From pbmm
Determine appropriate Canadian classification level for your data
How this command is triggered — by the user, by Claude, or both
Slash command
/pbmm:profile-selectThe summary Claude sees in its command listing — used to decide when to auto-load this command
# Classification Level Selection Helps determine the appropriate Canadian Government security classification level and corresponding control profile. ## Arguments - `$1` - Data type description (optional) ## Classification Levels | Level | Full Name | Sensitivity | Injury if Compromised | Example Data Types | |-------|-----------|-------------|----------------------|-------------------| | **U** | Unclassified | No sensitivity | None | Public websites, published reports | | **PA** | Protected A | Low | Limited injury | Internal emails, draft documents | | **PB** | Protected B | Medium |...
Helps determine the appropriate Canadian Government security classification level and corresponding control profile.
$1 - Data type description (optional)| Level | Full Name | Sensitivity | Injury if Compromised | Example Data Types |
|---|---|---|---|---|
| U | Unclassified | No sensitivity | None | Public websites, published reports |
| PA | Protected A | Low | Limited injury | Internal emails, draft documents |
| PB | Protected B | Medium | Serious injury | Personal information, health records, financial data |
| PC | Protected C | High | Grave injury | Law enforcement investigations, sensitive intelligence |
The PBMM (Protected B, Medium Integrity, Medium Availability) profile applies when:
Data Characteristics:
Integrity Requirements: Medium
Availability Requirements: Medium
Question 1: Is the data publicly available or intended for public release?
├─ YES → Unclassified (U)
└─ NO → Continue to Question 2
Question 2: Would unauthorized disclosure cause injury?
├─ Limited injury (minor embarrassment, inconvenience) → Protected A (PA)
├─ Serious injury (financial loss, reputation damage) → Protected B (PB)
├─ Grave injury (life safety, national security) → Protected C (PC)
└─ No injury → Unclassified (U)
Question 3: Are there specific regulatory requirements?
├─ Personal Information Protection laws → Protected B minimum
├─ Provincial health privacy acts → Protected B minimum
├─ Financial sector regulations → Protected B minimum
└─ Law enforcement / intelligence → Protected C likely
| Control Area | Unclassified | Protected A | Protected B (PBMM) | Protected C |
|---|---|---|---|---|
| Canadian Residency | No | Recommended | Mandatory | Mandatory |
| Encryption at Rest | No | Recommended | FIPS 140-2 | FIPS 140-2 Level 3 |
| Encryption in Transit | TLS 1.2+ | TLS 1.2+ | TLS 1.2+ FIPS | TLS 1.2+ FIPS |
| MFA | No | Recommended | Mandatory | Mandatory (hardware) |
| Audit Retention | 1 year | 2 years | 2 years | 7 years |
| Vulnerability Remediation | 30 days | 14 days (high) | 48 hours (critical) | 24 hours (critical) |
| Network Segmentation | Basic | Recommended | Mandatory | Dedicated infrastructure |
| Incident Response | Basic | Documented | CCCS notification | CCCS immediate notification |
| CCCS Assessment | No | No | Required | Required |
Provincial Health Information:
Under Privacy Acts (PIPEDA, provincial acts):
Contract Data for Government of Canada:
Customer Financial Data:
Operational Technology Data:
Mandatory Features:
Certified Providers:
Enhanced Features:
| Classification | Incremental Cost | Drivers |
|---|---|---|
| Unclassified | Baseline | Standard cloud services |
| Protected A | +10-20% | Basic security controls, MFA |
| Protected B | +30-50% | CCCS assessment, enhanced controls, Canadian regions |
| Protected C | +100-200% | Dedicated infrastructure, advanced controls |
# Determine classification for health data
/pbmm:profile-select "Provincial health information (patient records)"
# Financial services data
/pbmm:profile-select "Customer financial transactions and account data"
# Government operational data
/pbmm:profile-select "Internal government operational information"
If Protected A:
If Protected B (PBMM):
/pbmm:assess for detailed readiness assessmentIf Protected C:
/profile-selectDetermines Canadian government security classification level (U/PA/PB/PC) for provided data description using decision tree and outputs control profile recommendations.
npx claudepluginhub mrcodechef/claude-grc-engineering --plugin pbmm