creator/Anthropic-Cybersecurity-Skills

mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 22:24:56 +03:00

Files

T

mukul975 22a7ab1462 Initial commit - 611 cybersecurity skills across all subdomains

2026-02-25 10:47:44 +01:00

1.7 KiB

Raw Blame History

Standards and References - Vulnerability Exception Tracking

Primary Standards

NIST SP 800-53 Rev 5 - RA-5(5)

Title: Vulnerability Monitoring and Scanning - Privileged Access
URL: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Relevance: Requires organizations to track and manage vulnerability exceptions with documented risk acceptance

PCI DSS v4.0 - Compensating Controls

URL: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
Relevance: Appendix B defines requirements for compensating controls when a PCI requirement cannot be met as stated

ISO 27001:2022 - Clause 6.1.3

Title: Information Security Risk Treatment
Relevance: Risk acceptance must be formally documented with appropriate authority approval

CIS Controls v8 - Control 7

Title: Continuous Vulnerability Management
Sub-control 7.7: Remediate detected vulnerabilities within prescribed timelines; document exceptions with compensating controls

SOC 2 - CC3.2

Title: Risk Assessment
Relevance: Requires evidence of risk acceptance decisions and compensating controls documentation

Compliance Requirements for Exceptions

Framework	Exception Requirement	Documentation Required
PCI DSS 4.0	Compensating Controls Worksheet	Constraint, objective, controls, validation
SOC 2 Type II	Risk acceptance evidence	Approval chain, justification, review cadence
HIPAA	Risk analysis documentation	PHI impact, safeguards, timeline
NIST CSF 2.0	Risk response decisions	Acceptance criteria, residual risk
ISO 27001	Statement of Applicability	Risk owner approval, review schedule