bmad-plus 0.4.4 → 0.5.0

package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md

@@ -0,0 +1,182 @@
+# EU AI Act — Risk Classification Reference
+
+## Art. 3 — Key Definitions
+
+| Term | Definition |
+|------|-----------|
+| **AI System** (Art. 3(1)) | A machine-based system designed to operate with varying levels of autonomy that, for a given set of objectives, infers from inputs how to generate outputs such as predictions, recommendations, decisions, or content affecting real or virtual environments |
+| **GPAI Model** (Art. 3(63)) | An AI model trained with large amounts of data using self-supervision at scale that displays significant generality and competently performs a wide range of distinct tasks, regardless of placement method — excludes pre-release R&D models |
+| **GPAI System** (Art. 3(64)) | An AI system based on a GPAI model capable of serving multiple purposes, directly or when integrated into other AI systems |
+| **Provider** (Art. 3(3)) | Natural or legal person that develops an AI system or GPAI model and places it on the market or puts it into service under own name/trademark |
+| **Deployer** (Art. 3(4)) | Natural or legal person using an AI system under own authority, except for personal non-professional activity |
+| **Operator** (Art. 3(8)) | Encompasses provider, product manufacturer, deployer, authorised representative, importer, or distributor |
+| **Authorised Representative** (Art. 3(5)) | Person established in EU with written mandate from non-EU provider to act on their behalf |
+| **Importer** (Art. 3(6)) | EU-established person placing on market an AI system bearing third-country person's name/trademark |
+| **Distributor** (Art. 3(7)) | Supply chain person (other than provider/importer) making AI system available on EU market |
+| **Profiling** (Art. 3(52)) | Automated processing of personal data to evaluate natural persons — work performance, economic situation, health, preferences, reliability, behaviour, location |
+
+---
+
+## Risk Tier Overview
+
+| Tier | Regulation Path | Key Obligation | Applies From |
+|------|----------------|----------------|--------------|
+| **Prohibited** | Art. 5 | Complete ban | 2 Feb 2025 |
+| **High Risk** | Art. 6 + Annex I/III | Full conformity regime | 2 Aug 2026 (Annex III) / 2027 (Annex I) |
+| **Limited Risk** | Art. 50 | Transparency disclosure only | 2 Aug 2026 |
+| **Minimal / No Risk** | — | Voluntary codes of conduct | — |
+
+---
+
+## Art. 5 — Prohibited AI Practices (All 8, applies from 2 February 2025)
+
+### 5(1)(a) — Subliminal / Manipulative Techniques
+AI systems using subliminal techniques beyond a person's consciousness, or purposefully manipulative/deceptive techniques, that materially distort behavior and impair informed decision-making, causing or likely to cause significant harm to those persons or third parties.
+
+### 5(1)(b) — Exploitation of Vulnerabilities
+AI systems exploiting vulnerabilities of persons or groups based on age, disability, or socioeconomic circumstances, distorting behavior in a manner that causes or is likely to cause significant harm.
+
+### 5(1)(c) — Social Scoring
+AI systems that evaluate or classify natural persons or groups based on social behavior over a period of time or inferred personal characteristics, leading to:
+- Detrimental or unfavorable treatment of persons or groups in unrelated social contexts; OR
+- Treatment that is disproportionate or unjustified relative to the social context in which the behavior occurred
+
+### 5(1)(d) — Predictive Criminal Risk Assessment
+AI systems assessing the risk of natural persons committing criminal offenses based solely on profiling or personality/character traits assessment. **Exception:** systems supporting human assessment based on objective, verifiable facts directly linked to criminal activity.
+
+### 5(1)(e) — Untargeted Facial Recognition Database Creation
+Creating or expanding facial recognition databases through untargeted scraping of facial images from the internet or CCTV footage.
+
+### 5(1)(f) — Emotion Inference in Workplace or Educational Institutions
+AI systems that infer emotions of natural persons in the workplace or educational institutions. **Exception:** for medical or safety purposes.
+
+### 5(1)(g) — Biometric-Based Categorization for Sensitive Attributes
+AI systems categorizing natural persons individually based on biometric data to deduce or infer race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation. **Exception:** labeling/filtering of lawfully acquired biometric datasets in law enforcement.
+
+### 5(1)(h) — Real-Time Remote Biometric Identification (RBI) in Public Spaces by Law Enforcement
+Real-time RBI systems in publicly accessible spaces for law enforcement purposes. **Narrow exceptions:**
+- (i) Targeted search for specific missing persons or trafficking victims
+- (ii) Preventing specific, substantial, imminent threat to life or terrorist attack  
+- (iii) Identifying suspects of serious criminal offenses carrying ≥4-year sentences listed in Annex II
+
+**Procedural requirements for exceptions:** Prior judicial or independent administrative body authorization (post-hoc authorization within 24 hours for urgency); fundamental rights impact assessment; registration in EU AI database; report to market surveillance authority after each use. **Prohibited:** use to identify protected attributes.
+
+---
+
+## Art. 6 — High-Risk Classification Rules
+
+### Path A — Art. 6(1): Safety Component of Sectoral Product
+System is high-risk when BOTH conditions are met:
+1. It is a **safety component of a product** covered by Annex I harmonisation legislation (or is itself such a product); **AND**
+2. That product **requires third-party conformity assessment** under the relevant Annex I legislation
+
+### Path B — Art. 6(2): Annex III Listed Use Case
+System is high-risk when **listed in Annex III**, unless the following non-high-risk exceptions all apply:
+- Performs a narrow procedural task
+- Improves result of a previously completed human activity
+- Detects decision-making patterns/deviations without replacing/influencing human assessment
+- Performs preparatory tasks for assessment relevant to Annex III use cases
+
+**Critical override (Art. 6(3)):** Any Annex III system that **profiles natural persons** is ALWAYS high-risk regardless of the above exceptions.
+
+**Documentation obligation (Art. 6(3)):** Providers claiming non-high-risk status must document their assessment before market placement and make it available to national authorities on request.
+
+---
+
+## Annex I — Sectoral Harmonisation Laws (Safety Component Path)
+
+### Section A — New Legislative Framework Products
+1. Machinery — Directive 2006/42/EC
+2. Toys — Directive 2009/48/EC
+3. Recreational watercraft — Directive 2013/53/EU
+4. Lifts — Directive 2014/33/EU
+5. ATEX equipment — Directive 2014/34/EU
+6. Radio equipment — Directive 2014/53/EU
+7. Pressure equipment — Directive 2014/68/EU
+8. Cableway installations — Regulation 2016/424
+9. Personal protective equipment — Regulation 2016/425
+10. Gaseous fuel appliances — Regulation 2016/426
+11. Medical devices — Regulation 2017/745
+12. In vitro diagnostic medical devices — Regulation 2017/746
+
+### Section B — Other Harmonisation Legislation
+13. Civil aviation security — Regulation 300/2008
+14. Two/three-wheel vehicles — Regulation 168/2013
+15. Agricultural/forestry vehicles — Regulation 167/2013
+16. Marine equipment — Directive 2014/90/EU
+17. Rail interoperability — Directive 2016/797
+18. Motor vehicles and trailers — Regulation 2018/858
+19. Motor vehicle safety standards — Regulation 2019/2144
+20. Civil aviation and drones — Regulation 2018/1139
+
+---
+
+## Annex III — High-Risk AI Use Case Areas (8 Areas)
+
+### Area 1 — Biometrics
+- (a) Remote biometric identification systems (excluding personal identity verification)
+- (b) Biometric categorization systems inferring sensitive/protected attributes
+- (c) Emotion recognition systems
+
+**Notes:** (b) and (c) are prohibited under Art. 5(1)(g) and 5(1)(f) respectively in many contexts. Area 1(a) biometric categorization/emotion recognition systems that fall under Art. 5 prohibitions cannot qualify as merely high-risk — the prohibition takes precedence.
+
+### Area 2 — Critical Infrastructure
+AI safety components managing or used in safety-critical management of: road traffic, water supply, gas supply, heating supply, electricity supply, and critical digital infrastructure.
+
+### Area 3 — Education and Vocational Training
+- (a) Determining access/admission to or assignment to educational institutions at any level
+- (b) Evaluating learning outcomes that materially influence the learning process
+- (c) Assessing appropriate level of education and materially influencing the level of education received
+- (d) Monitoring and detecting prohibited student behavior in tests/examinations
+
+### Area 4 — Employment, Workers Management, and Self-Employment
+- (a) Recruitment and selection: targeted job advertising, application filtering/screening, candidate evaluation and selection
+- (b) Making decisions affecting terms of employment/work relationships: promotion, termination, task allocation, monitoring/evaluating performance/behavior of employed persons
+
+### Area 5 — Access to and Enjoyment of Essential Private and Public Services
+- (a) Public authorities evaluating individual eligibility for public assistance benefits and services (including healthcare)
+- (b) Creditworthiness assessment and credit scoring (excluding fraud detection)
+- (c) Life insurance and health insurance risk assessment and pricing for natural persons
+- (d) Emergency dispatch and emergency call classification and prioritization
+
+### Area 6 — Law Enforcement
+- (a) Individual risk assessment for becoming victim of criminal offenses
+- (b) Polygraphs and similar tools to assess reliability of persons
+- (c) Evaluating reliability of evidence in criminal investigations/prosecution
+- (d) Assessing risk of offending/reoffending, including recidivism assessment
+- (e) Profiling natural persons in course of criminal detection, investigation, or prosecution
+
+### Area 7 — Migration, Asylum, and Border Control Management
+- (a) Polygraph-like tools and similar for competent authorities in migration/asylum/border control
+- (b) Assessing risk (including security/irregular migration risk) of persons intending to enter or having entered EU territory
+- (c) Assisting competent authorities in examining applications for asylum, visa, and residence permits
+- (d) Detecting, recognizing, or identifying natural persons (excluding verification of travel documents)
+
+### Area 8 — Administration of Justice and Democratic Processes
+- (a) AI assisting judicial authorities in researching, interpreting, and applying the law
+- (b) AI intended to influence the outcome of elections or referenda, or the voting behavior of natural persons
+
+---
+
+## Art. 50 — Limited Risk Transparency Obligations (applies from 2 August 2026)
+
+### Chatbots and AI Interaction Systems (Art. 50(1))
+Providers must ensure users are informed they are interacting with an AI system, unless:
+- Obvious to a reasonably well-informed user given context and circumstances
+- System is authorized by law for detection of criminal offenses
+
+### Synthetic Media — Deepfakes (Art. 50(2) and (4))
+- Deployers of systems generating synthetic image/video/audio/text resembling real persons/places/events must disclose in machine-readable format that content is artificially generated or manipulated
+- Deployer disclosure exceptions: authorized by law for criminal offense detection; artistic, satirical, or fictional works with appropriate disclosure that doesn't impair enjoyment
+- All AI-generated text published to inform public on matters of public interest must be disclosed as AI-generated, unless: authorized for criminal investigation; content underwent human editorial review and editorial accountability exists
+
+### Emotion Recognition and Biometric Categorization (Art. 50(3))
+Deployers must inform natural persons exposed to these systems of:
+- The operation of the system
+- Must comply with GDPR and data protection law
+- Exception: authorized for law enforcement
+
+### Format Requirements
+- Disclosures must be made at the latest at first interaction/exposure
+- Clear and distinguishable manner
+- Must meet accessibility standards (Directive 2019/882)

package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md

@@ -0,0 +1,209 @@
+# FedRAMP SSP Appendices Guide (A–Q)
+
+All FedRAMP SSP appendices must use official FedRAMP templates where indicated.
+Templates: https://www.fedramp.gov/rev5/documents-templates/
+
+---
+
+## Appendix A — Acronyms & Glossary
+**Required:** Yes | **Author:** CSP
+- List all acronyms used in the SSP
+- Define any system-specific or agency-specific terms
+- FedRAMP provides a standard glossary; supplement with system-specific terms
+- Keep synchronized with the SSP body — if a new term appears in Section 7, add it here
+
+---
+
+## Appendix B — Related Laws & Regulations
+**Required:** Yes | **Author:** CSP (use FedRAMP template as base)
+- Enumerates applicable federal laws, Executive Orders, OMB memos, and standards
+- Core list includes: FISMA 2014, Privacy Act of 1974, E-Government Act (Section 208), FIPS 199, FIPS 200, NIST SP 800-53 Rev 5, OMB Circular A-130
+- Add agency-specific requirements if applicable (e.g., HIPAA, CJIS, IRS Publication 1075)
+- Review annually — regulatory landscape changes; new OMB guidance and executive orders may require additions
+
+**Common mistake:** Using the Rev 4 version of this appendix; ensure it reflects Rev 5 requirements and current OMB directives.
+
+---
+
+## Appendix C — Security Policies & Procedures
+**Required:** Yes | **Author:** CSP
+- Attach or reference all CSP security policies and standard operating procedures
+- Must cover each NIST 800-53 Rev 5 control family that has policies and procedures controls (e.g., AC-1, AU-1, CA-1, CM-1, etc.)
+- Policies must be: approved by senior leadership, dated, versioned, and reviewed at defined intervals
+- Common approach: include a policy index table in the appendix body, with the actual policy documents attached or linked via evidence repository
+
+**Common finding:** Policies exist but are not dated or version-controlled; policies reference Rev 4 controls.
+
+---
+
+## Appendix D — User Guide
+**Required:** Yes | **Author:** CSP
+- End-user guide for the cloud service
+- Describes: how to access the system, user responsibilities, what the system does, how to report security incidents
+- For SaaS offerings, this may be a customer-facing documentation excerpt
+- Must align with the Rules of Behavior (Appendix E)
+
+---
+
+## Appendix E — Rules of Behavior (RoB)
+**Required:** Yes | **Author:** CSP (FedRAMP template available)
+- Signed by all users prior to access
+- Covers: acceptable use, data handling obligations, password requirements, incident reporting obligations, consequences of non-compliance
+- Must be re-signed annually or when updated
+- Keep signature records — auditors will ask for evidence of signed RoBs
+
+**Common finding:** RoB exists but no evidence of user signatures; RoB not updated after major policy changes.
+
+---
+
+## Appendix F — IT Contingency Plan (ISCP)
+**Required:** Yes | **Author:** CSP (FedRAMP ISCP template — updated December 2024)
+- Use the FedRAMP Information System Contingency Plan (ISCP) template
+- Must include: system description, activation criteria, notification procedures, recovery procedures, reconstitution, testing records
+- RTO and RPO must be defined and achievable based on architecture
+- Must be tested at least annually — tabletop minimum; functional exercise preferred for High baseline
+- Append the most recent test results
+
+**Common finding:** Plan exists but has never been tested; RTO/RPO are aspirational and not validated by DR testing.
+
+---
+
+## Appendix G — Configuration Management Plan (CMP)
+**Required:** Yes | **Author:** CSP
+- Describes how configuration baselines are established, maintained, and enforced
+- Must reference specific baseline standards used (CIS Benchmarks, DISA STIGs)
+- Documents the change control board (CCB) process and approval chain
+- Defines how configuration deviations are documented and approved
+- Links to the system inventory (IIW — Appendix K)
+
+---
+
+## Appendix H — Incident Response Plan (IRP)
+**Required:** Yes | **Author:** CSP
+- Must follow NIST SP 800-61 Rev 2 lifecycle: Preparation → Detection → Containment → Eradication → Recovery → Post-Incident
+- FedRAMP-specific reporting SLAs:
+  - Report to US-CERT within **1 hour** of incident discovery (high-priority incidents)
+  - Report to agency AO within **1 hour** for incidents affecting federal data
+- Include contact list: CSP IR team, agency AO contacts, US-CERT (CISA), FedRAMP PMO Security Inbox
+- Must include the FedRAMP Security Inbox address for PMO notifications
+- Must be tested at least annually (tabletop or functional exercise)
+
+**Common finding:** IRP does not include agency AO notification procedure; reporting timeframes do not match FedRAMP SLAs; no evidence of annual testing.
+
+---
+
+## Appendix I — Control Implementation Summary (CIS) / Customer Responsibility Matrix (CRM)
+**Required:** Yes | **Author:** CSP (FedRAMP CIS/CRM template)
+- One of the most operationally important appendices for agency customers
+- **CIS tab**: Lists every control in the baseline and its implementation status (Fully Implemented / Partially Implemented / Planned / Not Applicable / Alternative)
+- **CRM tab**: For each shared/hybrid control, defines exactly what the CSP implements vs. what the customer/agency must implement
+- Agency customers use the CRM to understand their inherited security obligations
+- Must be kept current — a stale CRM is a common agency complaint and a finding during re-authorization
+
+**Common mistake:** CRM lists "Customer Responsibility" generically without specifying what the agency must actually do; shared controls marked as fully CSP-implemented when agencies have configuration responsibilities.
+
+---
+
+## Appendix J — FIPS 199 Categorization
+**Required:** Yes | **Author:** CSP
+- Documents the formal FIPS 199 impact determination
+- Categorizes Confidentiality, Integrity, and Availability separately for each information type
+- Overall impact level = high-water mark (highest individual rating)
+- Must justify each categorization with the types of federal information the system processes
+- Ties directly to which FedRAMP baseline (Low / Moderate / High) applies
+
+---
+
+## Appendix K — Integrated Inventory Workbook (IIW)
+**Required:** Yes | **Author:** CSP (FedRAMP IIW template — updated December 2024)
+- Complete inventory of every asset within the authorization boundary
+- Tabs typically include: hardware, software, services, databases, network components, virtual instances
+- Must be 100% accurate — auditors sample from IIW and will flag missing assets as findings
+- Updated continuously; submitted monthly during ConMon
+- Must include: asset name/ID, OS/version, IP address, function, patch level, FedRAMP status, POC
+
+**Common finding:** IIW is out of date; cloud-native ephemeral resources (auto-scaling instances, containers) not accounted for with appropriate dynamic inventory process.
+
+---
+
+## Appendix L — Cryptographic Modules Table
+**Required:** Yes | **Author:** CSP
+- Lists every cryptographic module in use within the boundary
+- For each module: vendor, product name, version, FIPS 140-2/3 validation certificate number, use case (encryption at rest, in transit, key management, etc.)
+- All modules must have active FIPS 140-2 or 140-3 validation certificates (check NIST CMVP)
+- Identifies any non-FIPS algorithms still in use (must be remediated or deviation-approved)
+
+**Common finding:** Module versions have changed since last authorization and certificates are no longer valid; legacy algorithms (MD5, SHA-1, DES, RC4) found in use without deviation.
+
+---
+
+## Appendix M — Continuous Monitoring Plan
+**Required:** Yes | **Author:** CSP
+- Documents the ongoing ConMon program
+- Must specify: scan frequency and tools, vulnerability management SLAs, POA&M update cadence, reporting schedule to agency AO, annual assessment approach
+- Scan requirements: OS/infrastructure monthly; web app monthly; database monthly; container images per CI/CD pipeline
+- References the Security Inbox requirement (effective January 2026)
+
+---
+
+## Appendix N — Separation of Duties Matrix
+**Required:** Conditional (required when separation of duties is a compensating control or specifically required by agency) | **Author:** CSP
+- Documents which roles can and cannot be combined
+- Relevant when a small team might otherwise hold conflicting privileges
+- Ties to AC-5 (Separation of Duties) control implementation
+
+---
+
+## Appendix O — Plan of Action & Milestones (POA&M)
+**Required:** Yes | **Author:** CSP (FedRAMP POA&M template)
+- See `references/poam-guide.md` for full field definitions and SLA table
+- Living document — updated monthly during ConMon
+- Submitted monthly to agency AO(s)
+- Every SAR finding must appear as a POA&M row
+
+---
+
+## Appendix P — Supply Chain Risk Management Plan (SCRM Plan)
+**Required:** Yes (Rev 5) | **Author:** CSP
+- New requirement introduced with NIST SP 800-53 Rev 5 (SR control family)
+- Documents how the CSP manages supply chain risks for hardware, software, and services
+- Must address: supplier assessment process, SBOM tracking, open source component vulnerability management, critical supplier identification
+- Ties to SR-1 through SR-12 control implementations
+
+**Common finding:** SCRM Plan is generic and doesn't describe the CSP's specific suppliers or risk assessment methodology; SBOM process undefined.
+
+---
+
+## Appendix Q — Privacy Impact Assessment (PIA)
+**Required:** If PII is in scope | **Author:** CSP
+- Required when the system collects, processes, stores, or transmits PII
+- Must follow the E-Government Act of 2002 Section 208 PIA requirements
+- Covers: what PII is collected, why, how it's protected, retention, access controls, sharing with third parties
+- Ties to PT control family (PII Processing & Transparency) — new in Rev 5
+- Agency AO reviews PIA as part of authorization decision when PII is involved
+
+**Common finding:** PIA omits specific PII data elements; PIA not updated when new PII types are added to the system.
+
+---
+
+## Quick Reference: Appendix Checklist
+
+| App | Title | Required | Template |
+|-----|-------|----------|----------|
+| A | Acronyms & Glossary | Yes | CSP-authored |
+| B | Laws & Regulations | Yes | FedRAMP base + CSP additions |
+| C | Security Policies & Procedures | Yes | CSP-authored |
+| D | User Guide | Yes | CSP-authored |
+| E | Rules of Behavior | Yes | FedRAMP template |
+| F | IT Contingency Plan (ISCP) | Yes | FedRAMP ISCP template (Dec 2024) |
+| G | Configuration Management Plan | Yes | CSP-authored |
+| H | Incident Response Plan | Yes | CSP-authored |
+| I | CIS / CRM Workbook | Yes | FedRAMP template |
+| J | FIPS 199 Categorization | Yes | CSP-authored |
+| K | Integrated Inventory Workbook (IIW) | Yes | FedRAMP template (Dec 2024) |
+| L | Cryptographic Modules Table | Yes | CSP-authored |
+| M | Continuous Monitoring Plan | Yes | CSP-authored |
+| N | Separation of Duties Matrix | Conditional | CSP-authored |
+| O | POA&M | Yes | FedRAMP template |
+| P | Supply Chain Risk Management Plan | Yes (Rev 5) | CSP-authored |
+| Q | Privacy Impact Assessment (PIA) | If PII in scope | CSP-authored |