mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-13 19:05:17 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,22 @@
|
||||
# Standards - etcd Security Assessment
|
||||
|
||||
## CIS Kubernetes Benchmark v1.9 - Section 2: etcd
|
||||
- 2.1: Ensure cert-file and key-file arguments are set
|
||||
- 2.2: Ensure client-cert-auth argument is set to true
|
||||
- 2.3: Ensure auto-tls argument is not set to true
|
||||
- 2.4: Ensure peer-cert-file and peer-key-file arguments are set
|
||||
- 2.5: Ensure peer-client-cert-auth argument is set to true
|
||||
- 2.6: Ensure peer-auto-tls argument is not set to true
|
||||
- 2.7: Ensure a unique Certificate Authority is used for etcd
|
||||
|
||||
## NIST SP 800-190
|
||||
- Section 3.4.4: Data store encryption requirements
|
||||
- Section 4.4.2: Secrets management for orchestrators
|
||||
|
||||
## Compliance Mapping
|
||||
| Control | PCI DSS | SOC 2 | HIPAA |
|
||||
|---------|---------|-------|-------|
|
||||
| Encryption at rest | 3.4 | CC6.1 | 164.312(a)(2)(iv) |
|
||||
| TLS transport | 4.1 | CC6.7 | 164.312(e)(1) |
|
||||
| Access control | 7.1 | CC6.3 | 164.312(a)(1) |
|
||||
| Backup encryption | 3.4 | CC6.1 | 164.310(d)(2)(iv) |
|
||||
@@ -0,0 +1,19 @@
|
||||
# Workflows - etcd Security Assessment
|
||||
|
||||
## Assessment Workflow
|
||||
1. Verify etcd TLS configuration (client and peer)
|
||||
2. Check encryption at rest configuration
|
||||
3. Validate secrets are encrypted in etcd storage
|
||||
4. Audit network access restrictions to etcd ports
|
||||
5. Review etcd certificate expiration dates
|
||||
6. Validate backup encryption and storage security
|
||||
7. Test key rotation procedure
|
||||
8. Document findings and remediation plan
|
||||
|
||||
## Remediation Priority
|
||||
1. Enable TLS for all etcd communication (Critical)
|
||||
2. Configure encryption at rest for secrets (Critical)
|
||||
3. Restrict network access to etcd (High)
|
||||
4. Implement automated backup encryption (High)
|
||||
5. Schedule certificate rotation (Medium)
|
||||
6. Deploy etcd monitoring and alerting (Medium)
|
||||
Reference in New Issue
Block a user