Nist
Skill packages tagged with “Nist”
CMMC Assessment Scoping
Define CMMC assessment scope, authorization boundary, and network architecture for Level 1 or Level 2. Documents in-scope assets and network diagram narrative for the SSP.
CMMC Asset Inventory
Create and maintain the CMMC asset inventory: CUI assets, security protection assets, and contractor risk-managed assets for assessment scope.
CMMC Plan of Action & Milestones
Draft and validate the CMMC POA&M: track control deficiencies, remediation plans, owners, and due dates for Conditional Level 2 or Level 3.
CMMC Policies and Procedures
Draft CMMC-aligned security policies and procedures for all NIST 800-171 domains: Access Control, Audit, Awareness, Configuration Management, and others.
CMMC Readiness Gap Analysis
Map controls to NIST SP 800-171 practices, identify CMMC coverage gaps, and build a prioritized remediation roadmap for Level 1 or Level 2.
CMMC System Security Plan
Draft and validate the CMMC SSP for Level 1 or Level 2: system description, boundary, and implementation narratives for each NIST 800-171 practice with evidence pointers.
Cross-Compliance Matrix
Produce a unified multi-framework compliance matrix mapping controls across ISO 27001:2022, NIST CSF 2.0, SOC 2 TSC, GDPR, NIS2/DORA, and NIST 800-53/CMMC. Scores coverage per framework, identifies gaps, and prioritizes remediation by cross-framework benefit and regulatory severity.
FedRAMP Authorization Package
Draft and validate FedRAMP authorization packages for cloud service providers: System Security Plan (SSP) with all required attachments, Security Assessment Plan (SAP), Security Assessment Report (SAR), and Plan of Action & Milestones (POA&M). Supports Low, Moderate, and High baselines.
HIPAA Security Risk Assessment (SRA)
Draft and validate the Security Risk Assessment required by the HIPAA Security Rule (45 CFR §164.308(a)(1)). Defines scope and ePHI boundaries, inventories assets and Business Associate relationships, maps threats and vulnerabilities, assesses Required and Addressable safeguards, and produces the SRA report and risk register aligned with HHS/OCR audit protocol.
NIST Password Logic Adapter (CISA CPG 1.2)
Rewrite legacy password policies to prioritize length and entropy over complexity and aging, and draft the Compromised Password Detection Protocol. Aligns with NIST SP 800-63B and CISA CPG 1.2; validates that procedures include a recurring check against leaked-credential APIs (e.g. Have I Been Pwned).
NIST SP 800-53 / CSF Crosswalk
Bidirectional crosswalk between NIST Cybersecurity Framework (CSF) 2.0 subcategories and SP 800-53 Rev 5 controls. Maps CSF subcategories to 800-53 controls and vice versa, identifies gaps in either direction, and produces a crosswalk document for dual-framework compliance.
NIST SP 800-53 Baseline Selector
Select and tailor an SP 800-53 Rev 5 control baseline based on FIPS 199 categorization and regulatory overlays (HIPAA, PCI-DSS, GDPR, SOX, FedRAMP, CMMC). Applies the appropriate Low/Moderate/High baseline, adds regulation-specific controls, and supports tailoring with documented justification. Produces tailored-control-catalog.json for all downstream skills.
NIST SP 800-53 Control Standard Author
Author implementation standards for individual NIST SP 800-53 controls. Each standard documents the control objective, implementation narrative, technology and tools, responsible roles, evidence requirements, and review frequency. Validates narrative coverage and quality across control families.
NIST SP 800-53 Family Policy Author
Author NIST SP 800-53 family-level policies (the -1 controls) for each control family. Produces structured policy documents with Purpose, Scope, Applicability, Policy Statements, Roles & Responsibilities, Compliance & Enforcement, Review Frequency, and Related Documents sections. Validates completeness and structure.
NIST SP 800-53 Gap Analysis
Conduct a gap analysis across the NIST SP 800-53 compliance program. Cross-references tailored control catalog against policies, standards, and mappings to identify coverage gaps. Prioritizes remediation by baseline level, regulatory requirement, and family criticality. Produces a gap analysis report with per-family breakdown and phased remediation roadmap.
NIST SP 800-53 Organization Profile
Build and validate the organizational context profile for NIST SP 800-53 Rev 5 compliance. Captures FIPS 199 security categorization (Confidentiality, Integrity, Availability impact levels), applicable regulations (HIPAA, PCI-DSS, GDPR, SOX, FedRAMP, FISMA, CMMC), existing frameworks, and authorization boundary. Validates completeness of categorization and scope for downstream baseline selection and control implementation.
NIST SP 800-53 Policy-Control Mapper
Map existing policy and standard documents to NIST SP 800-53 controls with AI-assisted quality scoring. Rates each mapping as High/Medium/Low confidence with documented justification. Identifies unmapped controls and low-quality mappings for remediation. Produces policy-control-mapping.json for gap analysis.
StateRAMP Authorization Package
Draft and validate StateRAMP authorization packages for cloud service providers serving U.S. state and local government: System Security Plan (SSP) with attachments, Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action & Milestones (POA&M), and the StateRAMP Snapshot for the Authorized Products List.