Create risk-profile

Home › Reference › Commands › Create › Risk Profile

create risk-profile - Create OSCAL profile from risk assessment using AI

The create risk-profile command analyzes a risk assessment document and generates an OSCAL profile selecting appropriate controls from a custom catalog. The AI extracts risks from the assessment and maps them to controls for the entire solution.

The generated profile is saved to specs/.risk-controls/risk-profile.json for version control. Use --debug to inspect intermediate outputs and AI reasoning.

Flags

Flag	Description
--catalog	Catalog URL for control selection and validation (default: NIST 800-53 Rev5)
-o, --output	Custom output path for the profile file
-f, --force (default: false)	Overwrite existing profile file
-d, --debug (default: false)	Save intermediate outputs to out/commands.log

Notes

Expected Output:

• OSCAL profile JSON file selecting controls from catalog
• AI reasoning for control selection in debug output

Custom Prompts

The risk profile generation supports three-tier prompt system for customization:

1. Command Flag: --prompt /path/to/custom.md (highest priority)
2. Team Override: .r2r/eac/templates/ai/risk/profile.md (team-wide customization)
3. System Default: templates/ai/risk/profile.md (fallback)

See commit-message for detailed customization guide or:

cat .r2r/eac/templates/ai/README.md

See Also

• create risk-assess
• validate risk-profile
• scan
• create Commands

---

Tutorials | How-to Guides | Explanation | Reference

You are here: Reference — information-oriented technical descriptions of the system.