creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-14 15:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit - 611 cybersecurity skills across all subdomains

Browse Source
This commit is contained in:
mukul975
2026-02-25 10:47:44 +01:00
commit 22a7ab1462
1765 changed files with 280648 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/implementing-cisa-zero-trust-maturity-model/scripts/process.py
+415
View File
@@ -0,0 +1,415 @@
#!/usr/bin/env python3
"""
CISA Zero Trust Maturity Model Assessment and Roadmap Generator.
Evaluates organizational zero trust maturity across the five CISA ZTMM pillars
(Identity, Devices, Networks, Applications, Data) and three cross-cutting
capabilities (Visibility & Analytics, Automation & Orchestration, Governance).
Generates gap analysis, prioritized roadmap, and compliance mapping.
"""
import json
import csv
import datetime
from dataclasses import dataclass, field
from enum import IntEnum
from typing import Optional
from pathlib import Path
class MaturityStage(IntEnum):
TRADITIONAL = 0
INITIAL = 1
ADVANCED = 2
OPTIMAL = 3
PILLAR_FUNCTIONS = {
"Identity": [
"authentication",
"identity_stores",
"risk_assessment",
"access_management",
"identity_lifecycle",
"visibility_analytics",
"automation_orchestration",
"governance",
],
"Devices": [
"policy_enforcement",
"asset_management",
"device_compliance",
"device_threat_protection",
"visibility_analytics",
"automation_orchestration",
"governance",
],
"Networks": [
"network_segmentation",
"threat_protection",
"encryption",
"network_resilience",
"visibility_analytics",
"automation_orchestration",
"governance",
],
"Applications": [
"access_authorization",
"threat_protection",
"accessibility",
"application_security",
"visibility_analytics",
"automation_orchestration",
"governance",
],
"Data": [
"data_inventory",
"data_categorization",
"data_availability",
"data_access",
"data_encryption",
"visibility_analytics",
"automation_orchestration",
"governance",
],
}
OMB_M2209_REQUIREMENTS = {
"Identity": {
"requirement": "Agency staff use enterprise-managed identities with phishing-resistant MFA",
"target_stage": MaturityStage.ADVANCED,
"key_actions": [
"Deploy FIDO2/WebAuthn for all users",
"Integrate identity provider with all applications",
"Implement authorization based on user attributes",
],
},
"Devices": {
"requirement": "Federal government has a complete inventory of authorized devices and can prevent/detect/respond to incidents",
"target_stage": MaturityStage.ADVANCED,
"key_actions": [
"Deploy EDR on all endpoints",
"Maintain real-time asset inventory",
"Enforce device compliance before access",
],
},
"Networks": {
"requirement": "Agencies encrypt all DNS and HTTP traffic within their environment",
"target_stage": MaturityStage.ADVANCED,
"key_actions": [
"Encrypt all DNS traffic (DoH/DoT)",
"Enforce HTTPS for all web traffic",
"Implement network microsegmentation",
],
},
"Applications": {
"requirement": "Agencies treat all applications as internet-connected and routinely test them",
"target_stage": MaturityStage.ADVANCED,
"key_actions": [
"Integrate SAST/DAST into CI/CD",
"Remove application access from VPN dependencies",
"Implement application-level access policies",
],
},
"Data": {
"requirement": "Agencies have thorough data categorization and employ automated tools",
"target_stage": MaturityStage.ADVANCED,
"key_actions": [
"Implement data classification scheme",
"Deploy automated data tagging",
"Enable DLP across all data channels",
],
},
}
@dataclass
class FunctionAssessment:
function_name: str
current_stage: MaturityStage
target_stage: MaturityStage
evidence: str = ""
gaps: list = field(default_factory=list)
recommendations: list = field(default_factory=list)
@dataclass
class PillarAssessment:
pillar_name: str
functions: list = field(default_factory=list)
overall_stage: MaturityStage = MaturityStage.TRADITIONAL
compliance_gap: bool = False
def calculate_overall(self):
if not self.functions:
return
scores = [f.current_stage.value for f in self.functions]
avg = sum(scores) / len(scores)
self.overall_stage = MaturityStage(int(avg))
def check_compliance(self):
req = OMB_M2209_REQUIREMENTS.get(self.pillar_name)
if req:
self.compliance_gap = self.overall_stage < req["target_stage"]
@dataclass
class RoadmapItem:
pillar: str
function_name: str
current_stage: str
target_stage: str
priority: int # 1=highest, 4=lowest
effort: str # low, medium, high
recommendations: list = field(default_factory=list)
dependencies: list = field(default_factory=list)
class ZTMMAssessment:
"""Full CISA Zero Trust Maturity Model assessment engine."""
def __init__(self, organization_name: str):
self.organization = organization_name
self.assessment_date = datetime.datetime.now().isoformat()
self.pillar_assessments: dict[str, PillarAssessment] = {}
self.roadmap: list[RoadmapItem] = []
def assess_function(
self,
pillar: str,
function_name: str,
current_stage: int,
target_stage: int = 3,
evidence: str = "",
gaps: Optional[list] = None,
) -> FunctionAssessment:
current = MaturityStage(current_stage)
target = MaturityStage(target_stage)
fa = FunctionAssessment(
function_name=function_name,
current_stage=current,
target_stage=target,
evidence=evidence,
gaps=gaps or [],
)
if pillar not in self.pillar_assessments:
self.pillar_assessments[pillar] = PillarAssessment(pillar_name=pillar)
self.pillar_assessments[pillar].functions.append(fa)
return fa
def calculate_maturity(self):
for pa in self.pillar_assessments.values():
pa.calculate_overall()
pa.check_compliance()
def generate_roadmap(self) -> list[RoadmapItem]:
self.roadmap = []
effort_map = {0: "high", 1: "medium", 2: "low", 3: "low"}
for pillar_name, pa in self.pillar_assessments.items():
for func in pa.functions:
if func.current_stage < func.target_stage:
gap = func.target_stage.value - func.current_stage.value
next_stage = MaturityStage(func.current_stage.value + 1)
item = RoadmapItem(
pillar=pillar_name,
function_name=func.function_name,
current_stage=func.current_stage.name,
target_stage=next_stage.name,
priority=max(1, 4 - gap),
effort=effort_map.get(func.current_stage.value, "high"),
recommendations=func.recommendations,
)
self.roadmap.append(item)
self.roadmap.sort(key=lambda x: (x.priority, x.effort != "low"))
return self.roadmap
def get_compliance_status(self) -> dict:
status = {}
for pillar_name, pa in self.pillar_assessments.items():
req = OMB_M2209_REQUIREMENTS.get(pillar_name, {})
status[pillar_name] = {
"current_stage": pa.overall_stage.name,
"required_stage": req.get("target_stage", MaturityStage.ADVANCED).name,
"compliant": not pa.compliance_gap,
"requirement": req.get("requirement", "N/A"),
"key_actions": req.get("key_actions", []),
}
return status
def get_summary(self) -> dict:
summary = {
"organization": self.organization,
"assessment_date": self.assessment_date,
"pillars": {},
"overall_maturity": "TRADITIONAL",
}
stages = []
for name, pa in self.pillar_assessments.items():
summary["pillars"][name] = {
"stage": pa.overall_stage.name,
"score": pa.overall_stage.value,
"functions_assessed": len(pa.functions),
"compliance_gap": pa.compliance_gap,
}
stages.append(pa.overall_stage.value)
if stages:
avg = sum(stages) / len(stages)
summary["overall_maturity"] = MaturityStage(int(avg)).name
summary["overall_score"] = round(avg, 2)
return summary
def export_report(self, output_path: str):
report = {
"summary": self.get_summary(),
"compliance_status": self.get_compliance_status(),
"roadmap": [
{
"pillar": r.pillar,
"function": r.function_name,
"current": r.current_stage,
"target": r.target_stage,
"priority": r.priority,
"effort": r.effort,
}
for r in self.roadmap
],
"detailed_assessments": {},
}
for name, pa in self.pillar_assessments.items():
report["detailed_assessments"][name] = {
"overall_stage": pa.overall_stage.name,
"functions": [
{
"name": f.function_name,
"current": f.current_stage.name,
"target": f.target_stage.name,
"evidence": f.evidence,
"gaps": f.gaps,
}
for f in pa.functions
],
}
path = Path(output_path)
path.parent.mkdir(parents=True, exist_ok=True)
with open(path, "w") as f:
json.dump(report, f, indent=2)
return report
def export_csv(self, output_path: str):
path = Path(output_path)
path.parent.mkdir(parents=True, exist_ok=True)
with open(path, "w", newline="") as f:
writer = csv.writer(f)
writer.writerow([
"Pillar", "Function", "Current Stage", "Target Stage",
"Gap", "Priority", "Effort", "Evidence"
])
for name, pa in self.pillar_assessments.items():
for func in pa.functions:
gap = func.target_stage.value - func.current_stage.value
writer.writerow([
name, func.function_name,
func.current_stage.name, func.target_stage.name,
gap, max(1, 4 - gap),
"high" if func.current_stage == MaturityStage.TRADITIONAL else "medium",
func.evidence,
])
def run_sample_assessment():
"""Run a sample assessment demonstrating the ZTMM assessment process."""
assessment = ZTMMAssessment("Example Federal Agency")
# Identity Pillar Assessment
assessment.assess_function("Identity", "authentication", 1, 3,
evidence="MFA deployed for 60% of users, not phishing-resistant",
gaps=["No FIDO2/WebAuthn deployment", "Service accounts lack MFA"])
assessment.assess_function("Identity", "identity_stores", 1, 3,
evidence="Centralized AD, partial cloud identity integration")
assessment.assess_function("Identity", "risk_assessment", 0, 3,
evidence="No risk-based authentication in place")
assessment.assess_function("Identity", "access_management", 1, 3,
evidence="Basic RBAC, no attribute-based access control")
assessment.assess_function("Identity", "identity_lifecycle", 1, 3,
evidence="Manual provisioning, no HR integration")
# Devices Pillar Assessment
assessment.assess_function("Devices", "policy_enforcement", 1, 3,
evidence="MDM deployed, basic compliance checks")
assessment.assess_function("Devices", "asset_management", 1, 3,
evidence="Partial inventory, no IoT coverage")
assessment.assess_function("Devices", "device_compliance", 0, 3,
evidence="No real-time compliance checking")
assessment.assess_function("Devices", "device_threat_protection", 1, 3,
evidence="EDR on 70% of endpoints")
# Networks Pillar Assessment
assessment.assess_function("Networks", "network_segmentation", 0, 3,
evidence="Flat network, basic VLAN segmentation only")
assessment.assess_function("Networks", "threat_protection", 1, 3,
evidence="Perimeter firewall, no NDR")
assessment.assess_function("Networks", "encryption", 1, 3,
evidence="TLS for external, plaintext internal")
assessment.assess_function("Networks", "network_resilience", 1, 3,
evidence="Basic redundancy, no SD-WAN")
# Applications Pillar Assessment
assessment.assess_function("Applications", "access_authorization", 1, 3,
evidence="VPN-based access for internal apps")
assessment.assess_function("Applications", "threat_protection", 1, 3,
evidence="WAF for public apps only")
assessment.assess_function("Applications", "application_security", 0, 3,
evidence="Annual pen tests, no CI/CD security integration")
# Data Pillar Assessment
assessment.assess_function("Data", "data_inventory", 0, 3,
evidence="No comprehensive data inventory")
assessment.assess_function("Data", "data_categorization", 1, 3,
evidence="Basic classification, manual process")
assessment.assess_function("Data", "data_access", 1, 3,
evidence="Role-based access, no fine-grained controls")
assessment.assess_function("Data", "data_encryption", 1, 3,
evidence="Encryption at rest for databases, not all storage")
# Calculate and report
assessment.calculate_maturity()
roadmap = assessment.generate_roadmap()
print("=" * 70)
print(f"CISA ZTMM Assessment: {assessment.organization}")
print(f"Date: {assessment.assessment_date}")
print("=" * 70)
summary = assessment.get_summary()
print(f"\nOverall Maturity: {summary['overall_maturity']} (Score: {summary.get('overall_score', 'N/A')})")
print("\nPillar Maturity Scores:")
for pillar, data in summary["pillars"].items():
compliance = " [COMPLIANCE GAP]" if data["compliance_gap"] else " [COMPLIANT]"
print(f" {pillar:20s}: {data['stage']:12s} (Score: {data['score']}){compliance}")
print("\nOMB M-22-09 Compliance Status:")
compliance = assessment.get_compliance_status()
for pillar, status in compliance.items():
icon = "PASS" if status["compliant"] else "FAIL"
print(f" [{icon}] {pillar}: {status['current_stage']} / Required: {status['required_stage']}")
print(f"\nPrioritized Roadmap ({len(roadmap)} items):")
for i, item in enumerate(roadmap[:10], 1):
print(f" {i}. [{item.pillar}] {item.function_name}: "
f"{item.current_stage} -> {item.target_stage} "
f"(Priority: {item.priority}, Effort: {item.effort})")
# Export reports
assessment.export_report("ztmm_assessment_report.json")
assessment.export_csv("ztmm_assessment_report.csv")
print("\nReports exported: ztmm_assessment_report.json, ztmm_assessment_report.csv")
if __name__ == "__main__":
run_sample_assessment()