iso-27001
SKILL.md
ISO 27001 Compliance Skill
Purpose
Ensures systems and processes comply with ISO 27001:2022 Information Security Management System (ISMS) requirements.
Rules
Key Controls for Web Applications
A.8.24 Use of Cryptography:
- TLS 1.2+ for all communications
- AES-256 for data at rest
- Secure key management
A.8.25 Secure Development Life Cycle:
- Security requirements in design
- Code review processes
- Security testing (SAST/DAST)
A.8.26 Application Security Requirements:
- Input validation
- Output encoding
- Authentication and authorization
- Session management
A.8.16 Monitoring Activities:
- Security event logging
- Log retention (90 days minimum)
- Monitoring for anomalies
A.5.7 Threat Intelligence:
- Vulnerability scanning
- Threat intelligence feeds
- Incident tracking
Documentation Requirements
MUST MAINTAIN:
- Information Security Policy
- Risk Assessment and Treatment Plan
- Statement of Applicability (SoA)
- Access Control Policy
- Cryptographic Controls Policy
- Incident Response Plan
- Business Continuity Plan
- Acceptable Use Policy
- Data Classification Policy
Audit Preparation
MUST PROVIDE:
- Evidence of control implementation
- Logs and monitoring records
- Incident records
- Change management records
- Risk assessments
- Management review minutes
Related Policies
All ISMS policies at: https://github.com/Hack23/ISMS-PUBLIC
Weekly Installs
14
Repository
hack23/homepageGitHub Stars
5
First Seen
14 days ago
Security Audits
Installed on
opencode14
gemini-cli14
github-copilot14
amp14
cline14
codex14