Ugo Eze

FEDERAL GRC APPLIED AI

GRC practitioner working at the intersection of federal compliance and applied AI.

FEDERAL GRC

GRC practitioner working at the intersection of federal compliance and applied AI.

APPLIED AI

Projects

Practical tools that turn governance requirements into evidence, controls, and safer workflows.

Public Release 2026

NIST 800-53 Common Controls Catalog

Most organizations implementing NIST 800-53 re-assess the same inheritable controls system by system. This public catalog identifies 165 common-control candidates across the full 1,189-control framework, tagged by baseline and implementation type, with a decision framework for expanding an enterprise common-control program.

165 candidates 1,189 controls 20 families

Download the Catalog

Assessor-Grade AI Controls

Unified AI Control Catalog

Most AI governance frameworks define obligations at a high level. UACC translates them into assessor-ready controls — what evidence to examine, who to interview, what to test, and how to decide whether a control is satisfied.

View on GitHub AI Governance Evidence

DriftWitness

DriftWitness sits between ML monitoring and GRC evidence. It measures classifier drift against a SHA-256-locked approved baseline and turns the signals into reviewer-ready artifacts mapped to NIST AI RMF, ISO 42001, and the EU AI Act.

View on GitHub Privacy-First PDF Redaction

LocalRedact

LocalRedact prepares sensitive PDFs for sharing by detecting common identifiers — SSNs, EINs, cards, and more — and redacting them in the browser. No uploads, no accounts, no backend.

Visit localredact.app

About

CISSP · PMP

I'm Ugo — a Cybersecurity GRC Lead with over a decade of federal security assessment and compliance work across financial regulatory and education environments, including FDIC, Federal Student Aid, and the FFIEC.

Hundreds of security assessments, 30+ ATOs, and program leadership on a $1.25M engagement delivered on time and under budget.

A two-week security authorization at FDIC got a new access control system approved fast enough for the agency to retire a legacy contract, freeing over $1M in recurring costs.

A SQL-based automation tool built at the FFIEC cut vulnerability scan processing time by 75% and ran across four agencies for four years.

The Common Controls Catalog came from watching federal agencies re-implement the same inheritable controls system by system for a decade — so I built the starting point that didn't exist.

When I'm not doing assessment work, I build things. This is where they live.