mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-15 12:15:16 +03:00
cb8d79e068
- Add validated mitre_attack frontmatter to all 754 skills (286 distinct techniques), verified against MITRE ATT&CK v19.1 via the official mitreattack-python library: 0 revoked, deprecated, or invalid IDs - Curate precise per-skill technique IDs for forensics, malware-analysis, threat-intel, and red-team skills (e.g. DCSync -> T1003.006, Kerberoasting -> T1558.003, Pass-the-Ticket -> T1550.003) - Reconcile v19.1 tactic restructuring: Defense Evasion split into Stealth (TA0005) and Defense Impairment (TA0112); revoked T1562.* family and T1070.001/.002 remapped to active equivalents (T1685.*) - Normalize word-split tags across 35 skills (remove filename-derived stopword tags, add semantic cybersecurity tags) - Add api-reference.md for 3 skills that were missing it - Update README ATT&CK section with accurate v19.1 tactic distribution
65 lines
2.3 KiB
Markdown
65 lines
2.3 KiB
Markdown
---
|
|
name: implementing-privileged-access-workstation
|
|
description: Design and implement Privileged Access Workstations (PAWs) with device
|
|
hardening, just-in-time access, and integration with CyberArk or BeyondTrust for
|
|
secure administrative operations.
|
|
domain: cybersecurity
|
|
subdomain: identity-and-access-management
|
|
tags:
|
|
- privileged-access
|
|
- PAW
|
|
- zero-trust
|
|
- device-hardening
|
|
- CyberArk
|
|
- BeyondTrust
|
|
- just-in-time-access
|
|
version: '1.0'
|
|
author: mahipal
|
|
license: Apache-2.0
|
|
nist_csf:
|
|
- PR.AA-01
|
|
- PR.AA-02
|
|
- PR.AA-05
|
|
mitre_attack:
|
|
- T1078
|
|
- T1190
|
|
- T1059
|
|
---
|
|
|
|
# Implementing Privileged Access Workstation
|
|
|
|
## Overview
|
|
|
|
A Privileged Access Workstation (PAW) is a hardened device dedicated to performing sensitive administrative tasks. This skill covers PAW design using the tiered administration model, device compliance enforcement via Microsoft Intune or Group Policy, just-in-time (JIT) access provisioning, and integration with privileged access management (PAM) platforms like CyberArk and BeyondTrust.
|
|
|
|
|
|
## When to Use
|
|
|
|
- When deploying or configuring implementing privileged access workstation capabilities in your environment
|
|
- When establishing security controls aligned to compliance requirements
|
|
- When building or improving security architecture for this domain
|
|
- When conducting security assessments that require this implementation
|
|
|
|
## Prerequisites
|
|
|
|
- Windows 10/11 Enterprise with Virtualization Based Security (VBS)
|
|
- Microsoft Intune or Active Directory Group Policy
|
|
- CyberArk Privileged Access Security or BeyondTrust Password Safe (optional)
|
|
- Python 3.9+ with `requests`, `subprocess`, `json`
|
|
- Administrative access to target endpoints
|
|
|
|
## Steps
|
|
|
|
1. Audit current privileged access patterns and identify Tier 0/1/2 assets
|
|
2. Configure device hardening baselines (AppLocker, Credential Guard, Device Guard)
|
|
3. Enforce compliance policies via Intune or GPO
|
|
4. Implement just-in-time access with time-limited admin group membership
|
|
5. Integrate with CyberArk/BeyondTrust for credential vaulting
|
|
6. Validate PAW configuration against CIS and Microsoft PAW guidance
|
|
7. Monitor privileged sessions and generate compliance reports
|
|
|
|
## Expected Output
|
|
|
|
- JSON report listing device compliance status, hardening checks, JIT access windows, and PAM integration verification
|
|
- Risk scoring per workstation with remediation recommendations
|