Hack23 / cis-controls

Install for your project team

Run this command in your project directory to install the skill for your entire team:

mkdir -p .claude/skills/cis-controls && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3695" && unzip -o skill.zip -d .claude/skills/cis-controls && rm skill.zip

New-Item -Path ".claude/skills/cis-controls" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/3695" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath ".claude/skills/cis-controls" -Force; Remove-Item "skill.zip"

Project Skills

This skill will be saved in .claude/skills/cis-controls/ and checked into git. All team members will have access to it automatically.

Important: Please verify the skill by reviewing its instructions before using it.

Install skill for Codex

Run one of these commands to install the skill depending on your needs:

Project Local ($CWD/.codex/skills)

mkdir -p .codex/skills/cis-controls && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3695" && unzip -o skill.zip -d .codex/skills/cis-controls && rm skill.zip

New-Item -Path ".codex/skills/cis-controls" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/3695" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath ".codex/skills/cis-controls" -Force; Remove-Item "skill.zip"

User Global (~/.codex/skills)

mkdir -p ~/.codex/skills/cis-controls && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3695" && unzip -o skill.zip -d ~/.codex/skills/cis-controls && rm skill.zip

New-Item -Path "$HOME/.codex/skills/cis-controls" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/3695" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath "$HOME/.codex/skills/cis-controls" -Force; Remove-Item "skill.zip"

Scope	Location	Suggested Use
REPO	`$CWD/.codex/skills`	Project directory. Teams can check in skills most relevant to a working folder here.
REPO	`$CWD/../.codex/skills`	A folder above CWD. Organizations can check in skills relevant to a shared area.
REPO	`$REPO_ROOT/.codex/skills`	Top-most root folder. Relevant to everyone using the repository.
USER	`$CODEX_HOME/skills`	Personal folder (`~/.codex/skills`). Curate skills that apply to any repository.

Install skill for GitHub Copilot

Run one of these commands to install the skill depending on your needs:

Project (.github/skills)

mkdir -p .github/skills/cis-controls && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3695" && unzip -o skill.zip -d .github/skills/cis-controls && rm skill.zip

New-Item -Path ".github/skills/cis-controls" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/3695" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath ".github/skills/cis-controls" -Force; Remove-Item "skill.zip"

Personal (~/.copilot/skills)

mkdir -p ~/.copilot/skills/cis-controls && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3695" && unzip -o skill.zip -d ~/.copilot/skills/cis-controls && rm skill.zip

New-Item -Path "$HOME/.copilot/skills/cis-controls" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/3695" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath "$HOME/.copilot/skills/cis-controls" -Force; Remove-Item "skill.zip"

Scope	Location	Suggested Use
Project	`.github/skills/`	Repository-specific skills. Checked into git for the whole team.
Personal	`~/.copilot/skills/`	Personal skills available across all your projects.

Install skill for Google Antigravity

Run one of these commands to install the skill depending on your needs:

Workspace (.agent/skills)

mkdir -p .agent/skills/cis-controls && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3695" && unzip -o skill.zip -d .agent/skills/cis-controls && rm skill.zip

New-Item -Path ".agent/skills/cis-controls" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/3695" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath ".agent/skills/cis-controls" -Force; Remove-Item "skill.zip"

Global (~/.gemini/antigravity/skills)

mkdir -p ~/.gemini/antigravity/skills/cis-controls && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3695" && unzip -o skill.zip -d ~/.gemini/antigravity/skills/cis-controls && rm skill.zip

New-Item -Path "$HOME/.gemini/antigravity/skills/cis-controls" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/3695" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath "$HOME/.gemini/antigravity/skills/cis-controls" -Force; Remove-Item "skill.zip"

Scope	Location	Suggested Use
Workspace	`.agent/skills/`	Workspace-specific skills for project workflows and conventions.
Global	`~/.gemini/antigravity/skills/`	Personal skills available across all workspaces.

Implement CIS Controls v8 critical security controls for effective cyber defense in CIA platform

Security

0 views

0 installs

Source: https://github.com/Hack23/cia/tree/master/.github/skills/cis-controls

Skill Content

---
name: cis-controls
description: Implement CIS Controls v8 critical security controls for effective cyber defense in CIA platform
license: Apache-2.0
---

# CIS Controls v8 Implementation Skill

## Purpose

Implement prioritized CIS Controls for cyber defense, focusing on high-impact security controls.

## When to Use

- ✅ Security hardening activities
- ✅ Compliance assessments
- ✅ Security baseline establishment
- ✅ Vendor security reviews

## Critical CIS Controls

### Control 1: Inventory and Control of Enterprise Assets

```bash
# Maintain asset inventory
aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId,Tags[?Key==`Name`].Value|[0],State.Name]' --output table

# Tag all resources
aws ec2 create-tags --resources i-1234567890abcdef0 --tags Key=Application,Value=CIA Key=Environment,Value=Production
```

### Control 2: Inventory and Control of Software Assets

```xml
<!-- Track all dependencies in pom.xml -->
<dependencies>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-webmvc</artifactId>
        <version>${spring.version}</version> <!-- Version via parent property -->
    </dependency>
</dependencies>
```

### Control 3: Data Protection

```java
@Service
public class DataProtectionService {
    @Autowired
    private BytesEncryptor encryptor;
    
    public void protectSensitiveData(SensitiveData data) {
        // Encrypt at rest
        data.setEncryptedContent(encryptor.encrypt(data.getPlainContent()));
        
        // Classify data
        data.setClassification(DataClassification.CONFIDENTIAL);
        
        // Set retention period
        data.setRetentionUntil(LocalDate.now().plusYears(7));
        
        dataRepository.save(data);
    }
}
```

### Control 4: Secure Configuration

```yaml
# application-production.yml - Secure defaults
spring:
  security:
    user:
      name: ${ADMIN_USERNAME}
      password: ${ADMIN_PASSWORD}
  
server:
  port: 8443
  ssl:
    enabled: true
  error:
    include-stacktrace: never
```

### Control 5: Account Management

```java
@Service
public class AccountManagementService {
    
    @Scheduled(cron = "0 0 2 * * *") // Daily at 2 AM
    public void reviewAccounts() {
        // Disable inactive accounts
        List<User> inactiveUsers = userRepository.findInactiveSince(
            LocalDateTime.now().minusDays(90)
        );
        
        inactiveUsers.forEach(user -> {
            user.setEnabled(false);
            auditLog.log("Account disabled due to inactivity: " + user.getUsername());
        });
        
        userRepository.saveAll(inactiveUsers);
    }
}
```

### Control 6: Access Control Management

```java
@PreAuthorize("hasRole('ADMIN')")
public void deleteUser(String userId) {
    // Enforce least privilege
    auditLogger.logPrivilegedAction("DELETE_USER", userId);
    userRepository.deleteById(userId);
}
```

### Control 8: Audit Log Management

```java
@Aspect
@Component
public class AuditLoggingAspect {
    @Around("@annotation(Audited)")
    public Object auditMethod(ProceedingJoinPoint joinPoint) throws Throwable {
        String action = joinPoint.getSignature().getName();
        String user = SecurityContextHolder.getContext().getAuthentication().getName();
        
        auditLog.info("Action: {}, User: {}, Timestamp: {}", 
            action, user, Instant.now());
        
        return joinPoint.proceed();
    }
}
```

### Control 16: Application Software Security

```bash
# Security scanning in CI/CD
mvn org.owasp:dependency-check-maven:check
mvn sonar:sonar -Dsonar.qualitygate.wait=true
```

## Implementation Priority

1. **IG1 (Implementation Group 1)** - Essential for all organizations
   - Controls 1-6: Basic cyber hygiene

2. **IG2** - Additional controls for medium-sized organizations
   - Controls 7-16: Enhanced security

3. **IG3** - Comprehensive controls for large organizations
   - Controls 17-18: Advanced/specialized

## Hack23 ISMS Policy References

**CIS Controls Implementation:**
- [Information Security Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Information_Security_Policy.md) - Governance (14.1-14.9)
- [Asset Register](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Asset_Register.md) - Control 1 (Asset Management)
- [Data Classification Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Data_Classification_Policy.md) - Control 3 (Data Protection)
- [Access Control Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Access_Control_Policy.md) - Control 5-6 (Access Control)
- [Vulnerability Management](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Vulnerability_Management.md) - Control 7 (Vulnerability Management)
- [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Control 16 (Application Security)
- [Incident Response Plan](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Incident_Response_Plan.md) - Control 17 (Incident Response)
- [Backup Recovery Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Backup_Recovery_Policy.md) - Control 11 (Data Recovery)
- [Change Management](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Change_Management.md) - Control 8 (Audit Logging)
- [Risk Assessment Methodology](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Risk_Assessment_Methodology.md) - Control 4 (Secure Configuration)

**All Hack23 ISMS Policies**: https://github.com/Hack23/ISMS-PUBLIC

## CIA Platform Architecture References

- **Security Architecture**: [CIA SECURITY_ARCHITECTURE.md](https://github.com/Hack23/cia/blob/master/SECURITY_ARCHITECTURE.md) - CIS Controls implementation
- **Architecture**: [CIA ARCHITECTURE.md](https://github.com/Hack23/cia/blob/master/ARCHITECTURE.md) - System design

## References

- **CIS Controls v8.1**: https://www.cisecurity.org/controls/v8
- **CIS Implementation Guide**: https://www.cisecurity.org/controls/cis-controls-implementation-guide
- **ISO 27001:2022**: https://www.iso.org/standard/27001
- **NIST CSF 2.0**: https://www.nist.gov/cyberframework

Hack23 / cis-controls

Install for your project team

Download skill

Enable skills in Claude

Upload to Claude

Install skill for Codex

Install skill for GitHub Copilot

Install skill for Google Antigravity

Skill Content