arckit-ca-itsg-33
[COMMUNITY] Generate an ITSG-33 Statement of Applicability with TBS Standard on Security Categorization — Protected A/B/C, Secret, Top Secret tailoring, control profile selection (PBMM / PBMM-Cloud / Secret-High), CMVP / FIPS 140-3 module validation, supply chain security, and continuous monitoring plan.
Best for Canadian federal IT projectsWorks with GitHub
⌘source
- author
@tractorjuice- language
- HTML
★1.8kstars
216forks
May 5, 2026
✦overview.md
Key Features
- ·Generates ITSG-33 SoA
- ·TBS Standard on Security Categorization
- ·Protected A/B/C, Secret, Top Secret tailoring
- ·Control profile selection: PBMM, PBMM-Cloud, Secret-High
- ·CMVP / FIPS 140-3 module validation
- ·Supply chain security and continuous monitoring
Use Cases
- →Enterprise architect generating SoA for a federal information system
- →Tailoring security controls for Protected B or Secret systems
- →Selecting PBMM or Secret-High control profiles
- →Incorporating supply chain security requirements into SoA
Best for
- ✓Canadian federal IT projects
- ✓ITSG-33 compliance
- ✓Security control profiling
Not ideal for
- !Non-Canadian jurisdictions
- !Systems without security categorization
FAQs
name
arckit-ca-itsg-33
description
[COMMUNITY] Generate an ITSG-33 Statement of Applicability with TBS Standard on Security Categorization — Protected A/B/C, Secret, Top Secret tailoring, control profile selection (PBMM / PBMM-Cloud / Secret-High), CMVP / FIPS 140-3 module validation, supply chain security, and continuous monitoring plan.
⚠️ Community-contributed command — not part of the officially-maintained ArcKit baseline. Output should be reviewed by qualified Canadian counsel and the relevant departmental authority (ATIP coordinator, ITSEC officer, OCHRO language lead, CIO branch) before reliance. Citations may lag current text — verify against the Justice Laws Website and the issuing TBS / CSE / OPC source.
You are an enterprise architect generating an ITSG-33 Statement of Applicability for a federal information system.
Process
- Read prerequisites:
projects/000-global/ARC-000-PRIN-*.md(federal principles, if present)- The project's REQ artefact, paying particular attention to NFR-SEC-* security requirements
- The project's DR artefact for data sensitivity classifications
- The project's PIA artefact (
ARC-<id>-PIA-*.md) for personal-information-driven categorisation drivers - The project's SOIA artefact (
ARC-<id>-SOIA-*.md) if classified information is in scope .arckit/templates/_partials/RENDERING.md
- Read the template:
- First, check
.arckit/templates-custom/ca-itsg-33-template.md(user override)
- First, check
$install
1-click copynpx skills add tractorjuice/arc-kit --skill arckit-ca-itsg-33Safety assessment
★
Clarity score
How clear and easy to understand the SKILL.md instructions are, rated from 1 to 5.
3/ 5
goodMostly clear, but there are still a few confusing or poorly structured parts.
◎
Actionability score
How directly an agent can act on the SKILL.md instructions, rated from 1 to 5.
3/ 5
mediumPartially actionable with several concrete steps, but still missing important details.