AgentSkillsCN

Security Policy Management

安全策略管理

SKILL.md

Security Policy Management

Skill Purpose: Define, enforce, and maintain security policies for access control, data handling, and compliance.


Core Skill Pattern

Objective: Keep security policies current, actionable, and enforceable.

Universal Pattern:

  1. Define policies for access, data, and secrets
  2. Map policies to technical controls
  3. Establish review and approval workflow
  4. Track exceptions and expirations
  5. Audit compliance regularly

Key Decisions (Project-Specific):

  • Policy ownership and review cadence
  • Required evidence and audit trail
  • Compliance frameworks in scope
  • Exception handling rules

Project-Specific Implementation Notes

Customize per project:

  • Align with company risk tolerance
  • Ensure policies match real system capabilities
  • Maintain an exception register

Example Policy Areas

  • Password and MFA requirements
  • Data classification and retention
  • Secrets management and rotation
  • Dependency update SLAs
  • Incident response escalation

Best Practices

  1. Keep policies short and enforceable
  2. Automate compliance checks where possible
  3. Review policies at least quarterly
  4. Document exceptions with expiry dates
  5. Tie policies to measurable controls

Stop Conditions

STOP and escalate if:

  • Policies conflict with system design
  • Compliance requirements are unclear
  • Exceptions are unmanaged

Skill Version: 1.0.0