mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 05:59:40 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,34 @@
|
||||
# Standards and References - Vulnerability Exception Tracking
|
||||
|
||||
## Primary Standards
|
||||
|
||||
### NIST SP 800-53 Rev 5 - RA-5(5)
|
||||
- **Title**: Vulnerability Monitoring and Scanning - Privileged Access
|
||||
- **URL**: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
|
||||
- **Relevance**: Requires organizations to track and manage vulnerability exceptions with documented risk acceptance
|
||||
|
||||
### PCI DSS v4.0 - Compensating Controls
|
||||
- **URL**: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
|
||||
- **Relevance**: Appendix B defines requirements for compensating controls when a PCI requirement cannot be met as stated
|
||||
|
||||
### ISO 27001:2022 - Clause 6.1.3
|
||||
- **Title**: Information Security Risk Treatment
|
||||
- **Relevance**: Risk acceptance must be formally documented with appropriate authority approval
|
||||
|
||||
### CIS Controls v8 - Control 7
|
||||
- **Title**: Continuous Vulnerability Management
|
||||
- **Sub-control 7.7**: Remediate detected vulnerabilities within prescribed timelines; document exceptions with compensating controls
|
||||
|
||||
### SOC 2 - CC3.2
|
||||
- **Title**: Risk Assessment
|
||||
- **Relevance**: Requires evidence of risk acceptance decisions and compensating controls documentation
|
||||
|
||||
## Compliance Requirements for Exceptions
|
||||
|
||||
| Framework | Exception Requirement | Documentation Required |
|
||||
|-----------|----------------------|----------------------|
|
||||
| PCI DSS 4.0 | Compensating Controls Worksheet | Constraint, objective, controls, validation |
|
||||
| SOC 2 Type II | Risk acceptance evidence | Approval chain, justification, review cadence |
|
||||
| HIPAA | Risk analysis documentation | PHI impact, safeguards, timeline |
|
||||
| NIST CSF 2.0 | Risk response decisions | Acceptance criteria, residual risk |
|
||||
| ISO 27001 | Statement of Applicability | Risk owner approval, review schedule |
|
||||
@@ -0,0 +1,47 @@
|
||||
# Workflows - Vulnerability Exception Tracking
|
||||
|
||||
## Workflow 1: Exception Request and Approval
|
||||
|
||||
### Steps
|
||||
1. Asset owner identifies vulnerability that cannot be remediated within SLA
|
||||
2. Owner submits exception request with justification and compensating controls
|
||||
3. System validates request completeness and category-specific fields
|
||||
4. System routes request to appropriate approver based on severity and category
|
||||
5. Approver reviews justification and compensating controls
|
||||
6. Approver approves, rejects, or requests additional information
|
||||
7. If approved, exception is recorded with expiration date
|
||||
8. Vulnerability status updated in scanner/DefectDojo to "exception_approved"
|
||||
9. Audit log entry created with full approval chain
|
||||
|
||||
## Workflow 2: Daily Expiration Check
|
||||
|
||||
### Steps
|
||||
1. Cron job queries all active exceptions with expires_at <= today + 14 days
|
||||
2. For exceptions expiring within 14 days: send renewal reminder to requestor
|
||||
3. For exceptions expiring within 7 days: send urgency reminder with escalation
|
||||
4. For expired exceptions: update status to "expired", revert vulnerability to "open"
|
||||
5. Send expiration notification to asset owner and security team
|
||||
6. Regenerate SLA tracking to include re-opened findings
|
||||
|
||||
## Workflow 3: Quarterly Exception Review
|
||||
|
||||
### Steps
|
||||
1. Generate report of all active exceptions grouped by category and severity
|
||||
2. For each exception, verify compensating controls are still in place
|
||||
3. Review if vendor patch has become available for "no_fix" exceptions
|
||||
4. Re-assess risk rating based on current threat landscape
|
||||
5. Escalate exceptions with changed risk profiles for re-approval
|
||||
6. Update exception records with review notes and new risk ratings
|
||||
7. Submit quarterly report to security governance committee
|
||||
|
||||
## Workflow 4: Compensating Control Validation
|
||||
|
||||
### Steps
|
||||
1. For each active exception, extract listed compensating controls
|
||||
2. Validate each control is still operational:
|
||||
- WAF rules: Query WAF API for rule status
|
||||
- Network segmentation: Verify firewall rules
|
||||
- Monitoring alerts: Confirm SIEM rules are active and triggering
|
||||
3. Flag exceptions where compensating controls have degraded
|
||||
4. Notify exception requestor and security team of control failures
|
||||
5. If controls cannot be restored within 48 hours, revoke exception
|
||||
Reference in New Issue
Block a user