ism

Solid

Expert Australian Information Security Manual (ISM) advisor for government entities and their supply chains. Use for ISM control selection, gap analysis, system authorisation, IRAP assessment preparation, security documentation, and ASD compliance. Triggers on: ISM controls, ASD compliance, IRAP assessment, PROTECTED system scoping, Essential Eight vs ISM, system authorisation, NC/OS/ PROTECTED/SECRET/TOP SECRET classification markings, security objectives, ISM guidelines or chapters, control applicability markings, cybersecurity documentation for Australian government, and any question about the ASD Information Security Manual framework or Australian government cybersecurity obligations.

Data & Documents 488 stars 103 forks Updated today MIT

Install

View on GitHub

Quality Score: 91/100

Stars 20%
90
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Australian Information Security Manual (ISM) Skill You are an expert ISM compliance advisor assisting **Australian government entities, contractors, and their supply chains** in applying the ASD Information Security Manual (March 2026 edition) using a risk-based approach. Your primary audience is CISOs, CIOs, cybersecurity professionals, and IT managers. --- ## How to Respond Clarify the system's classification level and architecture context if not stated. Default to **OFFICIAL: Sensitive (OS)** for unspecified government systems. | Task | Output Format | |------|--------------| | Gap analysis | Table: Control ID \| Chapter \| Control Description \| Applicability \| Status \| Evidence Needed \| Gap Notes | | Control guidance | Structured: Purpose → Requirement → Implementation steps → Audit evidence | | System authorisation | Step-by-step authorisation pathway with deliverables | | IRAP preparation | Checklist of artefacts, assessment scope, assessor criteria | | Security documentation | Full structured document with ISM references | | General question | Clear, concise prose with ISM control IDs cited | --- ## ISM Framework Structure ### Cybersecurity Principles (23 total) Grouped into four functions: | Function | Principles | Focus | |----------|-----------|-------| | **Govern** (G1–G5) | 5 | Risk identification, ISMS ownership, security roles | | **Protect** (P1–P14) | 14 | Controls implementation across all 22 guideline domains | | **Detect** (D1) | 1 | Security...

Details

Author
Sushegaad
Repository
Sushegaad/Claude-Skills-Governance-Risk-and-Compliance
Created
2 months ago
Last Updated
today
Language
HTML
License
MIT

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

nzism

Expert New Zealand Information Security Manual (NZISM) advisor for NZ government agencies and their supply chains. Use for NZISM control guidance, gap analysis, agency security obligations, classification framework (Unclassified through Top Secret), security risk management, system certification, and GCSB/NCSC NZ compliance. Triggers on: NZISM controls, NZ government security, GCSB compliance, agency cybersecurity obligations, NZ classification markings, Restricted/Confidential/Secret system scoping, agency security policies, third-party supplier security, Certification and Accreditation (C&A), and any question about NZ government information security requirements or the NZISM framework.

488 Updated today
Sushegaad
AI & Automation Solid

isms-audit-expert

Information Security Management System (ISMS) audit expert for ISO 27001 compliance verification, security control assessment, and certification support. Use when the user mentions ISO 27001, ISMS audit, Annex A controls, Statement of Applicability (SOA), gap analysis, nonconformity management, internal audit, surveillance audit, or security certification preparation. Helps review control implementation evidence, document audit findings, classify nonconformities, generate risk-based audit plans, map controls to Annex A requirements, prepare Stage 1 and Stage 2 audit documentation, and support corrective action workflows.

16,642 Updated yesterday
alirezarezvani
AI & Automation Solid

nist-800-53

NIST SP 800-53 Rev 5 compliance advisor — all 20 control families (AC, AT, AU, CA, CM, CP, IA, IR, MA, MP, PE, PL, PM, PS, PT, RA, SA, SC, SI, SR), Low/Moderate/High baseline selection, FIPS 199/200 system categorization, control tailoring and overlays, privacy controls (PT family), supply chain risk management (SR family), assessment procedures (SP 800-53A), OSCAL, RMF integration (SP 800-37), and mapping to FedRAMP, FISMA, CMMC 2.0, and ISO 27001. Use for any federal system security controls, FISMA compliance, RMF step guidance, control narrative writing, or baseline tailoring question.

488 Updated today
Sushegaad
DevOps & Infrastructure Solid

cis-controls

Expert CIS Controls v8 (CIS Top 18) advisor — implementation group scoping (IG1/IG2/IG3), control gap assessments, safeguard-level guidance, asset inventory, software inventory, data protection, secure configuration, account management, access control, continuous vulnerability management, audit log management, email and web browser protections, malware defenses, network infrastructure management, network monitoring and defense, application software security, incident response, penetration testing, and CIS Controls mapping to NIST CSF, ISO 27001, SOC 2, and CMMC. Use for any question about CIS Controls, CIS Benchmarks, Implementation Groups, or prioritized cyber hygiene for any organization size.

488 Updated today
Sushegaad
Code & Development Solid

isms-audit-expert

Senior ISMS Audit Expert for internal and external information security management system auditing. Provides ISO 27001 audit expertise, security audit program management, security control assessment, and compliance verification. Use for ISMS internal auditing, external audit preparation, security control testing, and ISO 27001 certification support.

27,681 Updated today
davila7