SecAI Framework

Enterprise Azure Security Assessment Framework

Comprehensive three-dimensional security assessment for Azure environments. Execute via VSCode with optional AI-accelerated analysis using Cursor + Azure AI Foundry.

Get Started View Implementation

πŸ› οΈ Complete Implementation Package Available

The production-ready implementation is in this repository:

β†’ Browse Implementation Folder

What’s Included:

Dimension 1: Configuration Assessment

  • βœ… 10 PowerShell collection scripts (Azure CLI + Resource Graph)
  • βœ… 7 Python transformation scripts (JSON β†’ CSV)
  • βœ… 2 Python analysis scripts (risk identification, subscription comparison)
  • βœ… Covers 12 security domains across entire Azure estate

Dimension 2: Process Assessment

  • βœ… Interview templates for 8 operational domains
  • βœ… Process maturity scoring framework
  • βœ… Gap analysis and improvement roadmap generators

Dimension 3: Best Practices Assessment

  • βœ… 5 PowerShell framework validation modules (MCSB, CIS, NIST, PCI-DSS, CCM)
  • βœ… Master orchestrator for multi-framework validation
  • βœ… 40+ automated compliance checks
  • βœ… CSV reports and executive summaries

Execution Environment: VSCode on Windows/macOS/Linux
Optional Enhancement: Cursor IDE with Azure AI Foundry for AI-assisted analysis

Implementation README Quick Start Guide

Three-Dimensional Assessment Methodology

The SecAI Framework evaluates Azure environments across three critical dimensions:

Dimension 1: Configuration Assessment

What is deployed and how it’s configured

  • βœ… 100% Automated - PowerShell + Python scripts
  • βœ… 20 collection/transformation/analysis scripts
  • βœ… 12 security domains: Network, Identity, Data, Logging, Backup, and more
  • βœ… 800+ evidence files collected from Azure CLI and Resource Graph
  • βœ… Execution: VSCode terminal (3-4 hours)

View Configuration Scripts

Dimension 2: Process Assessment

How operations are managed and governed

  • πŸ“‹ Interview-driven methodology
  • πŸ“‹ 8 operational domains: Change Management, Incident Response, Access Control, etc.
  • πŸ“‹ Process maturity scoring (5-level model)
  • πŸ“‹ Execution: Structured interviews + documentation review

View Interview Templates

Dimension 3: Best Practices Assessment

Alignment with industry frameworks

  • βœ… Multi-framework validation: MCSB, CIS v8, NIST 800-53, PCI-DSS, CSA CCM
  • βœ… 40+ automated compliance checks
  • βœ… PowerShell modular validation suite
  • βœ… Quantifiable compliance scores and gap reports
  • βœ… Execution: PowerShell script against collected data (minutes)

View Validation Modules

Recommended Execution Order: Dimension 1 β†’ Dimension 3 β†’ Dimension 2

About the SecAI Framework

The SecAI Framework is a comprehensive Azure security assessment methodology designed for enterprise environments. Created from a security architect’s perspective, the framework provides:

  • πŸ“Š Configuration Assessment - Automated collection of 800+ evidence files across 12 security domains
  • πŸ” Process Assessment - Structured interviews evaluating operational maturity
  • βœ… Best Practices Assessment - Multi-framework validation (MCSB, CIS, NIST, PCI-DSS, CCM)
  • πŸ” Security Tools Analysis - Deep-dive assessment of enterprise security stacks
  • πŸ“‹ Compliance Mapping - Alignment with industry standards and frameworks
  • πŸ“Š Real-World Validation - Tested with confidential customer programs (sanitized for publication)

Assessment Objectives

This is a production-ready framework developed through real-world Azure security assessments. Findings and methodologies are shared for public benefit.

Primary Goals:

  1. Systematic assessment of Azure environments (34+ subscriptions, 5,000+ resources)
  2. Multi-framework compliance validation (MCSB, CIS, NIST, PCI-DSS, CCM)
  3. CSP-to-MCA migration security validation
  4. Azure Landing Zone security baseline verification
  5. Quarterly security posture assessment and improvement

Optional: AI-Accelerated Assessment with Cursor + Azure AI Foundry

Forward-Thinking Enhancement (may not be available in all customer environments)

For organizations that allow AI-assisted development, the SecAI Framework can be accelerated using Cursor IDE with Azure AI Foundry integration:

βœ… Data Sovereignty - AI chat stays within your Azure tenant (not Cursor servers)
βœ… Secure Analysis - Use GPT-4, o1, Codex for script development and data analysis
βœ… Compliance - All AI interactions logged via Azure Monitor
βœ… Network Isolation - Private endpoints, no public internet exposure
βœ… Audit Trail - Complete visibility into AI-assisted analysis

Primary Method: VSCode + PowerShell/Python scripts (works everywhere)
Enhanced Method: Cursor + Azure AI Foundry (when security allows)

Learn More: Secure AI for Security Assessments

Quick Navigation

πŸš€ Getting Started

πŸ” Assessment Framework

πŸ“‹ Implementation

Assessment Methodology

Our framework combines automated and manual assessment techniques:

  • Automated Collection - PowerShell and Python scripts gather 800+ evidence files from Azure
  • Multi-Framework Validation - Validate against MCSB, CIS, NIST, PCI-DSS, CSA CCM
  • Process Maturity Scoring - Structured interviews assess operational effectiveness
  • Compliance Mapping - Align configurations with industry standards and frameworks
  • Real-World Validation - Tested with confidential insurance customer (34+ subscriptions, 5,000+ resources)

Framework Author

Derek Brent Moore, Security Architect
Publication: Open-source framework for public benefit
Contact: derek@zimax.net

Key Assessment Areas

1. Configuration Assessment (Dimension 1)

  • 12 Security Domains: Network, Identity, Data Protection, Logging, Backup, etc.
  • Automated collection via Azure CLI and Resource Graph
  • 800+ JSON evidence files
  • CSV transformation for analysis
  • Resource inventory and configuration exports

2. Process Assessment (Dimension 2)

  • Change Management maturity
  • Incident Response procedures
  • Access Provisioning workflows
  • Patch Management cadence
  • Security Monitoring operations
  • Backup & Recovery testing
  • Compliance Management processes
  • Vendor Management oversight

3. Best Practices Assessment (Dimension 3)

  • Microsoft Cloud Security Benchmark (MCSB) validation
  • CIS Controls v8 compliance scoring
  • NIST SP 800-53 control mapping
  • PCI-DSS v3.2.1 requirements validation
  • CSA Cloud Controls Matrix (CCM) assessment

4. Security Tools Stack Analysis

  • Discovered and analyzed in customer environment:
  • Cloud Security: Wiz CNAPP
  • Endpoint Protection: CrowdStrike Falcon
  • Network Security: Azure Firewall, Palo Alto Prisma Access
  • Log Management: Cribl Stream, Chronicle, Splunk
  • Identity: Okta, Azure Entra ID
  • AppSec: Veracode
  • Testing: Playwright, Selenium
  • Feature Management: LaunchDarkly

5. Optional: AI-Enhanced Analysis

  • Cursor IDE with Azure AI Foundry (when customer policy allows)
  • Secure AI chat within Azure tenant for data analysis
  • GPT-4, o1, Codex for script development assistance
  • Private endpoint configuration for network isolation
  • Complete audit trail via Azure Monitor

Latest Updates

NEW Oct 2025 - Multi-framework validation suite complete (MCSB, CIS, NIST, PCI-DSS, CCM)
UPDATED Oct 2025 - Dimension 3 production-ready: 40+ automated compliance checks
NEW Oct 2025 - Assessment framework realigned: VSCode primary, Cursor optional enhancement

Contributing to Framework Development

This assessment framework welcomes contributions from the security community:

  • πŸ“ Share Assessment Findings - Submit anonymized case studies and results
  • πŸ” Review Methodology - Provide feedback on assessment approaches
  • πŸ› οΈ Extend Framework - Contribute new validation modules or controls
  • πŸ“Š Data Analysis - Share insights from framework execution

See our contribution guidelines for more information.

Disclaimer

This assessment framework is provided β€œas-is” for educational and informational purposes. Always obtain proper authorization before assessing Azure environments. Consult with your organization’s security team before implementing recommendations. The framework team is not responsible for any issues resulting from the use of this framework.

License

This research is published under the Creative Commons Attribution 4.0 International License (CC BY 4.0).

You are free to:

  • Share - Copy and redistribute the material
  • Adapt - Remix, transform, and build upon the material

Under the terms:

  • Attribution - Give appropriate credit and indicate if changes were made

Contact & Social

  • Framework Documentation: https://zimaxnet.github.io/secai-framework
  • GitHub Repository: https://github.com/zimaxnet/secai-framework
  • Author: Derek Brent Moore
  • LinkedIn: linkedin.com/in/derekbmoore
  • Twitter/X: @zimaxnet
  • Email: derek@zimax.net

Last Updated: October 20, 2025
Wiki Version: 1.0
Research Status: Active