📋 pack: sec-cyber-pack

Disclose a cyber incident without blowing the SEC clock.

Q: What human gates does sec-cyber-pack introduce?

gate:cyber-disclosure-readiness (security-officer). These layer on top of the standard plan/ship gates.

Q: What if my project doesn't match these signals exactly?

You can manually add the pack name to PROJECT.md or run /migrate to re-run detection with updated rules.

A US public company (or pre-IPO / S-1)? GreatCTO auto-attaches sec-cyber-pack for the SEC 2023 Cybersecurity Rule: Form 8-K Item 1.05 (4-business-day clock from the materiality determination, not discovery), Reg S-K Item 106 in the 10-K, a defined materiality decision process, vendor-breach attribution, and the CIRCIA 72-hour critical-infrastructure clock — all mapped to your incident-response tooling.

$ npx great-cto init All packs ↗

Auto-attach signals

Detected by CLI when:

public company · 10-K · 8-K · S-1 · IPO · material incident · incident response · SIEM · PagerDuty · CIRCIA

The pack rides on top of your base archetype (web-service, ai-system, fintech, …) — it doesn't replace it. Auto-injects reviewer agents into the pipeline + opens human gates listed below.

Reviewer agents activated

1 specialist added to the pipeline.

01 · sec-cyber-disclosure-reviewer

SEC 8-K Item 1.05 + 10-K Item 106 + materiality process + CIRCIA dual-clock + vendor attribution

Human gates introduced

1 new gate type on top of `gate:plan` + `gate:ship`.

Gate	Owner	Trigger
`gate:cyber-disclosure-readiness`	security-officer	pre-implementation — IR path must produce disclosure artifacts

Required artefacts before senior-dev claims tasks

6 concrete deliverables.

✓ Materiality decision template (decider + inputs + SLA)
✓ IR runbook emitting discovery-time + materiality-determination-time (machine-readable)
✓ Incident aggregation rule (related incidents assessed together)
✓ Dual-clock map: SEC 4-business-day vs CIRCIA 72h / 24h ransom
✓ Vendor breach-notification SLAs ≤ determination window
✓ 10-K Item 106 evidence trail (risk register, governance, pen-test cadence)

EVAL suite required

1 golden-set scenarios shipped as templates.

Each EVAL has ≥5 test cases, pass threshold, regression interpretation, cross-refs to TM + gates. Run via your existing test framework.

EVAL-seccyber-disclosure-clock.md

Regulatory surface covered

5 standards / regulations addressed.

SEC 2023 Cybersecurity Disclosure Rule Form 8-K Item 1.05 Regulation S-K Item 106 CIRCIA (6 CFR Part 226) TSC Industries v. Northway / Basic v. Levinson (materiality)

FAQ

Common questions about sec-cyber-pack.

When does sec-cyber-pack auto-attach?

When the CLI detects these signals in your repo: public company · 10-K · 8-K · S-1 · IPO · material incident · incident response · SIEM · PagerDuty · CIRCIA. Override anytime by editing packs: in PROJECT.md.

What human gates does sec-cyber-pack introduce?

gate:cyber-disclosure-readiness (security-officer). These layer on top of the standard plan/ship gates.

What if my project doesn't match these signals exactly?

You can manually add the pack name to PROJECT.md or run /migrate to re-run detection with updated rules.

30 seconds

Drop GreatCTO into any repo — sec-cyber-pack attaches automatically.

$ npx great-cto init

no signup·runs locally·pay your own API