arckit-cli 6.1.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- arckit_cli/__init__.py +1120 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/memory/sessions.md +293 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/_partials/RENDERING.md +22 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/_partials/document-control-uae.md +20 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/_partials/document-control-uk.md +16 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/adm-preliminary-template.md +135 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/adr-template.md +588 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-design-template.md +390 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-governance-template.md +90 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-integration-template.md +159 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-inventory-template.md +108 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-maturity-template.md +388 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-security-template.md +213 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/analysis-report-template.md +323 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/application-inventory-template.md +221 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-board-template.md +194 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-change-template.md +205 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-diagram-template.md +610 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-principles-template.md +632 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-repository-template.md +107 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-strategy-template.md +666 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/at-bvergg-template.md +252 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/at-dsgvo-template.md +354 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/at-nisg-template.md +236 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-aescsf-template.md +189 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ai-assurance-template.md +243 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-disp-attestation-template.md +297 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-dss-template.md +302 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-e8-posture-template.md +377 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-energy-compliance-template.md +189 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ism-controls-template.md +462 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ndb-playbook-template.md +288 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ot-security-template.md +204 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-pia-template.md +394 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-pspf-template.md +380 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-soci-cirmp-template.md +206 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/aws-research-template.md +605 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/azure-research-template.md +559 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/backlog-template.md +465 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-aia-template.md +206 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-atip-template.md +192 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-charter-template.md +190 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-cloud-residency-template.md +173 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-fitaa-template.md +156 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-gc-digital-standards-template.md +208 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-itsg-33-template.md +228 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-ocap-template.md +205 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-ola-template.md +171 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-pia-template.md +193 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-pspc-template.md +214 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-soia-template.md +219 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/capability-map-template.md +125 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/competitors-template.md +113 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/conformance-assessment-template.md +507 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/data-mesh-contract-template.md +851 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/data-model-template.md +1043 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/data-source-profile-template.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/datascout-template.md +546 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/devops-template.md +961 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dfd-template.md +161 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dld-review-template.md +427 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dos-requirements-template.md +506 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dpia-template.md +1200 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-ai-act-template.md +227 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-cra-template.md +176 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-data-act-template.md +175 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-dora-template.md +197 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-dsa-template.md +183 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-nis2-template.md +196 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-rgpd-template.md +198 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/evaluation-criteria-template.md +719 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/finops-template.md +662 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-algorithme-public-template.md +162 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-anssi-carto-template.md +196 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-anssi-template.md +190 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-code-reuse-template.md +190 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-dinum-template.md +195 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-dr-template.md +187 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-ebios-template.md +209 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-irn-template.md +311 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-marche-public-template.md +178 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-pssi-template.md +270 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-rgpd-template.md +195 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-secnumcloud-template.md +188 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/framework-overview-template.md +247 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gap-analysis-template.md +198 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gcloud-clarify-template.md +340 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gcloud-requirements-template.md +370 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gcp-research-template.md +585 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/glossary-template.md +117 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gov-code-search-template.md +213 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gov-landscape-template.md +271 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gov-reuse-template.md +214 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/grants-template.md +131 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/hld-review-template.md +760 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/jsp-936-template.md +1394 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/maturity-model-template.md +297 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/mlops-template.md +720 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/mod-secure-by-design-template.md +784 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/operationalize-template.md +1016 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/pages-template.html +5121 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/platform-design-template.md +1610 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/presentation-template.md +270 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/principles-compliance-assessment-template.md +389 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/project-plan-template.md +421 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/rationalization-template.md +208 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/requirements-template.md +1026 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/research-findings-template.md +939 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/risk-register-template.md +883 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/roadmap-template.md +787 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/service-assessment-prep-template.md +448 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/servicenow-design-template.md +273 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/sobc-template.md +1127 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/sow-template.md +785 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/stakeholder-drivers-template.md +493 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/story-template.md +889 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/tcop-review-template.md +593 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/tech-note-template.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/tenders-template.md +124 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/traceability-matrix-template.md +360 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/transition-architecture-template.md +286 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-ai-autonomy-tier-template.md +97 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-ai-charter-template.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-classification-template.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-cloud-residency-template.md +136 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-data-sharing-template.md +105 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-digital-records-template.md +97 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-ias-template.md +109 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-pdpl-template.md +105 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-priorities-alignment-template.md +99 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-procurement-template.md +115 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-uaepass-template.md +129 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-zero-bureaucracy-template.md +85 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-consumer-duty-board-report-template.md +49 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-consumer-duty-template.md +362 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-ctp-dependency-register-template.md +24 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-ctp-dependency-template.md +321 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-safeguarding-reconciliation-template.md +77 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-safeguarding-template.md +348 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-sca-rts-exemption-matrix-template.md +47 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-sca-rts-template.md +273 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-gov-ai-playbook-template.md +942 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-gov-atrs-template.md +1087 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-mdr-classification-template.md +307 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-case-template.md +214 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-hazard-template.md +217 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-safety-template.md +78 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-template.md +13 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-deployment-case-template.md +207 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-deployment-hazard-template.md +290 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-deployment-safety-template.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-template.md +13 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dtac-template.md +341 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ukgov-secure-by-design-template.md +1031 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-ai-impact-template.md +212 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-ai-rmf-template.md +232 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-fedramp-readiness-template.md +209 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-fedramp-ssp-template.md +352 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-fisma-categorization-template.md +145 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-icam-template.md +216 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-nist-800-53-template.md +222 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-privacy-pia-template.md +191 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-sbom-eo-14028-template.md +253 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-zero-trust-template.md +234 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/vendor-profile-template.md +88 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/vendor-scoring-template.md +332 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-climate-template.md +269 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-doctrine-template.md +299 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-gameplay-template.md +346 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-map-template.md +587 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-value-chain-template.md +256 -0
- arckit_cli-6.1.1.data/data/share/arckit/CHANGELOG.md +3554 -0
- arckit_cli-6.1.1.data/data/share/arckit/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/DEPENDENCY-MATRIX.md +929 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/README.md +322 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/WORKFLOW-DIAGRAMS.md +1088 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/adm-preliminary.md +72 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/adr.md +60 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-design.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-governance.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-integration.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-inventory.md +60 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-maturity.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-security.md +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ai-playbook.md +103 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/analyze.md +57 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/application-inventory.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/application-rationalization.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/architecture-board.md +60 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/architecture-change.md +73 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/architecture-repository.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/artifact-health.md +228 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/at-bvergg.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/at-dsgvo.md +75 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/at-nisg.md +94 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/atrs.md +98 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-aescsf.md +45 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ai-assurance.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-disp-attestation.md +90 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-dss.md +76 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-e8-posture.md +73 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-energy-compliance.md +47 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-federal-overlay.md +199 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ism-controls.md +78 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ndb-playbook.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ot-security.md +39 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-pia.md +72 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-pspf.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-soci-cirmp.md +40 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/autoresearch.md +334 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/aws-research.md +160 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/azure-research.md +157 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/backlog.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/build.md +132 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/business-capability-map.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/business-case.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/c4-layout-science.md +280 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-aia.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-atip.md +79 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-charter.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-cloud-residency.md +91 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-fitaa.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-gc-digital-standards.md +93 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-itsg-33.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-ocap.md +91 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-ola.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-pia.md +83 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-pspc.md +96 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-soia.md +87 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/codes-of-practice.md +154 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/competitors.md +202 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/conformance.md +153 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/create.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/custom-commands.md +236 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/customize.md +108 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/data-mesh-contract.md +239 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/data-model.md +69 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/data-quality-framework.md +118 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/datascout.md +162 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/declaration.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/design-review.md +66 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/devops.md +96 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dfd.md +187 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/diagram.md +118 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dld-review.md +102 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dos.md +109 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dpia.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/enterprise-scale.md +260 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-ai-act.md +82 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-cra.md +90 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-data-act.md +85 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-dora.md +83 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-dsa.md +85 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-nis2.md +82 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-rgpd.md +76 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/evaluate.md +115 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/export-okf.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/finops.md +117 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-algorithme-public.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-anssi-carto.md +69 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-anssi.md +79 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-code-reuse.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-dinum.md +83 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-dr.md +88 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-ebios.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-irn.md +103 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-marche-public.md +94 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-pssi.md +87 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-rgpd.md +75 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-secnumcloud.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/framework.md +234 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gap-analysis.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcloud-clarify.md +108 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcloud-competitors.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcloud-search.md +106 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcp-research.md +169 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/glossary.md +190 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gov-code-search.md +119 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gov-landscape.md +114 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gov-reuse.md +112 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/govs-007-security.md +93 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/grants.md +106 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/graph-report.md +77 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/health.md +234 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/hld-review.md +110 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/hooks.md +121 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/impact.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/import-okf.md +67 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/init.md +159 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/jsp-936.md +60 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/knowledge-compounding.md +140 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/maturity-model.md +186 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/mcp-servers.md +329 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/migration.md +333 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/mlops.md +126 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/mod-secure.md +124 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/national-data-strategy.md +115 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/navigator.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/operationalize.md +143 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/pages.md +227 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/pinecone-mcp.md +128 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/plan.md +66 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/platform-design.md +600 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/presentation.md +137 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/pricing.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/principles-compliance.md +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/principles.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/procurement.md +57 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/productivity.md +217 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/remote-control.md +151 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/requirements.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/research.md +65 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/review.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/risk-management.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/risk.md +132 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roadmap.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/README.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/business-analyst.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/business-architect.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/cdo.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/ciso.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/cto-cdio.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/data-architect.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/data-governance-manager.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/delivery-manager.md +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/devops-engineer.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/enterprise-architect.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/it-service-manager.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/network-architect.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/performance-analyst.md +67 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/product-manager.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/security-architect.md +78 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/service-owner.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/solution-architect.md +75 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/technical-architect.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/score.md +91 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sdd-lot1.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sdd-lot2.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sdd-lot3.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/search.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/secure.md +181 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/security-hooks.md +200 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/security.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/service-assessment.md +47 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/service-design.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/servicenow.md +152 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/session-memory.md +100 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sobc.md +129 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sow.md +125 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/stakeholder-analysis.md +51 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/stakeholders.md +138 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/start.md +276 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/story.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/strategy.md +211 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/submission-pack.md +72 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/supplier-profile.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/tcop.md +124 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/template-builder.md +125 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/tenders.md +193 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/testing-plugin-branches.md +79 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/traceability.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/transition-architecture.md +69 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/trello.md +139 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-ai-autonomy-tier.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-ai-charter.md +89 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-classification.md +73 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-cloud-residency.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-data-sharing.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-digital-records.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-ias.md +93 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-overlay-maintenance.md +154 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-overlay.md +208 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-pdpl.md +73 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-priorities-alignment.md +82 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-procurement.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-uaepass.md +83 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-zero-bureaucracy.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-consumer-duty.md +178 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-ctp-dependency.md +181 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-payments-overlay.md +216 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-safeguarding.md +176 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-sca-rts.md +164 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/ai-playbook.md +56 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/algorithmic-transparency.md +44 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/digital-marketplace.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/secure-by-design.md +51 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/standards-map.md +108 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/technology-code-of-practice.md +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-mdr-classification.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-mod/secure-by-design.md +54 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-clinical-safety-overlay.md +214 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-dcb0129.md +64 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-dcb0160.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-dtac.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/upgrading.md +130 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-ai-impact.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-ai-rmf.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-federal-overlay.md +111 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-fedramp-readiness.md +69 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-fedramp-ssp.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-fisma-categorization.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-icam.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-nist-800-53.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-privacy-pia.md +74 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-sbom-eo-14028.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-zero-trust.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-climate.md +122 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-doctrine.md +120 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-gameplay.md +123 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-value-chain.md +130 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley.md +173 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/.agents/plugins/marketplace.json +20 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/README.md +325 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/docs/DEPENDENCY-MATRIX.md +616 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/arckit-codex-hook.mjs +1270 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/graph-inject.mjs +1497 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/graph-rollups.mjs +247 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/graph-utils.mjs +363 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/hook-utils.mjs +383 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/hooks.json +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/okf-frontmatter.mjs +279 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/project-context-builder.mjs +168 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/sync-guides.mjs +1120 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-copilot/README.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-copilot/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-copilot/docs/DEPENDENCY-MATRIX.md +616 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/LICENSE +21 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/README.md +65 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/docs/DEPENDENCY-MATRIX.md +616 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/opencode.json +25 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/.mcp.json +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/LICENSE +26 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/README.md +407 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/vibe-config.toml +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/README.md +680 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/fixtures/000-global/ARC-000-PRIN-v1.0.md +120 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/fixtures/001-test-project/ARC-001-STKE-v1.0.md +100 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/fixtures/001-test-project/README.md +15 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/program-selfharness.md +748 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/program.md +269 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/check-prerequisites.sh +250 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/common.sh +359 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/create-project.sh +408 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/generate-document-id.sh +146 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/list-projects.sh +359 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/migrate-filenames.sh +553 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bump-version.sh +293 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/check_doctype_collisions.py +30 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/check_recipes.py +94 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/check_references.py +144 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/convert_vibe_agents.py +198 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/convert_vibe_skills.py +499 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/converter.py +2002 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/create-sdg-repo.py +820 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/generate-arckit-architecture-hero.py +317 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/generate-arckit-hero.py +278 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/generate-release-notes.sh +112 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/managed-agents/README.md +105 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/managed-agents/arckit-agent.py +418 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/push-extensions.sh +424 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/apply_doc_control_marker.py +50 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/common.py +288 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/create-project.py +373 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/generate-document-id.py +96 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/list-projects.py +238 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/migrate_classification.py +94 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/render-brand-pngs.py +72 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/standardise-colon.py +128 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/sync-claude-plugin-layout.py +159 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/sync-shared-assets.py +132 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/tag-plugins.sh +65 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/tests/test-doc-types-dual-registration.mjs +57 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/tests/test-fde-templates.mjs +100 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/tests/test-regime-registration.mjs +65 -0
- arckit_cli-6.1.1.dist-info/METADATA +1966 -0
- arckit_cli-6.1.1.dist-info/RECORD +482 -0
- arckit_cli-6.1.1.dist-info/WHEEL +4 -0
- arckit_cli-6.1.1.dist-info/entry_points.txt +2 -0
- arckit_cli-6.1.1.dist-info/licenses/LICENSE +26 -0
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
# Australian Essential Eight Maturity Posture Playbook
|
|
2
|
+
|
|
3
|
+
> **Guide Origin**: Community | **ArcKit Version**: [VERSION]
|
|
4
|
+
|
|
5
|
+
`/arckit:au-e8-posture` generates an ASD Essential Eight maturity posture against the Australian Signals Directorate's Essential Eight Maturity Model. It scores each of the eight mitigation strategies (application control, patch applications, configure Microsoft Office macro settings, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication, regular backups) against maturity levels ML0–ML3, captures the evidence base, identifies the maturity uplift path, and surfaces the DISP-aligned target (ML2 baseline for DISP Level 2 supplier accreditation).
|
|
6
|
+
|
|
7
|
+
The Essential Eight is the ASD's prioritised baseline for mitigating cyber security incidents and is the cyber baseline that DISP, federal entities, and most Commonwealth procurements measure against. The artefact this command produces is therefore a foundational input to almost every other Australian Federal security or assurance artefact — run it early.
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Inputs
|
|
12
|
+
|
|
13
|
+
| Artefact | Purpose |
|
|
14
|
+
|----------|---------|
|
|
15
|
+
| Requirements (`ARC-<id>-REQ-v1.0.md`) | Service description, hosting model, user populations |
|
|
16
|
+
| Data model (`ARC-<id>-DMOD-v1.0.md`) | Sensitive data categories that drive control intensity |
|
|
17
|
+
| Stakeholders (`ARC-<id>-STKE-v1.0.md`) | Accountable authority, security operations owner |
|
|
18
|
+
|
|
19
|
+
---
|
|
20
|
+
|
|
21
|
+
## Command
|
|
22
|
+
|
|
23
|
+
```bash
|
|
24
|
+
/arckit:au-e8-posture <project ID or service description>
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
Output: `projects/<id>/ARC-<id>-AUE8-v1.0.md`
|
|
28
|
+
|
|
29
|
+
---
|
|
30
|
+
|
|
31
|
+
## Assessment Structure
|
|
32
|
+
|
|
33
|
+
| Section | Contents |
|
|
34
|
+
|---------|----------|
|
|
35
|
+
| Document Control | Australian classification (UNOFFICIAL / OFFICIAL / OFFICIAL:Sensitive / PROTECTED / SECRET / TOP SECRET) |
|
|
36
|
+
| Revision History | Version, date, author, changes, approvals |
|
|
37
|
+
| Executive Summary | Current maturity by strategy, gap to target maturity, headline residual risks |
|
|
38
|
+
| Scope | In-scope systems, business units, environments (production / staging / non-production) |
|
|
39
|
+
| Maturity Assessment per Strategy | For each of the 8: current ML, target ML, evidence cited, gap analysis, planned uplift |
|
|
40
|
+
| Uplift Plan | Sequenced remediation with effort, dependencies, and DISP-attestation deadline alignment |
|
|
41
|
+
| Residual Risk Statement | Risks accepted, treatments in flight, escalation path |
|
|
42
|
+
| Maintenance Cadence | Re-assessment frequency, change triggers, ASD update tracking |
|
|
43
|
+
|
|
44
|
+
---
|
|
45
|
+
|
|
46
|
+
## Regulatory Anchors
|
|
47
|
+
|
|
48
|
+
- **ASD Essential Eight Maturity Model** — eight mitigation strategies, maturity levels ML0–ML3 (the authoritative source for scoring rubric)
|
|
49
|
+
- **ASD Information Security Manual (ISM)** — control-level detail referenced by E8 strategies (cross-reference via `/arckit:au-ism-controls`)
|
|
50
|
+
- **Defence Industry Security Program (DISP) Levels 1–3** — ML2 mandated for DISP Level 2 supplier accreditation
|
|
51
|
+
- **Commonwealth Procurement Rules (November 2025 overhaul)** — cyber maturity questions in standard supplier responses
|
|
52
|
+
|
|
53
|
+
---
|
|
54
|
+
|
|
55
|
+
## When to Run
|
|
56
|
+
|
|
57
|
+
- Early in delivery, immediately after stakeholders and requirements — before HLD or detailed security design
|
|
58
|
+
- Re-run on material change to hosting, identity, or admin access model
|
|
59
|
+
- Refresh annually at minimum; DISP suppliers refresh on the attestation cadence (typically 12 months)
|
|
60
|
+
|
|
61
|
+
---
|
|
62
|
+
|
|
63
|
+
## Common Pitfalls
|
|
64
|
+
|
|
65
|
+
- **Scoping too wide** — assessing the whole organisation when the artefact is service-specific produces a low-confidence score. Tighten scope to the service or DISP-accredited business unit.
|
|
66
|
+
- **Missing evidence date** — every cited evidence item needs a "verified on" date so reviewers can judge currency. Make the date a hard field.
|
|
67
|
+
- **Confusing ML2 with "good enough"** — ML2 is the DISP baseline, not a security ceiling. Where the residual risk justifies it, target ML3 on individual strategies.
|
|
68
|
+
|
|
69
|
+
---
|
|
70
|
+
|
|
71
|
+
## Handoff
|
|
72
|
+
|
|
73
|
+
Foundational input to `/arckit:au-disp-attestation` (DISP Member self-attestation pack consolidates E8 evidence), `/arckit:au-pspf` (PSPF cross-references E8 baselines), and `/arckit:au-ism-controls` (ISM Statement of Applicability draws from the same control evidence).
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# AU Energy Compliance Pack
|
|
2
|
+
|
|
3
|
+
`/arckit:au-energy-compliance` generates an Australian energy compliance pack that integrates AESCSF maturity with energy-market obligations, IT/OT evidence, privacy, notifiable data breach readiness, traceability, diagrams/data flows, data modelling, and ADR decisions.
|
|
4
|
+
|
|
5
|
+
Use it after the AU federal community baseline is in place. The command depends on `au-aescsf` and can compose optional `au-ot-security` and `au-soci-cirmp` outputs when connected OT or SOCI/CIRMP obligations are in scope.
|
|
6
|
+
|
|
7
|
+
## Prerequisites
|
|
8
|
+
|
|
9
|
+
| Artefact | Why it helps |
|
|
10
|
+
|----------|--------------|
|
|
11
|
+
| `/arckit:requirements` | Source for energy-market, customer, resilience, safety, and regulatory obligations |
|
|
12
|
+
| `/arckit:stakeholders` | Identifies responsible entity, operator, market participant, regulator, customer, privacy, OT, and supplier stakeholders |
|
|
13
|
+
| `/arckit:au-pia` (`ARC-<id>-AUPIA-v1.0.md`) | Privacy Act evidence for customer, metering, life-support, DER, and operational data |
|
|
14
|
+
| `/arckit:au-ndb-playbook` (`ARC-<id>-AUNDB-v1.0.md`) | Breach-response and notification evidence |
|
|
15
|
+
| `/arckit:au-ot-security` (`ARC-<id>-AUOT-v1.0.md`) | Optional connected OT and secure-connectivity evidence |
|
|
16
|
+
| `/arckit:au-soci-cirmp` (`ARC-<id>-AUSOCI-v1.0.md`) | Optional SOCI/CIRMP critical-infrastructure evidence |
|
|
17
|
+
| `/arckit:au-aescsf` (`ARC-<id>-AUAESCSF-v1.0.md`) | AESCSF maturity baseline and uplift plan |
|
|
18
|
+
| `/arckit:dfd`, `/arckit:diagram`, and `/arckit:data-model` | Evidence for IT/OT, DER, market, telemetry, customer, and supplier data flows |
|
|
19
|
+
| `/arckit:adr` | Decisions for ring-fencing, AEMO integration, CSIP-AUS, remote access, data sharing, and resilience trade-offs |
|
|
20
|
+
| `/arckit:traceability` | Links energy obligations to requirements, controls, risks, diagrams, data models, and decisions |
|
|
21
|
+
|
|
22
|
+
## Usage
|
|
23
|
+
|
|
24
|
+
```text
|
|
25
|
+
/arckit:au-energy-compliance 001
|
|
26
|
+
/arckit:au-energy-compliance "Retailer DER orchestration platform"
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
Output: `projects/<id>/ARC-<id>-AUENERGY-v1.0.md`
|
|
30
|
+
|
|
31
|
+
## What It Produces
|
|
32
|
+
|
|
33
|
+
- Energy-sector scope and obligation profile.
|
|
34
|
+
- AESCSF evidence integration and uplift dependencies.
|
|
35
|
+
- AER ring-fencing, NER/NGR, AEMO, DER, market, and customer-data considerations.
|
|
36
|
+
- IT/OT and vendor connectivity evidence, including data-flow and diagram references.
|
|
37
|
+
- Privacy and Notifiable Data Breach evidence for customer, metering, DER, outage, life-support, and market data.
|
|
38
|
+
- ADR summary for architecturally significant compliance and resilience decisions.
|
|
39
|
+
- Traceability matrix linking obligations, controls, evidence, risks, diagrams, data models, and decisions.
|
|
40
|
+
|
|
41
|
+
## Source Currency
|
|
42
|
+
|
|
43
|
+
Verify the current AESCSF package/version, AEMO guidance availability, AER guidance, NER/NGR obligations, and any market-procedure references at run time. The command should record the source version and access date used for the assessment.
|
|
44
|
+
|
|
45
|
+
## Evaluation Fixtures
|
|
46
|
+
|
|
47
|
+
The public AU energy fixture corpus under `tests/fixtures/au-energy` is synthetic, including organisations, scenarios, evidence, and personas. It is intended for public evaluation, regression testing, and community improvement.
|
|
@@ -0,0 +1,199 @@
|
|
|
1
|
+
# Australian Federal / DISP-supplier Overlay Guide
|
|
2
|
+
|
|
3
|
+
> **Overlay Origin**: Community-contributed | **Domain co-maintainer**: @royster70 | **ArcKit Version**: [VERSION]
|
|
4
|
+
|
|
5
|
+
The Australian Federal / DISP-supplier Overlay adds 10 community-contributed commands covering the regulatory anchors that apply to Australian Federal entities, Defence-cleared suppliers (DISP Members), and optional cross-sector critical-infrastructure use cases. It is anchored on ASD Essential Eight + Information Security Manual, ASD operational technology guidance, the Security of Critical Infrastructure Act 2018 / CIRMP, the DTA Digital Service Standard, the Privacy Act 1988 + 13 Australian Privacy Principles, the OAIC Notifiable Data Breach scheme, the Defence Industry Security Program (DISP, Levels 1–3), the Protective Security Policy Framework, the November 2025 Commonwealth Procurement Rules overhaul, the DTA AI Assurance Framework + Responsible AI Policy v2.0, the PGPA Act s16 financial-management duties, and IRAP for cloud-service assessment.
|
|
6
|
+
|
|
7
|
+
The overlay closes [#424](https://github.com/tractorjuice/arc-kit/issues/424). A sibling sector recipe `au-energy` covering AESCSF, AER ring-fencing, NER/NGR, and AEMO obligations for energy-sector / SOCI-covered critical-asset operators addresses [#440](https://github.com/tractorjuice/arc-kit/issues/440). The general `au-ot-security` and `au-soci-cirmp` commands live here because OT security and SOCI/CIRMP apply beyond energy; `au-energy` consumes them rather than redefining them privately.
|
|
8
|
+
|
|
9
|
+
> **Follow-up**: after the AU energy PR lands, refresh the main AU community command guidance so `au-e8-posture`, `au-ism-controls`, `au-pia`, `au-ndb-playbook`, `au-ot-security`, and `au-soci-cirmp` explicitly recommend the energy overlay, diagrams, data flows, data modelling, and traceability where relevant.
|
|
10
|
+
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
## Purpose
|
|
14
|
+
|
|
15
|
+
Five jobs in one overlay:
|
|
16
|
+
|
|
17
|
+
1. **Make ASD's cyber stack a first-class architectural artefact**, not a security-team afterthought — Essential Eight maturity posture and ISM Statement of Applicability sit alongside requirements and HLD.
|
|
18
|
+
2. **Replace UK GDPR / DPA 2018 with Privacy Act 1988**, including the Tranche 1 reforms (December 2024) and the December 2026 AI-decision notification provisions.
|
|
19
|
+
3. **Replace UK GDS Service Standard with DTA Digital Service Standard** as the citizen-service quality gate.
|
|
20
|
+
4. **Make DISP Member self-attestation auditable** — the four DISP security domains (governance, personnel, physical, information & cyber) each get an evidence trail, plus FOCI declaration, supply chain, and annual board attestation.
|
|
21
|
+
5. **Ground AI delivery in DTA AI Assurance Framework v2.0** with explicit AI Accountable Officer designation and Privacy-Act-aligned automated-decision notification.
|
|
22
|
+
6. **Add optional cross-sector critical-infrastructure evidence**, separating ASD OT security and SOCI/CIRMP support so users can apply either or both before a sector overlay such as `au-energy`.
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
## When to Use
|
|
27
|
+
|
|
28
|
+
Use the overlay if any of the following apply to the project:
|
|
29
|
+
|
|
30
|
+
- The contracting authority is an **Australian Federal entity** (department, agency, statutory authority) or a Commonwealth-controlled corporate entity.
|
|
31
|
+
- The project handles **personal information** of Australian residents and is in scope of the **Privacy Act 1988** (APP entity threshold: $3M annual turnover or any health-service provider).
|
|
32
|
+
- The project provides services to the **Department of Defence** or its supply chain — **DISP membership** is required for Levels 1–3 supplier accreditation.
|
|
33
|
+
- The system is in scope of **PSPF** (Protective Security Policy Framework) — applies to all non-corporate Commonwealth entities under PGPA Act.
|
|
34
|
+
- The procurement is run under the **November 2025 Commonwealth Procurement Rules** overhaul (AUD 125k SME-only thresholds, AI transparency clauses, ethical conduct in VfM).
|
|
35
|
+
- The project includes AI/ML/LLM in scope and is subject to the **DTA AI Assurance Framework + Responsible AI Policy v2.0** (effective December 2025) and the **NAIC Essential AI Practices ("AI6")** operational guidance.
|
|
36
|
+
- The project includes connected **operational technology** or cyber-physical systems and needs ASD OT guidance alignment. Enable `AU_OT` in the recipe or run `/arckit:au-ot-security`.
|
|
37
|
+
- The project may involve a **SOCI-regulated critical infrastructure asset** and needs CIRMP governance or evidence. Enable `AU_SOCI` in the recipe or run `/arckit:au-soci-cirmp`.
|
|
38
|
+
|
|
39
|
+
For non-AU projects the overlay is dormant: existing UK, MOD, EU, French, Austrian, UAE, and Canada overlays are unchanged.
|
|
40
|
+
|
|
41
|
+
---
|
|
42
|
+
|
|
43
|
+
## Prerequisites
|
|
44
|
+
|
|
45
|
+
Before running the commands, set the plugin userConfig values:
|
|
46
|
+
|
|
47
|
+
| userConfig key | Value |
|
|
48
|
+
|---|---|
|
|
49
|
+
| `governance_framework` | `AU Federal` |
|
|
50
|
+
| `classification_scheme` | `PSPF` (UNOFFICIAL → TOP SECRET ladder) |
|
|
51
|
+
| `organisation_name` | the Federal entity name (or the contracting Defence supplier name) |
|
|
52
|
+
| `default_classification` | one of `UNOFFICIAL`, `OFFICIAL`, `OFFICIAL:Sensitive`, `PROTECTED`, `SECRET`, `TOP SECRET` |
|
|
53
|
+
|
|
54
|
+
> **Note on rendering**: The PSPF classification taxonomy is applied to AU artefacts via a per-command override at the marker-resolution step (mirrors the Canadian-overlay pattern in `ca-pia.md:32`). Each `au-*` command instructs the resolver to swap the standard UK classification line for `UNOFFICIAL / OFFICIAL / OFFICIAL:Sensitive / PROTECTED / SECRET`, so the AU artefacts come out with PSPF rendering regardless of these userConfig values. The `governance_framework` and `classification_scheme` settings are still useful as documented intent (project records, downstream tooling, traceability), and a future enhancement (a dedicated `document-control-au.md` partial + extended `RENDERING.md` routing) will make them drive global rendering for **non-AU** artefacts produced inside an AU project too. Until then, set these for clarity but do not rely on them to switch the global Document Control header.
|
|
55
|
+
|
|
56
|
+
If you are a Defence supplier rather than a Federal entity, set `organisation_name` to your supplier name and use the `au-disp-attestation` command to produce the DISP Member self-attestation pack — the rest of the overlay still applies to the project itself, with the contracting Federal entity treated as the "system owner".
|
|
57
|
+
|
|
58
|
+
---
|
|
59
|
+
|
|
60
|
+
## The 10 Commands
|
|
61
|
+
|
|
62
|
+
### Security baseline
|
|
63
|
+
|
|
64
|
+
#### `/arckit:au-e8-posture`
|
|
65
|
+
|
|
66
|
+
Generates an ASD Essential Eight maturity posture assessment covering all 8 mitigation strategies (Application Control, Patch Applications, Configure MS Office Macro Settings, User Application Hardening, Restrict Administrative Privileges, Patch Operating Systems, Multi-factor Authentication, Regular Backups) at maturity levels ML0 through ML3. Anchored on the ASD Essential Eight Maturity Model. Handoffs: `au-ism-controls` (E8 maturity feeds ISM Domain 9 — System Hardening), `au-disp-attestation` (E8 ML2 evidence is primary input to DISP Domain 4 — Information & Cyber Security), and `au-aescsf` in the sibling `au-energy` recipe.
|
|
67
|
+
|
|
68
|
+
#### `/arckit:au-ism-controls`
|
|
69
|
+
|
|
70
|
+
Generates an ASD Information Security Manual Statement of Applicability across all 17 control domains (Cyber Security Roles & Responsibilities; Cyber Security Incidents; Outsourced Services; Security Documentation; Personnel Security; Physical Security; Communications Infrastructure; Communications Systems; Enterprise Mobility; Evaluated Products; Information Technology Equipment; Media; System Hardening; System Management; System Monitoring; Software Development; Database Systems & Servers; Network Security; Cryptography; Gateways; Data Transfers). ISM extends E8 — produces the comprehensive control set on top of the mitigation baseline. Handoffs: `risk` (gaps and treatment plan), `au-pspf` (Outcome 2 — information security — instantiated by ISM), `au-disp-attestation` (cross-refs Domain 4).
|
|
71
|
+
|
|
72
|
+
### Privacy + Incident Response
|
|
73
|
+
|
|
74
|
+
#### `/arckit:au-pia`
|
|
75
|
+
|
|
76
|
+
Generates a Privacy Impact Assessment under Privacy Act 1988 s33D (introduced by the Tranche 1 reforms, December 2024) including assessment against all 13 Australian Privacy Principles (APP 1 — Open and transparent management of personal information; APP 2 — Anonymity and pseudonymity; APP 3 — Collection of solicited personal information; APP 4 — Dealing with unsolicited personal information; APP 5 — Notification of collection; APP 6 — Use or disclosure; APP 7 — Direct marketing; APP 8 — Cross-border disclosure; APP 9 — Adoption / use / disclosure of government related identifiers; APP 10 — Quality of personal information; APP 11 — Security of personal information; APP 12 — Access to personal information; APP 13 — Correction of personal information). Replaces the UK `dpia` command for AU projects. Handoffs: `au-ndb-playbook` (NDB depends on PIA — APP 11 + Privacy Officer designation), `au-ai-assurance` (APP 1, 5, 10, 12 cross-refs for AI-decision notification per the December 2026 amendments), `data-model` (per-entity sensitivity), `risk`.
|
|
77
|
+
|
|
78
|
+
#### `/arckit:au-ndb-playbook`
|
|
79
|
+
|
|
80
|
+
Generates an OAIC Notifiable Data Breach scheme operational response playbook (Privacy Act Part IIIC). Documents the 30-day notification timeline, the eligible-data-breach assessment criteria, the OAIC reporting workflow, and the affected-individual notification template. Operational artefact — depends on `au-pia` because it requires the designated Privacy Officer (APP 1) and APP 11 control inventory from the PIA. Handoffs: `au-disp-attestation` (DISP incident reporting cross-refs NDB), `risk`.
|
|
81
|
+
|
|
82
|
+
### Optional critical infrastructure support
|
|
83
|
+
|
|
84
|
+
#### `/arckit:au-ot-security`
|
|
85
|
+
|
|
86
|
+
Generates an ASD operational technology cyber security assessment for connected OT, ICS, SCADA, cyber-physical, building-management, field-device, or industrial-control environments. Covers OT architecture visibility, IT/OT segmentation, secure connectivity, remote/vendor access, monitoring, logging, incident response, safety, availability, recovery constraints, and AI-in-OT considerations where relevant. Handoffs: `au-e8-posture` and `au-ism-controls` for baseline cyber evidence, `au-soci-cirmp` where the OT environment supports a critical infrastructure asset, and `risk` for residual OT exposure.
|
|
87
|
+
|
|
88
|
+
#### `/arckit:au-soci-cirmp`
|
|
89
|
+
|
|
90
|
+
Generates a SOCI Act / Critical Infrastructure Risk Management Program governance and evidence pack. Covers critical asset and responsible entity context, SOCI applicability, CIRMP governance, cyber and information security hazards, personnel hazards, supply-chain hazards, physical security and natural hazards, protected-information handling, incident reporting, and annual report readiness. It is deliberately separate from `au-ot-security`: some SOCI assets do not include OT, and some OT environments may not trigger SOCI obligations.
|
|
91
|
+
|
|
92
|
+
### Service + AI compliance
|
|
93
|
+
|
|
94
|
+
#### `/arckit:au-dss`
|
|
95
|
+
|
|
96
|
+
Generates a DTA Digital Service Standard conformance assessment against all 13 criteria (1. Understand user needs; 2. Solve a whole problem; 3. Provide a joined-up experience; 4. Make it simple and intuitive; 5. Use ATO/digital-government building blocks; 6. Build a multidisciplinary team; 7. Iterate and improve frequently; 8. Use open standards; 9. Make it accessible and inclusive; 10. Test the service; 11. Measure performance; 12. Provide an unbroken digital service; 13. Use trusted hosting and supplier arrangements). Replaces the UK `tcop` command for AU projects (DTA DSS is the AU equivalent of UK TCoP). Handoffs: `au-e8-posture` (Criterion 13 cross-refs E8/IRAP-assessed hosting), `au-pia` (Criterion 7 cross-refs PIA + privacy notice).
|
|
97
|
+
|
|
98
|
+
#### `/arckit:au-pspf`
|
|
99
|
+
|
|
100
|
+
Generates a Protective Security Policy Framework outcomes scorecard against the 4 outcomes (Security Governance; Information Security; Personnel Security; Physical Security) and 16 core requirements. PSPF Outcome 2 (Information Security) is instantiated by `au-ism-controls` — the PSPF scorecard pulls from the ISM Statement of Applicability. Handoffs: `au-disp-attestation` (DISP Domain 1 — Governance — cross-refs PSPF Outcome 1; Domain 3 — Physical — cross-refs PSPF Outcome 4), `risk`.
|
|
101
|
+
|
|
102
|
+
#### `/arckit:au-ai-assurance`
|
|
103
|
+
|
|
104
|
+
Generates a DTA AI Assurance Framework baseline aligned to Responsible AI Policy v2.0 (effective December 2025), incorporating ISO 42001 readiness mapping, AI Accountable Officer designation, foundation-model selection and sovereignty, AI-use disclosure requirements, and Privacy Act AI-decision notification provisions (December 2026 commencement). Also covers **AU Essential AI Practices ("AI6")** — the National AI Centre's 6 essential practices for safe and responsible AI adoption (accountability / impact assessment / risk management / information sharing / testing-and-monitoring / human control), with each practice anchored to the canonical [ai.gov.au Foundations](https://www.ai.gov.au/staying-safe-and-responsible/essential-ai-practices/guidance-ai-adoption-foundations) and [Implementation Guidance](https://www.ai.gov.au/staying-safe-and-responsible/essential-ai-practices/guidance-ai-adoption-implementation-guidance) pages. Handoffs: `au-pia` (APP cross-refs for AI-decision notification), `au-e8-posture` (DLP cross-refs), `risk` (AI-specific risks), `adr` (AI/LLM provider decision is architecturally significant).
|
|
105
|
+
|
|
106
|
+
### DISP attestation (consolidation)
|
|
107
|
+
|
|
108
|
+
#### `/arckit:au-disp-attestation`
|
|
109
|
+
|
|
110
|
+
Generates a DISP Member self-attestation pack — the apex artefact for Defence-supplier scope. Consolidates the four DISP security domains (Governance & Personnel; Personnel Security; Physical Security; Information & Cyber Security) plus FOCI (Foreign Ownership, Control and Influence) declaration, supply chain assurance, and the annual board attestation. **Run last in the AU stream** — it pulls evidence from `au-e8-posture` (Domain 4), `au-ism-controls` (Domain 4 + cross-domain), `au-pia` + `au-ndb-playbook` (privacy alignment + incident reporting), and `au-pspf` (Domain 1 + Domain 3 cross-refs). Per the DISP framework, attestation level (1, 2, or 3) determines the rigour expected — Level 2 is the typical Federal-supplier baseline, Level 3 applies to higher-classification work.
|
|
111
|
+
|
|
112
|
+
---
|
|
113
|
+
|
|
114
|
+
## Build recipe
|
|
115
|
+
|
|
116
|
+
Recipe: [`au-federal.yaml`](../../arckit-au/recipes/au-federal.yaml)
|
|
117
|
+
|
|
118
|
+
37 default targets across the build waves + 3 post-build hooks (`arckit:health`, `arckit:graph-report`, `arckit:pages`), with optional default-off `AIP`, `DATASCOUT`, `AU_OT` and `AU_SOCI` targets for cross-sector critical-infrastructure and procurement use. The recipe swaps three commands from the `uk-saas` baseline (per maintainer guidance on #424):
|
|
119
|
+
|
|
120
|
+
- `arckit:tcop` → `arckit:au-dss` (DTA DSS replaces UK TCoP)
|
|
121
|
+
- `arckit:secure` → `arckit:au-e8-posture` (E8 ML2 replaces UK Secure-by-Design)
|
|
122
|
+
- `arckit:dpia` → `arckit:au-pia` (Privacy Act 1988 replaces UK GDPR/DPA 2018)
|
|
123
|
+
|
|
124
|
+
The wave shape mirrors `ca-federal-fitaa` — foundation → research wave + early domain artefacts → mid-domain → late ADRs → flagship → synthesis. `AU_DISP` is the consolidation flagship in W5, depending on `AU_E8`, `AU_ISM`, `AU_PIA`, `AU_NDB`, and `AU_PSPF` having completed in earlier waves.
|
|
125
|
+
|
|
126
|
+
### Visual and evidence targets
|
|
127
|
+
|
|
128
|
+
The recipe enables architecture and evidence artefacts by default so compliance findings can cite real structure rather than narrative: `DIAG` (diagrams), `DFD` (data flow diagrams), `DATA_MODEL`, `SNOW` (ServiceNow / CMDB), `TRACEABILITY`, and `MATURITY` (a `MMOD` capability maturity model). The optional `AU_OT` and `AU_SOCI` targets consume these as inputs, and the `arckit:graph-report` post-build hook surfaces coverage across the AU compliance, architecture, risk, traceability, and operations artefacts.
|
|
129
|
+
|
|
130
|
+
All AU Federal commands and templates apply a **Visual Evidence Decision Rule**: companion visuals are generated only when the evidence has enough structure to identify real nodes and relationships; when evidence is partial but structurally useful, a clearly marked draft visual is produced with `Pending Input` labels; otherwise the artefact records a *Visual Evidence Gap* listing the minimum inputs needed, instead of inventing a diagram from insufficient data.
|
|
131
|
+
|
|
132
|
+
To add OT and SOCI/CIRMP support to a federal build:
|
|
133
|
+
|
|
134
|
+
```bash
|
|
135
|
+
/arckit:build <project-name> --recipe au-federal --enable AU_OT --enable AU_SOCI
|
|
136
|
+
```
|
|
137
|
+
|
|
138
|
+
Use only `--enable AU_OT` for OT environments that are not SOCI-regulated, or only `--enable AU_SOCI` where CIRMP applies without OT. For Australian energy projects, use the `au-energy` recipe after the AU federal baseline; it can compose both optional targets before adding AESCSF and energy-market obligations.
|
|
139
|
+
|
|
140
|
+
To run:
|
|
141
|
+
|
|
142
|
+
```bash
|
|
143
|
+
# In a Claude Code session with the ArcKit plugin enabled:
|
|
144
|
+
/arckit:build <project-name> --recipe au-federal --plan # wave-plan dry run
|
|
145
|
+
/arckit:build <project-name> --recipe au-federal # full build
|
|
146
|
+
```
|
|
147
|
+
|
|
148
|
+
Reference test fixture: [`arckit-test-project-v44-australian-gov`](https://github.com/tractorjuice/arckit-test-project-v44-australian-gov) — the Australian Government PoC test repo.
|
|
149
|
+
|
|
150
|
+
---
|
|
151
|
+
|
|
152
|
+
## Migration from UK ladder
|
|
153
|
+
|
|
154
|
+
If you are migrating an existing UK-classified ArcKit project to the AU overlay:
|
|
155
|
+
|
|
156
|
+
1. Update plugin userConfig: switch `governance_framework` to `AU Federal`, `classification_scheme` to `PSPF`, and pick a `default_classification` from the PSPF taxonomy. (See the *Note on rendering* in Prerequisites — under the current per-command override approach these settings record intent; the AU artefacts get PSPF rendering through their own commands rather than via global routing.)
|
|
157
|
+
2. Re-run `/arckit:health` to validate the Document Control headers in any newly-generated AU artefacts against the PSPF ladder.
|
|
158
|
+
3. Replace UK-specific artefacts where AU equivalents exist:
|
|
159
|
+
- `ARC-*-DPIA-*.md` → re-generate as `ARC-*-AUPIA-*.md` via `/arckit:au-pia`
|
|
160
|
+
- `ARC-*-SECD-*.md` (Secure-by-Design) → re-generate as `ARC-*-AUE8-*.md` via `/arckit:au-e8-posture`
|
|
161
|
+
- `ARC-*-TCOP-*.md` → re-generate as `ARC-*-AUDSS-*.md` via `/arckit:au-dss`
|
|
162
|
+
4. Add the Defence-supplier and Federal-entity-specific artefacts:
|
|
163
|
+
- `/arckit:au-ism-controls` for ISM SoA
|
|
164
|
+
- `/arckit:au-pspf` for PSPF outcomes scorecard
|
|
165
|
+
- `/arckit:au-ndb-playbook` for NDB response
|
|
166
|
+
- `/arckit:au-ai-assurance` if AI is in scope
|
|
167
|
+
- `/arckit:au-ot-security` if connected OT or cyber-physical systems are in scope
|
|
168
|
+
- `/arckit:au-soci-cirmp` if SOCI/CIRMP obligations are in scope
|
|
169
|
+
- `/arckit:au-disp-attestation` if Defence supply-chain accreditation is in scope
|
|
170
|
+
5. Run `/arckit:traceability` to refresh the cross-reference matrix.
|
|
171
|
+
|
|
172
|
+
---
|
|
173
|
+
|
|
174
|
+
## Co-maintenance
|
|
175
|
+
|
|
176
|
+
The overlay is currently solo-maintained by [@royster70](https://github.com/royster70). An Australian Federal enterprise architect (or DISP-cleared supplier architect) is being recruited as domain co-maintainer before the overlay can be re-evaluated for official-baseline promotion. If you have relevant Federal/DISP architecture experience and are interested in co-maintaining, [open an issue](https://github.com/tractorjuice/arc-kit/issues) or DM [@tractorjuice](https://github.com/tractorjuice).
|
|
177
|
+
|
|
178
|
+
---
|
|
179
|
+
|
|
180
|
+
## References
|
|
181
|
+
|
|
182
|
+
- [ASD Essential Eight Maturity Model](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model)
|
|
183
|
+
- [ASD Information Security Manual](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism)
|
|
184
|
+
- [ASD Operational Technology environments](https://www.cyber.gov.au/business-government/secure-design/operational-technology-environments)
|
|
185
|
+
- [ASD Principles of operational technology cyber security](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/critical-infrastructure/principles-operational-technology-cybersecurity)
|
|
186
|
+
- [ASD Secure connectivity principles for Operational Technology](https://www.cyber.gov.au/business-government/secure-design/operational-technology-environments/secure-connectivity-principles-for-operational-technology)
|
|
187
|
+
- [Security of Critical Infrastructure Act 2018 (SOCI)](https://www.cisc.gov.au/legislation-regulation-and-compliance/soci-act-2018)
|
|
188
|
+
- [CISC Regulatory obligations](https://www.cisc.gov.au/how-we-support-industry/regulatory-obligations)
|
|
189
|
+
- [DTA Digital Service Standard](https://www.dta.gov.au/help-and-advice/digital-service-standard)
|
|
190
|
+
- [Privacy Act 1988 (Cth)](https://www.legislation.gov.au/Details/C2024C00301)
|
|
191
|
+
- [OAIC Notifiable Data Breach scheme](https://www.oaic.gov.au/privacy/notifiable-data-breaches)
|
|
192
|
+
- [Defence Industry Security Program (DISP)](https://www.defence.gov.au/business-industry/programs/defence-industry-security-program)
|
|
193
|
+
- [Protective Security Policy Framework (PSPF)](https://www.protectivesecurity.gov.au/)
|
|
194
|
+
- [Commonwealth Procurement Rules](https://www.finance.gov.au/government/procurement/commonwealth-procurement-rules) (November 2025 overhaul)
|
|
195
|
+
- [DTA AI Assurance Framework + Responsible AI Policy v2.0](https://www.digital.gov.au/policy/ai/policy)
|
|
196
|
+
- [NAIC Essential AI Practices (AI6) — Foundations](https://www.ai.gov.au/staying-safe-and-responsible/essential-ai-practices/guidance-ai-adoption-foundations)
|
|
197
|
+
- [NAIC Essential AI Practices — Implementation Guidance](https://www.ai.gov.au/staying-safe-and-responsible/essential-ai-practices/guidance-ai-adoption-implementation-guidance)
|
|
198
|
+
- [PGPA Act 2013 s16](https://www.legislation.gov.au/Details/C2024C00310)
|
|
199
|
+
- [Information Security Registered Assessors Program (IRAP)](https://www.cyber.gov.au/about-us/programs-and-services/irap)
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
# Australian ISM Statement of Applicability Playbook
|
|
2
|
+
|
|
3
|
+
> **Guide Origin**: Community | **ArcKit Version**: [VERSION]
|
|
4
|
+
|
|
5
|
+
`/arckit:au-ism-controls` generates a Statement of Applicability against the Australian Signals Directorate's Information Security Manual (ISM). It scopes the system, surveys the 17 ISM control domains for in-scope controls, scores each control's implementation posture with evidence, captures the residual risk, and surfaces the IRAP-assessable posture (Information Security Registered Assessors Program — the Australian government's cloud-inheritance and external-assessment programme).
|
|
6
|
+
|
|
7
|
+
The ISM is the authoritative control library for Australian Federal entities and DISP suppliers. The SoA is the gate artefact for IRAP assessment, security accreditation, and PSPF Outcome 4 (Information Security).
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Inputs
|
|
12
|
+
|
|
13
|
+
| Artefact | Purpose |
|
|
14
|
+
|----------|---------|
|
|
15
|
+
| Requirements (`ARC-<id>-REQ-v1.0.md`) | Service description, hosting model, data flows |
|
|
16
|
+
| Data model (`ARC-<id>-DMOD-v1.0.md`) | Sensitivity categories driving control intensity |
|
|
17
|
+
| `/arckit:au-e8-posture` output (`ARC-<id>-AUE8-v1.0.md`) | Cyber baseline that the ISM SoA cross-references |
|
|
18
|
+
| HLD (`ARC-<id>-HLD-v1.0.md`) | Architecture, identity model, key management |
|
|
19
|
+
|
|
20
|
+
---
|
|
21
|
+
|
|
22
|
+
## Command
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
/arckit:au-ism-controls <project ID or service description>
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
Output: `projects/<id>/ARC-<id>-AUISM-v1.0.md`
|
|
29
|
+
|
|
30
|
+
---
|
|
31
|
+
|
|
32
|
+
## Assessment Structure
|
|
33
|
+
|
|
34
|
+
| Section | Contents |
|
|
35
|
+
|---------|----------|
|
|
36
|
+
| Document Control | Australian classification (UNOFFICIAL / OFFICIAL / OFFICIAL:Sensitive / PROTECTED / SECRET / TOP SECRET) |
|
|
37
|
+
| Revision History | Version, date, author, changes, approvals |
|
|
38
|
+
| Executive Summary | Coverage, gaps, IRAP readiness, accreditation posture |
|
|
39
|
+
| System Scope | Description, owner, classification ceiling, hosting environments |
|
|
40
|
+
| Domain-by-Domain Analysis | All 17 ISM control domains: applicability, implementation posture, evidence, gaps |
|
|
41
|
+
| Control Inheritance | Inherited controls from underlying cloud or platform (cite IRAP assessment letters where relied on) |
|
|
42
|
+
| Residual Risk Statement | Risks accepted, escalation path, treatment commitments |
|
|
43
|
+
| IRAP Posture | Whether the system is IRAP-assessable, target assessment date, scope boundary |
|
|
44
|
+
| Accreditation Strategy | Internal accreditation route or cross-jurisdictional accreditation (Cyber-Hub, etc.) |
|
|
45
|
+
| Maintenance Cadence | Re-assessment frequency, change triggers, ISM update tracking (ASD publishes quarterly) |
|
|
46
|
+
|
|
47
|
+
---
|
|
48
|
+
|
|
49
|
+
## Regulatory Anchors
|
|
50
|
+
|
|
51
|
+
- **ASD Information Security Manual (ISM)** — 17 control domains; quarterly-updated control library
|
|
52
|
+
- **PSPF Outcome 4 (Information Security)** — federal accountability framework that cites the ISM as authoritative
|
|
53
|
+
- **IRAP (Information Security Registered Assessors Program)** — primary external-assessment route, especially for cloud inheritance
|
|
54
|
+
- **Cyber Security Act 2024 (Cth)** — incident reporting obligations relevant to security incidents tracked against ISM controls
|
|
55
|
+
- **PGPA Act 2013 s16** — federal accountable-authority duties
|
|
56
|
+
|
|
57
|
+
---
|
|
58
|
+
|
|
59
|
+
## When to Run
|
|
60
|
+
|
|
61
|
+
- During HLD / detailed design, after the architecture has stabilised enough to enumerate control inheritance
|
|
62
|
+
- Before IRAP assessment kicks off (the SoA is the input to the assessor's scoping)
|
|
63
|
+
- Re-run on material architecture change or quarterly ISM update where control changes affect the system
|
|
64
|
+
- DISP Level 2+ suppliers refresh on the attestation cycle
|
|
65
|
+
|
|
66
|
+
---
|
|
67
|
+
|
|
68
|
+
## Common Pitfalls
|
|
69
|
+
|
|
70
|
+
- **Treating every ISM control as in-scope** — the SoA is about applicability. Mark out-of-scope controls explicitly with rationale; assessors flag thin-scoping faster than thick-scoping.
|
|
71
|
+
- **Claiming inheritance without an IRAP letter** — cloud or platform inheritance requires a current IRAP assessment letter. Without it, the control is not inherited — it's the customer's to implement.
|
|
72
|
+
- **Stale evidence dates** — ISM controls reference fresh evidence (logs, configs, scan output). Mark anything older than the assessment window as stale.
|
|
73
|
+
|
|
74
|
+
---
|
|
75
|
+
|
|
76
|
+
## Handoff
|
|
77
|
+
|
|
78
|
+
Foundational input to `/arckit:au-disp-attestation` (DISP Information & Cyber domain draws heavily from the ISM SoA), `/arckit:au-pspf` (PSPF Outcome 4 cites ISM SoA evidence), and feeds the IRAP assessor scoping package.
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
# Australian Notifiable Data Breach Response Playbook
|
|
2
|
+
|
|
3
|
+
> **Guide Origin**: Community | **ArcKit Version**: [VERSION]
|
|
4
|
+
|
|
5
|
+
`/arckit:au-ndb-playbook` generates an operational response playbook under the OAIC Notifiable Data Breaches scheme (Privacy Act 1988 Part IIIC). It captures the assessment criteria for an eligible data breach, the 30-day investigation clock, the notification decision logic, the workflow for notifying affected individuals and the OAIC, and the post-incident review obligations including remediation tracking and lessons-learned capture.
|
|
6
|
+
|
|
7
|
+
The NDB playbook is operational — it is read in the middle of an incident, not at design time. It must be precise about timeframes, roles, and decision criteria. Where the playbook depends on the eligible-data-breach test, the language follows OAIC guidance verbatim.
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Inputs
|
|
12
|
+
|
|
13
|
+
| Artefact | Purpose |
|
|
14
|
+
|----------|---------|
|
|
15
|
+
| `/arckit:au-pia` output (`ARC-<id>-AUPIA-v1.0.md`) | Personal information inventory; eligible-data-breach criteria already drafted |
|
|
16
|
+
| Stakeholders (`ARC-<id>-STKE-v1.0.md`) | Accountable authority, privacy officer, security incident commander |
|
|
17
|
+
| Risk register (`ARC-<id>-RISK-v1.0.md`) | Data-breach risks identified at design time |
|
|
18
|
+
| Runbooks (`ARC-<id>-RBK-v1.0.md`) | Existing incident response procedures the NDB workflow plugs into |
|
|
19
|
+
|
|
20
|
+
---
|
|
21
|
+
|
|
22
|
+
## Command
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
/arckit:au-ndb-playbook <project ID or service description>
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
Output: `projects/<id>/ARC-<id>-AUNDB-v1.0.md`
|
|
29
|
+
|
|
30
|
+
---
|
|
31
|
+
|
|
32
|
+
## Playbook Structure
|
|
33
|
+
|
|
34
|
+
| Section | Contents |
|
|
35
|
+
|---------|----------|
|
|
36
|
+
| Document Control | Australian classification (UNOFFICIAL / OFFICIAL / OFFICIAL:Sensitive / PROTECTED / SECRET / TOP SECRET) |
|
|
37
|
+
| Revision History | Version, date, author, changes, approvals |
|
|
38
|
+
| Activation Criteria | When to enter the NDB workflow vs treat as general incident |
|
|
39
|
+
| Roles & Responsibilities | Accountable authority, privacy officer, incident commander, comms lead, OAIC liaison |
|
|
40
|
+
| Phase 1 — Containment & Initial Triage | First 24 hours: contain, preserve evidence, initial scoping |
|
|
41
|
+
| Phase 2 — Eligible-Data-Breach Assessment | 30-day clock; serious-harm test against OAIC guidance |
|
|
42
|
+
| Phase 3 — Notification Decisions | Trigger criteria, escalation matrix, individuals vs OAIC vs both |
|
|
43
|
+
| Phase 4 — Notification Execution | Templates, channels, timing, language requirements |
|
|
44
|
+
| Phase 5 — Post-Incident Review | Lessons learned, remediation, public-register updates |
|
|
45
|
+
| Decision Tree | Visual flow from detection through notification or no-notification |
|
|
46
|
+
| Templates | Standard wording for individual notifications, OAIC report, board briefing |
|
|
47
|
+
| External Dependencies | OAIC contact protocol, legal counsel, forensics partner |
|
|
48
|
+
| Quarterly Review | Refresh cadence, regulatory-update tracking |
|
|
49
|
+
|
|
50
|
+
---
|
|
51
|
+
|
|
52
|
+
## Regulatory Anchors
|
|
53
|
+
|
|
54
|
+
- **Privacy Act 1988 (Cth) Part IIIC** — Notifiable Data Breaches scheme (statutory basis)
|
|
55
|
+
- **OAIC Notifiable Data Breach guidance** — authoritative interpretation of "eligible data breach" and "serious harm"
|
|
56
|
+
- **Privacy and Other Legislation Amendment Act 2024** (Tranche 1) — enhanced statutory tort and class-action exposure
|
|
57
|
+
- **Cyber Security Act 2024 (Cth)** — adjacent incident-reporting obligations that may run in parallel to NDB
|
|
58
|
+
|
|
59
|
+
---
|
|
60
|
+
|
|
61
|
+
## When to Run
|
|
62
|
+
|
|
63
|
+
- Author this at service design, not in the middle of an incident
|
|
64
|
+
- Refresh after every actual NDB event (lessons-learned)
|
|
65
|
+
- Refresh on material OAIC guidance change or Privacy Act amendment
|
|
66
|
+
- Refresh on accountable-authority or privacy-officer change
|
|
67
|
+
|
|
68
|
+
---
|
|
69
|
+
|
|
70
|
+
## Common Pitfalls
|
|
71
|
+
|
|
72
|
+
- **Conflating the 30-day clock with the notification clock** — the 30-day clock is for the eligible-data-breach assessment. Once eligibility is confirmed, notification must be as soon as practicable. These are distinct.
|
|
73
|
+
- **No pre-drafted notification text** — incident teams under pressure write poor notifications. Templates with placeholder fields cut time-to-notify significantly.
|
|
74
|
+
- **Missing the OAIC liaison path** — the playbook must name a specific individual responsible for OAIC contact, with backup. "The privacy officer" is not specific enough.
|
|
75
|
+
|
|
76
|
+
---
|
|
77
|
+
|
|
78
|
+
## Handoff
|
|
79
|
+
|
|
80
|
+
Tied tightly to `/arckit:au-pia` (PIA establishes the eligible-data-breach criteria) and the operational runbooks (`/arckit:operationalize`). Cited as evidence in `/arckit:au-disp-attestation` (DISP information protection domain) and `/arckit:au-pspf` (PSPF Outcome 4 incident management).
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# AU OT Security
|
|
2
|
+
|
|
3
|
+
`/arckit:au-ot-security` generates an ASD-aligned operational technology cyber security assessment for Australian Government, regulated-sector, and critical-infrastructure projects with connected OT, ICS, SCADA, building-management, field-device, or cyber-physical environments.
|
|
4
|
+
|
|
5
|
+
Use it when OT security matters but you do not necessarily need SOCI/CIRMP coverage. The command complements `au-e8-posture` and `au-ism-controls`: E8 and ISM provide the AU cyber baseline, while this command records OT-specific architecture, connectivity, safety, availability, supplier access, monitoring, and recovery constraints.
|
|
6
|
+
|
|
7
|
+
## Prerequisites
|
|
8
|
+
|
|
9
|
+
| Artefact | Why it helps |
|
|
10
|
+
|----------|--------------|
|
|
11
|
+
| `/arckit:requirements` | Source for availability, safety, OT, remote-access, and supplier-access requirements |
|
|
12
|
+
| `/arckit:stakeholders` | Identifies operational owner, safety owner, CISO, suppliers, and managed-service providers |
|
|
13
|
+
| `/arckit:au-e8-posture` (`ARC-<id>-AUE8-v1.0.md`) | Enterprise cyber baseline |
|
|
14
|
+
| `/arckit:au-ism-controls` (`ARC-<id>-AUISM-v1.0.md`) | Broader ASD control evidence for IT and OT systems |
|
|
15
|
+
| `/arckit:risk` | Receives residual OT cyber and safety risks |
|
|
16
|
+
|
|
17
|
+
## Usage
|
|
18
|
+
|
|
19
|
+
```text
|
|
20
|
+
/arckit:au-ot-security 001
|
|
21
|
+
/arckit:au-ot-security "Water SCADA Platform"
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
Output: `projects/<id>/ARC-<id>-AUOT-v1.0.md`
|
|
25
|
+
|
|
26
|
+
## What It Produces
|
|
27
|
+
|
|
28
|
+
- OT environment context and safety/availability profile.
|
|
29
|
+
- ASD OT guidance alignment.
|
|
30
|
+
- Definitive OT architecture and asset-view assessment.
|
|
31
|
+
- IT/OT segmentation and trust-boundary assessment.
|
|
32
|
+
- Secure connectivity, remote access, and supplier access review.
|
|
33
|
+
- Monitoring, logging, incident response, and recovery constraints.
|
|
34
|
+
- AI-in-OT considerations where relevant.
|
|
35
|
+
- Cross-reference back to AUE8, AUISM, RISK, and AUSOCI where applicable.
|
|
36
|
+
|
|
37
|
+
## Notes
|
|
38
|
+
|
|
39
|
+
This is a general Australian OT security command, not an energy-sector command. The later `au-energy` recipe should consume this artefact before adding AESCSF and energy-market obligations.
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
# Australian Privacy Impact Assessment Playbook
|
|
2
|
+
|
|
3
|
+
> **Guide Origin**: Community | **ArcKit Version**: [VERSION]
|
|
4
|
+
|
|
5
|
+
`/arckit:au-pia` generates an Australian Privacy Impact Assessment under the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles. It captures the entity's APP entity status, scopes the personal information lifecycle, runs an APP-by-APP applicability and compliance analysis, registers privacy risks with mitigations, captures cross-border disclosure flows under APP 8, and surfaces the OAIC notification posture under the Notifiable Data Breaches scheme (Privacy Act Part IIIC).
|
|
6
|
+
|
|
7
|
+
The PIA is a recognised due diligence artefact for Australian Federal entities and APP entities generally. The Privacy Act Tranche 1 reforms (December 2024) introduced new accountability, consent, and automated-decision-making obligations — the PIA explicitly addresses where these apply. Mark anything dependent on the Tranche 2 reforms as `<PENDING TRANCHE 2>` and revisit when the reforms enter force.
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Inputs
|
|
12
|
+
|
|
13
|
+
| Artefact | Purpose |
|
|
14
|
+
|----------|---------|
|
|
15
|
+
| Requirements (`ARC-<id>-REQ-v1.0.md`) | Service description, decision logic, automated decision-making scope |
|
|
16
|
+
| Data requirements (`ARC-<id>-DR-v1.0.md`) | Per-element personal information inventory and sensitivity flags |
|
|
17
|
+
| Data model (`ARC-<id>-DMOD-v1.0.md`) | Entities and relationships carrying personal information |
|
|
18
|
+
| Stakeholders (`ARC-<id>-STKE-v1.0.md`) | Subject populations, partner agencies, processors, offshore recipients |
|
|
19
|
+
|
|
20
|
+
---
|
|
21
|
+
|
|
22
|
+
## Command
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
/arckit:au-pia <project ID or service description>
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
Output: `projects/<id>/ARC-<id>-AUPIA-v1.0.md`
|
|
29
|
+
|
|
30
|
+
---
|
|
31
|
+
|
|
32
|
+
## Assessment Structure
|
|
33
|
+
|
|
34
|
+
| Section | Contents |
|
|
35
|
+
|---------|----------|
|
|
36
|
+
| Document Control | Australian classification (UNOFFICIAL / OFFICIAL / OFFICIAL:Sensitive / PROTECTED / SECRET / TOP SECRET) |
|
|
37
|
+
| Revision History | Version, date, author, changes, approvals |
|
|
38
|
+
| Executive Summary | APP entity status, headline privacy risks, OAIC notification posture, Tranche 1 obligations |
|
|
39
|
+
| Programme / System Description | Description, owner, subject populations, lifecycle stage, personal information lifecycle |
|
|
40
|
+
| APP Entity Status | Whether the entity is APP-covered, exemptions claimed, small business operator status |
|
|
41
|
+
| APP-by-APP Analysis | All 13 APPs: applicability, current compliance posture, evidence, gaps |
|
|
42
|
+
| Personal Information Inventory | Per-element: type, sensitivity flag, lawful basis, retention, recipients |
|
|
43
|
+
| Cross-Border Disclosure (APP 8) | Offshore recipients, jurisdictions, enforceability assessment |
|
|
44
|
+
| Automated Decision-Making (Tranche 1) | Where automated decisions affect individuals, notification posture, human-review pathway |
|
|
45
|
+
| Privacy Risk Register | Risks, likelihood, impact, mitigations, residual risk |
|
|
46
|
+
| NDB Posture | Eligible-data-breach assessment criteria, notification decision logic, OAIC reporting workflow |
|
|
47
|
+
| Treatment & Monitoring | Mitigations in flight, review cadence, change triggers |
|
|
48
|
+
|
|
49
|
+
---
|
|
50
|
+
|
|
51
|
+
## Regulatory Anchors
|
|
52
|
+
|
|
53
|
+
- **Privacy Act 1988 (Cth)** — primary statute; 13 APPs in Schedule 1
|
|
54
|
+
- **Privacy and Other Legislation Amendment Act 2024** (Tranche 1 reforms) — children's privacy, statutory tort, automated decisions, transparency
|
|
55
|
+
- **OAIC Notifiable Data Breaches scheme** (Privacy Act Part IIIC) — eligible-data-breach definition, notification timeframes
|
|
56
|
+
- **OAIC Australian Privacy Principles guidelines** — authoritative interpretation
|
|
57
|
+
- **APP 8** — cross-border disclosure accountability; *Australian Privacy Foundation v ALRC* and OAIC guidance
|
|
58
|
+
|
|
59
|
+
---
|
|
60
|
+
|
|
61
|
+
## When to Run
|
|
62
|
+
|
|
63
|
+
- Whenever a new service collects, holds, uses, or discloses personal information
|
|
64
|
+
- On material change to processing activities, recipients, or retention periods
|
|
65
|
+
- Before launch of any service triggering Tranche 1 obligations (notably automated decisions affecting individuals)
|
|
66
|
+
- Refresh annually or on material privacy-incident learnings
|
|
67
|
+
|
|
68
|
+
---
|
|
69
|
+
|
|
70
|
+
## Handoff
|
|
71
|
+
|
|
72
|
+
Foundational input to `/arckit:au-ndb-playbook` (NDB playbook uses the personal information inventory and breach decision criteria), `/arckit:au-disp-attestation` (DISP information protection domain cites PIA evidence), and `/arckit:au-ai-assurance` (AI Assurance cross-references automated decision-making notification posture).
|