Validate NIST SP 800-53 control implementation with evidence mapping, gap analysis, automated testing, and compliance reporting across 20 control families.

>

Validate cryptographic implementations using NIST standards with TLS configuration, cipher suite analysis, and certificate lifecycle checks.

Automate compliance checks for NIST, FedRAMP, FISMA, GDPR, HIPAA, and fintech regulations with OSCAL artifact generation and evidence validation.

Review identity and access management using NIST SP 800-63B guidelines with MFA enforcement, password policy, and least privilege validation.

Generate incident response playbooks for security incidents, outages, and disaster recovery with NIST SP 800-61 compliance and escalation paths.

Comprehensive security assessment across application, cloud, container, IAM, network, OS, supply chain, and zero trust using NIST CSF 2.0.

Security Incident Report templates drawing from NIST/SANS. DDoS post-mortem, CVE correlation, timeline documentation, and blameless root cause analysis.

Comprehensive security auditing framework for LLM applications covering OWASP Top 10 for LLMs, threat modeling, penetration testing, and compliance with NIST AI RMF and ISO 42001Use when "security...

This skill should be used when identifying, analyzing, and mitigating security risks in Artificial Intelligence systems using the CoSAI (Coalition for Secure AI) Risk Map framework. Use when...

Validate network security architecture with firewall rule analysis, segmentation verification, and defense-in-depth assessment.

Validates OSCAL System Security Plan documents against schemas, profiles, and cross-reference requirements with tiered validation depth.

Human-readable remediation guidance ranked by severity

Design zero-trust architectures with identity-centric security, micro-segmentation, continuous verification, and CISA ZTMM maturity assessment.

Verify operating system hardening using CIS benchmarks with patch management, kernel hardening, and host-based firewall validation.

Evaluate zero-trust architecture maturity using CISA ZTMM with identity verification, device trust, micro-segmentation, and continuous monitoring.

SLO compliance report with error budget burn rate

Validate software supply chain security with SBOM generation, dependency scanning, provenance verification, and SLSA attestation.

Expert DevOps and SRE advisor providing strategic guidance with AWS Well-Architected Framework alignment, scalability patterns, FinOps practices, and infrastructure-as-code expertise. Presents...

Generate a structured, reviewer-friendly PR description based on current branch changes and project context