How does this skill help with STRIDE threat modeling?

It provides a mapping engine that translates STRIDE categories (Spoofing, Tampering, etc.) into specific security domains and actionable technical requirements.

What format are the security user stories in?

The skill produces industry-standard user stories following the 'As a... I need to... So that...' format, complete with Markdown-ready checkboxes for acceptance criteria.

Can I use this for compliance documentation?

Yes, the skill includes attributes for mapping requirements to major frameworks like GDPR, HIPAA, PCI-DSS, and SOC2, making audit preparation much faster.

How does it handle traceability?

It generates a traceability matrix that links every technical requirement back to a specific threat ID, ensuring no identified risk is left unmitigated.

Does it generate testable criteria?

Absolutely. It generates both clear acceptance criteria and detailed test specifications to ensure that every security requirement is verifiable.

Security Requirement Extraction

Name: Security Requirement Extraction
Author: ccf

byccf

セキュリティとテスト

Transforms threat models and business logic into actionable security requirements, user stories, and test cases.

概要

This skill bridges the gap between high-level threat identification and technical implementation by deriving structured security requirements from business context and threat models. By utilizing frameworks like STRIDE, it maps potential risks to specific security domains—such as authentication, data protection, and audit logging—to generate developer-ready artifacts. It is an essential tool for teams adopting a 'secure-by-design' approach, providing automated generation of security user stories, acceptance criteria, and traceability matrices to ensure compliance with standards like OWASP, GDPR, and HIPAA.

主な機能

0 GitHub stars
Builds threat-to-requirement traceability matrices
Generates security-focused user stories with acceptance criteria
Automated STRIDE-to-requirement mapping logic
Creates detailed security test specifications and verification steps
Supports compliance mapping for PCI-DSS, HIPAA, and SOC2

ユースケース

Generating security test cases for automated QA and penetration testing
Converting a STRIDE threat analysis into actionable developer backlog tickets
Documenting security architecture requirements for compliance audits

概要

主な機能

0 GitHub stars
Builds threat-to-requirement traceability matrices
Generates security-focused user stories with acceptance criteria
Automated STRIDE-to-requirement mapping logic
Creates detailed security test specifications and verification steps
Supports compliance mapping for PCI-DSS, HIPAA, and SOC2

ユースケース

Generating security test cases for automated QA and penetration testing
Converting a STRIDE threat analysis into actionable developer backlog tickets
Documenting security architecture requirements for compliance audits