SecuritySkills/data/frameworks.yaml at main · UnitOneAI/SecuritySkills · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
schema_version: "1.0.0"
last_reviewed: "2026-06-16"
required_families:
  - OWASP
  - NIST
  - MITRE
  - CIS
  - CVSS
  - SSVC
  - EPSS
  - SLSA
  - CycloneDX
  - SPDX
references:
  - id: OWASP-Top-10-2021
    family: OWASP
    name: OWASP Top 10
    version: "2021"
    url: https://owasp.org/Top10/
    date_reviewed: "2026-06-16"
    owner: appsec
    aliases: [OWASP-Top-10, OWASP-Top-10-2021]
  - id: OWASP-API-Security-2023
    family: OWASP
    name: OWASP API Security Top 10
    version: "2023"
    url: https://owasp.org/API-Security/editions/2023/en/0x00-header/
    date_reviewed: "2026-06-16"
    owner: appsec
    aliases: [OWASP-API-Security-2023]
  - id: OWASP-ASVS-4.0.3
    family: OWASP
    name: OWASP Application Security Verification Standard
    version: "4.0.3"
    url: https://owasp.org/www-project-application-security-verification-standard/
    date_reviewed: "2026-06-16"
    owner: appsec
    aliases: [OWASP-ASVS, OWASP-ASVS-4.0.3]
  - id: OWASP-LLM-Top-10-2025
    family: OWASP
    name: OWASP Top 10 for Large Language Model Applications
    version: "2025"
    url: https://genai.owasp.org/llm-top-10/
    date_reviewed: "2026-06-16"
    owner: ai-security
    aliases: [OWASP-LLM-Top-10-2025, OWASP-LLM01-2025, OWASP-LLM02-2025, OWASP-LLM03-2025]
  - id: OWASP-Agentic-AI
    family: OWASP
    name: OWASP Agentic AI Security
    version: "current"
    url: https://genai.owasp.org/
    date_reviewed: "2026-06-16"
    owner: ai-security
    aliases: [OWASP-Agentic-AI]
  - id: OWASP-Testing-Guide-v4.2
    family: OWASP
    name: OWASP Web Security Testing Guide
    version: "4.2"
    url: https://owasp.org/www-project-web-security-testing-guide/
    date_reviewed: "2026-06-16"
    owner: appsec
    aliases: [OWASP-Testing-Guide-v4.2]
  - id: OWASP-CICD-Top-10
    family: OWASP
    name: OWASP Top 10 CI/CD Security Risks
    version: "current"
    url: https://owasp.org/www-project-top-10-ci-cd-security-risks/
    date_reviewed: "2026-06-16"
    owner: devsecops
    aliases: [OWASP-CICD-Top-10]
  - id: NIST-CSF-2.0
    family: NIST
    name: NIST Cybersecurity Framework
    version: "2.0"
    url: https://www.nist.gov/cyberframework
    date_reviewed: "2026-06-16"
    owner: compliance
    aliases: [NIST-CSF-2.0]
  - id: NIST-SP-800-53-Rev5
    family: NIST
    name: NIST SP 800-53 Security and Privacy Controls
    version: "Revision 5, Update 1"
    url: https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final
    date_reviewed: "2026-06-16"
    owner: compliance
    aliases: [NIST-SP-800-53, NIST-SP-800-53-AC, NIST-SP-800-53-AC-6]
  - id: NIST-SP-800-63B
    family: NIST
    name: NIST SP 800-63B Digital Identity Guidelines
    version: "Revision 4"
    url: https://csrc.nist.gov/pubs/sp/800/63/b/4/final
    date_reviewed: "2026-06-16"
    owner: identity
    aliases: [NIST-SP-800-63B]
  - id: NIST-SP-800-207
    family: NIST
    name: NIST SP 800-207 Zero Trust Architecture
    version: "Final"
    url: https://csrc.nist.gov/pubs/sp/800/207/final
    date_reviewed: "2026-06-16"
    owner: identity
    aliases: [NIST-SP-800-207]
  - id: NIST-AI-RMF-1.0
    family: NIST
    name: NIST AI Risk Management Framework
    version: "1.0"
    url: https://www.nist.gov/itl/ai-risk-management-framework
    date_reviewed: "2026-06-16"
    owner: ai-security
    aliases: [NIST-AI-RMF, NIST-AI-RMF-1.0]
  - id: MITRE-ATTACK
    family: MITRE
    name: MITRE ATT&CK
    version: "v19.1"
    url: https://attack.mitre.org/resources/versions/
    date_reviewed: "2026-06-16"
    owner: secops
    aliases: [MITRE-ATT&CK, MITRE-ATT&CK-v16, MITRE-ATT&CK-v19.1]
  - id: MITRE-ATLAS
    family: MITRE
    name: MITRE ATLAS
    version: "current"
    url: https://atlas.mitre.org/
    date_reviewed: "2026-06-16"
    owner: ai-security
    aliases: [MITRE-ATLAS]
  - id: CWE
    family: MITRE
    name: Common Weakness Enumeration
    version: "current"
    url: https://cwe.mitre.org/
    date_reviewed: "2026-06-16"
    owner: appsec
    aliases: [CWE, CWE-Top-25]
  - id: CIS-Controls-v8
    family: CIS
    name: CIS Critical Security Controls
    version: "v8"
    url: https://www.cisecurity.org/controls/v8
    date_reviewed: "2026-06-16"
    owner: compliance
    aliases: [CIS-Controls-v8]
  - id: CIS-Benchmarks
    family: CIS
    name: CIS Benchmarks
    version: "current"
    url: https://www.cisecurity.org/cis-benchmarks
    date_reviewed: "2026-06-16"
    owner: cloud
    aliases: [CIS-Benchmarks, CIS-AWS-v3.0.0, CIS-Azure-v2.1.0, CIS-GCP-v2.0.0, CIS-Docker-v1.6.0, CIS-Kubernetes-v1.9.0]
  - id: CVSS-4.0
    family: CVSS
    name: Common Vulnerability Scoring System
    version: "4.0"
    url: https://www.first.org/cvss/v4.0/
    date_reviewed: "2026-06-16"
    owner: vuln-management
    aliases: [CVSS-4.0]
  - id: SSVC-2.1
    family: SSVC
    name: Stakeholder-Specific Vulnerability Categorization
    version: "2.1"
    url: https://certcc.github.io/SSVC/
    date_reviewed: "2026-06-16"
    owner: vuln-management
    aliases: [SSVC, SSVC-2.1]
  - id: EPSS-v4
    family: EPSS
    name: Exploit Prediction Scoring System
    version: "v4"
    url: https://www.first.org/epss/
    date_reviewed: "2026-06-16"
    owner: vuln-management
    aliases: [EPSS, EPSS-v3, EPSS-v4]
  - id: SLSA-v1.2
    family: SLSA
    name: Supply-chain Levels for Software Artifacts
    version: "1.2"
    url: https://slsa.dev/spec/
    date_reviewed: "2026-06-16"
    owner: devsecops
    aliases: [SLSA, SLSA-v1.0, SLSA-v1.2]
  - id: CycloneDX-1.7
    family: CycloneDX
    name: CycloneDX Software Bill of Materials Standard
    version: "1.7"
    url: https://cyclonedx.org/specification/overview/
    date_reviewed: "2026-06-16"
    owner: devsecops
    aliases: [CycloneDX, CycloneDX-1.5, CycloneDX-1.7]
  - id: SPDX-3.0.1
    family: SPDX
    name: System Package Data Exchange
    version: "3.0.1"
    url: https://spdx.github.io/spdx-spec/v3.0.1/
    date_reviewed: "2026-06-16"
    owner: devsecops
    aliases: [SPDX, SPDX-2.3, SPDX-3.0.1]