creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-26 19:54:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
768ca51c8d331ab0bdcea8ffb31c9b99bb2c1839
Anthropic-Cybersecurity-Skills/skills/implementing-just-in-time-access-provisioning/SKILL.md
T
mukul975 cb8d79e068 Map all 754 skills to MITRE ATT&CK v19.1 
- Add validated mitre_attack frontmatter to all 754 skills (286 distinct
  techniques), verified against MITRE ATT&CK v19.1 via the official
  mitreattack-python library: 0 revoked, deprecated, or invalid IDs
- Curate precise per-skill technique IDs for forensics, malware-analysis,
  threat-intel, and red-team skills (e.g. DCSync -> T1003.006,
  Kerberoasting -> T1558.003, Pass-the-Ticket -> T1550.003)
- Reconcile v19.1 tactic restructuring: Defense Evasion split into
  Stealth (TA0005) and Defense Impairment (TA0112); revoked T1562.*
  family and T1070.001/.002 remapped to active equivalents (T1685.*)
- Normalize word-split tags across 35 skills (remove filename-derived
  stopword tags, add semantic cybersecurity tags)
- Add api-reference.md for 3 skills that were missing it
- Update README ATT&CK section with accurate v19.1 tactic distribution
2026-06-01 12:13:29 +02:00

5.0 KiB
Raw Blame History

name, description, domain, subdomain, tags, version, author, license, nist_csf, mitre_attack
name description domain subdomain tags version author license nist_csf mitre_attack
implementing-just-in-time-access-provisioning Implement Just-In-Time (JIT) access provisioning to eliminate standing privileges by granting temporary, time-bound access only when needed. This skill covers JIT architecture design, approval workflo cybersecurity identity-access-management
iam
identity
access-control
jit
provisioning
zero-trust
least-privilege
1.0 mahipal Apache-2.0
PR.AA-01
PR.AA-02
PR.AA-05
PR.AA-06
T1078
T1110
T1556
T1098

Implementing Just-In-Time Access Provisioning

Overview

Implement Just-In-Time (JIT) access provisioning to eliminate standing privileges by granting temporary, time-bound access only when needed. This skill covers JIT architecture design, approval workflows, automatic expiration, integration with PAM and IGA platforms, and alignment with zero trust principles.

When to Use

  • When deploying or configuring implementing just in time access provisioning capabilities in your environment
  • When establishing security controls aligned to compliance requirements
  • When building or improving security architecture for this domain
  • When conducting security assessments that require this implementation

Prerequisites

  • Familiarity with identity access management concepts and tools
  • Access to a test or lab environment for safe execution
  • Python 3.8+ with required dependencies installed
  • Appropriate authorization for any testing activities

Objectives

  • Design JIT access request and approval workflows
  • Implement time-bound access grants with automatic expiration
  • Configure risk-based approval routing (auto-approve low-risk, multi-approval for high-risk)
  • Integrate JIT with PAM for privileged access elevation
  • Monitor and audit all JIT access grants and usage
  • Reduce attack surface by eliminating standing privileges

Key Concepts

JIT Access Models

  1. Broker and Remove: Grant access through approval, auto-remove after time window
  2. Elevation on Demand: User has base access, elevates to privileged upon request
  3. Account Creation/Deletion: Temporary account created, destroyed after use
  4. Group Membership Toggle: Add to privileged group temporarily, auto-remove

Zero Standing Privilege (ZSP) Principle

  • No user has permanent privileged access
  • All privileged access requires explicit request with business justification
  • Access automatically expires after defined time window
  • All access events logged and auditable

Workflow

Step 1: Identify Eligible Access Types

  • Privileged admin access (domain admin, root, DBA)
  • Production environment access
  • Sensitive data access (PII, financial, healthcare)
  • Emergency/break-glass access
  • Third-party vendor access

Step 2: Design Approval Workflows

  • Self-service request portal with justification requirement
  • Auto-approve for pre-authorized low-risk access (< 1 hour)
  • Single approver for medium-risk (manager or resource owner)
  • Dual approval for high-risk (manager + security team)
  • Emergency bypass with post-facto review

Step 3: Implement Time-Bound Access

  • Configure maximum access duration per resource type
  • Implement countdown timer with extension request capability
  • Auto-revoke at expiration regardless of session state
  • Grace period notification (15 min before expiry)
  • Automatic session termination on access expiry

Step 4: Integration Architecture

  • Connect to IAM/IGA platform for provisioning/de-provisioning
  • Integrate with PAM for privileged credential checkout
  • Connect to ITSM for ticket correlation
  • Forward events to SIEM for monitoring
  • API integration for programmatic access requests

Step 5: Monitoring and Compliance

  • Log all JIT requests, approvals, grants, and revocations
  • Alert on access used beyond approved scope
  • Track access not used (request but never connected)
  • Measure mean time to access (request to grant)
  • Report on access patterns for baseline optimization

Security Controls

Control NIST 800-53 Description
Temporary Access AC-2(2) Automated temporary account management
Least Privilege AC-6 Time-bound minimum access
Access Enforcement AC-3 Automated access grant/revoke
Audit AU-3 Complete JIT access audit trail
Risk Assessment RA-3 Risk-based approval routing

Common Pitfalls

  • Setting time windows too long, negating JIT benefits
  • Not implementing automatic revocation at expiration
  • Complex approval workflows causing access delays for legitimate needs
  • Not providing emergency bypass for critical incidents
  • Failing to audit approved but unused JIT access

Verification

  • JIT request workflow functional end-to-end
  • Access automatically revoked at expiration
  • Approval routing correct for all risk levels
  • Emergency access bypass works with post-review
  • All JIT events logged to SIEM
  • Standing privileges reduced by measurable percentage
  • Mean time to access meets business SLA
Reference in New Issue View Git Blame Copy Permalink