arckit-cli 6.1.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- arckit_cli/__init__.py +1120 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/memory/sessions.md +293 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/_partials/RENDERING.md +22 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/_partials/document-control-uae.md +20 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/_partials/document-control-uk.md +16 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/adm-preliminary-template.md +135 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/adr-template.md +588 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-design-template.md +390 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-governance-template.md +90 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-integration-template.md +159 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-inventory-template.md +108 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-maturity-template.md +388 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-security-template.md +213 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/analysis-report-template.md +323 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/application-inventory-template.md +221 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-board-template.md +194 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-change-template.md +205 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-diagram-template.md +610 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-principles-template.md +632 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-repository-template.md +107 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-strategy-template.md +666 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/at-bvergg-template.md +252 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/at-dsgvo-template.md +354 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/at-nisg-template.md +236 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-aescsf-template.md +189 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ai-assurance-template.md +243 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-disp-attestation-template.md +297 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-dss-template.md +302 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-e8-posture-template.md +377 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-energy-compliance-template.md +189 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ism-controls-template.md +462 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ndb-playbook-template.md +288 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ot-security-template.md +204 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-pia-template.md +394 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-pspf-template.md +380 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-soci-cirmp-template.md +206 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/aws-research-template.md +605 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/azure-research-template.md +559 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/backlog-template.md +465 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-aia-template.md +206 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-atip-template.md +192 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-charter-template.md +190 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-cloud-residency-template.md +173 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-fitaa-template.md +156 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-gc-digital-standards-template.md +208 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-itsg-33-template.md +228 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-ocap-template.md +205 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-ola-template.md +171 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-pia-template.md +193 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-pspc-template.md +214 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-soia-template.md +219 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/capability-map-template.md +125 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/competitors-template.md +113 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/conformance-assessment-template.md +507 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/data-mesh-contract-template.md +851 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/data-model-template.md +1043 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/data-source-profile-template.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/datascout-template.md +546 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/devops-template.md +961 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dfd-template.md +161 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dld-review-template.md +427 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dos-requirements-template.md +506 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dpia-template.md +1200 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-ai-act-template.md +227 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-cra-template.md +176 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-data-act-template.md +175 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-dora-template.md +197 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-dsa-template.md +183 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-nis2-template.md +196 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-rgpd-template.md +198 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/evaluation-criteria-template.md +719 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/finops-template.md +662 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-algorithme-public-template.md +162 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-anssi-carto-template.md +196 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-anssi-template.md +190 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-code-reuse-template.md +190 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-dinum-template.md +195 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-dr-template.md +187 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-ebios-template.md +209 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-irn-template.md +311 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-marche-public-template.md +178 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-pssi-template.md +270 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-rgpd-template.md +195 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-secnumcloud-template.md +188 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/framework-overview-template.md +247 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gap-analysis-template.md +198 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gcloud-clarify-template.md +340 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gcloud-requirements-template.md +370 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gcp-research-template.md +585 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/glossary-template.md +117 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gov-code-search-template.md +213 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gov-landscape-template.md +271 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gov-reuse-template.md +214 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/grants-template.md +131 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/hld-review-template.md +760 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/jsp-936-template.md +1394 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/maturity-model-template.md +297 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/mlops-template.md +720 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/mod-secure-by-design-template.md +784 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/operationalize-template.md +1016 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/pages-template.html +5121 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/platform-design-template.md +1610 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/presentation-template.md +270 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/principles-compliance-assessment-template.md +389 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/project-plan-template.md +421 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/rationalization-template.md +208 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/requirements-template.md +1026 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/research-findings-template.md +939 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/risk-register-template.md +883 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/roadmap-template.md +787 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/service-assessment-prep-template.md +448 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/servicenow-design-template.md +273 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/sobc-template.md +1127 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/sow-template.md +785 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/stakeholder-drivers-template.md +493 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/story-template.md +889 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/tcop-review-template.md +593 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/tech-note-template.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/tenders-template.md +124 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/traceability-matrix-template.md +360 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/transition-architecture-template.md +286 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-ai-autonomy-tier-template.md +97 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-ai-charter-template.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-classification-template.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-cloud-residency-template.md +136 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-data-sharing-template.md +105 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-digital-records-template.md +97 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-ias-template.md +109 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-pdpl-template.md +105 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-priorities-alignment-template.md +99 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-procurement-template.md +115 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-uaepass-template.md +129 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-zero-bureaucracy-template.md +85 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-consumer-duty-board-report-template.md +49 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-consumer-duty-template.md +362 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-ctp-dependency-register-template.md +24 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-ctp-dependency-template.md +321 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-safeguarding-reconciliation-template.md +77 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-safeguarding-template.md +348 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-sca-rts-exemption-matrix-template.md +47 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-sca-rts-template.md +273 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-gov-ai-playbook-template.md +942 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-gov-atrs-template.md +1087 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-mdr-classification-template.md +307 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-case-template.md +214 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-hazard-template.md +217 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-safety-template.md +78 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-template.md +13 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-deployment-case-template.md +207 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-deployment-hazard-template.md +290 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-deployment-safety-template.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-template.md +13 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dtac-template.md +341 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ukgov-secure-by-design-template.md +1031 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-ai-impact-template.md +212 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-ai-rmf-template.md +232 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-fedramp-readiness-template.md +209 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-fedramp-ssp-template.md +352 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-fisma-categorization-template.md +145 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-icam-template.md +216 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-nist-800-53-template.md +222 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-privacy-pia-template.md +191 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-sbom-eo-14028-template.md +253 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-zero-trust-template.md +234 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/vendor-profile-template.md +88 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/vendor-scoring-template.md +332 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-climate-template.md +269 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-doctrine-template.md +299 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-gameplay-template.md +346 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-map-template.md +587 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-value-chain-template.md +256 -0
- arckit_cli-6.1.1.data/data/share/arckit/CHANGELOG.md +3554 -0
- arckit_cli-6.1.1.data/data/share/arckit/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/DEPENDENCY-MATRIX.md +929 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/README.md +322 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/WORKFLOW-DIAGRAMS.md +1088 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/adm-preliminary.md +72 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/adr.md +60 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-design.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-governance.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-integration.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-inventory.md +60 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-maturity.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-security.md +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ai-playbook.md +103 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/analyze.md +57 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/application-inventory.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/application-rationalization.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/architecture-board.md +60 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/architecture-change.md +73 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/architecture-repository.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/artifact-health.md +228 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/at-bvergg.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/at-dsgvo.md +75 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/at-nisg.md +94 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/atrs.md +98 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-aescsf.md +45 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ai-assurance.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-disp-attestation.md +90 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-dss.md +76 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-e8-posture.md +73 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-energy-compliance.md +47 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-federal-overlay.md +199 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ism-controls.md +78 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ndb-playbook.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ot-security.md +39 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-pia.md +72 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-pspf.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-soci-cirmp.md +40 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/autoresearch.md +334 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/aws-research.md +160 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/azure-research.md +157 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/backlog.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/build.md +132 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/business-capability-map.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/business-case.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/c4-layout-science.md +280 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-aia.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-atip.md +79 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-charter.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-cloud-residency.md +91 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-fitaa.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-gc-digital-standards.md +93 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-itsg-33.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-ocap.md +91 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-ola.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-pia.md +83 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-pspc.md +96 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-soia.md +87 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/codes-of-practice.md +154 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/competitors.md +202 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/conformance.md +153 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/create.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/custom-commands.md +236 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/customize.md +108 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/data-mesh-contract.md +239 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/data-model.md +69 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/data-quality-framework.md +118 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/datascout.md +162 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/declaration.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/design-review.md +66 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/devops.md +96 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dfd.md +187 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/diagram.md +118 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dld-review.md +102 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dos.md +109 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dpia.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/enterprise-scale.md +260 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-ai-act.md +82 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-cra.md +90 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-data-act.md +85 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-dora.md +83 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-dsa.md +85 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-nis2.md +82 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-rgpd.md +76 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/evaluate.md +115 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/export-okf.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/finops.md +117 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-algorithme-public.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-anssi-carto.md +69 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-anssi.md +79 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-code-reuse.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-dinum.md +83 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-dr.md +88 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-ebios.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-irn.md +103 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-marche-public.md +94 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-pssi.md +87 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-rgpd.md +75 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-secnumcloud.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/framework.md +234 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gap-analysis.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcloud-clarify.md +108 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcloud-competitors.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcloud-search.md +106 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcp-research.md +169 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/glossary.md +190 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gov-code-search.md +119 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gov-landscape.md +114 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gov-reuse.md +112 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/govs-007-security.md +93 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/grants.md +106 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/graph-report.md +77 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/health.md +234 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/hld-review.md +110 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/hooks.md +121 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/impact.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/import-okf.md +67 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/init.md +159 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/jsp-936.md +60 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/knowledge-compounding.md +140 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/maturity-model.md +186 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/mcp-servers.md +329 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/migration.md +333 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/mlops.md +126 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/mod-secure.md +124 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/national-data-strategy.md +115 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/navigator.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/operationalize.md +143 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/pages.md +227 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/pinecone-mcp.md +128 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/plan.md +66 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/platform-design.md +600 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/presentation.md +137 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/pricing.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/principles-compliance.md +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/principles.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/procurement.md +57 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/productivity.md +217 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/remote-control.md +151 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/requirements.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/research.md +65 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/review.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/risk-management.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/risk.md +132 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roadmap.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/README.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/business-analyst.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/business-architect.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/cdo.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/ciso.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/cto-cdio.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/data-architect.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/data-governance-manager.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/delivery-manager.md +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/devops-engineer.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/enterprise-architect.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/it-service-manager.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/network-architect.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/performance-analyst.md +67 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/product-manager.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/security-architect.md +78 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/service-owner.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/solution-architect.md +75 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/technical-architect.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/score.md +91 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sdd-lot1.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sdd-lot2.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sdd-lot3.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/search.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/secure.md +181 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/security-hooks.md +200 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/security.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/service-assessment.md +47 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/service-design.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/servicenow.md +152 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/session-memory.md +100 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sobc.md +129 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sow.md +125 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/stakeholder-analysis.md +51 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/stakeholders.md +138 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/start.md +276 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/story.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/strategy.md +211 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/submission-pack.md +72 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/supplier-profile.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/tcop.md +124 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/template-builder.md +125 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/tenders.md +193 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/testing-plugin-branches.md +79 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/traceability.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/transition-architecture.md +69 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/trello.md +139 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-ai-autonomy-tier.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-ai-charter.md +89 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-classification.md +73 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-cloud-residency.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-data-sharing.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-digital-records.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-ias.md +93 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-overlay-maintenance.md +154 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-overlay.md +208 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-pdpl.md +73 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-priorities-alignment.md +82 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-procurement.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-uaepass.md +83 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-zero-bureaucracy.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-consumer-duty.md +178 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-ctp-dependency.md +181 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-payments-overlay.md +216 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-safeguarding.md +176 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-sca-rts.md +164 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/ai-playbook.md +56 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/algorithmic-transparency.md +44 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/digital-marketplace.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/secure-by-design.md +51 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/standards-map.md +108 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/technology-code-of-practice.md +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-mdr-classification.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-mod/secure-by-design.md +54 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-clinical-safety-overlay.md +214 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-dcb0129.md +64 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-dcb0160.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-dtac.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/upgrading.md +130 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-ai-impact.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-ai-rmf.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-federal-overlay.md +111 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-fedramp-readiness.md +69 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-fedramp-ssp.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-fisma-categorization.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-icam.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-nist-800-53.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-privacy-pia.md +74 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-sbom-eo-14028.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-zero-trust.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-climate.md +122 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-doctrine.md +120 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-gameplay.md +123 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-value-chain.md +130 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley.md +173 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/.agents/plugins/marketplace.json +20 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/README.md +325 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/docs/DEPENDENCY-MATRIX.md +616 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/arckit-codex-hook.mjs +1270 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/graph-inject.mjs +1497 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/graph-rollups.mjs +247 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/graph-utils.mjs +363 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/hook-utils.mjs +383 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/hooks.json +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/okf-frontmatter.mjs +279 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/project-context-builder.mjs +168 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/sync-guides.mjs +1120 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-copilot/README.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-copilot/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-copilot/docs/DEPENDENCY-MATRIX.md +616 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/LICENSE +21 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/README.md +65 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/docs/DEPENDENCY-MATRIX.md +616 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/opencode.json +25 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/.mcp.json +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/LICENSE +26 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/README.md +407 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/vibe-config.toml +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/README.md +680 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/fixtures/000-global/ARC-000-PRIN-v1.0.md +120 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/fixtures/001-test-project/ARC-001-STKE-v1.0.md +100 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/fixtures/001-test-project/README.md +15 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/program-selfharness.md +748 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/program.md +269 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/check-prerequisites.sh +250 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/common.sh +359 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/create-project.sh +408 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/generate-document-id.sh +146 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/list-projects.sh +359 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/migrate-filenames.sh +553 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bump-version.sh +293 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/check_doctype_collisions.py +30 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/check_recipes.py +94 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/check_references.py +144 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/convert_vibe_agents.py +198 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/convert_vibe_skills.py +499 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/converter.py +2002 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/create-sdg-repo.py +820 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/generate-arckit-architecture-hero.py +317 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/generate-arckit-hero.py +278 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/generate-release-notes.sh +112 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/managed-agents/README.md +105 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/managed-agents/arckit-agent.py +418 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/push-extensions.sh +424 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/apply_doc_control_marker.py +50 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/common.py +288 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/create-project.py +373 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/generate-document-id.py +96 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/list-projects.py +238 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/migrate_classification.py +94 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/render-brand-pngs.py +72 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/standardise-colon.py +128 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/sync-claude-plugin-layout.py +159 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/sync-shared-assets.py +132 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/tag-plugins.sh +65 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/tests/test-doc-types-dual-registration.mjs +57 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/tests/test-fde-templates.mjs +100 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/tests/test-regime-registration.mjs +65 -0
- arckit_cli-6.1.1.dist-info/METADATA +1966 -0
- arckit_cli-6.1.1.dist-info/RECORD +482 -0
- arckit_cli-6.1.1.dist-info/WHEEL +4 -0
- arckit_cli-6.1.1.dist-info/entry_points.txt +2 -0
- arckit_cli-6.1.1.dist-info/licenses/LICENSE +26 -0
|
@@ -0,0 +1,212 @@
|
|
|
1
|
+
# AI Impact Assessment (OMB M-24-10 + M-25-21)
|
|
2
|
+
|
|
3
|
+
> **Template Origin**: Community | **ArcKit Version**: [VERSION] | **Command**: `/arckit:us-ai-impact`
|
|
4
|
+
|
|
5
|
+
## Document Control
|
|
6
|
+
|
|
7
|
+
<!-- DOC-CONTROL-HEADER -->
|
|
8
|
+
<!-- Resolved at command-execution time per _partials/RENDERING.md. -->
|
|
9
|
+
<!-- Classification line MUST be: -->
|
|
10
|
+
<!-- | Classification | PUBLIC / OFFICIAL / OFFICIAL-SENSITIVE (set via `default_classification` user-config) | -->
|
|
11
|
+
|
|
12
|
+
## Revision History
|
|
13
|
+
|
|
14
|
+
| Version | Date | Author | Changes | Approved By | Approval Date |
|
|
15
|
+
|---------|------|--------|---------|-------------|---------------|
|
|
16
|
+
| [VERSION] | [YYYY-MM-DD] | ArcKit AI | Initial creation from `/arckit:us-ai-impact` command | PENDING | PENDING |
|
|
17
|
+
|
|
18
|
+
---
|
|
19
|
+
|
|
20
|
+
## Executive Summary
|
|
21
|
+
|
|
22
|
+
[Two to three paragraphs: AI use case, rights-impacting / safety-impacting determination per OMB M-24-10, M-24-10 §5 risk-management practices status, M-25-21 acquisition controls (if procured), and CAIO sign-off status.]
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
## 1. AI Use Case Description
|
|
27
|
+
|
|
28
|
+
| Field | Value |
|
|
29
|
+
|-------|-------|
|
|
30
|
+
| **Use Case Name** | [Name] |
|
|
31
|
+
| **Agency / Bureau** | [Agency] |
|
|
32
|
+
| **Federal AI Use Case Inventory ID** | [If listed on federal.ai.gov — entry ID; otherwise PENDING] |
|
|
33
|
+
| **Purpose** | [What problem the AI solves] |
|
|
34
|
+
| **Decision Context** | [What decision is informed or made by the AI] |
|
|
35
|
+
| **Data Inputs** | [Data types, sources, sensitivity, PII?] |
|
|
36
|
+
| **Outputs** | [What the AI produces and how it is used downstream] |
|
|
37
|
+
| **Automation Level** | [Decision-support / Decision-making with human review / Decision-making automated] |
|
|
38
|
+
| **AI Capability Type** | [Predictive / Classification / Generative / Decision-Support] |
|
|
39
|
+
| **Population Affected** | [Federal employees / public / regulated cohort] |
|
|
40
|
+
| **Build / Buy / GenAI Wrapper** | [In-house / Vendor-built / Off-the-shelf with custom prompts] |
|
|
41
|
+
| **Cross-ref AI RMF** | [ARC-{P}-AIRMF-v*] |
|
|
42
|
+
| **Cross-ref PIA (if PII)** | [ARC-{P}-PIA-v*] |
|
|
43
|
+
| **CAIO** | [Name + role] |
|
|
44
|
+
| **Use-Case Owner** | [Name + role] |
|
|
45
|
+
| **Assessment Date** | [YYYY-MM-DD] |
|
|
46
|
+
|
|
47
|
+
---
|
|
48
|
+
|
|
49
|
+
## 2. Rights-Impacting / Safety-Impacting Determination
|
|
50
|
+
|
|
51
|
+
Per OMB M-24-10 Appendix I, certain categories of AI use are *presumed* to be rights-impacting or safety-impacting. Determine applicability for this use case.
|
|
52
|
+
|
|
53
|
+
### 2.1 Safety-Impacting Determination (M-24-10 Appendix I §1)
|
|
54
|
+
|
|
55
|
+
| Presumed Safety-Impacting Category | Applies? | Rationale |
|
|
56
|
+
|-------------------------------------|---------|-----------|
|
|
57
|
+
| Controls safety-critical functions of dams, emergency services, electrical grids, fire safety, financial systems, water supply | [Yes / No] | [Rationale] |
|
|
58
|
+
| Maintains civilian working conditions or worker safety in regulated environments | [Yes / No] | [Rationale] |
|
|
59
|
+
| Conducts biometric identification (real-time or post-hoc) in public spaces | [Yes / No] | [Rationale] |
|
|
60
|
+
| Detects fraud in benefits programmes resulting in benefit denial | [Yes / No] | [Rationale] |
|
|
61
|
+
| Conducts medical diagnostics or treatment decisions | [Yes / No] | [Rationale] |
|
|
62
|
+
| Controls physical movement of robots in workspaces accessible to humans | [Yes / No] | [Rationale] |
|
|
63
|
+
| Controls industrial / manufacturing emissions or hazardous materials | [Yes / No] | [Rationale] |
|
|
64
|
+
| Controls life-safety functions in transport (autonomous vehicles, aviation, rail) | [Yes / No] | [Rationale] |
|
|
65
|
+
| Conducts safety-related law-enforcement functions | [Yes / No] | [Rationale] |
|
|
66
|
+
|
|
67
|
+
**Safety-Impacting Determination**: **[Yes / No]**
|
|
68
|
+
|
|
69
|
+
[Narrative: if any of the above rows is Yes, the system is presumed safety-impacting. CAIO concurrence is required to override the presumption.]
|
|
70
|
+
|
|
71
|
+
### 2.2 Rights-Impacting Determination (M-24-10 Appendix I §2)
|
|
72
|
+
|
|
73
|
+
| Presumed Rights-Impacting Category | Applies? | Rationale |
|
|
74
|
+
|-------------------------------------|---------|-----------|
|
|
75
|
+
| Determines eligibility, access, or denial of federal benefits or services | [Yes / No] | [Rationale] |
|
|
76
|
+
| Generates risk assessments used in criminal or civil legal proceedings | [Yes / No] | [Rationale] |
|
|
77
|
+
| Detects fraud in benefits programmes (where outcome affects individuals) | [Yes / No] | [Rationale] |
|
|
78
|
+
| Monitors / detects student academic conduct or wellness | [Yes / No] | [Rationale] |
|
|
79
|
+
| Monitors employees in ways that affect employment outcomes | [Yes / No] | [Rationale] |
|
|
80
|
+
| Makes housing / loan / employment / insurance access decisions | [Yes / No] | [Rationale] |
|
|
81
|
+
| Conducts biometric identification or surveillance of public spaces | [Yes / No] | [Rationale] |
|
|
82
|
+
| Detects emotion, sentiment, or affect in regulated decision-making | [Yes / No] | [Rationale] |
|
|
83
|
+
| Translates / generates content used in legal, medical, or benefits proceedings | [Yes / No] | [Rationale] |
|
|
84
|
+
| Detects or generates content used in censorship / content-moderation by the federal government | [Yes / No] | [Rationale] |
|
|
85
|
+
| Conducts immigration / asylum / refugee decision-making | [Yes / No] | [Rationale] |
|
|
86
|
+
| Determines firearm-purchase / background-check eligibility | [Yes / No] | [Rationale] |
|
|
87
|
+
| Conducts predictive policing | [Yes / No] | [Rationale] |
|
|
88
|
+
| Determines child welfare interventions | [Yes / No] | [Rationale] |
|
|
89
|
+
|
|
90
|
+
**Rights-Impacting Determination**: **[Yes / No]**
|
|
91
|
+
|
|
92
|
+
### 2.3 CAIO Concurrence
|
|
93
|
+
|
|
94
|
+
[If the determination contests a presumed category — i.e., you assert "No" against a presumed Yes — the agency CAIO must concur per M-24-10 §5. Document the CAIO's rationale and signature in the Approvals section.]
|
|
95
|
+
|
|
96
|
+
**Determination Contested?**: [Yes — CAIO concurrence required / No]
|
|
97
|
+
|
|
98
|
+
---
|
|
99
|
+
|
|
100
|
+
## 3. Minimum Risk-Management Practices Checklist
|
|
101
|
+
|
|
102
|
+
Per OMB M-24-10 §5 + Appendix II. Required for any AI determined rights-impacting or safety-impacting.
|
|
103
|
+
|
|
104
|
+
| # | Practice | Status | Evidence | Action |
|
|
105
|
+
|---|----------|--------|----------|--------|
|
|
106
|
+
| 1 | Complete AI Impact Assessment (this artefact) | [Implemented / Planned / Not Applicable] | [Self-reference] | [N/A] |
|
|
107
|
+
| 2 | Test the AI for performance in a real-world context | [Implemented / Planned / Not Applicable] | [Test report ref] | [Action] |
|
|
108
|
+
| 3 | Independently evaluate the AI | [Implemented / Planned / Not Applicable] | [Evaluator + report ref] | [Action] |
|
|
109
|
+
| 4 | Conduct ongoing monitoring | [Implemented / Planned / Not Applicable] | [Monitoring plan ref] | [Action] |
|
|
110
|
+
| 5 | Regularly evaluate risks from the AI's use | [Implemented / Planned / Not Applicable] | [Reassessment cadence] | [Action] |
|
|
111
|
+
| 6 | Mitigate emerging risks to rights and safety | [Implemented / Planned / Not Applicable] | [Mitigation register] | [Action] |
|
|
112
|
+
| 7 | Ensure adequate human training and assessment for AI use | [Implemented / Planned / Not Applicable] | [Training records] | [Action] |
|
|
113
|
+
| 8 | Provide additional human oversight, intervention, and accountability as part of decisions or actions that could result in a significant impact on rights or safety | [Implemented / Planned / Not Applicable] | [Oversight design] | [Action] |
|
|
114
|
+
| 9 | Provide public notice and plain-language documentation through the agency's AI use-case inventory | [Implemented / Planned / Not Applicable] | [federal.ai.gov entry] | [Action] |
|
|
115
|
+
| 10 | Notify negatively affected individuals — provide a means to opt-out where practicable and a means to access human consideration and remedy | [Implemented / Planned / Not Applicable] | [Notice text + opt-out mechanism] | [Action] |
|
|
116
|
+
| 11 | Maintain options to opt-out from the AI-enabled decision in favour of a human alternative (where practicable) | [Implemented / Planned / Not Applicable] | [Opt-out design] | [Action] |
|
|
117
|
+
| 12 | Provide consultation and feedback opportunities for the public and affected communities | [Implemented / Planned / Not Applicable] | [Consultation record] | [Action] |
|
|
118
|
+
| 13 | Maintain consistency with broader privacy and civil-rights laws (Privacy Act, ADA, Title VI, etc.) | [Implemented / Planned / Not Applicable] | [Legal review] | [Action] |
|
|
119
|
+
| 14 | Conduct an equity assessment for disparate impact on protected populations | [Implemented / Planned / Not Applicable] | [Equity assessment ref] | [Action] |
|
|
120
|
+
|
|
121
|
+
---
|
|
122
|
+
|
|
123
|
+
## 4. M-25-21 Acquisition Controls
|
|
124
|
+
|
|
125
|
+
[Applies when the AI system is procured rather than built in-house. Document contract clauses, evaluation criteria, and vendor obligations per OMB M-25-21.]
|
|
126
|
+
|
|
127
|
+
**AI Procured?**: [Yes / No]
|
|
128
|
+
|
|
129
|
+
| Acquisition Control | Status | Notes |
|
|
130
|
+
|---------------------|--------|-------|
|
|
131
|
+
| Solicitation includes plain-language description of intended use | [Met / Gap] | [Notes] |
|
|
132
|
+
| Evaluation criteria assess vendor AI-risk-management maturity | [Met / Gap] | [Notes] |
|
|
133
|
+
| Contract clause: vendor disclosure of training data sources | [Met / Gap] | [Notes] |
|
|
134
|
+
| Contract clause: vendor disclosure of model architecture and any base models | [Met / Gap] | [Notes] |
|
|
135
|
+
| Contract clause: vendor model documentation (model card / system card) | [Met / Gap] | [Notes] |
|
|
136
|
+
| Contract clause: agency audit rights over vendor AI lifecycle | [Met / Gap] | [Notes] |
|
|
137
|
+
| Contract clause: data rights — agency retains rights to its data + derivatives | [Met / Gap] | [Notes] |
|
|
138
|
+
| Contract clause: IP — clear ownership of agency-generated content, prompts, embeddings, fine-tuned weights | [Met / Gap] | [Notes] |
|
|
139
|
+
| Contract clause: vendor commitment to update / patch / decommission cadence | [Met / Gap] | [Notes] |
|
|
140
|
+
| Contract clause: vendor incident-disclosure obligations (AI incidents, safety failures) | [Met / Gap] | [Notes] |
|
|
141
|
+
| Contract clause: prohibition on training vendor models with agency data without explicit permission | [Met / Gap] | [Notes] |
|
|
142
|
+
| Contract clause: vendor must support agency M-24-10 minimum practices | [Met / Gap] | [Notes] |
|
|
143
|
+
| Vendor management plan in place | [Met / Gap] | [Notes] |
|
|
144
|
+
|
|
145
|
+
---
|
|
146
|
+
|
|
147
|
+
## 5. Public Disclosure Obligations
|
|
148
|
+
|
|
149
|
+
| Element | Status | Notes |
|
|
150
|
+
|---------|--------|-------|
|
|
151
|
+
| Entry in agency AI Use Case Inventory (federal.ai.gov) | [Posted / Pending / N/A] | [URL / target date] |
|
|
152
|
+
| Plain-language description on agency website | [Posted / Pending / N/A] | [URL / target date] |
|
|
153
|
+
| Notice to affected individuals at point of contact | [Implemented / Planned] | [Notice text reference] |
|
|
154
|
+
| Opt-out mechanism communicated | [Implemented / Planned / Not practicable — narrative required] | [Mechanism] |
|
|
155
|
+
| Appeals / human-review mechanism communicated | [Implemented / Planned] | [Mechanism] |
|
|
156
|
+
|
|
157
|
+
**Federal AI Use Case Inventory Entry** (draft):
|
|
158
|
+
|
|
159
|
+
| Field | Value |
|
|
160
|
+
|-------|-------|
|
|
161
|
+
| Use case title | [Title] |
|
|
162
|
+
| Agency | [Agency] |
|
|
163
|
+
| Bureau | [Bureau] |
|
|
164
|
+
| Mission area | [Mission area] |
|
|
165
|
+
| Stage | [Initiated / Acquisition and/or Development / Implementation and Assessment / Operation and Maintenance / Decommissioned] |
|
|
166
|
+
| Plain-language summary | [Two-sentence summary of what the AI does and for whom] |
|
|
167
|
+
| Rights-impacting | [Yes / No] |
|
|
168
|
+
| Safety-impacting | [Yes / No] |
|
|
169
|
+
| Date last updated | [YYYY-MM-DD] |
|
|
170
|
+
|
|
171
|
+
---
|
|
172
|
+
|
|
173
|
+
## 6. Agency CAIO Sign-Off
|
|
174
|
+
|
|
175
|
+
| Sign-Off Item | CAIO Statement |
|
|
176
|
+
|---------------|----------------|
|
|
177
|
+
| Determination of rights-/safety-impacting concurred | [Concur / Concur with conditions / Do not concur] |
|
|
178
|
+
| Minimum risk-management practices reviewed | [Reviewed and approved / Conditional / Returned for revision] |
|
|
179
|
+
| Acquisition controls (where applicable) reviewed | [Reviewed and approved / Conditional / N/A] |
|
|
180
|
+
| Public disclosure plan reviewed | [Reviewed and approved / Conditional] |
|
|
181
|
+
|
|
182
|
+
**CAIO Signature**: [Name + signature + date]
|
|
183
|
+
|
|
184
|
+
---
|
|
185
|
+
|
|
186
|
+
## 7. References
|
|
187
|
+
|
|
188
|
+
| Reference | Citation | URL |
|
|
189
|
+
|-----------|----------|-----|
|
|
190
|
+
| OMB M-24-10 | Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence | <https://www.whitehouse.gov/wp-content/uploads/2024/03/M-24-10-Advancing-Governance-Innovation-and-Risk-Management-for-Agency-Use-of-Artificial-Intelligence.pdf> |
|
|
191
|
+
| OMB M-25-21 | Acquisition of Artificial Intelligence in the Federal Government | <https://www.whitehouse.gov/omb/> |
|
|
192
|
+
| NIST AI 600-1 | AI RMF: Generative AI Profile | <https://doi.org/10.6028/NIST.AI.600-1> |
|
|
193
|
+
| federal.ai.gov | Federal AI Use Case Inventory | <https://ai.gov/ai-use-cases/> |
|
|
194
|
+
|
|
195
|
+
---
|
|
196
|
+
|
|
197
|
+
## 8. Approvals
|
|
198
|
+
|
|
199
|
+
| Role | Name | Signature | Date |
|
|
200
|
+
|------|------|-----------|------|
|
|
201
|
+
| AI Use-Case Owner | [Name] | [Signature] | [YYYY-MM-DD] |
|
|
202
|
+
| Chief AI Officer (CAIO) | [Name] | [Signature] | [YYYY-MM-DD] |
|
|
203
|
+
| Senior Agency Official for Privacy (SAOP) | [Name] | [Signature] | [YYYY-MM-DD] |
|
|
204
|
+
| Agency General Counsel (or designee) | [Name] | [Signature] | [YYYY-MM-DD] |
|
|
205
|
+
|
|
206
|
+
---
|
|
207
|
+
|
|
208
|
+
**Generated by**: ArcKit `/arckit:us-ai-impact` command
|
|
209
|
+
**Generated on**: [DATE]
|
|
210
|
+
**ArcKit Version**: [VERSION]
|
|
211
|
+
**Project**: [PROJECT_NAME]
|
|
212
|
+
**Model**: [AI_MODEL]
|
|
@@ -0,0 +1,232 @@
|
|
|
1
|
+
# NIST AI Risk Management Framework Assessment
|
|
2
|
+
|
|
3
|
+
> **Template Origin**: Community | **ArcKit Version**: [VERSION] | **Command**: `/arckit:us-ai-rmf`
|
|
4
|
+
|
|
5
|
+
## Document Control
|
|
6
|
+
|
|
7
|
+
<!-- DOC-CONTROL-HEADER -->
|
|
8
|
+
<!-- Resolved at command-execution time per _partials/RENDERING.md. -->
|
|
9
|
+
<!-- Classification line MUST be: -->
|
|
10
|
+
<!-- | Classification | PUBLIC / OFFICIAL / OFFICIAL-SENSITIVE (set via `default_classification` user-config) | -->
|
|
11
|
+
|
|
12
|
+
## Revision History
|
|
13
|
+
|
|
14
|
+
| Version | Date | Author | Changes | Approved By | Approval Date |
|
|
15
|
+
|---------|------|--------|---------|-------------|---------------|
|
|
16
|
+
| [VERSION] | [YYYY-MM-DD] | ArcKit AI | Initial creation from `/arckit:us-ai-rmf` command | PENDING | PENDING |
|
|
17
|
+
|
|
18
|
+
---
|
|
19
|
+
|
|
20
|
+
## Executive Summary
|
|
21
|
+
|
|
22
|
+
[Two to three paragraphs: AI system, intended use, AI RMF 1.0 four-function maturity, GenAI applicability, top three residual risks, and recommended treatment.]
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
## 1. AI System Description
|
|
27
|
+
|
|
28
|
+
| Field | Value |
|
|
29
|
+
|-------|-------|
|
|
30
|
+
| **System Name** | [Name] |
|
|
31
|
+
| **Intended Use** | [Specific purpose, decision context, automation level] |
|
|
32
|
+
| **AI Capability Type** | [Predictive / Classification / Generative / Decision-Support / Autonomous] |
|
|
33
|
+
| **GenAI in Use?** | [Yes — see Section 6 / No] |
|
|
34
|
+
| **Training Data Sources** | [Public / proprietary / mixed; data classification] |
|
|
35
|
+
| **Model Architecture** | [E.g., gradient-boosted trees / transformer 7B / RAG over agency corpus] |
|
|
36
|
+
| **Foundation Model (if any)** | [Vendor + version, e.g., Claude Opus 4 / GPT-4o / Llama 3.1 70B] |
|
|
37
|
+
| **Deployment Context** | [Internal / customer-facing / inter-agency] |
|
|
38
|
+
| **Population Affected** | [Federal employees / public / regulated cohort] |
|
|
39
|
+
| **Decisions Affecting Individuals** | [Yes — describe / No / Decision-support only] |
|
|
40
|
+
| **Human-in-the-Loop Posture** | [Always / Threshold-triggered / None] |
|
|
41
|
+
| **Cross-ref AI Impact Assessment** | [ARC-{P}-AIIA-v*] |
|
|
42
|
+
| **Assessment Date** | [YYYY-MM-DD] |
|
|
43
|
+
| **Chief AI Officer (CAIO)** | [Name + role] |
|
|
44
|
+
|
|
45
|
+
---
|
|
46
|
+
|
|
47
|
+
## 2. Govern Function
|
|
48
|
+
|
|
49
|
+
Cultivate a culture of risk management. AI RMF 1.0 Govern function sub-categories.
|
|
50
|
+
|
|
51
|
+
| Sub-category | Maturity | Evidence | Action |
|
|
52
|
+
|--------------|----------|----------|--------|
|
|
53
|
+
| Govern 1.1 — Legal and regulatory requirements involving AI are understood, managed, and documented | [Not in Place / Partially / Mostly / Fully] | [Evidence] | [Action] |
|
|
54
|
+
| Govern 1.2 — Characteristics of trustworthy AI are integrated into organisational policies, processes, and procedures | [Maturity] | [Evidence] | [Action] |
|
|
55
|
+
| Govern 1.3 — Processes, procedures, and practices are in place to determine the needed level of risk management activities based on the AI system's risk | [Maturity] | [Evidence] | [Action] |
|
|
56
|
+
| Govern 1.4 — The risk management process and its outcomes are established through transparent policies, procedures, and other controls | [Maturity] | [Evidence] | [Action] |
|
|
57
|
+
| Govern 1.5 — Ongoing monitoring and periodic review of the risk management process and its outcomes are planned | [Maturity] | [Evidence] | [Action] |
|
|
58
|
+
| Govern 1.6 — Mechanisms are in place to inventory AI systems and are resourced according to organisational risk priorities | [Maturity] | [Evidence] | [Action] |
|
|
59
|
+
| Govern 1.7 — Processes and procedures are in place for decommissioning and phasing out AI systems safely | [Maturity] | [Evidence] | [Action] |
|
|
60
|
+
| Govern 2.1 — Roles, responsibilities, and lines of communication related to mapping, measuring, and managing AI risks are documented | [Maturity] | [Evidence] | [Action] |
|
|
61
|
+
| Govern 2.2 — The organisation's personnel and partners receive AI risk-management training | [Maturity] | [Evidence] | [Action] |
|
|
62
|
+
| Govern 2.3 — Executive leadership of the organisation takes responsibility for decisions about risks associated with AI system development and deployment | [Maturity] | [Evidence] | [Action] |
|
|
63
|
+
| Govern 3.1 — Decision-making related to mapping, measuring, and managing AI risks throughout the lifecycle is informed by a diverse team | [Maturity] | [Evidence] | [Action] |
|
|
64
|
+
| Govern 3.2 — Policies and procedures are in place to define and differentiate roles and responsibilities for human-AI configurations and oversight | [Maturity] | [Evidence] | [Action] |
|
|
65
|
+
| Govern 4.1 — Organisational policies and practices foster a critical thinking and safety-first mindset | [Maturity] | [Evidence] | [Action] |
|
|
66
|
+
| Govern 4.2 — Organisational teams document the risks and potential impacts of AI technology they design, develop, deploy, evaluate, and use | [Maturity] | [Evidence] | [Action] |
|
|
67
|
+
| Govern 4.3 — Organisational practices are in place to enable AI testing, identification of incidents, and information sharing | [Maturity] | [Evidence] | [Action] |
|
|
68
|
+
| Govern 5.1 — Organisational policies and practices are in place to collect, consider, prioritise, and integrate feedback from those external to the team that developed or deployed the AI system | [Maturity] | [Evidence] | [Action] |
|
|
69
|
+
| Govern 5.2 — Mechanisms are established to enable AI actors to regularly incorporate adjudicated feedback from relevant AI actors into system design and implementation | [Maturity] | [Evidence] | [Action] |
|
|
70
|
+
| Govern 6.1 — Policies and procedures are in place that address AI risks associated with third-party entities | [Maturity] | [Evidence] | [Action] |
|
|
71
|
+
| Govern 6.2 — Contingency processes are in place to handle failures or incidents in third-party data or AI systems deemed to be high-risk | [Maturity] | [Evidence] | [Action] |
|
|
72
|
+
|
|
73
|
+
---
|
|
74
|
+
|
|
75
|
+
## 3. Map Function
|
|
76
|
+
|
|
77
|
+
Establish context and identify risks. AI RMF 1.0 Map function sub-categories.
|
|
78
|
+
|
|
79
|
+
| Sub-category | Maturity | Evidence | Action |
|
|
80
|
+
|--------------|----------|----------|--------|
|
|
81
|
+
| Map 1.1 — Intended purposes, potentially beneficial uses, context-specific laws, norms, and expectations, and prospective settings in which the AI system will be deployed are understood and documented | [Maturity] | [Evidence] | [Action] |
|
|
82
|
+
| Map 1.2 — Inter-disciplinary AI actors, competencies, skills, and capacities for establishing context reflect demographic diversity and broad domain and user experience expertise | [Maturity] | [Evidence] | [Action] |
|
|
83
|
+
| Map 1.3 — The organisation's mission and relevant goals for the AI technology are understood and documented | [Maturity] | [Evidence] | [Action] |
|
|
84
|
+
| Map 1.4 — The business value or context of business use has been clearly defined or, in the case of assessing existing AI systems, re-evaluated | [Maturity] | [Evidence] | [Action] |
|
|
85
|
+
| Map 1.5 — Organisational risk tolerances are determined and documented | [Maturity] | [Evidence] | [Action] |
|
|
86
|
+
| Map 1.6 — System requirements are documented; AI actor expectations of stakeholders are determined | [Maturity] | [Evidence] | [Action] |
|
|
87
|
+
| Map 2.1 — The specific tasks and methods used to implement the tasks that the AI system will support are defined | [Maturity] | [Evidence] | [Action] |
|
|
88
|
+
| Map 2.2 — Information about the AI system's knowledge limits and how system output may be utilised and overseen by humans is documented | [Maturity] | [Evidence] | [Action] |
|
|
89
|
+
| Map 2.3 — Scientific integrity and TEVV considerations are identified and documented, including those related to experimental design, data collection and selection, system trustworthiness, and construct validation | [Maturity] | [Evidence] | [Action] |
|
|
90
|
+
| Map 3.1 — Potential benefits of intended AI system functionality and performance are examined and documented | [Maturity] | [Evidence] | [Action] |
|
|
91
|
+
| Map 3.2 — Potential costs, including non-monetary costs, that result from expected or realised AI errors or system functionality and trustworthiness — as connected to organisational risk tolerance — are examined and documented | [Maturity] | [Evidence] | [Action] |
|
|
92
|
+
| Map 3.3 — Targeted application scope is specified and documented based on the system's capability, established context, and AI system categorization | [Maturity] | [Evidence] | [Action] |
|
|
93
|
+
| Map 3.4 — Processes for operator and practitioner proficiency with AI system performance and trustworthiness — and relevant technical standards and certifications — are defined, assessed, and documented | [Maturity] | [Evidence] | [Action] |
|
|
94
|
+
| Map 3.5 — Processes for human oversight, in accordance with organisational policies from Govern, are defined, assessed, and documented | [Maturity] | [Evidence] | [Action] |
|
|
95
|
+
| Map 4.1 — Approaches for mapping AI technology and legal risks of its components — including the use of third-party data or software — are in place, followed, and documented | [Maturity] | [Evidence] | [Action] |
|
|
96
|
+
| Map 4.2 — Internal risk controls for components of the AI system, including third-party AI technologies, are identified and documented | [Maturity] | [Evidence] | [Action] |
|
|
97
|
+
| Map 5.1 — Likelihood and magnitude of each identified impact (both potentially beneficial and harmful) based on expected use, past uses of AI systems in similar contexts, public incident reports, feedback from those external to the team that developed or deployed the AI system, or other data are identified and documented | [Maturity] | [Evidence] | [Action] |
|
|
98
|
+
| Map 5.2 — Practices and personnel for supporting regular engagement with relevant AI actors and integrating feedback about positive, negative, and unanticipated impacts are in place and documented | [Maturity] | [Evidence] | [Action] |
|
|
99
|
+
|
|
100
|
+
---
|
|
101
|
+
|
|
102
|
+
## 4. Measure Function
|
|
103
|
+
|
|
104
|
+
Use quantitative, qualitative, or mixed-method tools to analyse, assess, and monitor AI risks.
|
|
105
|
+
|
|
106
|
+
| Sub-category | Maturity | Evidence | Action |
|
|
107
|
+
|--------------|----------|----------|--------|
|
|
108
|
+
| Measure 1.1 — Approaches and metrics for measurement of AI risks enumerated during the Map function are selected for implementation starting with the most significant AI risks | [Maturity] | [Evidence] | [Action] |
|
|
109
|
+
| Measure 1.2 — Appropriateness of AI metrics and effectiveness of existing controls are regularly assessed and updated, including reports of errors and potential impacts | [Maturity] | [Evidence] | [Action] |
|
|
110
|
+
| Measure 1.3 — Internal experts who did not serve as front-line developers for the system and/or independent assessors are involved in regular assessments and updates | [Maturity] | [Evidence] | [Action] |
|
|
111
|
+
| Measure 2.1 — Test sets, metrics, and details about the tools used during TEVV are documented | [Maturity] | [Evidence] | [Action] |
|
|
112
|
+
| Measure 2.2 — Evaluations involving human subjects meet applicable requirements and are representative of the relevant population | [Maturity] | [Evidence] | [Action] |
|
|
113
|
+
| Measure 2.3 — AI system performance or assurance criteria are measured qualitatively or quantitatively and demonstrated for conditions similar to deployment setting(s) | [Maturity] | [Evidence] | [Action] |
|
|
114
|
+
| Measure 2.4 — The functionality and behaviour of the AI system and its components — as identified in the Map function — are monitored when in production | [Maturity] | [Evidence] | [Action] |
|
|
115
|
+
| Measure 2.5 — The AI system to be deployed is demonstrated to be valid and reliable | [Maturity] | [Evidence] | [Action] |
|
|
116
|
+
| Measure 2.6 — The AI system is evaluated regularly for safety risks | [Maturity] | [Evidence] | [Action] |
|
|
117
|
+
| Measure 2.7 — AI system security and resilience are evaluated and documented | [Maturity] | [Evidence] | [Action] |
|
|
118
|
+
| Measure 2.8 — Risks associated with transparency and accountability are examined and documented | [Maturity] | [Evidence] | [Action] |
|
|
119
|
+
| Measure 2.9 — The AI model is explained, validated, and documented; AI system output is interpreted within its context and to inform responsible use and governance | [Maturity] | [Evidence] | [Action] |
|
|
120
|
+
| Measure 2.10 — Privacy risk of the AI system is examined and documented | [Maturity] | [Evidence] | [Action] |
|
|
121
|
+
| Measure 2.11 — Fairness and bias — as identified in the Map function — are evaluated and documented | [Maturity] | [Evidence] | [Action] |
|
|
122
|
+
| Measure 2.12 — Environmental impact and sustainability of AI model training and management activities are assessed and documented | [Maturity] | [Evidence] | [Action] |
|
|
123
|
+
| Measure 2.13 — Effectiveness of the employed TEVV metrics and processes in the Measure function are evaluated and documented | [Maturity] | [Evidence] | [Action] |
|
|
124
|
+
| Measure 3.1 — Approaches, personnel, and documentation are in place to regularly identify and track existing, unanticipated, and emergent AI risks based on factors such as intended and actual performance in deployed contexts | [Maturity] | [Evidence] | [Action] |
|
|
125
|
+
| Measure 3.2 — Risk tracking approaches are considered for settings where AI risks are difficult to assess using currently available measurement techniques or where metrics are not yet available | [Maturity] | [Evidence] | [Action] |
|
|
126
|
+
| Measure 3.3 — Feedback processes for end users and impacted communities to report problems and appeal system outcomes are established and integrated into AI system evaluation metrics | [Maturity] | [Evidence] | [Action] |
|
|
127
|
+
| Measure 4.1 — Measurement approaches for identifying AI risks are connected to deployment context(s) and informed through consultation with domain experts and other end users | [Maturity] | [Evidence] | [Action] |
|
|
128
|
+
| Measure 4.2 — Measurement results regarding AI system trustworthiness in deployment context(s) and across the AI lifecycle are informed by input from domain experts and relevant AI actors | [Maturity] | [Evidence] | [Action] |
|
|
129
|
+
| Measure 4.3 — Measurable performance improvements or declines based on consultations with relevant AI actors, including affected communities, and field data about context-relevant risks and trustworthiness characteristics are identified and documented | [Maturity] | [Evidence] | [Action] |
|
|
130
|
+
|
|
131
|
+
---
|
|
132
|
+
|
|
133
|
+
## 5. Manage Function
|
|
134
|
+
|
|
135
|
+
Allocate risk resources to mapped and measured risks on a regular basis.
|
|
136
|
+
|
|
137
|
+
| Sub-category | Maturity | Evidence | Action |
|
|
138
|
+
|--------------|----------|----------|--------|
|
|
139
|
+
| Manage 1.1 — A determination is made as to whether the AI system achieves its intended purposes and stated objectives and whether its development or deployment should proceed | [Maturity] | [Evidence] | [Action] |
|
|
140
|
+
| Manage 1.2 — Treatment of documented AI risks is prioritised based on impact, likelihood, and available resources or methods | [Maturity] | [Evidence] | [Action] |
|
|
141
|
+
| Manage 1.3 — Responses to the AI risks deemed high priority — as identified by the Map function — including response, recovery, and communication plans are planned and documented | [Maturity] | [Evidence] | [Action] |
|
|
142
|
+
| Manage 1.4 — Negative residual risks (defined as the sum of all unmitigated risks) to both downstream acquirers of AI systems and end users are documented | [Maturity] | [Evidence] | [Action] |
|
|
143
|
+
| Manage 2.1 — Resources required to manage AI risks are taken into account, along with viable non-AI alternative systems, approaches, or methods — to reduce the magnitude or likelihood of potential impacts | [Maturity] | [Evidence] | [Action] |
|
|
144
|
+
| Manage 2.2 — Mechanisms are in place and applied to sustain the value of deployed AI systems | [Maturity] | [Evidence] | [Action] |
|
|
145
|
+
| Manage 2.3 — Procedures are followed to respond to and recover from a previously unknown risk when it is identified | [Maturity] | [Evidence] | [Action] |
|
|
146
|
+
| Manage 2.4 — Mechanisms are in place and applied, and responsibilities are assigned and understood, to supersede, disengage, or deactivate AI systems that demonstrate performance or outcomes inconsistent with intended use | [Maturity] | [Evidence] | [Action] |
|
|
147
|
+
| Manage 3.1 — AI risks and benefits from third-party resources are regularly monitored and risk controls are applied and documented | [Maturity] | [Evidence] | [Action] |
|
|
148
|
+
| Manage 3.2 — Pre-trained models that are used for development are monitored as part of AI system regular monitoring and maintenance | [Maturity] | [Evidence] | [Action] |
|
|
149
|
+
| Manage 4.1 — Post-deployment AI system monitoring plans are implemented, including mechanisms for capturing and evaluating input from users and other relevant AI actors, appeal and override, decommissioning, incident response, recovery, and change management | [Maturity] | [Evidence] | [Action] |
|
|
150
|
+
| Manage 4.2 — Measurable activities for continual improvements are integrated into AI system updates and include regular engagement with interested parties, including relevant AI actors | [Maturity] | [Evidence] | [Action] |
|
|
151
|
+
| Manage 4.3 — Incidents and errors are communicated to relevant AI actors, including affected communities; processes for tracking, responding to, and recovering from incidents and errors are followed and documented | [Maturity] | [Evidence] | [Action] |
|
|
152
|
+
|
|
153
|
+
---
|
|
154
|
+
|
|
155
|
+
## 6. Generative AI Profile (NIST AI 600-1)
|
|
156
|
+
|
|
157
|
+
[If GenAI is in use, complete this section. If not, mark "Not Applicable" and explain.]
|
|
158
|
+
|
|
159
|
+
**GenAI Applicability**: [Yes / No]
|
|
160
|
+
|
|
161
|
+
If yes, score the 12 GenAI-specific risk categories from NIST AI 600-1:
|
|
162
|
+
|
|
163
|
+
| GenAI Risk | Maturity | Evidence | Action |
|
|
164
|
+
|-----------|----------|----------|--------|
|
|
165
|
+
| Confabulation (hallucination of false content) | [Maturity] | [Evidence] | [Action] |
|
|
166
|
+
| Dangerous, Violent, or Hateful Content | [Maturity] | [Evidence] | [Action] |
|
|
167
|
+
| Data Privacy (training-data memorisation; inference-time leakage) | [Maturity] | [Evidence] | [Action] |
|
|
168
|
+
| Environmental Impact (training + inference energy / water / carbon) | [Maturity] | [Evidence] | [Action] |
|
|
169
|
+
| Harmful Bias or Homogenization | [Maturity] | [Evidence] | [Action] |
|
|
170
|
+
| Human-AI Configuration (over-reliance, automation bias) | [Maturity] | [Evidence] | [Action] |
|
|
171
|
+
| Information Integrity (mis/disinformation amplification) | [Maturity] | [Evidence] | [Action] |
|
|
172
|
+
| Information Security (prompt injection, model extraction, adversarial inputs) | [Maturity] | [Evidence] | [Action] |
|
|
173
|
+
| Intellectual Property (training-data copyright; output IP) | [Maturity] | [Evidence] | [Action] |
|
|
174
|
+
| Obscene, Degrading, and/or Abusive Content | [Maturity] | [Evidence] | [Action] |
|
|
175
|
+
| Toxicity, Bias, and Homogenization in outputs | [Maturity] | [Evidence] | [Action] |
|
|
176
|
+
| Value Chain and Component Integration (third-party model risks) | [Maturity] | [Evidence] | [Action] |
|
|
177
|
+
|
|
178
|
+
---
|
|
179
|
+
|
|
180
|
+
## 7. Residual Risk Register
|
|
181
|
+
|
|
182
|
+
| Risk ID | Description | Likelihood | Impact | Treatment | Owner |
|
|
183
|
+
|---------|-------------|-----------|--------|-----------|-------|
|
|
184
|
+
| AIR-001 | [Risk description] | [Low / Med / High] | [Low / Med / High] | [Accept / Mitigate / Transfer / Avoid] | [Role] |
|
|
185
|
+
|
|
186
|
+
---
|
|
187
|
+
|
|
188
|
+
## 8. Control-to-RMF-Function Crosswalk
|
|
189
|
+
|
|
190
|
+
Map NIST SP 800-53 controls to AI RMF functions.
|
|
191
|
+
|
|
192
|
+
| 800-53 Control | AI RMF Function | Sub-category | Notes |
|
|
193
|
+
|----------------|-----------------|--------------|-------|
|
|
194
|
+
| RA-3 | Map | Map 5.1 | [Risk assessment of AI system harms] |
|
|
195
|
+
| RA-5 | Measure | Measure 2.7 | [Vulnerability monitoring] |
|
|
196
|
+
| SI-4 | Manage | Manage 4.1 | [System monitoring during operation] |
|
|
197
|
+
| CA-7 | Manage | Manage 4.1 | [Continuous monitoring] |
|
|
198
|
+
| PT-1 | Govern | Govern 1.1 | [PII processing policy] |
|
|
199
|
+
| AT-2 | Govern | Govern 2.2 | [AI awareness training] |
|
|
200
|
+
| SR-3 | Govern | Govern 6.1 | [Third-party AI supply chain] |
|
|
201
|
+
| SA-11 | Measure | Measure 2.5 | [Developer testing] |
|
|
202
|
+
| IR-4 | Manage | Manage 4.3 | [AI incident handling] |
|
|
203
|
+
|
|
204
|
+
---
|
|
205
|
+
|
|
206
|
+
## 9. References
|
|
207
|
+
|
|
208
|
+
| Reference | Citation | URL |
|
|
209
|
+
|-----------|----------|-----|
|
|
210
|
+
| NIST AI RMF 1.0 | Artificial Intelligence Risk Management Framework 1.0 | <https://doi.org/10.6028/NIST.AI.100-1> |
|
|
211
|
+
| AI RMF Playbook | Playbook for the AI RMF | <https://airc.nist.gov/AI_RMF_Knowledge_Base/Playbook> |
|
|
212
|
+
| NIST AI 600-1 | AI RMF: Generative AI Profile | <https://doi.org/10.6028/NIST.AI.600-1> |
|
|
213
|
+
| OMB M-24-10 | Advancing Governance, Innovation, and Risk Management for Agency Use of AI | <https://www.whitehouse.gov/wp-content/uploads/2024/03/M-24-10-Advancing-Governance-Innovation-and-Risk-Management-for-Agency-Use-of-Artificial-Intelligence.pdf> |
|
|
214
|
+
|
|
215
|
+
---
|
|
216
|
+
|
|
217
|
+
## 10. Approvals
|
|
218
|
+
|
|
219
|
+
| Role | Name | Signature | Date |
|
|
220
|
+
|------|------|-----------|------|
|
|
221
|
+
| Chief AI Officer (CAIO) | [Name] | [Signature] | [YYYY-MM-DD] |
|
|
222
|
+
| AI Use-Case Owner | [Name] | [Signature] | [YYYY-MM-DD] |
|
|
223
|
+
| CISO | [Name] | [Signature] | [YYYY-MM-DD] |
|
|
224
|
+
| Senior Agency Official for Privacy (SAOP) | [Name] | [Signature] | [YYYY-MM-DD] |
|
|
225
|
+
|
|
226
|
+
---
|
|
227
|
+
|
|
228
|
+
**Generated by**: ArcKit `/arckit:us-ai-rmf` command
|
|
229
|
+
**Generated on**: [DATE]
|
|
230
|
+
**ArcKit Version**: [VERSION]
|
|
231
|
+
**Project**: [PROJECT_NAME]
|
|
232
|
+
**Model**: [AI_MODEL]
|
|
@@ -0,0 +1,209 @@
|
|
|
1
|
+
# FedRAMP Readiness Assessment Report (3PAO)
|
|
2
|
+
|
|
3
|
+
> **Template Origin**: Community | **ArcKit Version**: [VERSION] | **Command**: `/arckit:us-fedramp-readiness`
|
|
4
|
+
|
|
5
|
+
## Document Control
|
|
6
|
+
|
|
7
|
+
<!-- DOC-CONTROL-HEADER -->
|
|
8
|
+
<!-- Resolved at command-execution time per _partials/RENDERING.md. -->
|
|
9
|
+
<!-- Classification line MUST be: -->
|
|
10
|
+
<!-- | Classification | PUBLIC / OFFICIAL / OFFICIAL-SENSITIVE (set via `default_classification` user-config) | -->
|
|
11
|
+
|
|
12
|
+
## Revision History
|
|
13
|
+
|
|
14
|
+
| Version | Date | Author | Changes | Approved By | Approval Date |
|
|
15
|
+
|---------|------|--------|---------|-------------|---------------|
|
|
16
|
+
| [VERSION] | [YYYY-MM-DD] | ArcKit AI | Initial creation from `/arckit:us-fedramp-readiness` command | PENDING | PENDING |
|
|
17
|
+
|
|
18
|
+
---
|
|
19
|
+
|
|
20
|
+
## Executive Summary
|
|
21
|
+
|
|
22
|
+
[Two to three paragraphs: CSO under assessment, baseline targeted, the 3PAO firm conducting the assessment, the overall readiness recommendation (FedRAMP-Ready / Not Ready / Conditional), and the top three gaps by severity.]
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
## 1. Capability Statement
|
|
27
|
+
|
|
28
|
+
| Field | Value |
|
|
29
|
+
|-------|-------|
|
|
30
|
+
| **Cloud Service Offering (CSO)** | [CSO name] |
|
|
31
|
+
| **CSP** | [CSP organisation] |
|
|
32
|
+
| **Service Model** | [IaaS / PaaS / SaaS] |
|
|
33
|
+
| **Baseline Targeted** | [Moderate / High] |
|
|
34
|
+
| **Authorisation Path** | [Agency / JAB / Tailored] |
|
|
35
|
+
| **3PAO Firm** | [3PAO name + A2LA accreditation #] |
|
|
36
|
+
| **Assessment Period** | [YYYY-MM-DD to YYYY-MM-DD] |
|
|
37
|
+
| **Sponsoring Agency** (if Agency path) | [Agency] |
|
|
38
|
+
| **Target ATO Date** | [YYYY-MM-DD] |
|
|
39
|
+
|
|
40
|
+
### What the CSO Provides
|
|
41
|
+
|
|
42
|
+
[Two-paragraph description of the service, customer use cases, and key capabilities relevant to federal customers.]
|
|
43
|
+
|
|
44
|
+
### Customer Responsibility Matrix (Summary)
|
|
45
|
+
|
|
46
|
+
| Control Family | CSO Provides | Customer Responsibility |
|
|
47
|
+
|----------------|--------------|-------------------------|
|
|
48
|
+
| AC | [What the CSO handles] | [What the customer must configure] |
|
|
49
|
+
| AU | [What the CSO handles] | [What the customer must configure] |
|
|
50
|
+
| CM | [What the CSO handles] | [What the customer must configure] |
|
|
51
|
+
| IR | [What the CSO handles] | [What the customer must configure] |
|
|
52
|
+
| SC | [What the CSO handles] | [What the customer must configure] |
|
|
53
|
+
| SI | [What the CSO handles] | [What the customer must configure] |
|
|
54
|
+
|
|
55
|
+
[Full CRM is a separate deliverable; this is a summary view for the RAR.]
|
|
56
|
+
|
|
57
|
+
---
|
|
58
|
+
|
|
59
|
+
## 2. Authorisation Path Recommendation
|
|
60
|
+
|
|
61
|
+
| Path | Recommended? | Rationale |
|
|
62
|
+
|------|--------------|-----------|
|
|
63
|
+
| **Agency ATO** | [Yes / No] | [Single sponsoring agency identified; suits CSOs with a primary federal customer.] |
|
|
64
|
+
| **JAB P-ATO** | [Yes / No] | [Multi-agency demand; suits widely-used CSOs.] |
|
|
65
|
+
| **FedRAMP Tailored (Low-Impact SaaS)** | [Yes / No] | [LI-SaaS only; suits collaboration / productivity tools with no PII / no sensitive data.] |
|
|
66
|
+
|
|
67
|
+
**Recommendation**: [Agency / JAB / Tailored] — [Rationale narrative]
|
|
68
|
+
|
|
69
|
+
---
|
|
70
|
+
|
|
71
|
+
## 3. Gap Register
|
|
72
|
+
|
|
73
|
+
Gaps identified during the readiness assessment that must be remediated before authorisation.
|
|
74
|
+
|
|
75
|
+
| Control ID | Gap Description | Severity (High / Mod / Low) | Mitigation Plan | Target Completion (POA&M Target) | Owner |
|
|
76
|
+
|-----------|-----------------|------------------------------|-----------------|----------------------------------|-------|
|
|
77
|
+
| [AC-2] | [Account management process not fully automated; manual provisioning steps remain.] | [Moderate] | [Automate provisioning via IdP workflow; remove manual steps.] | [YYYY-MM-DD] | [Platform team] |
|
|
78
|
+
| [AU-6] | [Audit log review cadence not documented for the application tier.] | [Low] | [Document review SOP; SOC ack daily.] | [YYYY-MM-DD] | [SOC] |
|
|
79
|
+
| [SC-7] | [WAF rule set not validated against OWASP top 10.] | [High] | [Engage AppSec; tune WAF; rerun validation.] | [YYYY-MM-DD] | [AppSec] |
|
|
80
|
+
| [SR-3] | [SBOM not yet produced for one third-party dependency.] | [Moderate] | [Engage vendor; produce CycloneDX SBOM.] | [YYYY-MM-DD] | [SecOps] |
|
|
81
|
+
|
|
82
|
+
---
|
|
83
|
+
|
|
84
|
+
## 4. Evidence Inventory
|
|
85
|
+
|
|
86
|
+
| Artefact | Control ID(s) | Evidence Status (Complete / Partial / Missing) | Location / Link |
|
|
87
|
+
|----------|---------------|------------------------------------------------|-----------------|
|
|
88
|
+
| System Security Plan (SSP) | [All] | [Complete] | [ARC-{P}-FRSSP-v*] |
|
|
89
|
+
| FIPS 199 Categorization | [RA-2] | [Complete] | [ARC-{P}-FISMA-v*] |
|
|
90
|
+
| Tailored 800-53 Control Set | [All] | [Complete] | [ARC-{P}-NIST53-v*] |
|
|
91
|
+
| Privacy Impact Assessment | [PT family] | [Complete] | [ARC-{P}-PIA-v*] |
|
|
92
|
+
| Contingency Plan | [CP-2] | [Complete] | [Reference] |
|
|
93
|
+
| Incident Response Plan | [IR-8] | [Complete] | [Reference] |
|
|
94
|
+
| Configuration Management Plan | [CM-9] | [Complete] | [Reference] |
|
|
95
|
+
| ConMon Plan | [CA-7] | [Partial — pending FedRAMP PMO template alignment] | [Reference] |
|
|
96
|
+
| POA&M (initial) | [CA-5] | [Complete] | [Reference] |
|
|
97
|
+
| Vulnerability Scan (authenticated) | [RA-5] | [Complete — last scan YYYY-MM-DD] | [Scan report ref] |
|
|
98
|
+
| Penetration Test Report | [CA-8] | [Complete — last test YYYY-MM-DD] | [Pentest report ref] |
|
|
99
|
+
| Customer Responsibility Matrix (CRM) | [All inherited] | [Complete] | [Reference] |
|
|
100
|
+
| FIPS 140-3 Validation Certs for crypto modules | [SC-13] | [Complete — CMVP cert NNNN] | [CMVP cert link] |
|
|
101
|
+
| SSDF Self-Attestation (EO 14028) | [SR family] | [Complete] | [ARC-{P}-SBOM-v*] |
|
|
102
|
+
|
|
103
|
+
---
|
|
104
|
+
|
|
105
|
+
## 5. 3PAO RAR Criteria Checklist
|
|
106
|
+
|
|
107
|
+
Per the FedRAMP 3PAO Readiness Assessment Report template.
|
|
108
|
+
|
|
109
|
+
| # | Criterion | Status | Notes |
|
|
110
|
+
|---|-----------|--------|-------|
|
|
111
|
+
| 1 | CSO is fully described (architecture, boundary, components) | [Met / Not Met] | [Notes] |
|
|
112
|
+
| 2 | Authorisation boundary diagram approved | [Met / Not Met] | [Notes] |
|
|
113
|
+
| 3 | Data flow diagram approved | [Met / Not Met] | [Notes] |
|
|
114
|
+
| 4 | All controls implemented or have POA&M target dates | [Met / Not Met] | [Notes] |
|
|
115
|
+
| 5 | FedRAMP-Ready CSP dependencies confirmed | [Met / Not Met] | [Notes] |
|
|
116
|
+
| 6 | FIPS 140-3 validated crypto modules used for all crypto | [Met / Not Met] | [Notes] |
|
|
117
|
+
| 7 | Multi-factor authentication implemented (AAL2 minimum) | [Met / Not Met] | [Notes] |
|
|
118
|
+
| 8 | Continuous monitoring strategy documented | [Met / Not Met] | [Notes] |
|
|
119
|
+
| 9 | Initial vulnerability scan completed; results in evidence | [Met / Not Met] | [Notes] |
|
|
120
|
+
| 10 | Initial penetration test completed; report in evidence | [Met / Not Met] | [Notes] |
|
|
121
|
+
| 11 | Initial POA&M populated | [Met / Not Met] | [Notes] |
|
|
122
|
+
| 12 | Incident response capability validated by tabletop exercise | [Met / Not Met] | [Notes] |
|
|
123
|
+
| 13 | All cryptographic key management implemented per SC-12 | [Met / Not Met] | [Notes] |
|
|
124
|
+
| 14 | CRM completed and signed by CSP | [Met / Not Met] | [Notes] |
|
|
125
|
+
| 15 | SSDF / EO 14028 self-attestation submitted to CISA | [Met / Not Met] | [Notes] |
|
|
126
|
+
|
|
127
|
+
**Overall RAR Recommendation**: [FedRAMP-Ready / Not Ready / Conditional]
|
|
128
|
+
|
|
129
|
+
---
|
|
130
|
+
|
|
131
|
+
## 6. Penetration Testing Summary
|
|
132
|
+
|
|
133
|
+
| Field | Value |
|
|
134
|
+
|-------|-------|
|
|
135
|
+
| **Test Firm** | [Firm name] |
|
|
136
|
+
| **Test Period** | [YYYY-MM-DD to YYYY-MM-DD] |
|
|
137
|
+
| **Scope** | [In-scope assets, applications, APIs] |
|
|
138
|
+
| **Methodology** | [PTES / OWASP WSTG / NIST SP 800-115] |
|
|
139
|
+
| **Critical Findings** | [Count + status] |
|
|
140
|
+
| **High Findings** | [Count + status] |
|
|
141
|
+
| **Medium Findings** | [Count + status] |
|
|
142
|
+
| **Low Findings** | [Count + status] |
|
|
143
|
+
| **Retest Date** | [YYYY-MM-DD] |
|
|
144
|
+
| **Final Status** | [All criticals remediated / N criticals open with mitigation] |
|
|
145
|
+
|
|
146
|
+
---
|
|
147
|
+
|
|
148
|
+
## 7. Continuous Monitoring Readiness
|
|
149
|
+
|
|
150
|
+
| Element | Status | Notes |
|
|
151
|
+
|---------|--------|-------|
|
|
152
|
+
| ConMon Plan documented | [Complete / In progress] | [Reference] |
|
|
153
|
+
| Monthly POA&M ready for FedRAMP PMO submission | [Yes / No] | [Notes] |
|
|
154
|
+
| Authenticated scan cadence proven (≥ 4 weeks history) | [Yes / No] | [Notes] |
|
|
155
|
+
| IR drill (tabletop or functional) completed in last 12 months | [Yes / No] | [Notes] |
|
|
156
|
+
| Annual assessment scope agreed with AO | [Yes / No] | [Notes] |
|
|
157
|
+
|
|
158
|
+
---
|
|
159
|
+
|
|
160
|
+
## 8. Remediation Roadmap
|
|
161
|
+
|
|
162
|
+
```text
|
|
163
|
+
Month 1 |================================| Address all High gaps
|
|
164
|
+
Month 2 |================================| Address Moderate gaps
|
|
165
|
+
Month 3 |================================| 3PAO retest of remediated items
|
|
166
|
+
Month 4 |================================| Submit package to FedRAMP PMO
|
|
167
|
+
Month 5-6 |================================| ATO process (Agency or JAB review)
|
|
168
|
+
```
|
|
169
|
+
|
|
170
|
+
[Replace with project-specific timeline. Include milestone gates: gap closure → 3PAO retest → package submission → AO review → ATO issued.]
|
|
171
|
+
|
|
172
|
+
| Milestone | Target Date | Owner | Status |
|
|
173
|
+
|-----------|-------------|-------|--------|
|
|
174
|
+
| All High gaps closed | [YYYY-MM-DD] | [Owner] | [Open / Done] |
|
|
175
|
+
| All Moderate gaps closed | [YYYY-MM-DD] | [Owner] | [Open / Done] |
|
|
176
|
+
| 3PAO retest complete | [YYYY-MM-DD] | [3PAO] | [Open / Done] |
|
|
177
|
+
| Package submitted to FedRAMP PMO | [YYYY-MM-DD] | [System Owner] | [Open / Done] |
|
|
178
|
+
| ATO issued | [YYYY-MM-DD] | [AO] | [Open / Done] |
|
|
179
|
+
|
|
180
|
+
---
|
|
181
|
+
|
|
182
|
+
## 9. References
|
|
183
|
+
|
|
184
|
+
| Reference | Citation | URL |
|
|
185
|
+
|-----------|----------|-----|
|
|
186
|
+
| FedRAMP 3PAO RAR Template | Readiness Assessment Report Template | <https://www.fedramp.gov/documents-templates/> |
|
|
187
|
+
| FedRAMP Agency Authorization Playbook | Agency Authorization Playbook | <https://www.fedramp.gov/agency-authorization/> |
|
|
188
|
+
| FedRAMP JAB Prioritisation Criteria | JAB Prioritisation Criteria | <https://www.fedramp.gov/jab-prioritization/> |
|
|
189
|
+
| FedRAMP Continuous Monitoring Strategy Guide | ConMon Strategy Guide | <https://www.fedramp.gov/assets/resources/documents/CSP_Continuous_Monitoring_Strategy_Guide.pdf> |
|
|
190
|
+
| A2LA 3PAO Directory | Accredited 3PAO Directory | <https://customer.a2la.org/index.cfm?event=directory.search> |
|
|
191
|
+
|
|
192
|
+
---
|
|
193
|
+
|
|
194
|
+
## 10. Approvals
|
|
195
|
+
|
|
196
|
+
| Role | Name | Signature | Date |
|
|
197
|
+
|------|------|-----------|------|
|
|
198
|
+
| 3PAO Lead Assessor | [Name] | [Signature] | [YYYY-MM-DD] |
|
|
199
|
+
| CSP System Owner | [Name] | [Signature] | [YYYY-MM-DD] |
|
|
200
|
+
| CSP CISO | [Name] | [Signature] | [YYYY-MM-DD] |
|
|
201
|
+
| Sponsoring Agency AO (Agency path) | [Name] | [Signature] | [YYYY-MM-DD] |
|
|
202
|
+
|
|
203
|
+
---
|
|
204
|
+
|
|
205
|
+
**Generated by**: ArcKit `/arckit:us-fedramp-readiness` command
|
|
206
|
+
**Generated on**: [DATE]
|
|
207
|
+
**ArcKit Version**: [VERSION]
|
|
208
|
+
**Project**: [PROJECT_NAME]
|
|
209
|
+
**Model**: [AI_MODEL]
|