mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 05:59:40 +03:00
886658219f
- Add mitre_f3 frontmatter block to 94 fraud-relevant skills (phishing, account takeover, banking malware, BEC, identity/KYC, payment/card fraud, money-mule/cash-out, ransomware extortion, DFIR, threat intel) - Map each skill to F3 v1.1 tactics + precise technique IDs, including the two F3-specific tactics ATT&CK lacks: Positioning (FA0001) and Monetization (FA0002) - All 123 F3 v1.1 technique IDs validated against the upstream STIX bundle (github.com/center-for-threat-informed-defense/fight-fraud-framework): 0 invalid IDs, 0 invalid tactics, 0 name mismatches, no placeholder IDs - mitre_f3 kept as a separate block from mitre_attack (F3 redefines several ATT&CK tactics for the fraud context) - Add docs/mitre-f3-mapping.md schema reference - Update README: F3 as the 6th framework, dedicated F3 section + badge
100 lines
2.9 KiB
Markdown
100 lines
2.9 KiB
Markdown
---
|
|
name: implementing-pam-for-database-access
|
|
description: Deploy privileged access management for database systems including Oracle,
|
|
SQL Server, PostgreSQL, and MySQL. Covers session proxy configuration, credential
|
|
vaulting, query auditing, dynamic credentia
|
|
domain: cybersecurity
|
|
subdomain: identity-access-management
|
|
tags:
|
|
- iam
|
|
- identity
|
|
- access-control
|
|
- privileged-access
|
|
- pam
|
|
- database
|
|
- dba
|
|
version: '1.0'
|
|
author: mahipal
|
|
license: Apache-2.0
|
|
nist_csf:
|
|
- PR.AA-01
|
|
- PR.AA-02
|
|
- PR.AA-05
|
|
- PR.AA-06
|
|
mitre_attack:
|
|
- T1078
|
|
- T1110
|
|
- T1556
|
|
- T1098
|
|
- T1003
|
|
mitre_f3:
|
|
version: '1.1'
|
|
tactics:
|
|
- initial-access
|
|
- positioning
|
|
- resource-development
|
|
techniques:
|
|
- id: T1586
|
|
name: Compromise Accounts
|
|
tactic: resource-development
|
|
source: attack
|
|
- id: T1110
|
|
name: Brute Force
|
|
tactic: initial-access
|
|
source: attack
|
|
- id: F1033
|
|
name: Insider Access Abuse
|
|
tactic: initial-access
|
|
source: f3
|
|
- id: F1005.004
|
|
name: 'Account Manipulation: Change Account Details'
|
|
tactic: positioning
|
|
source: f3
|
|
- id: F1006.002
|
|
name: 'Account Takeover: Exposed Login Credential'
|
|
tactic: initial-access
|
|
source: f3
|
|
---
|
|
# Implementing PAM for Database Access
|
|
|
|
## Overview
|
|
Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL. Covers session proxy configuration, credential vaulting, query auditing, dynamic credential generation, and least-privilege database roles.
|
|
|
|
|
|
## When to Use
|
|
|
|
- When deploying or configuring implementing pam for database access capabilities in your environment
|
|
- When establishing security controls aligned to compliance requirements
|
|
- When building or improving security architecture for this domain
|
|
- When conducting security assessments that require this implementation
|
|
|
|
## Prerequisites
|
|
|
|
- Familiarity with identity access management concepts and tools
|
|
- Access to a test or lab environment for safe execution
|
|
- Python 3.8+ with required dependencies installed
|
|
- Appropriate authorization for any testing activities
|
|
|
|
## Objectives
|
|
- Implement comprehensive implementing pam for database access capability
|
|
- Establish automated discovery and monitoring processes
|
|
- Integrate with enterprise IAM and security tools
|
|
- Generate compliance-ready documentation and reports
|
|
- Align with NIST 800-53 access control requirements
|
|
|
|
## Security Controls
|
|
| Control | NIST 800-53 | Description |
|
|
|---------|-------------|-------------|
|
|
| Account Management | AC-2 | Lifecycle management |
|
|
| Access Enforcement | AC-3 | Policy-based access control |
|
|
| Least Privilege | AC-6 | Minimum necessary permissions |
|
|
| Audit Logging | AU-3 | Authentication and access events |
|
|
| Identification | IA-2 | User and service identification |
|
|
|
|
## Verification
|
|
- [ ] Implementation tested in non-production environment
|
|
- [ ] Security policies configured and enforced
|
|
- [ ] Audit logging enabled and forwarding to SIEM
|
|
- [ ] Documentation and runbooks complete
|
|
- [ ] Compliance evidence generated
|