Security Domain Overview
A six-phase NIST CSF 2.0 framework with 39 skills across Govern, Identify, Protect, Detect, Respond, and Recover phases.
The Security plugin implements the NIST Cybersecurity Framework (CSF) 2.0, providing structured workflows for comprehensive security posture management — from governance and risk appetite through detection, response, and recovery.
The Six Phases
| Phase | Command Prefix | Purpose |
|---|---|---|
| Govern | /security:security-policy, etc. | Establish security governance, risk appetite, roles, and culture |
| Identify | /security:asset-inventory, etc. | Discover assets, model threats, assess vulnerabilities and risks |
| Protect | /security:secure-coding, etc. | Implement safeguards — coding, secrets, access, encryption |
| Detect | /security:monitoring-strategy, etc. | Define monitoring, logging, anomaly detection, and testing |
| Respond | /security:incident-response, etc. | Plan incident response, forensics, communication, and containment |
| Recover | /security:recovery-plan, etc. | Recovery planning, backup validation, business continuity |
The Security Lifecycle
The methodology follows the NIST CSF 2.0 lifecycle:
Govern (Phase 0): Establish the security governance foundation — define policies, risk appetite, roles and responsibilities, supply chain security requirements, and security culture initiatives.
Identify (Phase 1): Understand the environment — inventory assets, model threats, assess vulnerabilities, evaluate risks, map attack surfaces, classify data, and identify compliance gaps.
Protect (Phase 2): Implement safeguards — secure coding standards, dependency scanning, secrets management, access controls, encryption strategies, API security, container security, and infrastructure-as-code security.
Detect (Phase 3): Define detection capabilities — monitoring strategies, logging architecture, anomaly detection rules, security testing procedures, and SIEM configuration.
Respond (Phase 4): Prepare for incidents — incident response plans, forensic readiness, communication templates, containment strategies, and lessons-learned processes.
Recover (Phase 5): Plan recovery — recovery procedures, backup validation, business continuity planning, and resilience improvement cycles.
Artifact Flow
Each phase reads from previous phases and writes to .metapowers/security/<topic>/:
.metapowers/security/api-platform/
00-govern.md ← Govern phase output
01-identify.md ← Identify phase output
02-protect.md ← Protect phase output
03-detect.md ← Detect phase output
04-respond.md ← Respond phase output
05-recover.md ← Recover phase outputUtility Skills
Five utility skills work across all phases without prerequisites:
/security:security-checklist— Generate security checklists for projects and releases/security:threat-intel— Research threat intelligence for specific technologies or industries/security:compliance-map— Map security controls to compliance frameworks/security:security-training— Create security awareness training materials/security:pentest-plan— Plan penetration testing engagements
Quality Gates
The plugin enforces phase ordering:
- Soft gates check that Govern artifacts exist before running later phases
- You can bypass with
--skip-checkswhen needed (logged toskip-log.md) - Utility skills have no prerequisites
Important Disclaimer
All content generated by the Security plugin is AI-generated and intended for planning and documentation assistance purposes only. It does not replace professional security assessments, penetration testing, or compliance audits. Always have qualified security professionals review any security plans before implementation.