.

How does the plugin authenticate, and is it secure?

The plugin supports two authentication modes: a CATAAM API key (X-API-Key) generated in Settings → Integrations, or your CATAAM username and password (exchanged for a short-lived token). Credentials are read from environment variables only — never hardcoded, logged, or stored by the plugin. Every state-changing action requires explicit confirmation before it runs.

What data can the plugin access?

The plugin is scoped to your organization’s compliance data through CATAAM’s audit API. It can read compliance tests, readiness scores and alerts, and — only with your confirmation — perform a few write actions such as re-running a test, setting a due date, or linking a control to Jira. It collects no independent telemetry.

Which Claude surfaces are supported?

The plugin runs anywhere Claude Code runs locally: the Claude Code CLI, Claude Desktop on macOS and Windows, and IDE extensions such as VS Code and JetBrains. A hosted option for cloud/web surfaces is on the roadmap.

Which compliance frameworks does it support?

The same frameworks as the CATAAM platform — including SOC 2, GDPR, ISO 27001, NIST CSF, PCI DSS and HIPAA. Filter compliance tests by any enrolled framework directly from Claude.

Where is the source code?

The plugin is open source at github.com/themarkups/claude-plugin, and the MCP server is published on npm as cataam-mcp-server. Issues and contributions are welcome.

New · CATAAM for Claude · v0.1.0

Run your compliance program from Claude

The official CATAAM MCP server and Claude plugin. Ask about SOC 2, GDPR and ISO 27001 audit readiness, triage failing controls, and remediate — without leaving your terminal. Free and open source.

Get the plugin View on npm

# In Claude Code

/plugin marketplace add themarkups/claude-plugin

/plugin install cataam@cataam-marketplace

Compliance, in the chat

The plugin bundles a Model Context Protocol (MCP) server — the connector — plus a set of slash-command workflows. Claude calls precise, read-first tools against the CATAAM API so you can review posture and remediate in plain language, with confirmation required for anything that changes state.

What you can do

Four focused workflows, backed by six precise MCP tools.

Check audit readiness

Ask Claude “What’s our SOC 2 readiness?” and get your overall readiness score plus per-framework pass rates for SOC 2, GDPR and ISO 27001.

/cataam-statusget_compliance_overview

List & filter controls

List compliance tests and controls with their pass/fail status. Filter by framework, category, status, or name — “show failing ISO 27001 controls”.

/cataam-testslist_compliance_tests

Triage failing alerts

Surface the latest failing tests and continuous-control-monitoring (CCM) alerts, prioritized so you know what to fix first.

/cataam-alertslist_failing_alerts

Remediate & verify

Re-run a test to verify a fix, set a remediation due date, or link a control to a Jira issue. Every state-changing action asks for confirmation first.

/cataam-fixrerun_compliance_test

Up and running in three minutes

No build step. The MCP server is fetched from npm on demand.

Add the marketplace

In Claude Code, run /plugin marketplace add themarkups/claude-plugin to register the official CATAAM marketplace.

Install the plugin

Run /plugin install cataam@cataam-marketplace. The MCP server is fetched from npm via npx — nothing to build.

Authenticate

Generate an API key in CATAAM under Settings → Integrations (or use your login). Keys are read from environment variables and never stored by the plugin.

Ask Claude

Run /cataam-status, /cataam-tests, /cataam-alerts or /cataam-fix — or just ask Claude about your compliance posture in plain language.

Read-first, with safe writes

Claude reads your posture freely, but any action that changes state — re-running a test, setting a due date, linking to Jira — is gated behind an explicit confirmation. Your credentials stay in environment variables and are never stored by the plugin.

Six precise tools, scoped to your compliance data
Confirmation required for every write action
API key or username/password — your choice
Open source (MIT) · published on npm

# Ask in plain language

You → What’s our SOC 2 readiness?

Claude → Readiness 80 — “Audit Ready”

SOC 2 · GDPR · ISO 27001 pass rates ↓

You → Show failing ISO 27001 controls

Claude → 22 failing · ids listed

You → Re-check control 142

Claude → Confirm re-run? (y/n)

Frequently Asked Questions

What is the CATAAM Claude plugin?: The CATAAM Claude plugin is an official integration that connects Claude to the CATAAM GRC platform. It bundles a Model Context Protocol (MCP) server and a set of slash-command workflows so you can review SOC 2, GDPR and ISO 27001 audit readiness, triage failing controls, and remediate — directly inside Claude Code, Claude Desktop, or a supported IDE. It is free and open source under the MIT license.
What is an MCP server?: MCP (Model Context Protocol) is an open standard that lets AI assistants like Claude securely connect to external tools and data. The CATAAM MCP server (published on npm as cataam-mcp-server) exposes a small set of precise tools that Claude can call to read your compliance data and perform remediation actions against the CATAAM API.
How do I install CATAAM in Claude?: In Claude Code, run “/plugin marketplace add themarkups/claude-plugin” and then “/plugin install cataam@cataam-marketplace”. Set your CATAAM API key (or username and password) as environment variables, and the plugin is ready. Installation takes about three minutes and requires no build step.
What can I do with the CATAAM plugin?: You can check your overall audit-readiness score and per-framework pass rates, list and filter compliance tests and controls, triage failing tests and continuous-control-monitoring alerts, re-run a test to verify a remediation, set due dates, and link controls to Jira issues — all from a chat prompt or a slash command.
Is the CATAAM Claude plugin free?: Yes. The plugin and the cataam-mcp-server package are free and open source under the MIT license. You need an active CATAAM account to connect to your compliance data; the plugin itself has no additional cost.
How does the plugin authenticate, and is it secure?: The plugin supports two authentication modes: a CATAAM API key (X-API-Key) generated in Settings → Integrations, or your CATAAM username and password (exchanged for a short-lived token). Credentials are read from environment variables only — never hardcoded, logged, or stored by the plugin. Every state-changing action requires explicit confirmation before it runs.
What data can the plugin access?: The plugin is scoped to your organization’s compliance data through CATAAM’s audit API. It can read compliance tests, readiness scores and alerts, and — only with your confirmation — perform a few write actions such as re-running a test, setting a due date, or linking a control to Jira. It collects no independent telemetry.
Which Claude surfaces are supported?: The plugin runs anywhere Claude Code runs locally: the Claude Code CLI, Claude Desktop on macOS and Windows, and IDE extensions such as VS Code and JetBrains. A hosted option for cloud/web surfaces is on the roadmap.
Which compliance frameworks does it support?: The same frameworks as the CATAAM platform — including SOC 2, GDPR, ISO 27001, NIST CSF, PCI DSS and HIPAA. Filter compliance tests by any enrolled framework directly from Claude.
Where is the source code?: The plugin is open source at github.com/themarkups/claude-plugin, and the MCP server is published on npm as cataam-mcp-server. Issues and contributions are welcome.

Bring CATAAM into Claude

Free, open source, and ready in minutes.

Get the plugin Create a CATAAM account