mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 22:19:39 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,70 @@
|
||||
# Standards and Frameworks Reference
|
||||
|
||||
## NIST SP 800-207: Zero Trust Architecture
|
||||
|
||||
### Microsegmentation as ZTA Deployment Model
|
||||
NIST SP 800-207 identifies microsegmentation as one of three primary deployment approaches for zero trust:
|
||||
- Places individual or groups of resources on a unique network segment protected by a gateway security component
|
||||
- The enterprise places infrastructure devices such as intelligent switches, next-generation firewalls, or special-purpose gateway devices to act as PEPs protecting each resource or group of resources
|
||||
- This approach can be implemented using software-defined networking (SDN) or hypervisor-level enforcement
|
||||
|
||||
### Applicable Controls
|
||||
- **AC-4 (Information Flow Enforcement)**: Microsegmentation enforces approved information flows between workloads
|
||||
- **SC-7 (Boundary Protection)**: Each microsegment boundary acts as a security boundary
|
||||
- **SI-4 (Information System Monitoring)**: Microsegmentation tools provide flow telemetry for monitoring
|
||||
|
||||
## CISA Zero Trust Maturity Model v2.0
|
||||
|
||||
### Network Pillar - Microsegmentation Maturity
|
||||
|
||||
| Level | Network Segmentation | Microsegmentation | Traffic Management |
|
||||
|---|---|---|---|
|
||||
| Traditional | Large, macro-segmented perimeters | None | Static ACLs |
|
||||
| Initial | Defined architecture with some isolation | Initial workload isolation | Basic flow visibility |
|
||||
| Advanced | Ingress/egress micro-perimeters | Workload-level microsegmentation | Identity-based traffic rules |
|
||||
| Optimal | Full microsegmentation, dynamically defined | Automated, adaptive policies | ML-driven anomaly detection |
|
||||
|
||||
### Cross-Cutting: Visibility and Analytics
|
||||
- Flow telemetry from microsegmentation agents feeds into SIEM/SOAR
|
||||
- Application dependency maps provide baseline for anomaly detection
|
||||
- Policy violation alerts enable real-time incident detection
|
||||
|
||||
## PCI DSS v4.0
|
||||
|
||||
### Microsegmentation for Scope Reduction
|
||||
- **Requirement 1.3**: Network controls restrict access to and from the cardholder data environment (CDE)
|
||||
- **Requirement 1.4**: Network connections between trusted and untrusted networks are controlled
|
||||
- Microsegmentation can reduce PCI scope by isolating CDE workloads from non-CDE systems
|
||||
- Compensating control: host-based microsegmentation validated by QSA as equivalent to network segmentation
|
||||
|
||||
## Forrester Zero Trust eXtended (ZTX) Framework
|
||||
|
||||
### Workload Security Pillar
|
||||
- Microsegmentation is a core capability for securing workloads
|
||||
- Policies should be based on workload identity and context, not network location
|
||||
- Continuous monitoring of east-west traffic for anomaly detection
|
||||
- Integration with DevOps pipelines for automated policy management
|
||||
|
||||
## VMware NSX Distributed Firewall
|
||||
|
||||
### Architecture
|
||||
- Stateful Layer 4-7 firewall embedded in the hypervisor kernel
|
||||
- Policies evaluated at the vNIC level before traffic reaches the physical network
|
||||
- Context-aware rules using Active Directory groups, VM tags, and application identification
|
||||
- No network topology changes required for deployment
|
||||
|
||||
## Illumio Core Platform
|
||||
|
||||
### Architecture
|
||||
- Virtual Enforcement Node (VEN) agents installed on workloads
|
||||
- Policy Compute Engine (PCE) centralizes policy management and visualization
|
||||
- Enforcement via native OS firewall (iptables on Linux, WFP on Windows)
|
||||
- Label-based policy model: Role, Application, Environment, Location
|
||||
|
||||
## Guardicore (Akamai)
|
||||
|
||||
### Architecture
|
||||
- Lightweight agents provide process-level visibility and enforcement
|
||||
- Reveal module builds application dependency maps
|
||||
- Centra management platform for policy creation and monitoring
|
||||
- Supports bare-metal, VM, container, and cloud workloads
|
||||
Reference in New Issue
Block a user