Stats
Actions
Tags
From shinsa
This skill should be used when the user mentions "NIST 800-53", "NIST SP 800-53", "NIST controls", "federal compliance", "FedRAMP controls", "FISMA", "NIST security controls", "800-53 assessment", or needs to understand specific NIST SP 800-53 Rev 5 control requirements for code-level compliance assessment.
How this skill is triggered — by the user, by Claude, or both
Slash command
/shinsa:nist-800-53The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Comprehensive reference for code-assessable NIST SP 800-53 Rev 5 controls. This skill provides control definitions, assessment criteria, and implementation guidance for the 53 controls that can be assessed from source code, configuration, and infrastructure-as-code.
Comprehensive reference for code-assessable NIST SP 800-53 Rev 5 controls. This skill provides control definitions, assessment criteria, and implementation guidance for the 53 controls that can be assessed from source code, configuration, and infrastructure-as-code.
/shinsa:nist-scan)/shinsa:nist-quick-check)This skill is reference material, not the orchestrator. The command files own run planning, assessor dispatch, reviewer loops, and artifact persistence.
NIST SP 800-53 Rev 5 organizes controls into 20 families:
| Family | Name | Total Controls | Code-Assessable |
|---|---|---|---|
| AC | Access Control | 25 | ~10 (auto/hybrid) |
| AU | Audit and Accountability | 16 | ~10 (auto/hybrid) |
| AT | Awareness and Training | 6 | 0 (manual only) |
| CA | Assessment, Authorization, Monitoring | 9 | ~2 (hybrid) |
| CM | Configuration Management | 14 | ~6 (auto/hybrid) |
| CP | Contingency Planning | 13 | ~2 (hybrid) |
| IA | Identification and Authentication | 12 | ~6 (auto/hybrid) |
| IR | Incident Response | 10 | ~2 (hybrid) |
| MA | Maintenance | 7 | 0 (manual only) |
| MP | Media Protection | 8 | ~1 (auto) |
| PE | Physical and Environmental | 23 | 0 (manual only) |
| PL | Planning | 11 | 0 (manual only) |
| PM | Program Management | 32 | 0 (manual only) |
| PS | Personnel Security | 9 | 0 (manual only) |
| PT | PII Processing and Transparency | 8 | ~1 (hybrid) |
| RA | Risk Assessment | 10 | ~1 (hybrid) |
| SA | System and Services Acquisition | 23 | ~4 (auto/hybrid) |
| SC | System and Communications Protection | 51 | ~8 (auto/hybrid) |
| SI | System and Information Integrity | 23 | ~7 (auto/hybrid) |
| SR | Supply Chain Risk Management | 12 | 0 (manual only) |
For code-level assessment, the 53 assessable controls are grouped into 6 domains:
16 controls — See references/ac-ia-controls.md
10 controls — See references/au-controls.md
8 controls — See references/sc-controls.md
8 controls — See references/si-mp-controls.md
7 controls — See references/cm-ra-sa-controls.md
4 controls — See references/cm-ra-sa-controls.md
Each control is categorized by how it can be assessed:
For this plugin, we focus on auto and hybrid controls.
NIST 800-53 defines three impact baselines. This plugin assesses all code-assessable controls regardless of baseline, but findings note which baseline they apply to:
Most code-assessable controls are required at Moderate and High baselines.
Provides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.
npx claudepluginhub allsmog/shinsa-plugin --plugin shinsa