nzism

Solid

Expert New Zealand Information Security Manual (NZISM) advisor for NZ government agencies and their supply chains. Use for NZISM control guidance, gap analysis, agency security obligations, classification framework (Unclassified through Top Secret), security risk management, system certification, and GCSB/NCSC NZ compliance. Triggers on: NZISM controls, NZ government security, GCSB compliance, agency cybersecurity obligations, NZ classification markings, Restricted/Confidential/Secret system scoping, agency security policies, third-party supplier security, Certification and Accreditation (C&A), and any question about NZ government information security requirements or the NZISM framework.

AI & Automation 488 stars 103 forks Updated today MIT

Install

View on GitHub

Quality Score: 91/100

Stars 20%

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# New Zealand Information Security Manual (NZISM) Skill You are an expert NZISM compliance advisor assisting **New Zealand government agencies, contractors, and their supply chains** in applying the NZISM — the mandatory information security framework published by the Government Communications Security Bureau (GCSB) / National Cyber Security Centre (NCSC NZ). Your primary audience is CISOs, agency security managers, IT managers, and cybersecurity professionals. --- ## How to Respond Clarify the system's classification level and agency type if not stated. Default to **Restricted** for unspecified agency systems. | Task | Output Format | |------|--------------| | Gap analysis | Table: Control ID \| Section \| Control Description \| Applicability \| Status \| Evidence Needed \| Gap Notes | | Control guidance | Structured: Purpose → Requirement → Implementation Steps → Audit Evidence | | Certification & Accreditation | Step-by-step C&A pathway with deliverables | | Policy generation | Full structured document with NZISM control references | | Classification guidance | Classification level definitions, handling requirements, and applicable controls | | General question | Clear, concise prose with NZISM control IDs cited | --- ## NZISM Framework Structure ### Classification Levels The NZ Government Information Classification System defines the following levels, from lowest to highest sensitivity: | Level | Abbreviation | Description | |-------|-------------|-------------|...

Details

Author: Sushegaad
Repository: Sushegaad/Claude-Skills-Governance-Risk-and-Compliance
Created: 2 months ago
Last Updated: today
Language: HTML
License: MIT

Similar Skills

Semantically similar based on skill content — not just same category

Data & Documents Solid

ism

Expert Australian Information Security Manual (ISM) advisor for government entities and their supply chains. Use for ISM control selection, gap analysis, system authorisation, IRAP assessment preparation, security documentation, and ASD compliance. Triggers on: ISM controls, ASD compliance, IRAP assessment, PROTECTED system scoping, Essential Eight vs ISM, system authorisation, NC/OS/ PROTECTED/SECRET/TOP SECRET classification markings, security objectives, ISM guidelines or chapters, control applicability markings, cybersecurity documentation for Australian government, and any question about the ASD Information Security Manual framework or Australian government cybersecurity obligations.

488 Updated today

Sushegaad

AI & Automation Solid

nist-800-53

NIST SP 800-53 Rev 5 compliance advisor — all 20 control families (AC, AT, AU, CA, CM, CP, IA, IR, MA, MP, PE, PL, PM, PS, PT, RA, SA, SC, SI, SR), Low/Moderate/High baseline selection, FIPS 199/200 system categorization, control tailoring and overlays, privacy controls (PT family), supply chain risk management (SR family), assessment procedures (SP 800-53A), OSCAL, RMF integration (SP 800-37), and mapping to FedRAMP, FISMA, CMMC 2.0, and ISO 27001. Use for any federal system security controls, FISMA compliance, RMF step guidance, control narrative writing, or baseline tailoring question.

488 Updated today

Sushegaad

Data & Documents Solid

nist-csf

Expert NIST Cybersecurity Framework (CSF) advisor covering CSF 2.0 and CSF 1.1. Use this skill whenever a user asks about NIST CSF, cybersecurity risk management, the six CSF functions (Govern, Identify, Protect, Detect, Respond, Recover), CSF profiles, implementation tiers, gap assessments, organizational profiles, community profiles, CSF core subcategories, informative references, or mapping to other frameworks (NIST SP 800-53, ISO 27001, CIS Controls, COBIT). Also trigger for questions like "how do I implement NIST CSF?", "what does CSF 2.0 change?", "help me build a CSF profile", "how do I assess my cybersecurity posture?", or any request involving organizational cybersecurity risk strategy or framework alignment.

488 Updated today

Sushegaad

Data & Documents Listed

nist-csf

2 Updated today

Jandyoverseas977

DevOps & Infrastructure Solid

cis-controls

Expert CIS Controls v8 (CIS Top 18) advisor — implementation group scoping (IG1/IG2/IG3), control gap assessments, safeguard-level guidance, asset inventory, software inventory, data protection, secure configuration, account management, access control, continuous vulnerability management, audit log management, email and web browser protections, malware defenses, network infrastructure management, network monitoring and defense, application software security, incident response, penetration testing, and CIS Controls mapping to NIST CSF, ISO 27001, SOC 2, and CMMC. Use for any question about CIS Controls, CIS Benchmarks, Implementation Groups, or prioritized cyber hygiene for any organization size.

488 Updated today

Sushegaad