Labsco
microsoft logo

security-planning

✓ Official1,245

by microsoft · part of microsoft/hve-core

Security planning reference set for operational buckets, STRIDE analysis, standards mapping, NIST control families, and backlog scaffolding.

🧩 One of 7 skills in the microsoft/hve-core package — works on its own, and pairs well with its siblings.

This is the playbook your agent receives when the skill activates — you don't need to read it to use the skill, but it's here to audit before installing.

Security Planning

This skill packages the durable security-planning reference material used by the Security Planner: operational bucket guidance, STRIDE analysis patterns, standards cross-references, NIST control-family references, and security-specific backlog formats.

When to use

Use this skill when you need to:

  • Classify application components into the operational security buckets used during planning.
  • Evaluate threats with STRIDE-based analysis, including AI-specific extensions when raiEnabled is true.
  • Map bucket findings to standards references and control families without re-embedding long standard tables.
  • Derive security-specific backlog priorities and RAI work item categories for Phase 5 handoff.

Skill layout

Load the reference file that matches the phase or topic you need.

ReferenceTopic
references/00-index.mdNavigation catalog and consolidated attribution
references/operational-buckets.mdOperational bucket definitions, GS overlay, and classification guidance
references/stride-model.mdSTRIDE methodology, AI extensions, risk matrix, and data-flow analysis
references/standards-cross-reference.mdBucket-to-standards mapping table and component mapping output format
references/nist-control-families.mdNIST 800-53 priority tiers and NIST AI RMF subcategory mappings
references/backlog-formats.mdSecurity-specific prioritization and RAI work item categories

Attribution

The durable reference content in this skill is organized by reference file and summarized in references/00-index.md. See that index for the consolidated attribution and delegation notes.