Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From shinsa
This skill should be used when the user mentions "NIST 800-53", "NIST SP 800-53", "NIST controls", "federal compliance", "FedRAMP controls", "FISMA", "NIST security controls", "800-53 assessment", or needs to understand specific NIST SP 800-53 Rev 5 control requirements for code-level compliance assessment.
npx claudepluginhub allsmog/shinsa-plugin --plugin shinsaHow this skill is triggered — by the user, by Claude, or both
Slash command
/shinsa:nist-800-53The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Comprehensive reference for code-assessable NIST SP 800-53 Rev 5 controls. This skill provides control definitions, assessment criteria, and implementation guidance for the 53 controls that can be assessed from source code, configuration, and infrastructure-as-code.
Drafts personalized cold emails, warm intros, follow-ups, updates, and communications for investor outreach during fundraising to angels, VCs, accelerators.
Share bugs, ideas, or general feedback.
Comprehensive reference for code-assessable NIST SP 800-53 Rev 5 controls. This skill provides control definitions, assessment criteria, and implementation guidance for the 53 controls that can be assessed from source code, configuration, and infrastructure-as-code.
/shinsa:nist-scan)/shinsa:nist-quick-check)This skill is reference material, not the orchestrator. The command files own run planning, assessor dispatch, reviewer loops, and artifact persistence.
NIST SP 800-53 Rev 5 organizes controls into 20 families:
| Family | Name | Total Controls | Code-Assessable |
|---|---|---|---|
| AC | Access Control | 25 | ~10 (auto/hybrid) |
| AU | Audit and Accountability | 16 | ~10 (auto/hybrid) |
| AT | Awareness and Training | 6 | 0 (manual only) |
| CA | Assessment, Authorization, Monitoring | 9 | ~2 (hybrid) |
| CM | Configuration Management | 14 | ~6 (auto/hybrid) |
| CP | Contingency Planning | 13 | ~2 (hybrid) |
| IA | Identification and Authentication | 12 | ~6 (auto/hybrid) |
| IR | Incident Response | 10 | ~2 (hybrid) |
| MA | Maintenance | 7 | 0 (manual only) |
| MP | Media Protection | 8 | ~1 (auto) |
| PE | Physical and Environmental | 23 | 0 (manual only) |
| PL | Planning | 11 | 0 (manual only) |
| PM | Program Management | 32 | 0 (manual only) |
| PS | Personnel Security | 9 | 0 (manual only) |
| PT | PII Processing and Transparency | 8 | ~1 (hybrid) |
| RA | Risk Assessment | 10 | ~1 (hybrid) |
| SA | System and Services Acquisition | 23 | ~4 (auto/hybrid) |
| SC | System and Communications Protection | 51 | ~8 (auto/hybrid) |
| SI | System and Information Integrity | 23 | ~7 (auto/hybrid) |
| SR | Supply Chain Risk Management | 12 | 0 (manual only) |
For code-level assessment, the 53 assessable controls are grouped into 6 domains:
16 controls — See references/ac-ia-controls.md
10 controls — See references/au-controls.md
8 controls — See references/sc-controls.md
8 controls — See references/si-mp-controls.md
7 controls — See references/cm-ra-sa-controls.md
4 controls — See references/cm-ra-sa-controls.md
Each control is categorized by how it can be assessed:
For this plugin, we focus on auto and hybrid controls.
NIST 800-53 defines three impact baselines. This plugin assesses all code-assessable controls regardless of baseline, but findings note which baseline they apply to:
Most code-assessable controls are required at Moderate and High baselines.