Does it support standard security frameworks?

Yes, it includes built-in mappings for major frameworks including OWASP, NIST CSF, PCI DSS, GDPR, and HIPAA.

How does it handle threat categorization?

The skill utilizes the STRIDE methodology to map identified threats to specific security domains such as authentication, data protection, and availability.

What is the Security Requirement Extraction skill?

It is a specialized Claude Code skill that translates high-level threat analyses into specific, actionable technical security requirements and developer documentation.

Can I export the requirements to other formats?

The skill is designed to output requirements in standardized formats including Markdown, Python data classes, and traceability matrices suitable for documentation or task managers.

Security Requirement Extraction

Name: Security Requirement Extraction
Author: as4584

byas4584

セキュリティとテスト

Transforms threat analysis and business context into actionable security requirements, user stories, and test cases.

概要

This skill empowers developers and security engineers to bridge the gap between abstract threat models and concrete implementation. By leveraging structured templates and STRIDE mapping, it automates the creation of functional and non-functional security requirements, complete with acceptance criteria and traceability matrices. Whether you are documenting security architecture or building a compliance-ready backlog, this tool ensures your security posture is both verifiable and aligned with industry standards like OWASP, NIST, and GDPR.

主な機能

Standardized compliance mapping for PCI DSS, HIPAA, and SOC2
Security user story and acceptance criteria generation
0 GitHub stars
Test specification generation for automated security verification
Automated STRIDE-to-Requirement mapping logic
Traceability matrix creation for threat-to-requirement linking

ユースケース

Creating compliance-ready security architecture documentation
Generating security test cases and verification steps for CI/CD
Converting a manual threat model into a prioritized product backlog

概要

主な機能

Standardized compliance mapping for PCI DSS, HIPAA, and SOC2
Security user story and acceptance criteria generation
0 GitHub stars
Test specification generation for automated security verification
Automated STRIDE-to-Requirement mapping logic
Traceability matrix creation for threat-to-requirement linking

ユースケース

Creating compliance-ready security architecture documentation
Generating security test cases and verification steps for CI/CD
Converting a manual threat model into a prioritized product backlog