@blamejs/exceptd-skills 0.12.24 → 0.12.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/AGENTS.md +12 -4
  2. package/CHANGELOG.md +127 -0
  3. package/data/_indexes/_meta.json +44 -43
  4. package/data/_indexes/activity-feed.json +54 -47
  5. package/data/_indexes/catalog-summaries.json +20 -20
  6. package/data/_indexes/chains.json +561 -6
  7. package/data/_indexes/currency.json +19 -10
  8. package/data/_indexes/frequency.json +207 -55
  9. package/data/_indexes/handoff-dag.json +4 -0
  10. package/data/_indexes/jurisdiction-clocks.json +2 -2
  11. package/data/_indexes/jurisdiction-map.json +25 -12
  12. package/data/_indexes/section-offsets.json +490 -396
  13. package/data/_indexes/stale-content.json +14 -2
  14. package/data/_indexes/summary-cards.json +57 -3
  15. package/data/_indexes/token-budget.json +129 -74
  16. package/data/_indexes/trigger-table.json +66 -0
  17. package/data/_indexes/xref.json +58 -8
  18. package/data/atlas-ttps.json +528 -19
  19. package/data/attack-techniques.json +198 -84
  20. package/data/cve-catalog.json +1309 -9
  21. package/data/exploit-availability.json +300 -10
  22. package/data/framework-control-gaps.json +557 -1
  23. package/data/global-frameworks.json +44 -19
  24. package/data/rfc-references.json +94 -1
  25. package/data/zeroday-lessons.json +475 -13
  26. package/lib/schemas/cve-catalog.schema.json +24 -3
  27. package/manifest-snapshot.json +68 -2
  28. package/manifest-snapshot.sha256 +1 -1
  29. package/manifest.json +145 -59
  30. package/package.json +1 -1
  31. package/sbom.cdx.json +7 -7
  32. package/skills/ai-attack-surface/skill.md +11 -2
  33. package/skills/ai-c2-detection/skill.md +3 -1
  34. package/skills/ai-risk-management/skill.md +3 -1
  35. package/skills/api-security/skill.md +4 -0
  36. package/skills/attack-surface-pentest/skill.md +1 -0
  37. package/skills/container-runtime-security/skill.md +3 -1
  38. package/skills/dlp-gap-analysis/skill.md +1 -1
  39. package/skills/exploit-scoring/skill.md +2 -2
  40. package/skills/incident-response-playbook/skill.md +1 -1
  41. package/skills/kernel-lpe-triage/skill.md +6 -1
  42. package/skills/mcp-agent-trust/skill.md +7 -2
  43. package/skills/mlops-security/skill.md +1 -1
  44. package/skills/rag-pipeline-security/skill.md +4 -2
  45. package/skills/sector-financial/skill.md +1 -1
  46. package/skills/sector-telecom/skill.md +259 -0
  47. package/skills/skill-update-loop/skill.md +1 -1
  48. package/skills/supply-chain-integrity/skill.md +3 -1
  49. package/skills/threat-model-currency/skill.md +1 -1
  50. package/skills/webapp-security/skill.md +2 -0
  51. package/skills/zeroday-gap-learn/skill.md +2 -2
package/data/_indexes/currency.json CHANGED
@@ -6,7 +6,7 @@
6
6
  "decay_formula": "100 base; -30/-20/-10/-5 at 180/90/60/30-day thresholds. forward_watch count does NOT affect the score (it's a maintenance signal, not a staleness one). Label thresholds: ≥90 current, ≥70 acceptable, ≥50 stale, <50 critical_stale."
7
7
  },
8
8
  "summary": {
9
- "current": 38,
9
+ "current": 39,
10
10
  "acceptable": 0,
11
11
  "stale": 0,
12
12
  "critical_stale": 0,
@@ -28,7 +28,7 @@
28
28
  "days_since_review": 0,
29
29
  "currency_score": 100,
30
30
  "currency_label": "current",
31
- "forward_watch_count": 0,
31
+ "forward_watch_count": 8,
32
32
  "action_required": false
33
33
  },
34
34
  {
@@ -55,7 +55,7 @@
55
55
  "days_since_review": -10,
56
56
  "currency_score": 100,
57
57
  "currency_label": "current",
58
- "forward_watch_count": 0,
58
+ "forward_watch_count": 3,
59
59
  "action_required": false
60
60
  },
61
61
  {
@@ -64,7 +64,7 @@
64
64
  "days_since_review": -10,
65
65
  "currency_score": 100,
66
66
  "currency_label": "current",
67
- "forward_watch_count": 4,
67
+ "forward_watch_count": 5,
68
68
  "action_required": false
69
69
  },
70
70
  {
@@ -91,7 +91,7 @@
91
91
  "days_since_review": -10,
92
92
  "currency_score": 100,
93
93
  "currency_label": "current",
94
- "forward_watch_count": 0,
94
+ "forward_watch_count": 1,
95
95
  "action_required": false
96
96
  },
97
97
  {
@@ -190,7 +190,7 @@
190
190
  "days_since_review": 0,
191
191
  "currency_score": 100,
192
192
  "currency_label": "current",
193
- "forward_watch_count": 0,
193
+ "forward_watch_count": 4,
194
194
  "action_required": false
195
195
  },
196
196
  {
@@ -199,7 +199,7 @@
199
199
  "days_since_review": 0,
200
200
  "currency_score": 100,
201
201
  "currency_label": "current",
202
- "forward_watch_count": 0,
202
+ "forward_watch_count": 4,
203
203
  "action_required": false
204
204
  },
205
205
  {
@@ -244,7 +244,7 @@
244
244
  "days_since_review": 0,
245
245
  "currency_score": 100,
246
246
  "currency_label": "current",
247
- "forward_watch_count": 0,
247
+ "forward_watch_count": 1,
248
248
  "action_required": false
249
249
  },
250
250
  {
@@ -292,6 +292,15 @@
292
292
  "forward_watch_count": 0,
293
293
  "action_required": false
294
294
  },
295
+ {
296
+ "skill": "sector-telecom",
297
+ "last_threat_review": "2026-05-15",
298
+ "days_since_review": -14,
299
+ "currency_score": 100,
300
+ "currency_label": "current",
301
+ "forward_watch_count": 7,
302
+ "action_required": false
303
+ },
295
304
  {
296
305
  "skill": "security-maturity-tiers",
297
306
  "last_threat_review": "2026-05-01",
@@ -316,7 +325,7 @@
316
325
  "days_since_review": -10,
317
326
  "currency_score": 100,
318
327
  "currency_label": "current",
319
- "forward_watch_count": 6,
328
+ "forward_watch_count": 8,
320
329
  "action_required": false
321
330
  },
322
331
  {
@@ -343,7 +352,7 @@
343
352
  "days_since_review": -10,
344
353
  "currency_score": 100,
345
354
  "currency_label": "current",
346
- "forward_watch_count": 0,
355
+ "forward_watch_count": 1,
347
356
  "action_required": false
348
357
  },
349
358
  {
package/data/_indexes/frequency.json CHANGED
@@ -125,11 +125,12 @@
125
125
  ]
126
126
  },
127
127
  "CWE-918": {
128
- "count": 4,
128
+ "count": 5,
129
129
  "skills": [
130
130
  "api-security",
131
131
  "attack-surface-pentest",
132
132
  "mcp-agent-trust",
133
+ "sector-telecom",
133
134
  "webapp-security"
134
135
  ]
135
136
  },
@@ -244,7 +245,7 @@
244
245
  ]
245
246
  },
246
247
  "CWE-287": {
247
- "count": 9,
248
+ "count": 10,
248
249
  "skills": [
249
250
  "age-gates-child-safety",
250
251
  "api-security",
@@ -254,15 +255,17 @@
254
255
  "sector-energy",
255
256
  "sector-financial",
256
257
  "sector-healthcare",
258
+ "sector-telecom",
257
259
  "webapp-security"
258
260
  ]
259
261
  },
260
262
  "CWE-306": {
261
- "count": 3,
263
+ "count": 4,
262
264
  "skills": [
263
265
  "identity-assurance",
264
266
  "ot-ics-security",
265
- "sector-energy"
267
+ "sector-energy",
268
+ "sector-telecom"
266
269
  ]
267
270
  },
268
271
  "CWE-798": {
@@ -340,25 +343,27 @@
340
343
  ]
341
344
  },
342
345
  "D3-IOPR": {
343
- "count": 6,
346
+ "count": 7,
344
347
  "skills": [
345
348
  "ai-attack-surface",
346
349
  "ai-c2-detection",
347
350
  "defensive-countermeasure-mapping",
348
351
  "dlp-gap-analysis",
349
352
  "fuzz-testing-strategy",
350
- "rag-pipeline-security"
353
+ "rag-pipeline-security",
354
+ "sector-telecom"
351
355
  ]
352
356
  },
353
357
  "D3-NTA": {
354
- "count": 6,
358
+ "count": 7,
355
359
  "skills": [
356
360
  "ai-attack-surface",
357
361
  "ai-c2-detection",
358
362
  "attack-surface-pentest",
359
363
  "defensive-countermeasure-mapping",
360
364
  "dlp-gap-analysis",
361
- "rag-pipeline-security"
365
+ "rag-pipeline-security",
366
+ "sector-telecom"
362
367
  ]
363
368
  },
364
369
  "D3-CBAN": {
@@ -410,18 +415,20 @@
410
415
  ]
411
416
  },
412
417
  "D3-NI": {
413
- "count": 2,
418
+ "count": 3,
414
419
  "skills": [
415
420
  "ai-c2-detection",
416
- "defensive-countermeasure-mapping"
421
+ "defensive-countermeasure-mapping",
422
+ "sector-telecom"
417
423
  ]
418
424
  },
419
425
  "D3-NTPM": {
420
- "count": 3,
426
+ "count": 4,
421
427
  "skills": [
422
428
  "ai-c2-detection",
423
429
  "defensive-countermeasure-mapping",
424
- "dlp-gap-analysis"
430
+ "dlp-gap-analysis",
431
+ "sector-telecom"
425
432
  ]
426
433
  },
427
434
  "D3-FE": {
@@ -834,6 +841,60 @@
834
841
  "ot-ics-security",
835
842
  "sector-energy"
836
843
  ]
844
+ },
845
+ "FCC-CPNI-4.1": {
846
+ "count": 1,
847
+ "skills": [
848
+ "sector-telecom"
849
+ ]
850
+ },
851
+ "FCC-Cyber-Incident-Notification-2024": {
852
+ "count": 1,
853
+ "skills": [
854
+ "sector-telecom"
855
+ ]
856
+ },
857
+ "NIS2-Annex-I-Telecom": {
858
+ "count": 1,
859
+ "skills": [
860
+ "sector-telecom"
861
+ ]
862
+ },
863
+ "DORA-Art-21-Telecom-ICT": {
864
+ "count": 1,
865
+ "skills": [
866
+ "sector-telecom"
867
+ ]
868
+ },
869
+ "UK-CAF-B5": {
870
+ "count": 1,
871
+ "skills": [
872
+ "sector-telecom"
873
+ ]
874
+ },
875
+ "AU-ISM-1556": {
876
+ "count": 1,
877
+ "skills": [
878
+ "sector-telecom"
879
+ ]
880
+ },
881
+ "GSMA-NESAS-Deployment": {
882
+ "count": 1,
883
+ "skills": [
884
+ "sector-telecom"
885
+ ]
886
+ },
887
+ "3GPP-TR-33.926": {
888
+ "count": 1,
889
+ "skills": [
890
+ "sector-telecom"
891
+ ]
892
+ },
893
+ "ITU-T-X.805": {
894
+ "count": 1,
895
+ "skills": [
896
+ "sector-telecom"
897
+ ]
837
898
  }
838
899
  },
839
900
  "atlas_refs": {
@@ -930,6 +991,12 @@
930
991
  "ot-ics-security",
931
992
  "supply-chain-integrity"
932
993
  ]
994
+ },
995
+ "AML.T0040": {
996
+ "count": 1,
997
+ "skills": [
998
+ "sector-telecom"
999
+ ]
933
1000
  }
934
1001
  },
935
1002
  "attack_refs": {
@@ -964,7 +1031,7 @@
964
1031
  ]
965
1032
  },
966
1033
  "T1190": {
967
- "count": 12,
1034
+ "count": 13,
968
1035
  "skills": [
969
1036
  "ai-attack-surface",
970
1037
  "api-security",
@@ -977,6 +1044,7 @@
977
1044
  "sector-energy",
978
1045
  "sector-federal-government",
979
1046
  "sector-financial",
1047
+ "sector-telecom",
980
1048
  "webapp-security"
981
1049
  ]
982
1050
  },
@@ -997,9 +1065,10 @@
997
1065
  ]
998
1066
  },
999
1067
  "T1071": {
1000
- "count": 1,
1068
+ "count": 2,
1001
1069
  "skills": [
1002
- "ai-c2-detection"
1070
+ "ai-c2-detection",
1071
+ "sector-telecom"
1003
1072
  ]
1004
1073
  },
1005
1074
  "T1102": {
@@ -1021,7 +1090,7 @@
1021
1090
  ]
1022
1091
  },
1023
1092
  "T1078": {
1024
- "count": 10,
1093
+ "count": 11,
1025
1094
  "skills": [
1026
1095
  "age-gates-child-safety",
1027
1096
  "api-security",
@@ -1032,7 +1101,8 @@
1032
1101
  "incident-response-playbook",
1033
1102
  "sector-energy",
1034
1103
  "sector-financial",
1035
- "sector-healthcare"
1104
+ "sector-healthcare",
1105
+ "sector-telecom"
1036
1106
  ]
1037
1107
  },
1038
1108
  "T1567": {
@@ -1081,9 +1151,10 @@
1081
1151
  ]
1082
1152
  },
1083
1153
  "T1556": {
1084
- "count": 1,
1154
+ "count": 2,
1085
1155
  "skills": [
1086
- "identity-assurance"
1156
+ "identity-assurance",
1157
+ "sector-telecom"
1087
1158
  ]
1088
1159
  },
1089
1160
  "T1110": {
@@ -1119,6 +1190,18 @@
1119
1190
  "sector-financial"
1120
1191
  ]
1121
1192
  },
1193
+ "T1098": {
1194
+ "count": 1,
1195
+ "skills": [
1196
+ "sector-telecom"
1197
+ ]
1198
+ },
1199
+ "T1199": {
1200
+ "count": 1,
1201
+ "skills": [
1202
+ "sector-telecom"
1203
+ ]
1204
+ },
1122
1205
  "T1552": {
1123
1206
  "count": 1,
1124
1207
  "skills": [
@@ -1309,6 +1392,12 @@
1309
1392
  "skills": [
1310
1393
  "pqc-first"
1311
1394
  ]
1395
+ },
1396
+ "RFC-9622": {
1397
+ "count": 1,
1398
+ "skills": [
1399
+ "sector-telecom"
1400
+ ]
1312
1401
  }
1313
1402
  },
1314
1403
  "dlp_refs": {}
@@ -1317,7 +1406,7 @@
1317
1406
  "cwe_refs": [
1318
1407
  {
1319
1408
  "id": "CWE-287",
1320
- "count": 9,
1409
+ "count": 10,
1321
1410
  "skills": [
1322
1411
  "age-gates-child-safety",
1323
1412
  "api-security",
@@ -1327,6 +1416,7 @@
1327
1416
  "sector-energy",
1328
1417
  "sector-financial",
1329
1418
  "sector-healthcare",
1419
+ "sector-telecom",
1330
1420
  "webapp-security"
1331
1421
  ]
1332
1422
  },
@@ -1425,13 +1515,14 @@
1425
1515
  ]
1426
1516
  },
1427
1517
  {
1428
- "id": "CWE-1357",
1429
- "count": 4,
1518
+ "id": "CWE-918",
1519
+ "count": 5,
1430
1520
  "skills": [
1431
- "coordinated-vuln-disclosure",
1432
- "mlops-security",
1433
- "sector-federal-government",
1434
- "supply-chain-integrity"
1521
+ "api-security",
1522
+ "attack-surface-pentest",
1523
+ "mcp-agent-trust",
1524
+ "sector-telecom",
1525
+ "webapp-security"
1435
1526
  ]
1436
1527
  }
1437
1528
  ],
@@ -1450,41 +1541,53 @@
1450
1541
  ]
1451
1542
  },
1452
1543
  {
1453
- "id": "D3-CSPP",
1454
- "count": 6,
1544
+ "id": "D3-IOPR",
1545
+ "count": 7,
1455
1546
  "skills": [
1547
+ "ai-attack-surface",
1456
1548
  "ai-c2-detection",
1457
- "attack-surface-pentest",
1458
1549
  "defensive-countermeasure-mapping",
1459
1550
  "dlp-gap-analysis",
1460
- "mcp-agent-trust",
1461
- "rag-pipeline-security"
1551
+ "fuzz-testing-strategy",
1552
+ "rag-pipeline-security",
1553
+ "sector-telecom"
1462
1554
  ]
1463
1555
  },
1464
1556
  {
1465
- "id": "D3-IOPR",
1466
- "count": 6,
1557
+ "id": "D3-NTA",
1558
+ "count": 7,
1467
1559
  "skills": [
1468
1560
  "ai-attack-surface",
1469
1561
  "ai-c2-detection",
1562
+ "attack-surface-pentest",
1470
1563
  "defensive-countermeasure-mapping",
1471
1564
  "dlp-gap-analysis",
1472
- "fuzz-testing-strategy",
1473
- "rag-pipeline-security"
1565
+ "rag-pipeline-security",
1566
+ "sector-telecom"
1474
1567
  ]
1475
1568
  },
1476
1569
  {
1477
- "id": "D3-NTA",
1570
+ "id": "D3-CSPP",
1478
1571
  "count": 6,
1479
1572
  "skills": [
1480
- "ai-attack-surface",
1481
1573
  "ai-c2-detection",
1482
1574
  "attack-surface-pentest",
1483
1575
  "defensive-countermeasure-mapping",
1484
1576
  "dlp-gap-analysis",
1577
+ "mcp-agent-trust",
1485
1578
  "rag-pipeline-security"
1486
1579
  ]
1487
1580
  },
1581
+ {
1582
+ "id": "D3-NTPM",
1583
+ "count": 4,
1584
+ "skills": [
1585
+ "ai-c2-detection",
1586
+ "defensive-countermeasure-mapping",
1587
+ "dlp-gap-analysis",
1588
+ "sector-telecom"
1589
+ ]
1590
+ },
1488
1591
  {
1489
1592
  "id": "D3-CBAN",
1490
1593
  "count": 3,
@@ -1504,12 +1607,12 @@
1504
1607
  ]
1505
1608
  },
1506
1609
  {
1507
- "id": "D3-NTPM",
1610
+ "id": "D3-NI",
1508
1611
  "count": 3,
1509
1612
  "skills": [
1510
1613
  "ai-c2-detection",
1511
1614
  "defensive-countermeasure-mapping",
1512
- "dlp-gap-analysis"
1615
+ "sector-telecom"
1513
1616
  ]
1514
1617
  },
1515
1618
  {
@@ -1528,14 +1631,6 @@
1528
1631
  "defensive-countermeasure-mapping",
1529
1632
  "kernel-lpe-triage"
1530
1633
  ]
1531
- },
1532
- {
1533
- "id": "D3-CA",
1534
- "count": 2,
1535
- "skills": [
1536
- "ai-c2-detection",
1537
- "defensive-countermeasure-mapping"
1538
- ]
1539
1634
  }
1540
1635
  ],
1541
1636
  "framework_gaps": [
@@ -1753,12 +1848,19 @@
1753
1848
  "ai-attack-surface",
1754
1849
  "rag-pipeline-security"
1755
1850
  ]
1851
+ },
1852
+ {
1853
+ "id": "AML.T0040",
1854
+ "count": 1,
1855
+ "skills": [
1856
+ "sector-telecom"
1857
+ ]
1756
1858
  }
1757
1859
  ],
1758
1860
  "attack_refs": [
1759
1861
  {
1760
1862
  "id": "T1190",
1761
- "count": 12,
1863
+ "count": 13,
1762
1864
  "skills": [
1763
1865
  "ai-attack-surface",
1764
1866
  "api-security",
@@ -1771,12 +1873,13 @@
1771
1873
  "sector-energy",
1772
1874
  "sector-federal-government",
1773
1875
  "sector-financial",
1876
+ "sector-telecom",
1774
1877
  "webapp-security"
1775
1878
  ]
1776
1879
  },
1777
1880
  {
1778
1881
  "id": "T1078",
1779
- "count": 10,
1882
+ "count": 11,
1780
1883
  "skills": [
1781
1884
  "age-gates-child-safety",
1782
1885
  "api-security",
@@ -1787,7 +1890,8 @@
1787
1890
  "incident-response-playbook",
1788
1891
  "sector-energy",
1789
1892
  "sector-financial",
1790
- "sector-healthcare"
1893
+ "sector-healthcare",
1894
+ "sector-telecom"
1791
1895
  ]
1792
1896
  },
1793
1897
  {
@@ -1992,9 +2096,17 @@
1992
2096
  "D3-SCP"
1993
2097
  ],
1994
2098
  "framework_gaps": [
2099
+ "3GPP-TR-33.926",
1995
2100
  "ALL-MCP-TOOL-TRUST",
2101
+ "AU-ISM-1556",
1996
2102
  "CWE-Top-25-2024-meta",
1997
2103
  "CycloneDX-v1.6-SBOM",
2104
+ "DORA-Art-21-Telecom-ICT",
2105
+ "FCC-CPNI-4.1",
2106
+ "FCC-Cyber-Incident-Notification-2024",
2107
+ "GSMA-NESAS-Deployment",
2108
+ "ITU-T-X.805",
2109
+ "NIS2-Annex-I-Telecom",
1998
2110
  "NIST-800-53-SI-12",
1999
2111
  "NIST-800-53-SI-2",
2000
2112
  "NIST-800-63B-rev4",
@@ -2004,20 +2116,23 @@
2004
2116
  "PCI-DSS-4.0-6.3.3",
2005
2117
  "PTES-Pre-engagement",
2006
2118
  "SPDX-v3.0-SBOM",
2119
+ "UK-CAF-B5",
2007
2120
  "VEX-CSAF-v2.1"
2008
2121
  ],
2009
- "atlas_refs": [],
2122
+ "atlas_refs": [
2123
+ "AML.T0040"
2124
+ ],
2010
2125
  "attack_refs": [
2011
- "T1071",
2126
+ "T1098",
2012
2127
  "T1102",
2013
2128
  "T1110",
2014
2129
  "T1133",
2015
2130
  "T1195.002",
2131
+ "T1199",
2016
2132
  "T1213",
2017
2133
  "T1505",
2018
2134
  "T1548.001",
2019
2135
  "T1552",
2020
- "T1556",
2021
2136
  "T1566.001",
2022
2137
  "T1566.002",
2023
2138
  "T1566.003",
@@ -2034,6 +2149,7 @@
2034
2149
  "RFC-9000",
2035
2150
  "RFC-9106",
2036
2151
  "RFC-9420",
2152
+ "RFC-9622",
2037
2153
  "RFC-9794"
2038
2154
  ],
2039
2155
  "dlp_refs": []
@@ -2063,12 +2179,26 @@
2063
2179
  "CWE-916"
2064
2180
  ],
2065
2181
  "atlas_refs": [
2182
+ "AML.T0001",
2183
+ "AML.T0011.002",
2066
2184
  "AML.T0024",
2067
2185
  "AML.T0044",
2068
2186
  "AML.T0048",
2069
2187
  "AML.T0053",
2070
2188
  "AML.T0055",
2071
- "AML.T0057"
2189
+ "AML.T0057",
2190
+ "AML.T0097",
2191
+ "AML.T0098",
2192
+ "AML.T0099",
2193
+ "AML.T0100",
2194
+ "AML.T0101",
2195
+ "AML.T0102",
2196
+ "AML.T0103",
2197
+ "AML.T0104",
2198
+ "AML.T0105",
2199
+ "AML.T0106",
2200
+ "AML.T0107",
2201
+ "AML.T0108"
2072
2202
  ],
2073
2203
  "d3fend_refs": [
2074
2204
  "D3-ANCI",
@@ -2086,10 +2216,26 @@
2086
2216
  "AU-Essential-8-MFA",
2087
2217
  "AU-Essential-8-Patch",
2088
2218
  "DORA-Art28",
2219
+ "DORA-IA-CTPP-Oversight",
2220
+ "DORA-ITS-TLPT",
2221
+ "DORA-RTS-Incident-Classification",
2222
+ "DORA-RTS-Subcontracting",
2223
+ "EU-AI-Act-Annex-IX-Conformity",
2089
2224
  "EU-AI-Act-Art-15",
2225
+ "EU-AI-Act-Art-53-GPAI",
2226
+ "EU-AI-Act-Art-55-Systemic",
2227
+ "EU-AI-Act-GPAI-CoP",
2090
2228
  "EU-CRA-Art13",
2229
+ "HIPAA-Security-Rule-2026-NPRM-164.308",
2230
+ "HIPAA-Security-Rule-2026-NPRM-164.310",
2231
+ "HIPAA-Security-Rule-2026-NPRM-164.312",
2232
+ "HIPAA-Security-Rule-2026-NPRM-164.314",
2091
2233
  "NIS2-Art21-incident-handling",
2092
2234
  "NIST-800-53-SI-10",
2235
+ "PCI-DSS-4.0.1-11.6.1",
2236
+ "PCI-DSS-4.0.1-12.10.7",
2237
+ "PCI-DSS-4.0.1-12.3.3",
2238
+ "PCI-DSS-4.0.1-6.4.3",
2093
2239
  "UK-CAF-A1",
2094
2240
  "UK-CAF-B2",
2095
2241
  "UK-CAF-C1",
@@ -2104,10 +2250,16 @@
2104
2250
  "RFC-6546",
2105
2251
  "RFC-7208",
2106
2252
  "RFC-7489",
2253
+ "RFC-7644",
2107
2254
  "RFC-7970",
2255
+ "RFC-8460",
2108
2256
  "RFC-8461",
2109
2257
  "RFC-8616",
2110
- "RFC-9116"
2258
+ "RFC-8617",
2259
+ "RFC-8705",
2260
+ "RFC-9112",
2261
+ "RFC-9116",
2262
+ "RFC-9449"
2111
2263
  ],
2112
2264
  "dlp_refs": [
2113
2265
  "DLP-CHAN-CLIPBOARD-AI",
package/data/_indexes/handoff-dag.json CHANGED
@@ -31,6 +31,7 @@
31
31
  "sector-federal-government",
32
32
  "sector-financial",
33
33
  "sector-healthcare",
34
+ "sector-telecom",
34
35
  "security-maturity-tiers",
35
36
  "skill-update-loop",
36
37
  "supply-chain-integrity",
@@ -294,6 +295,7 @@
294
295
  "rag-pipeline-security",
295
296
  "supply-chain-integrity"
296
297
  ],
298
+ "sector-telecom": [],
297
299
  "api-security": [
298
300
  "ai-c2-detection",
299
301
  "defensive-countermeasure-mapping",
@@ -425,6 +427,7 @@
425
427
  "sector-federal-government": 4,
426
428
  "sector-financial": 5,
427
429
  "sector-healthcare": 4,
430
+ "sector-telecom": 0,
428
431
  "security-maturity-tiers": 1,
429
432
  "skill-update-loop": 2,
430
433
  "supply-chain-integrity": 15,
@@ -465,6 +468,7 @@
465
468
  "sector-federal-government": 9,
466
469
  "sector-financial": 12,
467
470
  "sector-healthcare": 12,
471
+ "sector-telecom": 0,
468
472
  "security-maturity-tiers": 0,
469
473
  "skill-update-loop": 21,
470
474
  "supply-chain-integrity": 2,
package/data/_indexes/jurisdiction-clocks.json CHANGED
@@ -38,9 +38,9 @@
38
38
  "trigger": "Major ICT-related incident (RTO/RPO breach, high financial impact, reputational damage)",
39
39
  "stages": null,
40
40
  "source": "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R2554",
41
- "authority": "ESAs (EBA, EIOPA, ESMA)"
41
+ "authority": "ESAs (EBA, EIOPA, ESMA) + Lead Overseers (CTPP regime from H2 2026)"
42
42
  },
43
- "authority": "ESAs (EBA, EIOPA, ESMA)"
43
+ "authority": "ESAs (EBA, EIOPA, ESMA) + Lead Overseers (CTPP regime from H2 2026)"
44
44
  },
45
45
  "EU_CRA": {
46
46
  "breach_notification": {