security-documentation

Security Documentation Standards

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-documentation" with this command: npx skills add hack23/riksdagsmonitor/hack23-riksdagsmonitor-security-documentation

Security Documentation Standards

Purpose

Maintain comprehensive security documentation per Hack23 ISMS requirements.

Required Documents

Current State

  • ✅ SECURITY_ARCHITECTURE.md - Implemented security controls

  • ✅ THREAT_MODEL.md - STRIDE threat analysis

  • ✅ ARCHITECTURE.md - System design with C4 models

  • ✅ SECURITY.md - Security policy and vulnerability reporting

Future State

  • ✅ FUTURE_SECURITY_ARCHITECTURE.md - Planned security improvements

Document Structure

SECURITY_ARCHITECTURE.md:

Security Architecture

Executive Summary

Security Controls

Network Security

Application Security

Access Control

Data Protection

Monitoring & Detection

Compliance Mapping

ISO 27001:2022

NIST CSF 2.0

CIS Controls v8.1

References

THREAT_MODEL.md:

Threat Model

Asset Inventory

STRIDE Analysis

Spoofing Threats

Tampering Threats

Repudiation Threats

Information Disclosure Threats

Denial of Service Threats

Elevation of Privilege Threats

Risk Assessment

Mitigation Controls

Residual Risks

Quality Standards

  • Use C4 diagrams (Context, Container, Component)

  • Include Mermaid diagrams for complex workflows

  • Map to ISO 27001/NIST CSF/CIS Controls

  • Version control metadata (version, date, owner)

  • Classification marking (Public, Internal, Confidential)

References

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

information-security-strategy

No summary provided by upstream source.

Repository SourceNeeds Review
19-hack23
Security

threat-modeling

No summary provided by upstream source.

Repository SourceNeeds Review
16-hack23
Security

mcp-gateway-security

No summary provided by upstream source.

Repository SourceNeeds Review
11-hack23
Security

ci-cd-security

No summary provided by upstream source.

Repository SourceNeeds Review
10-hack23