mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 21:54:56 +03:00
mukul975
35 lines
1.6 KiB
Markdown
35 lines
1.6 KiB
Markdown
# Standards and References - Cloud Vulnerability Posture Management
|
|
|
|
## Cloud Security Standards
|
|
|
|
### CIS Benchmarks for Cloud
|
|
- **AWS**: https://www.cisecurity.org/benchmark/amazon_web_services
|
|
- **Azure**: https://www.cisecurity.org/benchmark/azure
|
|
- **GCP**: https://www.cisecurity.org/benchmark/google_cloud_computing_platform
|
|
- **Relevance**: Prescriptive hardening guidance for cloud service configurations
|
|
|
|
### NIST SP 800-53 Rev 5
|
|
- **URL**: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
|
|
- **Key Controls**: AC-6 (Least Privilege), CM-6 (Configuration Settings), SC-7 (Boundary Protection)
|
|
|
|
### CSA Cloud Controls Matrix (CCM) v4
|
|
- **URL**: https://cloudsecurityalliance.org/research/cloud-controls-matrix
|
|
- **Relevance**: Cloud-specific security control framework aligned with major compliance standards
|
|
|
|
### AWS Well-Architected Security Pillar
|
|
- **URL**: https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html
|
|
|
|
### Azure Security Benchmark v3
|
|
- **URL**: https://learn.microsoft.com/en-us/security/benchmark/azure/overview
|
|
|
|
## Tools
|
|
|
|
| Tool | Provider | License | URL |
|
|
|------|----------|---------|-----|
|
|
| AWS Security Hub | AWS | Pay-per-use | https://aws.amazon.com/security-hub/ |
|
|
| Azure Defender for Cloud | Microsoft | Free + Standard tiers | https://azure.microsoft.com/en-us/products/defender-for-cloud |
|
|
| Prowler | Open Source | Apache 2.0 | https://github.com/prowler-cloud/prowler |
|
|
| ScoutSuite | NCC Group | GPL-2.0 | https://github.com/nccgroup/ScoutSuite |
|
|
| Steampipe | Turbot | AGPL-3.0 | https://github.com/turbot/steampipe |
|
|
| CloudSploit | Aqua Security | GPL-3.0 | https://github.com/aquasecurity/cloudsploit |
|