This repository holds every long-form script, template, policy, and reference artifact that accompanies A Generalist's Guide to Cyber Security — A Cyber Trackr Companion Guide by Robert Weber.
The book deliberately keeps code listings short so it reads well in print. Anything longer than ~30 lines — production-minded scripts, full-sized templates, real-world policy examples — lives here where it can be copy-pasted, forked, and evolved independently of the book's print cycle.
Each chapter in the book that references a file here gives you:
- A short excerpt (usually the first 10-15 lines) inline in the book, so you can see the shape of the artifact without leaving the page.
- A "→ Full file" pointer with the exact path in this repo.
Clone it, browse it on GitHub, or download single files as needed:
git clone https://github.com/CyberSecDef/cyber-companion.git
cd cyber-companionEvery path below is a direct file link on main. If you're reading a specific edition of the book and want the artifacts as they were the day that edition was published, check out the matching release tag (e.g., v1.0-print-edition) instead of main.
MIT — see LICENSE. Use freely in commercial, government, or educational contexts. The artifacts are templates, not legal or compliance advice; tailor before putting them in front of an authorizing official or auditor.
Every chapter that contributes files gets its own folder named chNN-<slug>. Appendix A's template library lives under appendix-a-templates/.
ch03-design-principles/baseline_hardening.py— Pass-1 host hardening sweep covering AC-2/AC-6, SC-7/CM-7, SC-28/MP-5, SI-2/CM-3, SI-3/SI-4, AC-17/IA-2/IA-5. 700 lines.
ch04-threat-modeling/threat_model_gtp.md— Completed STRIDE threat model for the Grant Tracking Portal (GTP). 70 lines.
ch05-seven-steps/rmf_step_dependencies.py— RMF step dependency graph — which prior steps must complete before each step may begin. 151 lines.
ch06-prepare/prepare_artifact_repository.py— Scaffolded RMF Prepare artifact repository: program charter, RACI, info-type catalog, common-control catalog, scoping records. 311 lines.
ch07-categorize/categorize_system.py— FIPS 199 categorization engine — applies the high-water mark across information types. 238 lines.
ch08-select/select_controls.py— Tailored-baseline selector: applies SP 800-53B baselines, overlays, and tailoring decisions with a full audit log. 277 lines.
ch10-assess/rules_of_engagement.md— Rules-of-Engagement template for an SP 800-53A security controls assessment. 74 lines.
ch11-authorize/risk_acceptance_memorandum.md— Residual-risk acceptance memorandum — AO-facing narrative summarizing SAR findings and authorization decision basis. 80 lines.ch11-authorize/authorization_to_operate.md— Full Authorization To Operate (ATO) letter template with conditions, duration, and continuous-monitoring expectations. 108 lines.
ch12-monitor/iscm_strategy.md— Information Security Continuous Monitoring (ISCM) strategy — metrics, frequencies, responsibilities, escalation. 160 lines.ch12-monitor/monitoring_signal_response_matrix.md— Matrix mapping monitoring signals to the appropriate RMF-step response. 52 lines.
ch13-control-families/control_family_responsibility_matrix.md— Responsibility/ownership matrix across all 20 SP 800-53 Rev. 5 control families. 59 lines.
ch14-ac/privileged_access_workflow.md— End-to-end privileged-access-request workflow. 70 lines.ch14-ac/piv_card_configuration.json— PIV/CAC smart-card configuration profile. 48 lines.
ch15-at/role_based_training_matrix.md— Role-based training matrix mapping every role to required courses and cadence. 56 lines.ch15-at/at_program_effectiveness_metrics.md— AT program effectiveness metrics — phishing click rate, knowledge-check scores, completion. 59 lines.
ch16-au/log_source_coverage_matrix.md— Log-source coverage matrix. 54 lines.ch16-au/detection_specification_template.md— Detection specification template. 49 lines.
ch17-ca/annual_ca_calendar.md— Annual CA calendar. 77 lines.ch17-ca/information_exchange_inventory.md— Information-exchange inventory — every external connection. 40 lines.
ch18-cm/drift_detection_architecture.md— Drift-detection architecture. 57 lines.ch18-cm/change_control_process.md— Change-control process with SIA, CCB review, emergency track. 94 lines.
ch19-cp/rto_rpo_backup_matrix.md— RTO/RPO and backup-strategy matrix. 62 lines.ch19-cp/tabletop_exercise_ransomware.md— Tabletop exercise scenario: ransomware affecting a public-facing portal. 64 lines.
ch20-ia/authentication_assurance_level_map.md— SP 800-63B AAL map per application tier. 55 lines.ch20-ia/authenticator_selection_decision_tree.md— Authenticator selection decision tree. 72 lines.
ch21-ir/incident_severity_classification.md— Incident severity classification matrix. 57 lines.ch21-ir/playbook_ransomware.md— Full ransomware incident-response playbook. 92 lines.
ch22-ma/maintenance_authorization_matrix.md— Maintenance authorization matrix. 61 lines.
ch23-mp/media_sanitization_matrix.md— Media sanitization matrix per SP 800-88 Rev. 1. 73 lines.
ch24-pe/pe_control_inheritance.md— PE control inheritance and residual scope. 56 lines.
ch25-pl/annotated_ssp_structure.md— Annotated System Security Plan structure (SP 800-18). 73 lines.
ch26-pm/cybersecurity_program_dashboard.md— Executive cybersecurity program dashboard. 59 lines.
ch27-ps/hr_to_security_handoff.md— HR-to-security handoff specification. 51 lines.
ch28-pt/pii_processing_inventory.md— PII processing inventory. 61 lines.
ch29-ra/vulnerability_management_workflow.md— Vulnerability management workflow with KEV prioritization. 55 lines.
ch30-sa/third_party_security_assessment.md— Third-party security assessment template. 60 lines.
ch32-crypto/cryptographic_bom_gtp.yaml— Cryptographic Bill of Materials for the Grant Tracking Portal. 116 lines.
ch33-si/patch_management_workflow.md— Patch management workflow with KEV fast-track. 60 lines.
ch34-sr/supplier_risk_tiering.md— Supplier risk tiering and assessment matrix. 58 lines.
ch35-software-supply-chain/slsa_provenance_example.json— SLSA provenance attestation example. 72 lines.ch35-software-supply-chain/kyverno_signed_image_policy.yaml— Kyverno admission-control policy requiring signed container images. 36 lines.
ch37-policies-configurations/harden_ntp.ps1— PowerShell DSC: harden Windows NTP. 32 lines.ch37-policies-configurations/harden_ntp.sh— Bash: harden Linux chrony. 31 lines.
ch38-compliance-scans/example_xccdf_benchmark.xml— Example XCCDF benchmark excerpt. 32 lines.
ch39-ssp-poam/ssp_control_documentation_template.md— Per-control SSP documentation template. 40 lines.ch39-ssp-poam/poam_entry.yaml— Per-weakness POA&M entry. 35 lines.
ch40-cloud-fedramp/cloud_inheritance_map_foia.yaml— Cloud inheritance map for a FedRAMP-Moderate system on AWS GovCloud. 85 lines.
ch41-zero-trust/zt_access_policy.rego— Open Policy Agent Rego zero-trust access policy. 137 lines.
ch42-oscal/oscal_system_security_plan.json— OSCAL System Security Plan JSON example. 57 lines.
ch43-ai-rmf/ai_redteam_test_plan.yaml— AI red-team test plan for a generative citizen-inquiry assistant. 116 lines.
Drop-in skeletons for the artifacts every RMF program eventually needs to produce.
appendix-a-templates/threat_model_template.md— A.5 Threat Model Document. 33 lines.appendix-a-templates/cryptographic_bom_template.yaml— A.6 Cryptographic Bill of Materials. 33 lines.appendix-a-templates/privacy_impact_assessment_template.md— A.8 Privacy Impact Assessment (PIA). 31 lines.appendix-a-templates/security_impact_analysis_template.md— A.9 Security Impact Analysis (SIA). 34 lines.appendix-a-templates/poam_entry_template.yaml— A.11 POA&M entry. 32 lines.appendix-a-templates/risk_acceptance_memo_template.md— A.12 Risk Acceptance memorandum. 40 lines.appendix-a-templates/authorization_to_operate_template.md— A.13 Authorization to Operate letter. 45 lines.appendix-a-templates/ir_tabletop_exercise_template.md— A.14 IR Tabletop Exercise scenario. 45 lines.appendix-a-templates/incident_after_action_report_template.md— A.15 Incident after-action report. 59 lines.
Corrections, clarifications, and extensions are welcome. Open an issue or a pull request. If you've adapted one of these artifacts to a different regulatory regime (FISMA High, FedRAMP High, CMMC, HIPAA, state privacy law), a contribution noting the deltas is especially valuable to the next reader.
- Website: https://www.trackr.live
- Email: wwwdaze2000@gmail.com
- Issues: https://github.com/CyberSecDef/cyber-companion/issues