Skip to main content
Manusで任意のスキルを実行
ワンクリックで
GitHub リポジトリ

claude-grc-engineering

claude-grc-engineering には GRCEngClub から収集した 96 個の skills があり、リポジトリ単位の職業カバレッジとサイト内 skill 詳細ページを表示します。

収集済み skills
96
Stars
326
更新
2026-06-08
Forks
71
職業カバレッジ
10 件の職業カテゴリ · 100% 分類済み
リポジトリエクスプローラー

このリポジトリの skills

trust-center
ソフトウェア開発者

Build and deploy a production-ready Trust Center for any company. Use this skill whenever someone asks to create a trust center, compliance portal, security page, or wants to publish their SOC 2/SOC 3/ISO 27001/HIPAA/compliance posture publicly. Also triggers when someone mentions gated document access for audit reports, NDA-based document sharing, or wants to replace paid trust center tools like Secureframe, Vanta, Drata, or SafeBase. Even if they just say "I need a place to share my SOC 2 with customers" — that's a trust center. Use this skill.

2026-06-08
nist-csf-20-expert
情報セキュリティアナリスト

NIST Cybersecurity Framework v2.0 expert. Reference-depth knowledge of the six Functions (Govern, Identify, Protect, Detect, Respond, Recover), Categories and Subcategories, Profiles (Current vs Target), Tiers, Implementation Examples, and the practitioner workflow of using CSF as a board-readable cybersecurity outcomes language. Backed by the SCF crosswalk for control-by-control mechanics.

2026-05-20
cmmc-assessment-objectives
情報セキュリティアナリスト

Verbatim reference for all 320 NIST 800-171A Rev 2 assessment objectives, plus the Rev 2 → Rev 3 control crosswalk. Use for AO-level lookups (e.g., 3.1.1[c]), evidence planning, and forward-mapping to Rev 3. Pairs with cmmc-expert.

2026-05-20
cmmc-expert
情報セキュリティアナリスト

CMMC v2.0 expert for DoD contractors. Covers NIST 800-171 Rev 2 (14 families, 110 controls), SPRS scoring, POA&M rules, 32 CFR Part 170, DFARS clauses, scoping, ESP/CSP, C3PAO assessment lifecycle, and Rev 2 → Rev 3 transition.

2026-05-20
testssl-inspector-expert
情報セキュリティアナリスト

Interpret testssl-inspector normalized findings, recommend remediations, and tie evidence back to SCF anchor controls plus SOC 2 / NIST 800-53 r5 / PCI DSS 4.0.1 / ISO 27002:2022 equivalents derived from SCF crosswalks.

2026-05-15
website-build
ウェブ開発者

Scaffolds a complete React/Vite website project from site-config.json. Generates components, styles, and configuration based on the site type and plan data.

2026-05-14
website-cicd
ソフトウェア開発者

Sets up GitHub Actions CI/CD workflow for automatic deployment to AWS on push to main. Uses GitHub OIDC for keyless AWS authentication.

2026-05-14
website-deploy
ネットワーク・コンピュータシステム管理者

Builds the React/Vite site, syncs to S3, and invalidates CloudFront cache. Uses the plugin's bundled deploy.sh script.

2026-05-14
website-infra
ネットワーク・コンピュータシステム管理者

Deploys AWS CloudFormation infrastructure stacks for the website (S3, CloudFront, Route 53, ACM, and optionally contact form API).

2026-05-14
website-preflight
ネットワーク・コンピュータシステム管理者

Validates AWS readiness for website deployment. Checks CLI tools, credentials, SES, Route 53, and ACM. Produces a report with pass/fail and action items.

2026-05-14
website-repo
ソフトウェア開発者

Creates a GitHub repository for the website project, initializes git, and pushes the code.

2026-05-14
grc-portfolio-planner
プロジェクト管理専門家

GRC-specific portfolio questionnaire that creates a site-config.json and SITE-PLAN.md tailored to GRC engineers — certifications, frameworks, audit experience, tools, and projects.

2026-05-14
access-review-triage
財務・投資アナリスト

Helps you triage a quarterly user access review from an Okta, Azure AD, AWS IAM, GitHub, or generic CSV/JSON export. For each row, recommends certify, revoke, manager confirm, or investigate using rules that catch the usual audit-fail patterns: terminated users still active, dormant admin accounts, separation-of-duty conflicts, service accounts in a human review. Drafts manager confirmation emails and writes an audit evidence packet mapped to SOC 2 CC6.1/CC6.2, PCI 7-8, ISO A.9, NIST AC-2. Built for small and mid-size orgs running UARs in spreadsheets without an IGA tool. Never auto-revokes. Output is a draft for human review before action.

2026-05-14
azure-inspector-expert
情報セキュリティアナリスト

Expertise in evaluating Azure subscription findings from azure-inspector and mapping them to SCF controls.

2026-05-03
crowdstrike-inspector-expert
情報セキュリティアナリスト

Interpret CrowdStrike Falcon findings for sensor coverage, policy visibility, and host group scoping.

2026-05-03
datadog-inspector-expert
情報セキュリティアナリスト

Interpret datadog-inspector findings and translate Datadog monitoring, audit, log-retention, SSO, and RBAC results into GRC evidence and remediation.

2026-05-03
drata-inspector-expert
情報セキュリティアナリスト

Interpret drata-inspector findings generated from drata-cli workflows and turn Drata control, monitor, evidence, personnel, and integration posture into GRC action.

2026-05-03
slack-inspector-expert
情報セキュリティアナリスト

Interpret slack-inspector findings, explain Slack API coverage limits, and turn Slack workspace posture results into control evidence or remediation.

2026-05-03
snowflake-inspector-expert
情報セキュリティアナリスト

Interpret Snowflake account usage findings for MFA, network policies, masking/row access policies, session timeout, and retention.

2026-05-03
splunk-inspector-expert
情報セキュリティアナリスト

Interpret splunk-inspector findings and translate Splunk retention, RBAC, audit, search ACL, and auth posture into compliance evidence and remediation.

2026-05-03
tenable-inspector-expert
情報セキュリティアナリスト

Interpret Tenable vulnerability-management findings for scan coverage, credentialed scans, vulnerability age, and scan access visibility.

2026-05-03
au-apra-cps-234-expert
情報セキュリティアナリスト

APRA CPS 234 expert for Australian prudential information security. Reference-depth framework plugin with scope determination, evidence checklist, and SCF-backed assessment guidance.

2026-05-03
sg-mas-trm-expert
情報セキュリティアナリスト

Singapore MAS Technology Risk Management Guidelines expert. Reference-depth framework plugin with scope determination, evidence checklist, and SCF-backed assessment guidance for Singapore-regulated financial institutions.

2026-05-03
us-nerc-cip-expert
情報セキュリティアナリスト

NERC Critical Infrastructure Protection expert. Reference-depth framework plugin with scope determination, evidence checklist, and SCF-backed assessment guidance for BES Cyber Systems.

2026-05-03
drawio
ソフトウェア開発者

Always use when the user asks to create, generate, draw, or design a diagram, flowchart, architecture diagram, ER diagram, sequence diagram, class diagram, network diagram, mockup, wireframe, UI sketch, GRC workflow, control map, audit process, risk register flow, compliance architecture, or mentions draw.io, drawio, drawoi, .drawio files, or diagram export to PNG/SVG/PDF.

2026-05-03
grc-audit-workflow-diagram
コンプライアンスオフィサー

Use when creating a draw.io diagram for audit planning, request lists, evidence, testing, exceptions, remediation, and reporting in a GRC, security, audit, compliance, privacy, cloud, or risk context.

2026-05-03
grc-compliance-operating-model-diagram
コンプライアンスオフィサー

Use when creating a draw.io diagram for high-level GRC program architecture, continuous compliance operating models, three lines of defense, and executive program maps in a GRC, security, audit, compliance, privacy, cloud, or risk context.

2026-05-03
grc-control-map-diagram
コンプライアンスオフィサー

Use when creating a draw.io diagram for controls mapped across frameworks, systems, owners, risks, and evidence sources in a GRC, security, audit, compliance, privacy, cloud, or risk context.

2026-05-03
grc-data-flow-diagram
コンプライアンスオフィサー

Use when creating a draw.io diagram for regulated data flows, data classifications, storage, processing, transfer, access, retention, and logging in a GRC, security, audit, compliance, privacy, cloud, or risk context.

2026-05-03
grc-evidence-flow-diagram
コンプライアンスオフィサー

Use when creating a draw.io diagram for evidence collection, evidence lifecycle, audit evidence pipelines, and systems of record in a GRC, security, audit, compliance, privacy, cloud, or risk context.

2026-05-03
grc-framework-crosswalk-diagram
コンプライアンスオフィサー

Use when creating a draw.io diagram for mapping controls and obligations across frameworks to show overlap, gaps, and conflicts in a GRC, security, audit, compliance, privacy, cloud, or risk context.

2026-05-03
grc-poam-diagram
コンプライアンスオフィサー

Use when creating a draw.io diagram for POA&M items, audit findings, remediation milestones, validation, closure, and escalation paths in a GRC, security, audit, compliance, privacy, cloud, or risk context.

2026-05-03
grc-raci-diagram
コンプライアンスオフィサー

Use when creating a draw.io diagram for responsibility assignments across GRC, security, engineering, legal, HR, procurement, vendors, and auditors in a GRC, security, audit, compliance, privacy, cloud, or risk context.

2026-05-03
grc-risk-treatment-diagram
コンプライアンスオフィサー

Use when creating a draw.io diagram for risk intake, scoring, treatment, exception approval, residual risk, and monitoring workflows in a GRC, security, audit, compliance, privacy, cloud, or risk context.

2026-05-03
grc-shared-responsibility-diagram
コンプライアンスオフィサー

Use when creating a draw.io diagram for cloud/SaaS shared responsibility, inherited controls, provider controls, customer controls, and evidence ownership in a GRC, security, audit, compliance, privacy, cloud, or risk context.

2026-05-03
grc-system-boundary-diagram
ソフトウェア開発者

Use when creating a draw.io diagram for compliance scope, authorization boundaries, trust boundaries, in-scope/out-of-scope systems, and system context diagrams in a GRC, security, audit, compliance, privacy, cloud, or risk context.

2026-05-03
grc-third-party-risk-diagram
ソフトウェア開発者

Use when creating a draw.io diagram for vendor intake, tiering, questionnaires, security/privacy/legal review, contracting, and ongoing monitoring in a GRC, security, audit, compliance, privacy, cloud, or risk context.

2026-05-03
jp-appi-expert
財務・投資アナリスト

Japan APPI expert for the Act on the Protection of Personal Information. Reference-depth framework plugin with scope determination, evidence checklist, and SCF-backed assessment guidance for Japanese personal data.

2026-05-03
interview-question-generator
財務・投資アナリスト

Generates focused assessor interview questions from a technology stack and maps them to compliance frameworks with practical CLI/API evidence hints.

2026-05-03
us-ccpa-expert
財務・投資アナリスト

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) expert. Deep knowledge of California Civil Code §1798.100 et seq., CPRA-amended applicability thresholds, the seven consumer rights, Sensitive Personal Information handling, Service Provider / Contractor / Third Party distinctions, the Universal Opt-Out Mechanism (Global Privacy Control), CPPA risk assessments and cybersecurity audits, and dual enforcement by the California Privacy Protection Agency and the California Attorney General.

2026-04-30
このリポジトリの収集済み skills 96 件中、上位 40 件を表示しています。