Expand to meet LF Cybersecurity Skills Framework#201
Draft
david-a-wheeler wants to merge 18 commits intomainfrom
Draft
Expand to meet LF Cybersecurity Skills Framework#201david-a-wheeler wants to merge 18 commits intomainfrom
david-a-wheeler wants to merge 18 commits intomainfrom
Conversation
Expand the discussion of authentication and authorization so we completely meet the Linux Foundation (LF) Cybersecurity Skills Framework (CSF) item B8. This requires "Awareness of authentication & authorization (SSH, SSL, OpenID/OAuth, SSO) and basic role-based access control (RBAC)." For more about the LF CSF see: https://training.linuxfoundation.org/cybersecurity-skills-framework/ Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
There was a problem hiding this comment.
Pull request overview
This PR expands the course documentation’s discussion of authentication and authorization to more fully cover LF CSF Skill B8 topics (SSH, TLS/SSL, OpenID/OAuth, SSO, RBAC), and reorganizes related material into clearer subsections.
Changes:
- Adds new sections describing common authentication factors, MFA/passkeys, and SSO.
- Adds new material on authentication protocols (TLS, SSH) and federated identity (OIDC, WebAuthn, Credential Management API).
- Expands the authorization section with access-control models (DAC/MAC/RBAC) and an overview of OAuth + PKCE.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
david-a-wheeler
changed the title
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
The RFC is authoritative, clearly explains what it does, and also clearly explains *why* it's used. Let's cite it. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
This implements Cybersecurity Skills Framework (CSF) skill B14, "Document system architecture, configuration and changes, with a focus on integrating basic security considerations." Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
People define "development environment" somewhat differently, and for our purposes we just want to harden all environments as appropriate. So just focus on "hardening environments" and the many tasks that can be done in various environments. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Implement CSF B17, "Ensure that code repositories and build environments are secured." We already had some material; this beefs up that material so we can confidently say we cover this skill. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Implement Cybersecurity Framework skill B24, "Handle sensitive data responsibly by applying data anonymization, encryption techniques, and adhering to data protection regulations and organizational security policies." Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Implement Cybersecurity Skill Framework B32: "Develop awareness of cybersecurity laws and regulations relevant to your industry, such as GDPR for data protection. Begin by conducting simple compliance checks and documenting data handling procedures." Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Cover CSF skill I3, "Understand organization policies and legal/regulatory obligations as regards security and privacy." Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Expand the discussion of authentication and authorization so we completely meet the Linux Foundation (LF)
Cybersecurity Skills Framework (CSF) item B8.
This requires "Awareness of authentication & authorization (SSH, SSL, OpenID/OAuth, SSO) and basic role-based access control (RBAC)."
For more about the LF CSF see:
https://training.linuxfoundation.org/cybersecurity-skills-framework/