These are a collection of my personal and open-source/publicly available resources/tools I use for managing US Government Cybersecurity process (including FedRAMP RMF, NIST RMF, DoD RMF, and IC RMF), Building ATO Packages, Implementing Security Controls, Assessing Security Controls, Hardening/STIG'ing Environments etc.
The toolkit includes:
- Control implementation guides following NIST 800-53 control sets.
- Control Assessment guide following NIST 800-53A
- ATO Package Templates from FedRAMP and other publicly sources
- Personal templates, tools and scripts I have used over-time.
- Hardening and STIG scripts - Most of the scripts are forked from SANS repo. The files contains some of the lab files for for the SANS Institute course SEC505: Securing Windows and PowerShell Automation. For more information about the Windows security and PowerShell at SANS, please visit https://sans.org/sec505. Please read the readme, legal, and setup sections of these hardening/stig scripts.
- Disclaimer: I do not own, nor did I create some of these resources.
- Note: Some of these might be outdated, especially some of the templates and guidance. Please validate and verify before you proceed to using these.