checking-infrastructure-compliance
について
このスキルは、SOC2、HIPAA、PCI-DSS規格に基づいてインフラ構成を分析し、コンプライアンス違反やセキュリティリスクを特定することを可能にします。「コンプライアンスチェック」や「セキュリティ監査」といったキーワードで起動され、コンプライアンス評価レポートを生成します。開発者は、主要な規制フレームワークへの準拠状況をインフラストラクチャーに対して評価する必要がある場合に、このスキルを使用すべきです。
クイックインストール
Claude Code
推奨/plugin add https://github.com/jeremylongshore/claude-code-plugins-plusgit clone https://github.com/jeremylongshore/claude-code-plugins-plus.git ~/.claude/skills/checking-infrastructure-complianceこのコマンドをClaude Codeにコピー&ペーストしてスキルをインストールします
ドキュメント
Overview
This skill enables Claude to evaluate infrastructure configurations against common compliance frameworks. It helps identify potential vulnerabilities and gaps in compliance, providing valuable insights for remediation.
How It Works
- Receiving Request: Claude receives a user request to check infrastructure compliance.
- Analyzing Configuration: Claude analyzes the infrastructure configuration based on the requested compliance standard (SOC2, HIPAA, PCI-DSS).
- Generating Report: Claude generates a report highlighting potential compliance violations and areas for improvement.
When to Use This Skill
This skill activates when you need to:
- Assess infrastructure compliance against SOC2, HIPAA, or PCI-DSS standards.
- Identify potential security risks related to compliance violations.
- Generate reports on the compliance status of your infrastructure.
Examples
Example 1: Assessing SOC2 Compliance
User request: "Run a SOC2 compliance check on our AWS infrastructure."
The skill will:
- Analyze the AWS infrastructure configuration against SOC2 requirements.
- Generate a report identifying any non-compliant configurations and recommended remediations.
Example 2: Identifying HIPAA Compliance Issues
User request: "Check our cloud environment for HIPAA compliance violations."
The skill will:
- Analyze the cloud environment's security settings and configurations against HIPAA regulations.
- Provide a report outlining potential HIPAA violations and suggested corrective actions.
Best Practices
- Specify Standard: Always specify the compliance standard (SOC2, HIPAA, PCI-DSS) you want to check against.
- Provide Context: Provide as much context as possible about your infrastructure to ensure accurate analysis.
- Review Results: Carefully review the generated report and implement the recommended remediations.
Integration
This skill can be integrated with other DevOps tools and plugins to automate compliance checks and integrate compliance into the development lifecycle. For example, it can be used in conjunction with infrastructure-as-code tools to ensure compliance from the start.
GitHub リポジトリ
関連スキル
evaluating-llms-harness
テストThis Claude Skill runs the lm-evaluation-harness to benchmark LLMs across 60+ standardized academic tasks like MMLU and GSM8K. It's designed for developers to compare model quality, track training progress, or report academic results. The tool supports various backends including HuggingFace and vLLM models.
sglang
メタSGLang is a high-performance LLM serving framework that specializes in fast, structured generation for JSON, regex, and agentic workflows using its RadixAttention prefix caching. It delivers significantly faster inference, especially for tasks with repeated prefixes, making it ideal for complex, structured outputs and multi-turn conversations. Choose SGLang over alternatives like vLLM when you need constrained decoding or are building applications with extensive prefix sharing.
cloudflare-turnstile
メタThis skill provides comprehensive guidance for implementing Cloudflare Turnstile as a CAPTCHA-alternative bot protection system. It covers integration for forms, login pages, API endpoints, and frameworks like React/Next.js/Hono, while handling invisible challenges that maintain user experience. Use it when migrating from reCAPTCHA, debugging error codes, or implementing token validation and E2E tests.
langchain
メタLangChain is a framework for building LLM applications using agents, chains, and RAG pipelines. It supports multiple LLM providers, offers 500+ integrations, and includes features like tool calling and memory management. Use it for rapid prototyping and deploying production systems like chatbots, autonomous agents, and question-answering services.