一键导入
azure-inspector-expert
Expertise in evaluating Azure subscription findings from azure-inspector and mapping them to SCF controls.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Expertise in evaluating Azure subscription findings from azure-inspector and mapping them to SCF controls.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Build and deploy a production-ready Trust Center for any company. Use this skill whenever someone asks to create a trust center, compliance portal, security page, or wants to publish their SOC 2/SOC 3/ISO 27001/HIPAA/compliance posture publicly. Also triggers when someone mentions gated document access for audit reports, NDA-based document sharing, or wants to replace paid trust center tools like Secureframe, Vanta, Drata, or SafeBase. Even if they just say "I need a place to share my SOC 2 with customers" — that's a trust center. Use this skill.
NIST Cybersecurity Framework v2.0 expert. Reference-depth knowledge of the six Functions (Govern, Identify, Protect, Detect, Respond, Recover), Categories and Subcategories, Profiles (Current vs Target), Tiers, Implementation Examples, and the practitioner workflow of using CSF as a board-readable cybersecurity outcomes language. Backed by the SCF crosswalk for control-by-control mechanics.
Verbatim reference for all 320 NIST 800-171A Rev 2 assessment objectives, plus the Rev 2 → Rev 3 control crosswalk. Use for AO-level lookups (e.g., 3.1.1[c]), evidence planning, and forward-mapping to Rev 3. Pairs with cmmc-expert.
CMMC v2.0 expert for DoD contractors. Covers NIST 800-171 Rev 2 (14 families, 110 controls), SPRS scoring, POA&M rules, 32 CFR Part 170, DFARS clauses, scoping, ESP/CSP, C3PAO assessment lifecycle, and Rev 2 → Rev 3 transition.
Interpret testssl-inspector normalized findings, recommend remediations, and tie evidence back to SCF anchor controls plus SOC 2 / NIST 800-53 r5 / PCI DSS 4.0.1 / ISO 27002:2022 equivalents derived from SCF crosswalks.
Scaffolds a complete React/Vite website project from site-config.json. Generates components, styles, and configuration based on the site type and plan data.
| name | azure-inspector-expert |
| description | Expertise in evaluating Azure subscription findings from azure-inspector and mapping them to SCF controls. |
Use this skill when interpreting azure-inspector findings or explaining Azure control gaps.
Entra ID
| SCF | Check | Typical outcome |
|---|---|---|
| IAC-01.1 | MFA posture needs Graph/authentication-method verification | inconclusive when Azure CLI cannot prove coverage |
| IAC-04 | Enabled Conditional Access policies exist | high fail if none found |
Storage accounts
| SCF | Check | Severity |
|---|---|---|
| CRY-05 | Blob/file encryption enabled | high if disabled |
| DCH-01.2 | Blob public access disabled | critical if allowed |
| CRY-06 | Minimum TLS version is TLS 1.2 or later | medium |
Key Vault
| SCF | Check | Severity |
|---|---|---|
| BCD-11 | Soft delete and purge protection | high/medium |
| IAC-07.2 | Azure RBAC authorization preferred over access policies | medium |
Monitor + Defender for Cloud
| SCF | Check | Severity |
|---|---|---|
| MON-02 | Subscription Activity Log diagnostic export configured | high |
| MON-01.2 | Defender for Cloud Standard plan enabled | high |
inconclusive as an evidence gap, not a pass. Entra MFA coverage often needs Microsoft Graph permissions beyond basic Azure Reader.not_applicable document as a scope signal, not a security defect. Example: no Key Vaults found.allowBlobPublicAccess=true is a high-risk configuration even when no container is currently public because it permits future public ACLs.az login is valid but the principal lacks subscription Reader.Policy.Read.All.allowBlobPublicAccess=false, enforce TLS 1.2+, and keep service encryption enabled.v0.1.0 does not inspect network security groups, Azure Policy assignments, VM disk encryption, AKS, SQL, Sentinel analytics, or Defender recommendations. Mark those as future connector coverage unless separate evidence is supplied.