CPG
Skill packages tagged with “CPG”
Backup Immutability Auditor (CISA CPG 3.1)
Document and validate CISA CPG 3.1 Offline Backup & Verification Log: air-gapped or immutable backups so even a Global Admin cannot delete secondary copies, plus periodic Test Restore Log evidence (e.g. every 30 days).
CISA Circular Formatter (CPG 7.1)
Format incident data for CISA and SRMA reporting under CPG 7.1 and CIRCIA. Enforces 72-hour (covered incident) and 24-hour (ransomware) notification windows and validates Information Requirements so the first report is complete.
Privilege Training Mapper (CISA CPG 4.3)
Map privileged job functions to role-specific training modules and validate training compliance. Cross-reference Privileged User List with HR training log to flag missing or overdue certifications.
Purdue Level Mapper (CISA CPG 2.2)
IT/OT network segmentation aligned to CISA CPG 2.2 and the Purdue Model. Map assets to Levels 0–5, draft security requirements per transition, and validate no direct Business-to-PLC without DMZ.
Safe Harbor Drafter (CISA CPG 5.1 VDP)
Draft and validate a Vulnerability Disclosure Policy (VDP) with CISA-aligned Safe Harbor language and RFC 9116–compliant reporting. Ensures researcher protection and clear reporting mechanism.