iac-security-scanner: Embed NIST 800-53 control IDs in per-policy reference files

## Summary

Currently, NIST 800-53 control mappings are maintained in a separate `references/nist-mapping.md` file and mapped by category (e.g., `NETWORK_SECURITY` → `SC-7, SC-8, AC-4`). Individual policy entries in the resource reference files only show the category name.

## Proposed Change

Embed the specific NIST control IDs directly in each policy's reference entry, alongside the existing category field. For example:

```markdown
- **Category**: NETWORK_SECURITY
- **NIST 800-53**: SC-7, SC-8, AC-4
```

This is already partially implemented — the `CATEGORY_TO_NIST` mapping exists in `parse_terrascan_policies.py` and policies that match a known category already show NIST controls. The enhancement would extend this to cover edge cases and potentially add more granular per-policy mappings.

## Impact

- Improves compliance reporting by making controls directly visible per-finding
- No breaking changes — additive only
- Low effort — mapping infrastructure already exists in the parser

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

iac-security-scanner: Embed NIST 800-53 control IDs in per-policy reference files #1

Summary

Proposed Change

Impact

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

iac-security-scanner: Embed NIST 800-53 control IDs in per-policy reference files #1

Description

Summary

Proposed Change

Impact

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions