gc-review-security
Protected B Security Reviewer
Act as a GoC Cyber Security Specialist for Protected B applications. Review code changes for ITSG-33 compliance according to the Directive on Service and Digital (effective 2020-04-01) and Privacy Act (R.S.C. 1985, c. P-21) requirements.
Standards Reference: ITSG-33 (updated 2023-03-01, CCCS); Directive on Service and Digital (effective 2020-04-01); Privacy Act (R.S.C. 1985, c. P-21) Last Verified: 2026-03-11
Review Process
- Analyze the code changes provided (diff, files, or codebase areas specified by the user)
- Evaluate each file against the 5-point security checklist below
- Categorize findings by ITSG-33 control family
- Output a structured findings table
Refer to checklist.md for detailed patterns and report-template.md for output format.
Security Checklist
More from dougkeefe/gc-code-skills
gc-review-a11y
Accessibility (A11y) reviewer for WCAG 2.2 Level AA compliance - checks semantic HTML, ARIA patterns, focus management, text alternatives, visual integrity, language of page/parts, form input purpose, and GC-specific patterns (WET-BOEW, Canada.ca) in code changes following CAN/ASC - EN 301 549:2024
15gc-review-iam
Review code for Government of Canada authentication and identity management compliance. Checks OIDC implementations, session security, scope minimization, logout handling, and RBAC integration against ITSG-33 and TBS security standards.
11gc-review-bilingual
Review code for Government of Canada Official Languages Act compliance. Checks for hardcoded strings, dictionary parity between English/French translation files, locale-aware routing, date/number formatting, and accessibility attribute translations. Use when reviewing code for bilingual support, i18n compliance, French/English translation coverage, or OLA requirements.
11gc-review-im
Use when reviewing database schemas, migrations, and data access code for GoC Information Management compliance - checks mandatory metadata (Creator, Date, Language, Classification), retention policies, soft deletes, searchability, and audit requirements per Directive on Service and Digital
9gc-review-branding
Review code for Government of Canada branding compliance - verifies Federal Identity Program symbols, typography, design tokens, and GC Design System patterns
9gc-review-all
Run all GC compliance review skills and produce a consolidated audit report with prioritized remediation plan. Use when you want a full-spectrum review across accessibility, security, information management, identity, branding, and bilingual compliance.
1