GRC
Skill packages tagged with “GRC”
CIS Benchmark Mapper
Draft Secure Configuration Baselines (hardening guides) from CIS Benchmarks or STIGs into formal policy. Validates recurring Drift Analysis schedule (NIST CSF 2.0 PR.PS).
Crypto Spec Generator
Draft and validate Cryptographic Key Management & Encryption Standard (NIST CSF 2.0 PR.DS). Ensures FIPS 140-3–aligned algorithms and key lifecycle; flags legacy algorithms (SHA-1, 3DES, etc.) for 2026-era compliance.
Incident Decision Tree Builder
Draft scenario-specific incident response playbooks (NIST CSF RS.RP) with a clear Decision Matrix for isolate vs. monitor and logic gates for Containment, Eradication, and Recovery. Inserts or validates mandatory regulatory reporting windows (e.g. GDPR 72h, SEC 4 days) in the playbook timeline.
PAM Standard (PR.AA)
Draft and validate a Privileged Access Management standard aligned to NIST CSF 2.0 PR.AA. Defines JIT, least privilege, SoD boundaries, and break-glass workflow; ensures MFA for 100% of privileged sessions.
Risk Tolerance Quantifier
Draft and validate a Cybersecurity Risk Appetite Statement (NIST CSF 2.0 GV.OC): translate board mandates into quantifiable tolerance levels and KPIs; ensure stated appetite is supported by budget narratives.
Threat Impact Narrative Builder
Build and validate cybersecurity risk registers and impact narratives aligned to NIST CSF 2.0 ID.RA. Uses FAIR methodology for impact scenarios and enforces consistency between risk scores and Historical Incident Data.