home / skills / a5c-ai / babysitter / multi-cloud-security-posture

multi-cloud-security-posture skill

safe

/plugins/babysitter/skills/babysit/process/specializations/security-compliance/skills/multi-cloud-security-posture

This skill helps unify cloud security posture management across AWS, Azure, and GCP with normalized metrics and CIS benchmark comparison.

npx playbooks add skill a5c-ai/babysitter --skill multi-cloud-security-posture

Review the files below or copy the command above to add this skill to your agents.

Files (2)

SKILL.md

6.3 KB

---
name: multi-cloud-security-posture
description: Unified cloud security posture management across AWS, Azure, and GCP with normalized metrics and CIS benchmark comparison
allowed-tools:
  - Bash
  - Read
  - Write
  - Glob
  - Grep
  - WebFetch
---

# Multi-Cloud Security Posture Skill

## Purpose

Unified cloud security posture management (CSPM) across AWS, Azure, and GCP to aggregate findings, normalize security metrics, compare against CIS benchmarks, and provide a consolidated view of multi-cloud security.

## Capabilities

### Cross-Cloud Finding Aggregation
- Collect findings from AWS, Azure, and GCP
- Aggregate results from cloud-native security tools
- Import findings from third-party CSPM tools
- Deduplicate findings across environments
- Correlate related issues across clouds

### Metric Normalization
- Standardize severity ratings across clouds
- Normalize finding categories
- Create unified compliance metrics
- Calculate aggregate risk scores
- Generate comparable security ratings

### CIS Benchmark Comparison
- Apply CIS benchmarks across all clouds
- Compare security posture against benchmarks
- Track benchmark compliance over time
- Identify benchmark drift
- Generate benchmark compliance reports

### Remediation Status Tracking
- Track remediation across all clouds
- Monitor fix verification status
- Calculate mean time to remediate (MTTR)
- Generate remediation progress reports
- Prioritize cross-cloud remediation efforts

### Unified Reporting
- Generate executive dashboards
- Create technical detail reports
- Produce compliance comparison matrices
- Build trend analysis reports
- Export data for external tools

### Drift Detection and Alerting
- Monitor configuration drift
- Alert on security posture degradation
- Detect new non-compliant resources
- Track policy violations
- Send real-time notifications

## Normalized Categories

| Category | AWS | Azure | GCP |
|----------|-----|-------|-----|
| Identity | IAM | Azure AD | Cloud IAM |
| Compute | EC2, Lambda | VMs, Functions | Compute, Functions |
| Storage | S3, EBS | Storage Accounts | Cloud Storage |
| Network | VPC, SGs | VNet, NSGs | VPC, Firewall |
| Database | RDS, DynamoDB | SQL, Cosmos | Cloud SQL, Spanner |
| Encryption | KMS | Key Vault | Cloud KMS |
| Logging | CloudTrail | Activity Log | Audit Logs |

## Compliance Frameworks

- CIS Benchmarks (AWS, Azure, GCP)
- SOC 2 Type II
- PCI DSS v4.0
- HIPAA Security Rule
- ISO 27001
- NIST 800-53
- FedRAMP

## Integrations

- **Cloud Provider APIs**: AWS, Azure, GCP native tools
- **Wiz**: Cloud security platform
- **Orca Security**: Agentless cloud security
- **Prisma Cloud**: Multi-cloud CSPM
- **Lacework**: Cloud security and compliance
- **Cloud Custodian**: Cloud governance as code

## Target Processes

- Cloud Security Architecture Review
- Continuous Compliance Monitoring
- Multi-Cloud Governance
- Security Posture Reporting

## Input Schema

```json
{
  "type": "object",
  "properties": {
    "cloudProviders": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": ["AWS", "Azure", "GCP"]
      },
      "description": "Cloud providers to include"
    },
    "awsAccounts": {
      "type": "array",
      "items": { "type": "string" }
    },
    "azureSubscriptions": {
      "type": "array",
      "items": { "type": "string" }
    },
    "gcpProjects": {
      "type": "array",
      "items": { "type": "string" }
    },
    "complianceFrameworks": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": ["CIS", "SOC2", "PCI-DSS", "HIPAA", "ISO27001", "NIST", "FedRAMP"]
      }
    },
    "reportingPeriod": {
      "type": "object",
      "properties": {
        "startDate": { "type": "string", "format": "date" },
        "endDate": { "type": "string", "format": "date" }
      }
    },
    "severityThreshold": {
      "type": "string",
      "enum": ["critical", "high", "medium", "low"]
    },
    "includeRemediationStatus": {
      "type": "boolean"
    }
  },
  "required": ["cloudProviders"]
}
```

## Output Schema

```json
{
  "type": "object",
  "properties": {
    "reportId": {
      "type": "string"
    },
    "reportTimestamp": {
      "type": "string",
      "format": "date-time"
    },
    "cloudsCovered": {
      "type": "array"
    },
    "overallPosture": {
      "type": "object",
      "properties": {
        "aggregateScore": { "type": "number" },
        "riskLevel": { "type": "string" },
        "trend": { "type": "string", "enum": ["improving", "stable", "degrading"] }
      }
    },
    "postureByCloud": {
      "type": "object",
      "properties": {
        "AWS": {
          "type": "object",
          "properties": {
            "score": { "type": "number" },
            "findings": { "type": "integer" },
            "criticalFindings": { "type": "integer" }
          }
        },
        "Azure": { "type": "object" },
        "GCP": { "type": "object" }
      }
    },
    "findingsByCategory": {
      "type": "object",
      "properties": {
        "identity": { "type": "integer" },
        "compute": { "type": "integer" },
        "storage": { "type": "integer" },
        "network": { "type": "integer" },
        "encryption": { "type": "integer" },
        "logging": { "type": "integer" }
      }
    },
    "complianceStatus": {
      "type": "object"
    },
    "topFindings": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "cloud": { "type": "string" },
          "category": { "type": "string" },
          "severity": { "type": "string" },
          "count": { "type": "integer" },
          "description": { "type": "string" }
        }
      }
    },
    "remediationProgress": {
      "type": "object",
      "properties": {
        "totalFindings": { "type": "integer" },
        "remediated": { "type": "integer" },
        "inProgress": { "type": "integer" },
        "pending": { "type": "integer" },
        "mttr": { "type": "string" }
      }
    },
    "recommendations": {
      "type": "array",
      "items": { "type": "string" }
    }
  }
}
```

## Usage Example

```javascript
skill: {
  name: 'multi-cloud-security-posture',
  context: {
    cloudProviders: ['AWS', 'Azure', 'GCP'],
    awsAccounts: ['123456789012'],
    azureSubscriptions: ['sub-id-1'],
    gcpProjects: ['my-project'],
    complianceFrameworks: ['CIS', 'SOC2'],
    includeRemediationStatus: true
  }
}
```

Overview

This skill provides unified cloud security posture management across AWS, Azure, and GCP. It aggregates findings from native and third-party tools, normalizes metrics and categories, and compares your environment against CIS benchmarks to produce consolidated, actionable reports. The goal is a single pane of glass for multi-cloud security posture, compliance tracking, and remediation prioritization.

How this skill works

The skill ingests findings from cloud provider APIs and supported CSPM integrations, deduplicates and correlates related issues across accounts and projects, then maps each finding to a normalized category and severity. It calculates unified risk and compliance scores, evaluates CIS benchmark coverage across clouds, and produces dashboards and exportable reports that include remediation status and trend analysis.

When to use it

When you manage workloads across two or more cloud providers and need a consolidated security view
When you need to compare multi-cloud posture against CIS benchmarks and track drift
When you want normalized severity and category metrics to prioritize cross-cloud remediation
When preparing compliance reports for SOC2, PCI, HIPAA, ISO, NIST, or FedRAMP
When you need alerting on configuration drift or new non-compliant resources

Best practices

Enable relevant cloud provider audit logs and API access for comprehensive findings ingestion
Include remediation status and ownership metadata to measure MTTR effectively
Run regular scheduled scans and keep reporting periods consistent to detect trend and drift
Configure severity thresholds and notification rules aligned to your risk appetite
Map internal controls to published compliance frameworks to speed report generation

Example use cases

Generate a monthly multi-cloud executive dashboard showing aggregate posture, trend, and top risks
Compare CIS benchmark compliance across AWS, Azure, and GCP and identify benchmark drift
Prioritize remediation by normalized severity and cross-cloud impact for faster MTTR
Alert on newly discovered non-compliant resources and track fix verification status
Export compliance matrices and detailed findings for audits and governance reviews

FAQ

Which cloud providers does this skill support?

AWS, Azure, and GCP are supported. The skill normalizes findings across those providers.

Can I include third-party CSPM tools?

Yes. The skill supports ingestion from common CSPM integrations and deduplicates findings.