casemark/c-tpat-security-profile
skills/legal/c-tpat-security-profile/SKILL.md
Drafts a U.S. C-TPAT Security Profile for CBP submission covering physical, personnel, procedural, conveyance, and IT security domains. Use when preparing C-TPAT enrollment, certification, validation, or recertification profiles, or assembling a CBP-ready security narrative. Trigger: C-TPAT, CBP security profile, supply chain security, trusted trader, customs validation.
$ install --global
skillsauthnpx skillsauth add casemark/skills c-tpat-security-profileInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 25, 2026, 3:30 AM21.5s1 file scanned
SKILL.md
- name:
- c-tpat-security-profile
- language:
- en
- description:
- >-
- assembling a CBP-ready security narrative. Trigger:
- C-TPAT, CBP security
C-TPAT Security Profile
Produces a CBP-ready C-TPAT Security Profile grounded in documented, verifiable practices aligned with CBP Minimum Security Criteria.
Gather Inputs
- Corporate identifiers — legal name, EIN, DUNS, HQ, facility list, C-TPAT account/tier if enrolled
- Supply chain map — roles (importer/broker/forwarder), trade lanes, origin countries, products, volume
- Security governance — org chart, C-TPAT coordinator, reporting lines, authority
- Policies & SOPs — physical, personnel, procedural, conveyance, IT security procedures
- Risk assessment artifacts — methodology, frequency, recent assessments, mitigation plans
- Training records — onboarding, refresher, role-based, attendance logs
- Business partner vetting — questionnaires, audits, certifications, corrective actions
- Incident logs — security events, seal discrepancies, investigations, remediation
- Validation history — prior CBP validations, findings, corrective actions
Profile Sections
Draft each section using only verifiable, current practices. Never use future-tense promises.
1. Document Control
Version, date, preparer, approver, confidentiality marking.
2. Company Overview & Eligibility
Legal name, EIN, DUNS, HQ, facilities, C-TPAT account/tier, supply chain role, import volume, primary origins, product categories.
3. Governance & Organization
- C-TPAT coordinator — name, title, authority, reporting line
- Security team roles — physical, IT, compliance, operations
- Executive sponsor and review cadence
4. Risk Assessment Method
Framework, frequency, trigger events, scope, risk scoring, documentation approach.
5. Physical Security
- [ ] Perimeter controls (fencing, barriers, lighting)
- [ ] CCTV coverage map and retention
- [ ] Access controls for all zones
- [ ] Visitor management
- [ ] Loading dock controls
- [ ] Alarm/monitoring response
- [ ] Guard force staffing and training
6. Personnel Security
- [ ] Pre-employment screening scope
- [ ] Enhanced checks for sensitive roles
- [ ] Contractor/temp worker controls
- [ ] Security awareness training
- [ ] Termination and access revocation procedures
- [ ] Re-screening policy
7. Procedural Security & Supply Chain Integrity
- [ ] Business partner vetting and re-assessment
- [ ] Receiving procedures and discrepancy handling
- [ ] Cargo storage access controls
- [ ] Shipping documentation accuracy checks
- [ ] Recordkeeping controls
8. Conveyance Security
Seven-point inspection for containers/trailers: front wall, left side, right side, floor, ceiling/roof, inside/outside doors, outside/undercarriage. Document with logs and photos. Apply equivalent protocols for rail/other modes.
9. Seal Control
- [ ] High-security seals meet ISO 17712
- [ ] Seal inventory control
- [ ] Authorized applicators identified
- [ ] Seal number logging
- [ ] Verification at transfer points
- [ ] Discrepancy escalation procedure
10. IT Security
Cover access control (MFA/RBAC), network security (firewalls/IDS/segmentation), data protection (encryption/backup/DR), patch management, and incident response.
11. Compliance & Continuous Improvement
- [ ] Annual self-assessments
- [ ] Corrective actions tracked with owners/dates
- [ ] CBP updates monitoring
- [ ] Training refresh cadence
12. Recordkeeping & Validation Readiness
- [ ] Evidence repository organized and indexed
- [ ] Retention periods documented
- [ ] Validation visit readiness plan
13. Statement of Commitment
Include signature block: "[Company] affirms its commitment to maintaining C-TPAT security standards, continuous improvement, and full cooperation with CBP validation activities." With signature, title, and date lines.
14. Appendices
Org chart, facility diagrams, sample inspection/seal logs, training records, risk assessment summary.
Pitfalls
- Unverifiable claims — never assert certifications or tier status without supporting documentation
- Omitted facilities/lanes — profile must cover all facilities and trade lanes; gaps trigger CBP scrutiny
- Inconsistency — cross-check facts across sections; contradictions undermine credibility
- Uncertain citations — mark any unverified regulatory references with
[VERIFY] - Confidentiality — align markings with company policy and CBP submission expectations
Related Skills
casemark/skills/legal/automated-contract-summary
development
VerifiedTrustedCommunity
name: automated-contract-summary language: en description: Generates structured executive summaries of contracts using ML — captures key terms, party obligations, risk allocations, and compliance requirements in a standardized format. Optimized for high-volume review where speed and consistency matter. tags: - summarization - agreement - corporate --- # Automated Contract Summarization Produces standardized executive summaries of contracts using machine learning, capturing essential term
21SKILL.mdUpdated May 26, 2026
casemark/obligation-mapping
tools
VerifiedTrustedCommunity
Extracts regulatory obligations from dense regulations across jurisdictions. Breaks down multi-level regulations into clear article-level obligations, classifies applicability to a business, and prioritizes by risk level. Use when translating regulations into actionable compliance requirements.
21SKILL.mdUpdated May 25, 2026
casemark/horizon-scanning
development
VerifiedTrustedCommunity
Continuously monitors regulatory landscapes for changes relevant to a specific business. Ingests global regulatory updates, filters by relevance, summarizes impact, and produces an actionable change advisory. Use when tracking regulatory developments affecting a particular product or market.
21SKILL.mdUpdated May 25, 2026
casemark/gap-analysis
testing
VerifiedTrustedCommunity
Compares an organization's existing compliance controls, policies, and procedures against extracted regulatory obligations to identify coverage gaps. Produces a remediation plan with prioritized actions. Use when assessing compliance maturity or preparing for regulatory audits.
21SKILL.mdUpdated May 25, 2026