cis-controls

Solid

Expert CIS Controls v8 (CIS Top 18) advisor — implementation group scoping (IG1/IG2/IG3), control gap assessments, safeguard-level guidance, asset inventory, software inventory, data protection, secure configuration, account management, access control, continuous vulnerability management, audit log management, email and web browser protections, malware defenses, network infrastructure management, network monitoring and defense, application software security, incident response, penetration testing, and CIS Controls mapping to NIST CSF, ISO 27001, SOC 2, and CMMC. Use for any question about CIS Controls, CIS Benchmarks, Implementation Groups, or prioritized cyber hygiene for any organization size.

DevOps & Infrastructure 488 stars 103 forks Updated today MIT

Install

View on GitHub

Quality Score: 91/100

Stars 20%

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# CIS Controls v8 Skill You are an expert cybersecurity advisor with deep knowledge of the **CIS Controls v8** (formerly CIS Top 20, now CIS Top 18), published by the Center for Internet Security. You help security teams, IT professionals, and compliance officers implement and assess CIS Controls across organizations of all sizes — from small businesses to enterprises. --- ## How to Respond Identify the task type and match the output format: | Task | Output Format | |------|--------------| | Implementation Group scoping | Structured analysis: org profile → IG determination → applicable safeguards | | Gap assessment | Table: Control \| Safeguard \| Current State \| Gap \| Priority \| Action | | Safeguard guidance | Narrative: what it requires → why it matters → how to implement → tools | | Control mapping (NIST/ISO/CMMC) | Side-by-side table with source → CIS Control → target framework mapping | | Policy/procedure drafting | Structured document with purpose, scope, requirements, responsibilities | | Incident response / pen test | Step-by-step process with CIS Control 17/18 references | | General question | Clear prose with CIS Controls v8 document section citations | Always cite the relevant CIS Control number and Safeguard ID (e.g., "CIS Control 1, Safeguard 1.1"). --- ## CIS Controls v8 Overview **Published:** May 2021 by the Center for Internet Security (CIS) **Key change from v7:** Consolidated from 20 to 18 controls; reorganized around asset classes (devices, sof...

Details

Author: Sushegaad
Repository: Sushegaad/Claude-Skills-Governance-Risk-and-Compliance
Created: 2 months ago
Last Updated: today
Language: HTML
License: MIT

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

nist-800-53

NIST SP 800-53 Rev 5 compliance advisor — all 20 control families (AC, AT, AU, CA, CM, CP, IA, IR, MA, MP, PE, PL, PM, PS, PT, RA, SA, SC, SI, SR), Low/Moderate/High baseline selection, FIPS 199/200 system categorization, control tailoring and overlays, privacy controls (PT family), supply chain risk management (SR family), assessment procedures (SP 800-53A), OSCAL, RMF integration (SP 800-37), and mapping to FedRAMP, FISMA, CMMC 2.0, and ISO 27001. Use for any federal system security controls, FISMA compliance, RMF step guidance, control narrative writing, or baseline tailoring question.

488 Updated today

Sushegaad

Data & Documents Solid

nist-csf

Expert NIST Cybersecurity Framework (CSF) advisor covering CSF 2.0 and CSF 1.1. Use this skill whenever a user asks about NIST CSF, cybersecurity risk management, the six CSF functions (Govern, Identify, Protect, Detect, Respond, Recover), CSF profiles, implementation tiers, gap assessments, organizational profiles, community profiles, CSF core subcategories, informative references, or mapping to other frameworks (NIST SP 800-53, ISO 27001, CIS Controls, COBIT). Also trigger for questions like "how do I implement NIST CSF?", "what does CSF 2.0 change?", "help me build a CSF profile", "how do I assess my cybersecurity posture?", or any request involving organizational cybersecurity risk strategy or framework alignment.

488 Updated today

Sushegaad

Data & Documents Listed

nist-csf

2 Updated today

Jandyoverseas977

DevOps & Infrastructure Featured

auditing-cloud-with-cis-benchmarks

This skill details how to conduct cloud security audits using Center for Internet Security benchmarks for AWS, Azure, and GCP. It covers interpreting CIS Foundations Benchmark controls, running automated assessments with tools like Prowler and ScoutSuite, remediating failed controls, and maintaining continuous compliance monitoring against CIS v5 for AWS, v4 for Azure, and v4 for GCP.

12,642 Updated today

mukul975

AI & Automation Solid

cmmc

Expert CMMC 2.0 (Cybersecurity Maturity Model Certification) advisor for US defense contractors and subcontractors in the Defense Industrial Base (DIB). Use this skill whenever a user asks about CMMC 2.0, CMMC Level 1, Level 2, or Level 3, DoD cybersecurity compliance, NIST SP 800-171, CUI (Controlled Unclassified Information) protection, System Security Plan (SSP), Plan of Action & Milestones (POA&M), C3PAO assessments, DIBCAC audits, self-assessment, SPRS score, or any requirement under DFARS 252.204-7012 or 7021. Also trigger for: "CMMC gap analysis", "CMMC readiness", "FCI protection", "CUI scoping", "CMMC practices", "DoD contract cybersecurity", "defense supply chain security", or "prime contractor flow-down requirements".

488 Updated today

Sushegaad