mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-11 18:13:43 +03:00
cb8d79e068
- Add validated mitre_attack frontmatter to all 754 skills (286 distinct techniques), verified against MITRE ATT&CK v19.1 via the official mitreattack-python library: 0 revoked, deprecated, or invalid IDs - Curate precise per-skill technique IDs for forensics, malware-analysis, threat-intel, and red-team skills (e.g. DCSync -> T1003.006, Kerberoasting -> T1558.003, Pass-the-Ticket -> T1550.003) - Reconcile v19.1 tactic restructuring: Defense Evasion split into Stealth (TA0005) and Defense Impairment (TA0112); revoked T1562.* family and T1070.001/.002 remapped to active equivalents (T1685.*) - Normalize word-split tags across 35 skills (remove filename-derived stopword tags, add semantic cybersecurity tags) - Add api-reference.md for 3 skills that were missing it - Update README ATT&CK section with accurate v19.1 tactic distribution
133 lines
5.0 KiB
Markdown
133 lines
5.0 KiB
Markdown
---
|
|
name: implementing-just-in-time-access-provisioning
|
|
description: Implement Just-In-Time (JIT) access provisioning to eliminate standing
|
|
privileges by granting temporary, time-bound access only when needed. This skill
|
|
covers JIT architecture design, approval workflo
|
|
domain: cybersecurity
|
|
subdomain: identity-access-management
|
|
tags:
|
|
- iam
|
|
- identity
|
|
- access-control
|
|
- jit
|
|
- provisioning
|
|
- zero-trust
|
|
- least-privilege
|
|
version: '1.0'
|
|
author: mahipal
|
|
license: Apache-2.0
|
|
nist_csf:
|
|
- PR.AA-01
|
|
- PR.AA-02
|
|
- PR.AA-05
|
|
- PR.AA-06
|
|
mitre_attack:
|
|
- T1078
|
|
- T1110
|
|
- T1556
|
|
- T1098
|
|
---
|
|
# Implementing Just-In-Time Access Provisioning
|
|
|
|
## Overview
|
|
Implement Just-In-Time (JIT) access provisioning to eliminate standing privileges by granting temporary, time-bound access only when needed. This skill covers JIT architecture design, approval workflows, automatic expiration, integration with PAM and IGA platforms, and alignment with zero trust principles.
|
|
|
|
|
|
## When to Use
|
|
|
|
- When deploying or configuring implementing just in time access provisioning capabilities in your environment
|
|
- When establishing security controls aligned to compliance requirements
|
|
- When building or improving security architecture for this domain
|
|
- When conducting security assessments that require this implementation
|
|
|
|
## Prerequisites
|
|
|
|
- Familiarity with identity access management concepts and tools
|
|
- Access to a test or lab environment for safe execution
|
|
- Python 3.8+ with required dependencies installed
|
|
- Appropriate authorization for any testing activities
|
|
|
|
## Objectives
|
|
- Design JIT access request and approval workflows
|
|
- Implement time-bound access grants with automatic expiration
|
|
- Configure risk-based approval routing (auto-approve low-risk, multi-approval for high-risk)
|
|
- Integrate JIT with PAM for privileged access elevation
|
|
- Monitor and audit all JIT access grants and usage
|
|
- Reduce attack surface by eliminating standing privileges
|
|
|
|
## Key Concepts
|
|
|
|
### JIT Access Models
|
|
1. **Broker and Remove**: Grant access through approval, auto-remove after time window
|
|
2. **Elevation on Demand**: User has base access, elevates to privileged upon request
|
|
3. **Account Creation/Deletion**: Temporary account created, destroyed after use
|
|
4. **Group Membership Toggle**: Add to privileged group temporarily, auto-remove
|
|
|
|
### Zero Standing Privilege (ZSP) Principle
|
|
- No user has permanent privileged access
|
|
- All privileged access requires explicit request with business justification
|
|
- Access automatically expires after defined time window
|
|
- All access events logged and auditable
|
|
|
|
## Workflow
|
|
|
|
### Step 1: Identify Eligible Access Types
|
|
- Privileged admin access (domain admin, root, DBA)
|
|
- Production environment access
|
|
- Sensitive data access (PII, financial, healthcare)
|
|
- Emergency/break-glass access
|
|
- Third-party vendor access
|
|
|
|
### Step 2: Design Approval Workflows
|
|
- Self-service request portal with justification requirement
|
|
- Auto-approve for pre-authorized low-risk access (< 1 hour)
|
|
- Single approver for medium-risk (manager or resource owner)
|
|
- Dual approval for high-risk (manager + security team)
|
|
- Emergency bypass with post-facto review
|
|
|
|
### Step 3: Implement Time-Bound Access
|
|
- Configure maximum access duration per resource type
|
|
- Implement countdown timer with extension request capability
|
|
- Auto-revoke at expiration regardless of session state
|
|
- Grace period notification (15 min before expiry)
|
|
- Automatic session termination on access expiry
|
|
|
|
### Step 4: Integration Architecture
|
|
- Connect to IAM/IGA platform for provisioning/de-provisioning
|
|
- Integrate with PAM for privileged credential checkout
|
|
- Connect to ITSM for ticket correlation
|
|
- Forward events to SIEM for monitoring
|
|
- API integration for programmatic access requests
|
|
|
|
### Step 5: Monitoring and Compliance
|
|
- Log all JIT requests, approvals, grants, and revocations
|
|
- Alert on access used beyond approved scope
|
|
- Track access not used (request but never connected)
|
|
- Measure mean time to access (request to grant)
|
|
- Report on access patterns for baseline optimization
|
|
|
|
## Security Controls
|
|
| Control | NIST 800-53 | Description |
|
|
|---------|-------------|-------------|
|
|
| Temporary Access | AC-2(2) | Automated temporary account management |
|
|
| Least Privilege | AC-6 | Time-bound minimum access |
|
|
| Access Enforcement | AC-3 | Automated access grant/revoke |
|
|
| Audit | AU-3 | Complete JIT access audit trail |
|
|
| Risk Assessment | RA-3 | Risk-based approval routing |
|
|
|
|
## Common Pitfalls
|
|
- Setting time windows too long, negating JIT benefits
|
|
- Not implementing automatic revocation at expiration
|
|
- Complex approval workflows causing access delays for legitimate needs
|
|
- Not providing emergency bypass for critical incidents
|
|
- Failing to audit approved but unused JIT access
|
|
|
|
## Verification
|
|
- [ ] JIT request workflow functional end-to-end
|
|
- [ ] Access automatically revoked at expiration
|
|
- [ ] Approval routing correct for all risk levels
|
|
- [ ] Emergency access bypass works with post-review
|
|
- [ ] All JIT events logged to SIEM
|
|
- [ ] Standing privileges reduced by measurable percentage
|
|
- [ ] Mean time to access meets business SLA
|