nist-compliance
NIST 800-53r5 control implementation, tagging, evidence collection, and compliance automation for security frameworks
4
0
2025年10月25日 03:40
williamzujkowski
williamzujkowski/standards下载技能文件
下载包含 SKILL.md 和所有相关文件的完整技能目录
相关技能
security-practices
williamzujkowski
Modern security standards including Zero Trust Architecture, supply chain security, DevSecOps integration, and cloud-native protection
kubernetes
williamzujkowski
Kubernetes standards for container orchestration, deployments, services, ingress, ConfigMaps, Secrets, and security policies. Covers production-ready configurations, monitoring, and best practices for cloud-native applications.
secrets-management
williamzujkowski
Secrets management standards for API keys, passwords, certificates, and sensitive data. Covers HashiCorp Vault, environment variables, rotation policies, and detection tools with NIST 800-53r5 SC-12 compliance.
authorization-security
williamzujkowski
Authorization security standards covering RBAC, ABAC, policy enforcement, OAuth2 scopes, resource-based access control, and NIST 800-53 compliance (AC-3, AC-4, AC-6) for production systems
authentication-security
williamzujkowski
Authentication security standards covering OAuth2 flows (authorization code, PKCE), JWT best practices (RS256, expiration), MFA (TOTP, WebAuthn), session management, and NIST 800-63B compliance for production systems
security-operations
williamzujkowski
Security Operations Center (SOC) practices, incident response, SIEM management, and threat hunting following NIST 800-61
fintech-compliance
williamzujkowski
Payment card security, SOC2 compliance, and financial services regulatory requirements
gcloud
mrgoonie
Guide for implementing Google Cloud SDK (gcloud CLI) - a command-line tool for managing Google Cloud resources. Use when installing/configuring gcloud, authenticating with Google Cloud, managing projects/configurations, deploying applications, working with Compute Engine/GKE/App Engine/Cloud Storage, scripting gcloud operations, implementing CI/CD pipelines, or troubleshooting Google Cloud deployments.
mongodb
mrgoonie
Guide for implementing MongoDB - a document database platform with CRUD operations, aggregation pipelines, indexing, replication, sharding, search capabilities, and comprehensive security. Use when working with MongoDB databases, designing schemas, writing queries, optimizing performance, configuring deployments (Atlas/self-managed/Kubernetes), implementing security, or integrating with applications through 15+ official drivers. (project)
repomix
mrgoonie
Guide for using Repomix - a powerful tool that packs entire repositories into single, AI-friendly files. Use when packaging codebases for AI analysis, generating context for LLMs, creating codebase snapshots, analyzing third-party libraries, or preparing repositories for security audits.
better-auth
mrgoonie
Guide for implementing Better Auth - a framework-agnostic authentication and authorization framework for TypeScript. Use when adding authentication features like email/password, OAuth, 2FA, passkeys, or advanced auth functionality to applications.
senior-secops
alirezarezvani
Comprehensive SecOps skill for application security, vulnerability management, compliance, and secure development practices. Includes security scanning, vulnerability assessment, compliance checking, and security automation. Use when implementing security controls, conducting security audits, responding to vulnerabilities, or ensuring compliance requirements.