security
Installation
SKILL.md
Security Operations
Frameworks and checklists for secure systems. This skill is a triage map: use it to find the right review lens, then pull the authoritative standard for implementation detail.
Zero Trust Principles
NIST SP 800-207 frames Zero Trust as removing implicit trust based on network location, asset ownership, or perimeter membership. Access decisions are resource-centered and continuously evaluated.
| Tenet | Review Question |
|---|---|
| Resource-centric access | Is the protected thing a specific app, service, or data set? |
| Per-session authorization | Is access granted for this request/session, not forever? |
| Continuous evaluation | Do identity, device posture, and behavior affect decisions? |
| Least privilege | Are permissions scoped to the minimum operation needed? |
| Assume breach | Can one compromised account/device move laterally? |
Do not equate Zero Trust with micro-segmentation. Segmentation can help, but the security boundary is identity, policy, and resource access.