creator/Anthropic-Cybersecurity-Skills

mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 14:14:56 +03:00

Files

T

mukul975 22a7ab1462 Initial commit - 611 cybersecurity skills across all subdomains

2026-02-25 10:47:44 +01:00

3.2 KiB

Raw Blame History

Standards and References - SSVC Vulnerability Triage

Primary Standards

CISA SSVC Framework

Source: Cybersecurity and Infrastructure Security Agency (CISA)
URL: https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc
Version: SSVC v2.0 (2022 revision by CISA with SEI)
Purpose: Provides a decision-tree methodology for vulnerability prioritization based on five decision points specific to the stakeholder's context

CERT/CC SSVC Original Research

Source: Carnegie Mellon University Software Engineering Institute
URL: https://certcc.github.io/SSVC/
Publication: "Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization" (2019)
Authors: Jonathan Spring, Eric Hatleback, Allen Householder, Art Manion, Deana Shick
DOI: https://doi.org/10.1184/R1/12124386

CVSS v3.1 and v4.0

Source: Forum of Incident Response and Security Teams (FIRST)
URL: https://www.first.org/cvss/
CVSS v3.1 Specification: https://www.first.org/cvss/v3.1/specification-document
CVSS v4.0 Specification: https://www.first.org/cvss/v4.0/specification-document
Relevance: SSVC complements CVSS by adding contextual decision points beyond base score severity

EPSS - Exploit Prediction Scoring System

Source: FIRST EPSS Special Interest Group
URL: https://www.first.org/epss/
API Endpoint: https://api.first.org/data/v1/epss
Model Documentation: https://www.first.org/epss/model
Relevance: EPSS probability scores inform the exploitation status decision point in SSVC

Regulatory and Compliance Context

CISA Binding Operational Directive 22-01

Title: Reducing the Significant Risk of Known Exploited Vulnerabilities
URL: https://www.cisa.gov/binding-operational-directive-22-01
Relevance: Mandates federal agencies to remediate KEV-listed vulnerabilities within specified timeframes; SSVC aligns remediation priorities with BOD 22-01 requirements

NIST SP 800-40 Rev 4

Title: Guide to Enterprise Patch Management Planning
URL: https://csrc.nist.gov/publications/detail/sp/800-40/rev-4/final
Relevance: Provides organizational context for patch management decisions that SSVC informs

NIST Cybersecurity Framework (CSF) 2.0

Function: IDENTIFY (ID.RA - Risk Assessment)
URL: https://www.nist.gov/cyberframework
Relevance: SSVC directly supports the risk assessment category for vulnerability prioritization

Data Sources

CISA Known Exploited Vulnerabilities (KEV) Catalog

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
JSON Feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Update Frequency: Updated as new exploited vulnerabilities are confirmed

National Vulnerability Database (NVD)

URL: https://nvd.nist.gov/
API v2: https://services.nvd.nist.gov/rest/json/cves/2.0
Relevance: Provides CVSS scores and vulnerability details used in SSVC decision points

MITRE CVE Program

URL: https://cve.mitre.org/
CVE List: https://www.cve.org/
Relevance: CVE identifiers are the primary key for linking vulnerability data across SSVC decision points