feat: add NIST SP 800-30 Rev 1 Risk Assessment skill

[sjackson0109]

NIST SP 800-30 Rev 1 -- Guide for Conducting Risk Assessments

Source: NIST Special Publication 800-30 Revision 1, September 2012
https://doi.org/10.6028/NIST.SP.800-30r1

---

Summary

This PR adds a complete Claude skill for NIST SP 800-30 Rev 1, the authoritative NIST guide for conducting risk assessments across federal information systems and organisations. The skill supports all three tiers of risk management (organisation, mission/business process, information system) and integrates with the NIST Risk Management Framework (SP 800-37), SP 800-39, SP 800-53, and SP 800-137.

---

Files Added

plugins/nist-sp-800-30/
  .claude-plugin/plugin.json
  skills/nist-sp-800-30/
    SKILL.md
    references/
      risk-assessment-process.md
      threat-taxonomy.md
      impact-likelihood-scales.md

---

Framework Coverage

The skill covers the complete SP 800-30 Rev 1 risk assessment process:

Step 1 -- Prepare for the Risk Assessment

• Task 1-1 through 1-5: Purpose, scope, assumptions, information sources, risk model and analytic approach selection (qualitative, semi-quantitative, quantitative)

Step 2 -- Conduct the Risk Assessment

• Task 2-1: Threat source identification using the full Appendix D taxonomy (adversarial: nation-state, cyber criminal, hacktivist, insider malicious/inadvertent, competitor, terrorist, script kiddie, supplier; non-adversarial: accidental, structural, environmental)
• Task 2-2: Threat event identification from Appendix E covering reconnaissance, initial access, execution/persistence, privilege escalation, lateral movement, exfiltration, and impact categories; non-adversarial events from Table E-3
• Task 2-3: Vulnerability and predisposing condition identification with severity and pervasiveness scales from Appendix F
• Task 2-4: Two-part likelihood determination (initiation likelihood + likelihood of adverse impact) with the Appendix I Table I-2 overall likelihood matrix
• Task 2-5: Impact magnitude across CIA triad and operational dimensions (mission effectiveness, reputation, financial, legal, physical, infrastructure) using Table H-2 and H-3 scales
• Task 2-6: Risk level determination using the 5x5 Table I-4 risk matrix with uncertainty notation

Step 3 -- Communicate Risk Assessment Results

• Structured risk assessment report format with all required sections
• Risk register table format with all required columns
• Communication pathways to risk executives, authorising officials, and mission owners

Step 4 -- Maintain the Risk Assessment

• Periodic and event-driven refresh triggers
• Integration with SP 800-137 continuous monitoring

Reference Files

risk-assessment-process.md: Full task-by-task process guide, complete adversarial threat source table (Table D-1), full adversarial threat event categories (Table E-2), non-adversarial events (Table E-3), vulnerability categories, predisposing conditions (Appendix F Table F-5), overall likelihood matrix (Table I-2), impact area breakdown (Appendix H), risk score matrix (Table I-4), risk assessment report template, risk register table format, RMF step integration mapping, and continuous monitoring refresh triggers.

threat-taxonomy.md: Comprehensive threat source taxonomy from Appendices D-1 and D-2 with capability, intent, and characteristics for each source type; representative adversarial threat events covering all categories from Appendix E Table E-2; non-adversarial threat events from Table E-3; MITRE ATT&CK tactic mapping aligned to SP 800-30 threat event categories.

impact-likelihood-scales.md: All SP 800-30 quantitative and semi-quantitative scales: Table G-2 (adversarial initiation likelihood with descriptors and 0-100 scores), Table G-3 (likelihood of adverse impact), Table G-4 (non-adversarial occurrence), Table H-2 (impact magnitude with descriptors and scores), Table H-3 (CIA + operational impact dimensions), Table I-2 (overall likelihood matrix), Table I-4 (risk determination matrix), Table I-5 (risk level definitions with required actions), Appendix F vulnerability severity and predisposing condition pervasiveness scales, and uncertainty levels.

Integration Points

• NIST SP 800-37 Rev 2 (RMF): Skill maps risk assessment outputs to all six RMF steps; risk assessment report feeds the Authorization Package
• NIST SP 800-39: Supports Tier 1/2/3 risk management decisions
• NIST SP 800-53 Rev 5: Risk assessment informs control baseline tailoring
• NIST SP 800-53A: Security control assessment results update risk factors per Task 4-1
• NIST SP 800-137: Continuous monitoring data triggers risk assessment refresh per Tasks 4-1 and 4-2

Tests

All 10 plugin structure tests pass:

tests/test_plugin_structure.py::TestPluginDirectory::test_plugin_json_exists[nist-sp-800-30] PASSED
tests/test_plugin_structure.py::TestPluginDirectory::test_plugin_json_is_valid[nist-sp-800-30] PASSED
tests/test_plugin_structure.py::TestPluginDirectory::test_plugin_json_required_fields[nist-sp-800-30] PASSED
tests/test_plugin_structure.py::TestPluginDirectory::test_plugin_version_semver[nist-sp-800-30] PASSED
tests/test_plugin_structure.py::TestPluginDirectory::test_skills_directory_exists[nist-sp-800-30] PASSED
tests/test_plugin_structure.py::TestPluginDirectory::test_skills_directory_has_one_skill_folder[nist-sp-800-30] PASSED
tests/test_plugin_structure.py::TestPluginDirectory::test_skill_md_exists[nist-sp-800-30] PASSED
tests/test_plugin_structure.py::TestPluginDirectory::test_skill_md_not_empty[nist-sp-800-30] PASSED
tests/test_plugin_structure.py::TestPluginDirectory::test_no_files_outside_skill_folder[nist-sp-800-30] PASSED
tests/test_plugin_structure.py::TestPluginDirectory::test_references_are_markdown[nist-sp-800-30] PASSED