Initial commit - 611 cybersecurity skills across all subdomains

This commit is contained in:
mukul975
2026-02-25 10:47:44 +01:00
commit 22a7ab1462
1765 changed files with 280648 additions and 0 deletions
@@ -0,0 +1,22 @@
# Standards - etcd Security Assessment
## CIS Kubernetes Benchmark v1.9 - Section 2: etcd
- 2.1: Ensure cert-file and key-file arguments are set
- 2.2: Ensure client-cert-auth argument is set to true
- 2.3: Ensure auto-tls argument is not set to true
- 2.4: Ensure peer-cert-file and peer-key-file arguments are set
- 2.5: Ensure peer-client-cert-auth argument is set to true
- 2.6: Ensure peer-auto-tls argument is not set to true
- 2.7: Ensure a unique Certificate Authority is used for etcd
## NIST SP 800-190
- Section 3.4.4: Data store encryption requirements
- Section 4.4.2: Secrets management for orchestrators
## Compliance Mapping
| Control | PCI DSS | SOC 2 | HIPAA |
|---------|---------|-------|-------|
| Encryption at rest | 3.4 | CC6.1 | 164.312(a)(2)(iv) |
| TLS transport | 4.1 | CC6.7 | 164.312(e)(1) |
| Access control | 7.1 | CC6.3 | 164.312(a)(1) |
| Backup encryption | 3.4 | CC6.1 | 164.310(d)(2)(iv) |
@@ -0,0 +1,19 @@
# Workflows - etcd Security Assessment
## Assessment Workflow
1. Verify etcd TLS configuration (client and peer)
2. Check encryption at rest configuration
3. Validate secrets are encrypted in etcd storage
4. Audit network access restrictions to etcd ports
5. Review etcd certificate expiration dates
6. Validate backup encryption and storage security
7. Test key rotation procedure
8. Document findings and remediation plan
## Remediation Priority
1. Enable TLS for all etcd communication (Critical)
2. Configure encryption at rest for secrets (Critical)
3. Restrict network access to etcd (High)
4. Implement automated backup encryption (High)
5. Schedule certificate rotation (Medium)
6. Deploy etcd monitoring and alerting (Medium)