diff --git a/obligations/controls_for_obligation_mapping.json b/obligations/controls_for_obligation_mapping.json new file mode 100644 index 00000000..28449ae9 --- /dev/null +++ b/obligations/controls_for_obligation_mapping.json @@ -0,0 +1,67 @@ +{ + "schema_version": "controls_for_obligation_mapping_v1", + "purpose": "Accepted CRA->OWASP controls (Compliance Execution Graph) for the Obligation Registry to propose the SEMANTIC control->obligation_id, replacing the coarse citation_unit interim join. Fill proposed_obligation_id per control, then we adopt it into control_mapping.obligation_id.", + "source": "ai-compliance-sdk control_mappings, mapping_status=accepted, reviewed_by=benjamin 2026-06-25", + "filled_by": "obligation-registry-session 2026-06-25 (alle 7/7: 4 auth/crypto + 3 logging via cra_logging.json)", + "join_principle": "SEMANTISCH via obligation_id, NICHT via citation_unit/legal_basis-Anker. Die CRA-Anker sind im Registry teils approximativ (siehe anchor_quality_note) — daher ist obligation_id der stabile Primaerschluessel, nicht der Anker.", + "anchor_quality_note": "Registry-legal_basis-Anker sind teils CRA-Part-I-fehlzugeordnet (Opus-Synthese): user_authentication_required steht auf (2)(d) statt (2)(c); Crypto-Obligations auf (2)(e) statt (2)(d). CRA Annex I Part I: (2)(c)=Zugriffsschutz, (2)(d)=Vertraulichkeit, (2)(e)=Integritaet. Korrektur kommt mit dem zitierfaehigen Re-Ingest (span-genau). Deshalb: NICHT auf Anker joinen. ABER: der Logging-Cut (V16.*) ist korrekt auf (2)(k) verankert (echte Logging-Subsektion, kein Fehl-Anker).", + "count": 7, + "controls": [ + { + "framework": "OWASP ASVS", "control": "V6.3.1", + "source_norm": "CRA Annex I Part I (2)(c) — Schutz vor unbefugtem Zugriff", + "citation_unit": "Annex I (2)(c)", "family": "auth", "mapping_type": "supports", + "proposed_obligation_id": "user_authentication_required", + "mapping_method": "semantic", + "mapping_note": "Zugriffsschutz/Authentisierung-vor-Zugriff = Nutzer-Auth (NICHT firmware, trotz strukturellem (2)(c)-Join)" + }, + { + "framework": "OWASP ASVS", "control": "V6.1.1", + "source_norm": "CRA Annex I Part I (2)(c) — Schutz vor unbefugtem Zugriff", + "citation_unit": "Annex I (2)(c)", "family": "auth", "mapping_type": "supports", + "proposed_obligation_id": "user_authentication_required", + "mapping_method": "semantic", + "mapping_note": "wie V6.3.1" + }, + { + "framework": "OWASP ASVS", "control": "V11.2.1", + "source_norm": "CRA Annex I Part I (2)(d) — Vertraulichkeit / Verschluesselung", + "citation_unit": "Annex I (2)(d)", "family": "crypto", "mapping_type": "supports", + "proposed_obligation_id": "credential_confidentiality_protection", + "mapping_method": "semantic", + "mapping_note": "Vertraulichkeit von Auth-Daten. ALT: encrypted_auth_channel, falls V11.2.1 transit-/kanal-spezifisch ist — bitte aus eurem Control-Text bestaetigen." + }, + { + "framework": "OWASP ASVS", "control": "V11.7.1", + "source_norm": "CRA Annex I Part I (2)(d) — Vertraulichkeit / Verschluesselung", + "citation_unit": "Annex I (2)(d)", "family": "crypto", "mapping_type": "supports", + "proposed_obligation_id": "auth_key_management", + "mapping_method": "semantic", + "mapping_note": "Key Management = Schluessel erzeugen/speichern/HSM" + }, + { + "framework": "OWASP ASVS", "control": "V16.3.3", + "source_norm": "CRA Annex I Part I (2)(k) — Sicherheitsrelevante Ereignisse / Logging", + "citation_unit": "Annex I (2)(k)", "family": "logging", "mapping_type": "supports", + "proposed_obligation_id": "event_logging_security_events", + "mapping_method": "semantic", + "mapping_note": "Umbrella-LM 'Produkt protokolliert sicherheitsrelevante Ereignisse' (CRA (2)(k)). ALT bei access-decision-spezifischem Control-Text: access_control_event_logging — bitte aus eurem ASVS-V16.3-Text bestaetigen." + }, + { + "framework": "OWASP ASVS", "control": "V16.3.4", + "source_norm": "CRA Annex I Part I (2)(k) — Sicherheitsrelevante Ereignisse / Logging", + "citation_unit": "Annex I (2)(k)", "family": "logging", "mapping_type": "supports", + "proposed_obligation_id": "event_logging_security_events", + "mapping_method": "semantic", + "mapping_note": "Umbrella-LM (CRA (2)(k)). ALT bei admin-/privileg-spezifischem Control-Text: audit_trail_admin_actions — bitte aus eurem ASVS-V16.3-Text bestaetigen." + }, + { + "framework": "OWASP ASVS", "control": "V16.1.1", + "source_norm": "CRA Annex I Part I (2)(k) — Sicherheitsrelevante Ereignisse / Logging", + "citation_unit": "Annex I (2)(k)", "family": "logging", "mapping_type": "supports", + "proposed_obligation_id": "event_logging_security_events", + "mapping_method": "semantic", + "mapping_note": "V16.1 = allgemeine Logging-Anforderung -> Umbrella-LM event_logging_security_events. Hohe Konfidenz." + } + ] +} diff --git a/obligations/cra_logging.json b/obligations/cra_logging.json new file mode 100644 index 00000000..243ad5ec --- /dev/null +++ b/obligations/cra_logging.json @@ -0,0 +1,4741 @@ +{ + "schema_version": "obligation_registry_v1", + "regulation": "CRA", + "regulation_code": "CRA", + "family": "logging", + "theme": "Logging/Audit (CRA Annex I Part I (2)(k))", + "generated_by": "obligation_discovery/claude-opus-4-8", + "synthesis_version": "v1", + "citation_status": "pending_span_anchor", + "curation": { + "curated_by": "obligation-registry-session 2026-06-25", + "method": "two-stage clustering (micro 0.78 -> meta 0.62) -> Opus synthesis -> key-free review", + "scope_controls": 2601, + "micro_clusters": 1361, + "review_units": 100, + "obligations": 19, + "tier_split": { + "LEGAL_MINIMUM": 6, + "BEST_PRACTICE": 13 + }, + "out_of_scope": [ + "M8 (AI-Act Hochrisiko-Ausnahmen)", + "M5 (FRT/Domaenen-Training)", + "M81 (PIN/domaenenspezifisch)" + ], + "anchor_quality": "LEGAL_MINIMUM korrekt auf CRA Annex I Part I (2)(k) verankert (echte Logging-Subsektion, mit CRA-Originalzitat) — KEIN Fehl-Anker wie im Auth-Cut. Span-genaue Anker folgen mit Re-Ingest.", + "join_note": "ASVS V16.1.1/V16.3.3/V16.3.4 (SDK-Store, anderer Namespace als member_controls) -> event_logging_security_events (Umbrella-LM). Spezifischere Alternativen via Control-Text durch die Engine-Session." + }, + "obligations": [ + { + "id": "event_logging_security_events", + "name": "Protokollierung sicherheitsrelevanter Ereignisse", + "description": "Das Produkt protokolliert sicherheitsrelevante Ereignisse und Aktivitaeten (Zugriffe, Aenderungen, sicherheitsrelevante interne Aktivitaeten), um Nachvollziehbarkeit und Erkennung von Vorfaellen zu ermoeglichen.", + "tier": "LEGAL_MINIMUM", + "subdomain": "event_logging", + "applicability": "universal", + "evidence_facets": { + "governance": true, + "capability": true, + "evidence": true + }, + "source_role": "LEGAL_BASIS", + "legal_basis": [ + { + "source": "CRA", + "anchor": "Annex I Part I (2)(k)", + "citation": "monitor relevant internal activity, including the access to or modification of data, services or functions, where applicable, through recording and monitoring" + } + ], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "AU-2 Event Logging", + "role": "best_practice" + }, + { + "source": "OWASP", + "anchor": "ASVS V7 Logging", + "role": "best_practice" + } + ], + "member_review_units": [ + "M1", + "M0", + "M19", + "M9", + "M7", + "M24", + "M21", + "M45", + "M33", + "M99", + "M62" + ], + "member_controls": [ + "ACC-005", + "ACC-0320-A14", + "ACC-0320-A15", + "ACC-086", + "ACC-086-A03", + "ACC-086-A04", + "ACC-086-A05", + "ACC-086-A07", + "ACC-086-A11", + "ACC-086-A16", + "ACC-086-A17", + "ACC-086-A19", + "ACC-086-A23", + "ACC-086-A24", + "ACC-089-A09", + "ACC-089-A16", + "ACC-175-A06", + "ACC-175-A15", + "ACC-188-A11", + "ACC-188-A22", + "ACC-188-A41", + "ACC-188-A54", + "ACC-189-A11", + "ACC-189-A24", + "ACC-189-A50", + "ACC-189-A63", + "ACC-195-A09", + "ACC-195-A19", + "ACC-195-A31", + "ACC-195-A41", + "ACC-195-A50", + "ACC-199-A11", + "ACC-199-A22", + "ACC-199-A44", + "ACC-199-A55", + "ACC-210-A13", + "ACC-210-A20", + "ACC-210-A27", + "ACC-210-A34", + "ACC-470-A15", + "ACC-474-A11", + "ACC-476-A08", + "ACC-487-A01", + "ACC-499-A07", + "ACC-512-A10", + "ACC-533-A10", + "ACC-578-A08", + "ACC-584-A06", + "ACC-584-A12", + "ACC-598-A05", + "ACC-612-A08", + "ACC-623-A09", + "ACC-631-A09", + "ACC-642-A06", + "ACC-642-A07", + "ACC-659", + "ACC-686-A03", + "ACC-686-A06", + "ACC-686-A07", + "ACC-695-A05", + "ACC-734", + "ACC-735", + "ACC-746-A07", + "ACC-757-A01", + "ACC-762-A04", + "ACL-002-A02", + "ACL-002-A04", + "ACL-002-A06", + "ACL-002-A08", + "AI-031-A19", + "AI-099-A29", + "AI-1241-A10", + "AI-1254-A02", + "AI-1389-A08", + "AI-1390-A05", + "AI-1392-A07", + "AI-1434-A06", + "AI-1559-A08", + "AI-1597-A01", + "AI-1602-A02", + "AI-1602-A05", + "AI-1624-A04", + "AI-594-A11", + "AI-648-A09", + "AI-684-A12", + "AI-760-A40", + "AI-942-A56", + "AI-942-A68", + "AI-951-A37", + "API-005", + "AUD-001", + "AUTH-079-A28", + "AUTH-1048-A71", + "AUTH-1061-A19", + "AUTH-1061-A77", + "AUTH-1102-A14", + "AUTH-1279-A04", + "AUTH-1290", + "AUTH-1303-A08", + "AUTH-1312-A03", + "AUTH-1441-A12", + "AUTH-1443-A03", + "AUTH-1443-A07", + "AUTH-1448-A01", + "AUTH-1455", + "AUTH-1455-A07", + "AUTH-1466-A09", + "AUTH-148-A05", + "AUTH-1514-A12", + "AUTH-1525-A04", + "AUTH-1530-A07", + "AUTH-1538", + "AUTH-1538-A10", + "AUTH-1555-A04", + "AUTH-1559", + "AUTH-1561-A01", + "AUTH-1561-A02", + "AUTH-1563-A04", + "AUTH-1589-A10", + "AUTH-1668-A09", + "AUTH-1669-A10", + "AUTH-1682-A08", + "AUTH-1699-A07", + "AUTH-1705-A12", + "AUTH-1723-A01", + "AUTH-1723-A09", + "AUTH-1818-A11", + "AUTH-1834-A06", + "AUTH-1862-A09", + "AUTH-1886-A09", + "AUTH-2406", + "AUTH-2415", + "AUTH-2415-A03", + "AUTH-2415-A07", + "AUTH-2415-A08", + "AUTH-2415-A13", + "AUTH-2419-A06", + "AUTH-2448-A10", + "AUTH-2466-A04", + "AUTH-2544-A05", + "AUTH-2544-A10", + "AUTH-2546-A03", + "AUTH-2547", + "AUTH-2547-A02", + "AUTH-2550-A13", + "AUTH-2593-A08", + "AUTH-2650-A05", + "AUTH-2650-A11", + "AUTH-2734-A07", + "AUTH-2784-A06", + "AUTH-2785-A04", + "AUTH-2798", + "AUTH-2798-A07", + "AUTH-2809-A08", + "AUTH-2830-A07", + "AUTH-2836-A07", + "AUTH-2840-A01", + "AUTH-2840-A03", + "AUTH-2840-A05", + "AUTH-2840-A06", + "AUTH-2855-A06", + "AUTH-2870-A08", + "AUTH-2879-A06", + "AUTH-2879-A11", + "AUTH-2881-A07", + "AUTH-2903-A01", + "AUTH-2903-A10", + "AUTH-2905-A05", + "AUTH-2919", + "AUTH-2919-A08", + "AUTH-2919-A09", + "AUTH-2919-A10", + "AUTH-2941-A01", + "AUTH-2941-A02", + "AUTH-2941-A03", + "AUTH-2947-A01", + "AUTH-2950-A08", + "AUTH-2965-A03", + "AUTH-2970-A06", + "AUTH-3016-A10", + "AUTH-3025", + "AUTH-3025-A13", + "AUTH-3089-A08", + "AUTH-3171-A10", + "AUTH-3199-A04", + "AUTH-3228-A04", + "AUTH-3246-A03", + "AUTH-3246-A11", + "AUTH-3252-A04", + "AUTH-3252-A07", + "AUTH-3296-A01", + "AUTH-3338-A17", + "AUTH-3430-A12", + "AUTH-3452-A07", + "AUTH-3478-A08", + "AUTH-3595-A05", + "AUTH-3595-A11", + "AUTH-3665-A01", + "AUTH-3683", + "AUTH-3686-A05", + "AUTH-3687-A02", + "AUTH-3687-A07", + "AUTH-3689", + "AUTH-3715-A11", + "AUTH-3887-A05", + "AUTH-3904", + "AUTH-3917-A09", + "AUTH-3917-A13", + "AUTH-3918", + "AUTH-3930-A11", + "AUTH-3936-A17", + "AUTH-4032-A07", + "AUTH-4045", + "AUTH-4045-A01", + "AUTH-4045-A04", + "AUTH-4049-A02", + "AUTH-4075-A03", + "AUTH-4095-A05", + "AUTH-4095-A09", + "AUTH-455", + "AUTH-523", + "AUTH-523-A04", + "AUTH-535", + "AUTH-535-A04", + "AUTH-552", + "AUTH-552-A01", + "AUTH-552-A03", + "AUTH-552-A04", + "AUTH-552-A07", + "AUTH-552-A08", + "AUTH-552-A09", + "AUTH-552-A13", + "AUTH-595-A09", + "AUTH-616-A08", + "AUTH-633-A11", + "AUTH-639-A07", + "AUTH-656", + "AUTH-656-A01", + "AUTH-656-A02", + "AUTH-656-A03", + "AUTH-656-A04", + "AUTH-656-A05", + "AUTH-656-A06", + "AUTH-656-A07", + "AUTH-656-A08", + "AUTH-656-A09", + "AUTH-656-A10", + "AUTH-656-A12", + "AUTH-656-A13", + "AUTH-656-A14", + "AUTH-656-A15", + "AUTH-656-A16", + "AUTH-656-A17", + "AUTH-656-A18", + "AUTH-656-A23", + "AUTH-656-A24", + "AUTH-656-A26", + "AUTH-656-A27", + "AUTH-660-A12", + "AUTH-663", + "AUTH-663-A01", + "AUTH-663-A07", + "AUTH-678-A06", + "AUTH-734-A04", + "AUTH-760-A03", + "AUTH-785", + "AUTH-856-A04", + "AUTH-856-A15", + "AUTH-856-A26", + "AUTH-856-A37", + "AUTH-856-A48", + "AUTH-902-A03", + "AUTH-947-A38", + "BIO-009-A03", + "CLG-001", + "CLG-001-A02", + "CLG-001-A06", + "COMP-1053-A04", + "COMP-1053-A08", + "COMP-1103-A05", + "COMP-1103-A09", + "COMP-1103-A14", + "COMP-1150-A05", + "COMP-1150-A08", + "COMP-1150-A11", + "COMP-116-A09", + "COMP-116-A18", + "COMP-1231-A28", + "COMP-1247-A02", + "COMP-1247-A10", + "COMP-1247-A18", + "COMP-1247-A26", + "COMP-1247-A34", + "COMP-1247-A42", + "COMP-1249-A04", + "COMP-1249-A11", + "COMP-1249-A24", + "COMP-1249-A29", + "COMP-1249-A37", + "COMP-1249-A47", + "COMP-1249-A52", + "COMP-1249-A64", + "COMP-1249-A71", + "COMP-178-A08", + "COMP-178-A19", + "COMP-1891-A04", + "COMP-1891-A08", + "COMP-1919-A13", + "COMP-1936-A07", + "COMP-196-A05", + "COMP-2128", + "COMP-2128-A06", + "COMP-2724-A03", + "COMP-2734", + "COMP-2734-A04", + "COMP-2734-A05", + "COMP-2734-A09", + "COMP-2734-A11", + "COMP-2752", + "COMP-2752-A01", + "COMP-2752-A02", + "COMP-2752-A03", + "COMP-2752-A04", + "COMP-2765-A10", + "COMP-2775", + "COMP-2775-A05", + "COMP-2778-A02", + "COMP-2780-A05", + "COMP-2780-A14", + "COMP-3280-A01", + "COMP-3292-A02", + "COMP-3297-A04", + "COMP-3301-A08", + "COMP-3304", + "COMP-3306", + "COMP-3306-A07", + "COMP-3306-A08", + "COMP-3309", + "COMP-3309-A04", + "COMP-3309-A07", + "COMP-3312-A05", + "COMP-3318", + "COMP-3322-A01", + "COMP-3322-A02", + "COMP-3322-A08", + "COMP-3322-A10", + "COMP-3324-A06", + "COMP-3326-A01", + "COMP-3326-A05", + "COMP-3326-A06", + "COMP-3326-A07", + "COMP-3326-A12", + "COMP-3326-A14", + "COMP-3327", + "COMP-3327-A03", + "COMP-3327-A06", + "COMP-3332", + "COMP-3339", + "COMP-3339-A03", + "COMP-3339-A06", + "COMP-3339-A08", + "COMP-3343-A01", + "COMP-3362", + "COMP-3362-A01", + "COMP-3378-A08", + "COMP-3429", + "COMP-3436-A09", + "COMP-3449-A01", + "COMP-3521-A05", + "COMP-356-A06", + "COMP-3696-A06", + "COMP-3733", + "COMP-3733-A08", + "COMP-3733-A09", + "COMP-3739-A03", + "COMP-3983-A05", + "COMP-4009-A03", + "COMP-4058", + "COMP-4058-A07", + "COMP-4059", + "COMP-4059-A01", + "COMP-4059-A02", + "COMP-4059-A11", + "COMP-4088", + "COMP-4088-A11", + "COMP-4088-A12", + "COMP-714-A06", + "COMP-786-A06", + "COMP-786-A11", + "COMP-786-A20", + "COMP-786-A25", + "COMP-911", + "COMP-911-A02", + "COMP-911-A04", + "CRA-006", + "CRA-006-A03", + "CRA-006-A04", + "CRYP-1014-A07", + "CRYP-1043-A09", + "CRYP-1044-A13", + "CRYP-1063-A10", + "CRYP-1079-A10", + "CRYP-1106-A11", + "CRYP-1111-A11", + "CRYP-1160-A05", + "CRYP-1179-A05", + "CRYP-118-A11", + "CRYP-1247", + "CRYP-1247-A01", + "CRYP-1252-A06", + "CRYP-1451-A05", + "CRYP-1477-A09", + "CRYP-1725-A04", + "CRYP-1787-A06", + "CRYP-1814-A14", + "CRYP-1855", + "CRYP-1855-A01", + "CRYP-186-A10", + "CRYP-186-A21", + "CRYP-1881-A04", + "CRYP-1881-A12", + "CRYP-1889-A09", + "CRYP-1892-A11", + "CRYP-190-A10", + "CRYP-1907-A05", + "CRYP-1907-A09", + "CRYP-1910-A10", + "CRYP-1968-A18", + "CRYP-2036-A11", + "CRYP-2158-A11", + "CRYP-2168-A08", + "CRYP-225-A06", + "CRYP-2282-A06", + "CRYP-2330-A04", + "CRYP-2330-A09", + "CRYP-285-A03", + "CRYP-376-A09", + "CRYP-389-A13", + "CRYP-630-A06", + "CRYP-781-A07", + "CRYP-827-A08", + "CRYP-867-A09", + "CRYP-957-A11", + "DATA-002-A09", + "DATA-099-A08", + "DATA-1135-A08", + "DATA-1163-A11", + "DATA-1191-A14", + "DATA-1230-A08", + "DATA-1235-A11", + "DATA-1237-A05", + "DATA-1240-A13", + "DATA-1247-A07", + "DATA-1253-A08", + "DATA-1257", + "DATA-1273-A02", + "DATA-1273-A10", + "DATA-137-A21", + "DATA-1461", + "DATA-1490-A06", + "DATA-1517-A06", + "DATA-1745", + "DATA-1851-A05", + "DATA-1945-A17", + "DATA-2014-A10", + "DATA-2017-A04", + "DATA-2057-A09", + "DATA-2057-A19", + "DATA-2190-A08", + "DATA-2223-A01", + "DATA-2309-A05", + "DATA-2430-A06", + "DATA-2516-A05", + "DATA-2585-A08", + "DATA-2695-A02", + "DATA-2703-A06", + "DATA-2724-A08", + "DATA-3026-A05", + "DATA-3026-A10", + "DATA-3034-A08", + "DATA-3240-A11", + "DATA-3250-A06", + "DATA-3326-A14", + "DATA-3402", + "DATA-3437-A12", + "DATA-3556-A09", + "DATA-3961-A07", + "DATA-4138-A11", + "DATA-4242-A07", + "DATA-4277-A07", + "DATA-4294-A10", + "DATA-4300-A02", + "DATA-4300-A09", + "DATA-4303-A10", + "DATA-4335-A05", + "DATA-4418-A12", + "DATA-4633-A07", + "DATA-4669", + "DATA-4669-A01", + "DATA-4669-A04", + "DATA-4683-A05", + "DATA-4689-A02", + "DATA-652", + "DATA-652-A06", + "DATA-652-A16", + "DATA-680", + "DATA-716-A01", + "DATA-716-A02", + "DATA-716-A03", + "DATA-716-A04", + "DATA-735-A03", + "DATA-735-A04", + "DATA-827-A04", + "DATA-827-A05", + "DATA-852-A03", + "DATA-852-A12", + "DATA-917-A02", + "DATA-917-A03", + "DATA-917-A05", + "DATA-917-A06", + "DATA-917-A08", + "DATA-917-A10", + "DATA-917-A11", + "DATA-947-A06", + "DATA-947-A11", + "DATA-947-A15", + "DATA-947-A20", + "DATA-969-A02", + "DATA-969-A09", + "DOC-010-A01", + "DOC-010-A03", + "DOC-010-A07", + "FIN-1094-A01", + "FIN-298-A21", + "FIN-696-A11", + "FRD-006", + "GLM-001", + "GLM-001-A02", + "GLM-001-A04", + "GLM-001-A06", + "GOV-0683-A04", + "GOV-0683-A10", + "GOV-0686-A04", + "GOV-0686-A10", + "GOV-0697-A01", + "GOV-0697-A03", + "GOV-1045-A04", + "GOV-1195-A02", + "GOV-1213-A09", + "GOV-1398-A12", + "GOV-1439-A10", + "GOV-2435-A10", + "GOV-2868-A12", + "GOV-3061-A09", + "GOV-3175-A03", + "GOV-3175-A04", + "GOV-3179-A07", + "GOV-3191-A09", + "GOV-3208-A09", + "GOV-322-A11", + "GOV-3500-A02", + "GOV-3805-A01", + "GOV-3805-A07", + "GOV-3805-A08", + "GOV-3805-A09", + "GOV-3846-A05", + "GOV-3853", + "GOV-3853-A03", + "GOV-3865-A03", + "GOV-445-A13", + "GOV-462-A13", + "GOV-640-A30", + "GOV-741-A05", + "GOV-982-A03", + "HLG-001", + "HLT-120-A09", + "HLT-125-A07", + "HLT-181-A08", + "HLT-197-A08", + "HLT-514-A08", + "HLT-528-A02", + "HLT-532-A08", + "HLT-533-A10", + "HLT-558-A07", + "HLT-560-A09", + "HLT-560-A10", + "HLT-560-A18", + "HSM-005", + "IAM-009-A07", + "IAM-009-A10", + "IDA-008", + "IDF-010", + "IDF-010-A02", + "INC-0358-A29", + "INC-091", + "INC-091-A05", + "INC-091-A07", + "INC-091-A08", + "INC-091-A09", + "INC-091-A10", + "INC-1104-A04", + "INC-1153-A05", + "INC-1159-A12", + "INC-1173-A13", + "INC-151-A10", + "INC-205-A02", + "ISS-003-A02", + "KMG-002-A04", + "KST-003-A01", + "KYS-006", + "KYS-006-A08", + "LAB-557-A10", + "LAB-610-A05", + "LOG-045-A17", + "LOG-060-A07", + "LOG-0861-A01", + "LOG-0861-A07", + "LOG-0861-A13", + "LOG-0862-A01", + "LOG-0862-A02", + "LOG-0862-A04", + "LOG-0867-A04", + "LOG-0868-A04", + "LOG-0869-A07", + "LOG-0885-A04", + "LOG-0885-A05", + "LOG-0886-A01", + "LOG-1048-A05", + "LOG-1055", + "LOG-1055-A02", + "LOG-1058-A10", + "LOG-1058-A11", + "LOG-1059-A05", + "LOG-1060", + "LOG-1063", + "LOG-1066-A02", + "LOG-107-A05", + "LOG-1071-A01", + "LOG-1071-A02", + "LOG-1072-A01", + "LOG-1074-A05", + "LOG-1088-A01", + "LOG-1088-A04", + "LOG-1126", + "LOG-1239-A07", + "LOG-1475-A03", + "LOG-1478-A06", + "LOG-1480", + "LOG-1480-A01", + "LOG-1480-A10", + "LOG-1481-A10", + "LOG-1491", + "LOG-1493-A07", + "LOG-1507-A04", + "LOG-1512-A05", + "LOG-1546-A02", + "LOG-1663-A01", + "LOG-1663-A02", + "LOG-1663-A03", + "LOG-1695-A07", + "LOG-1695-A11", + "LOG-1705-A04", + "LOG-1706-A09", + "LOG-1728", + "LOG-1728-A15", + "LOG-1728-A16", + "LOG-1728-A17", + "LOG-1729", + "LOG-1729-A04", + "LOG-1731-A01", + "LOG-1733", + "LOG-1733-A01", + "LOG-1733-A05", + "LOG-1733-A08", + "LOG-1733-A11", + "LOG-1733-A12", + "LOG-1734-A03", + "LOG-1737-A01", + "LOG-1739", + "LOG-1743-A15", + "LOG-1746", + "LOG-1746-A11", + "LOG-1747", + "LOG-1747-A05", + "LOG-1749-A04", + "LOG-1751", + "LOG-1753-A10", + "LOG-1755", + "LOG-1755-A09", + "LOG-1762", + "LOG-1763", + "LOG-1764", + "LOG-1764-A03", + "LOG-1775", + "LOG-1776-A02", + "LOG-1780", + "LOG-1780-A13", + "LOG-1781", + "LOG-1783-A08", + "LOG-1825", + "LOG-1825-A03", + "LOG-1830-A15", + "LOG-1830-A20", + "LOG-1848-A05", + "LOG-1859-A11", + "LOG-1892-A01", + "LOG-1947", + "LOG-1947-A01", + "LOG-1950-A03", + "LOG-1956-A02", + "LOG-1959", + "LOG-1959-A10", + "LOG-2033-A03", + "LOG-2051-A02", + "LOG-2051-A03", + "LOG-2054-A06", + "LOG-2057-A01", + "LOG-2057-A03", + "LOG-2072-A05", + "LOG-2073-A05", + "LOG-2082-A01", + "LOG-2082-A08", + "LOG-407-A18", + "LOG-410-A11", + "LOG-596", + "LOG-596-A01", + "LOG-599", + "LOG-599-A01", + "LOG-605-A05", + "LOG-622", + "LOG-622-A12", + "LOG-622-A13", + "LOG-626", + "LOG-626-A01", + "LOG-626-A02", + "LOG-626-A04", + "LOG-631", + "LOG-633-A07", + "LOG-639", + "LOG-641", + "LOG-641-A02", + "LOG-643-A03", + "LOG-652-A03", + "LOG-652-A07", + "LOG-652-A08", + "LOG-657-A06", + "LOG-667", + "LOG-667-A04", + "LOG-667-A06", + "LOG-667-A07", + "LOG-672", + "LOG-672-A01", + "LOG-675-A03", + "LOG-684-A06", + "LOG-686", + "LOG-686-A01", + "LOG-686-A09", + "LOG-705", + "LOG-706-A10", + "LOG-706-A11", + "LOG-745-A08", + "LOG-745-A09", + "LOG-745-A18", + "LOG-745-A28", + "LOG-745-A29", + "LOG-745-A38", + "LOG-745-A39", + "LOG-745-A49", + "LOG-745-A50", + "LOG-745-A59", + "LOG-774", + "LOG-855", + "LOG-856-A07", + "LOG-856-A17", + "LOG-856-A27", + "LOG-856-A42", + "LOG-856-A47", + "LOG-856-A57", + "LOG-857-A05", + "LOG-857-A25", + "LOG-857-A34", + "LOG-857-A50", + "LOG-857-A58", + "LOG-857-A78", + "LOG-858", + "LOG-899", + "LOG-900-A60", + "LOG-901", + "LOG-901-A05", + "LOG-901-A06", + "LOG-901-A08", + "LOG-910-A06", + "LOG-958-A01", + "LOG-964-A02", + "LOG-966", + "LOG-971-A06", + "LOG-974-A01", + "MBT-003", + "NET-029-A07", + "NET-029-A20", + "NET-1005-A08", + "NET-1143", + "NET-1233", + "NET-1349-A02", + "NET-1445-A06", + "NET-1459-A03", + "NET-1461-A03", + "NET-1613-A12", + "NET-1639-A03", + "NET-1639-A09", + "NET-1689-A11", + "NET-1690-A09", + "NET-1691-A06", + "NET-1751", + "NET-1761-A06", + "NET-374-A04", + "NET-374-A15", + "NET-377", + "NET-798-A04", + "NET-855-A01", + "NET-860-A09", + "NET-959-A01", + "NET-981-A06", + "NET-981-A12", + "PDT-004", + "PHY-003-A04", + "PHY-003-A09", + "PIL-001", + "PLG-001", + "PLG-006-A02", + "RIL-001", + "SEC-029-A14", + "SEC-1044-A03", + "SEC-1045-A09", + "SEC-1144-A14", + "SEC-1144-A25", + "SEC-1144-A39", + "SEC-1144-A53", + "SEC-1144-A67", + "SEC-1226-A06", + "SEC-2118-A08", + "SEC-2172-A08", + "SEC-2623-A07", + "SEC-264-A08", + "SEC-264-A13", + "SEC-264-A18", + "SEC-264-A29", + "SEC-2643-A13", + "SEC-2654-A09", + "SEC-2661-A11", + "SEC-2662-A13", + "SEC-2721-A09", + "SEC-2729-A13", + "SEC-2751-A09", + "SEC-2766-A04", + "SEC-2766-A05", + "SEC-2789-A10", + "SEC-2792-A03", + "SEC-2792-A08", + "SEC-2795-A08", + "SEC-2838-A01", + "SEC-2850-A07", + "SEC-2889-A11", + "SEC-2927-A06", + "SEC-3161-A08", + "SEC-3174-A04", + "SEC-3175-A10", + "SEC-3184-A11", + "SEC-3193-A07", + "SEC-3305", + "SEC-3305-A01", + "SEC-3305-A02", + "SEC-3330", + "SEC-3374-A08", + "SEC-3389-A09", + "SEC-362-A09", + "SEC-362-A11", + "SEC-362-A20", + "SEC-362-A22", + "SEC-3635-A07", + "SEC-3672-A10", + "SEC-3678-A07", + "SEC-383-A09", + "SEC-383-A18", + "SEC-3843-A09", + "SEC-3858-A08", + "SEC-3866", + "SEC-3904-A04", + "SEC-3904-A05", + "SEC-3933-A10", + "SEC-3945-A09", + "SEC-3946-A05", + "SEC-3971-A09", + "SEC-3973-A16", + "SEC-3974-A19", + "SEC-3982-A01", + "SEC-4013-A04", + "SEC-4223-A08", + "SEC-4359-A06", + "SEC-4427-A10", + "SEC-4522-A08", + "SEC-5190-A07", + "SEC-5570-A05", + "SEC-5782-A07", + "SEC-5807-A04", + "SEC-5915-A04", + "SEC-5917-A12", + "SEC-5925-A05", + "SEC-6320-A08", + "SEC-6394-A07", + "SEC-6515-A08", + "SEC-6728-A03", + "SEC-6818-A08", + "SEC-6830-A10", + "SEC-6876-A10", + "SEC-6894", + "SEC-6919-A09", + "SEC-6920", + "SEC-6927-A05", + "SEC-6938-A13", + "SEC-6993-A11", + "SEC-7169-A05", + "SEC-7436-A04", + "SEC-7436-A11", + "SEC-7480-A09", + "SEC-7595-A05", + "SEC-7595-A10", + "SEC-7705", + "SEC-7705-A01", + "SEC-7971-A04", + "SEC-8002-A10", + "SEC-8014-A12", + "SEC-8015-A08", + "SEC-8051-A06", + "SEC-8062-A04", + "SEC-8106-A07", + "SEC-8226-A09", + "SEC-8246-A03", + "SEC-8257-A06", + "SEC-8257-A13", + "SEC-8286-A09", + "SEC-8295", + "SEC-830-A12", + "SEC-834-A24", + "SEC-836-A02", + "SEC-836-A18", + "SEC-8363-A06", + "SEC-8874-A02", + "SEC-8911-A13", + "SEC-9001-A03", + "SEC-9065-A16", + "SEC-9068-A05", + "SEC-9096-A07", + "SEC-9134", + "SEC-9197-A13", + "SIG-008", + "TPM-004", + "TPM-004-A07", + "TRD-532-A07", + "TSA-006-A02", + "TSA-006-A04" + ], + "member_count": 961, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.95, + "source_meta_cluster": "M1", + "cluster_size": 412, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "access_control_event_logging", + "name": "Protokollierung von Zugriffskontrollentscheidungen", + "description": "Erlaubte und abgewiesene Zugriffsentscheidungen, insbesondere fuer privilegierte/administrative Konten und unberechtigte Zugriffsversuche, werden protokolliert.", + "tier": "LEGAL_MINIMUM", + "subdomain": "access_logging", + "applicability": "universal", + "evidence_facets": { + "governance": true, + "capability": true, + "evidence": true + }, + "source_role": "LEGAL_BASIS", + "legal_basis": [ + { + "source": "CRA", + "anchor": "Annex I Part I (2)(k)", + "citation": "recording and monitoring access to or modification of data, services or functions" + } + ], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "AC-2/AU-12", + "role": "best_practice" + }, + { + "source": "OWASP", + "anchor": "API1 BOLA", + "role": "best_practice" + } + ], + "member_review_units": [ + "M0", + "M2", + "M3", + "M27", + "M36", + "M80", + "M84", + "M95" + ], + "member_controls": [ + "ACC-005", + "ACC-188-A11", + "ACC-188-A22", + "ACC-188-A41", + "ACC-188-A54", + "ACC-189-A11", + "ACC-189-A24", + "ACC-189-A50", + "ACC-189-A63", + "ACC-195-A09", + "ACC-195-A19", + "ACC-195-A31", + "ACC-195-A41", + "ACC-195-A50", + "ACC-199-A11", + "ACC-199-A22", + "ACC-199-A44", + "ACC-199-A55", + "ACC-449", + "ACC-470-A15", + "ACC-474-A11", + "ACC-476-A05", + "ACC-484-A05", + "ACC-487-A01", + "ACC-512-A10", + "ACC-533-A10", + "ACC-578-A08", + "ACC-584-A06", + "ACC-584-A12", + "ACC-598-A05", + "ACC-612-A08", + "ACC-631-A09", + "ACC-642-A06", + "ACC-659", + "ACC-686-A03", + "ACC-695", + "ACC-695-A05", + "ACC-703", + "ACC-717", + "ACC-734", + "ACC-735", + "ACC-757-A01", + "AI-1131-A07", + "AI-1241-A10", + "AI-1389-A08", + "AI-1390-A05", + "AI-1392-A07", + "AI-1559-A08", + "AI-1602-A02", + "AI-1602-A05", + "AI-1624-A04", + "API-005", + "AUD-001", + "AUTH-1061-A19", + "AUTH-1061-A77", + "AUTH-1102-A14", + "AUTH-112", + "AUTH-112-A11", + "AUTH-112-A24", + "AUTH-1290", + "AUTH-1292-A02", + "AUTH-1303-A08", + "AUTH-1443-A07", + "AUTH-1448-A01", + "AUTH-1455", + "AUTH-1455-A07", + "AUTH-1459-A09", + "AUTH-1466-A09", + "AUTH-148-A05", + "AUTH-1525-A04", + "AUTH-1530-A07", + "AUTH-1538", + "AUTH-1538-A10", + "AUTH-1559", + "AUTH-1589-A10", + "AUTH-1668-A09", + "AUTH-1682-A08", + "AUTH-1699-A07", + "AUTH-1705-A12", + "AUTH-1716-A03", + "AUTH-1818-A11", + "AUTH-1834-A06", + "AUTH-1862-A09", + "AUTH-1886-A09", + "AUTH-2406", + "AUTH-2411", + "AUTH-2419-A06", + "AUTH-2461-A04", + "AUTH-2466-A04", + "AUTH-2544-A05", + "AUTH-2544-A10", + "AUTH-2546-A03", + "AUTH-2547", + "AUTH-2547-A02", + "AUTH-2550-A13", + "AUTH-2650-A05", + "AUTH-2785-A04", + "AUTH-2809-A08", + "AUTH-2830-A07", + "AUTH-2855-A06", + "AUTH-2879-A06", + "AUTH-2879-A11", + "AUTH-2919", + "AUTH-2919-A08", + "AUTH-2919-A09", + "AUTH-2919-A10", + "AUTH-2941-A01", + "AUTH-2941-A02", + "AUTH-2947-A01", + "AUTH-2965-A03", + "AUTH-2970-A06", + "AUTH-3025", + "AUTH-3082-A09", + "AUTH-3089-A08", + "AUTH-3171-A10", + "AUTH-3228-A04", + "AUTH-3246-A11", + "AUTH-3252-A04", + "AUTH-3252-A07", + "AUTH-3296-A01", + "AUTH-3350-A01", + "AUTH-3452-A07", + "AUTH-3478-A08", + "AUTH-3591-A05", + "AUTH-3592-A05", + "AUTH-3595-A05", + "AUTH-3595-A11", + "AUTH-3633-A07", + "AUTH-3665-A01", + "AUTH-3680-A03", + "AUTH-3683", + "AUTH-3686-A09", + "AUTH-3687-A01", + "AUTH-3687-A02", + "AUTH-3687-A06", + "AUTH-3688", + "AUTH-3894", + "AUTH-3917-A09", + "AUTH-3917-A13", + "AUTH-3930-A11", + "AUTH-4045", + "AUTH-4045-A01", + "AUTH-4045-A04", + "AUTH-4049-A02", + "AUTH-4075-A03", + "AUTH-4095-A05", + "AUTH-4095-A09", + "AUTH-639-A07", + "AUTH-785", + "AUTH-857-A03", + "COMP-1625-A08", + "COMP-1639-A04", + "COMP-1891-A04", + "COMP-1891-A08", + "COMP-1919-A10", + "COMP-1936-A07", + "COMP-2128", + "COMP-2128-A06", + "COMP-2428-A08", + "COMP-2724", + "COMP-2724-A03", + "COMP-2734-A09", + "COMP-2780-A05", + "COMP-2780-A14", + "COMP-2928-A02", + "COMP-3297-A04", + "COMP-3309-A05", + "COMP-3309-A10", + "COMP-3322-A01", + "COMP-3322-A02", + "COMP-3322-A06", + "COMP-3322-A10", + "COMP-3326-A01", + "COMP-3326-A14", + "COMP-3327-A06", + "COMP-3339-A10", + "COMP-3378-A08", + "COMP-3436-A09", + "COMP-3449-A01", + "COMP-3521-A05", + "COMP-3658", + "COMP-3733-A08", + "COMP-3733-A09", + "COMP-3739-A03", + "COMP-3983-A04", + "COMP-3983-A05", + "COMP-4009-A03", + "COMP-4059", + "COMP-4059-A01", + "COMP-4059-A02", + "CRA-006", + "CRYP-1043-A09", + "CRYP-1063-A10", + "CRYP-1079-A10", + "CRYP-1106-A11", + "CRYP-1160-A05", + "CRYP-1179-A05", + "CRYP-1252-A06", + "CRYP-1720-A08", + "CRYP-1725-A04", + "CRYP-1751-A07", + "CRYP-1787-A06", + "CRYP-1814-A14", + "CRYP-1881-A04", + "CRYP-190-A10", + "CRYP-1907-A05", + "CRYP-1907-A09", + "CRYP-2028-A01", + "CRYP-2036-A11", + "CRYP-2158-A11", + "CRYP-2184-A08", + "CRYP-2282-A06", + "CRYP-2330-A04", + "CRYP-348-A02", + "CRYP-781-A07", + "CRYP-827-A08", + "CRYP-957-A11", + "DATA-1065", + "DATA-1163-A11", + "DATA-1167", + "DATA-1228-A10", + "DATA-1230-A08", + "DATA-1240-A13", + "DATA-1247-A07", + "DATA-1253-A08", + "DATA-1257", + "DATA-1267", + "DATA-1273-A02", + "DATA-1273-A10", + "DATA-1349", + "DATA-1349-A03", + "DATA-1461", + "DATA-1490-A06", + "DATA-1517-A06", + "DATA-1730-A06", + "DATA-1732-A10", + "DATA-1851-A05", + "DATA-1945-A17", + "DATA-2014-A10", + "DATA-202", + "DATA-202-A01", + "DATA-202-A02", + "DATA-2057-A09", + "DATA-2190-A08", + "DATA-2223-A01", + "DATA-2430-A06", + "DATA-2516-A05", + "DATA-2585-A08", + "DATA-2703-A06", + "DATA-3026-A05", + "DATA-3034-A08", + "DATA-3240-A11", + "DATA-3250-A06", + "DATA-3326-A14", + "DATA-3367-A04", + "DATA-3556-A09", + "DATA-4138-A11", + "DATA-4335-A05", + "DATA-4345-A05", + "DATA-4364", + "DATA-4633-A07", + "DATA-4634-A01", + "DATA-4670-A08", + "DATA-4683-A05", + "DATA-4689-A02", + "FIN-1094-A01", + "FIN-696-A11", + "FRD-006", + "GLM-001", + "GOV-1398-A12", + "GOV-1439-A10", + "GOV-2868-A12", + "GOV-3179-A07", + "GOV-3191-A09", + "GOV-3208-A09", + "GOV-3256-A12", + "GOV-3500-A02", + "GOV-3805-A01", + "GOV-3805-A07", + "GOV-3805-A08", + "GOV-3805-A09", + "GOV-3846-A05", + "GOV-485-A07", + "GOV-485-A18", + "GOV-982-A03", + "HLT-125-A07", + "HLT-181-A08", + "HLT-262-A02", + "HLT-514-A08", + "HLT-515-A03", + "HLT-528-A02", + "HLT-532-A08", + "HLT-533-A10", + "HLT-558-A07", + "HLT-560-A09", + "HLT-560-A10", + "HSM-005", + "IDA-008", + "IDF-010", + "INC-1104-A04", + "INC-1153-A05", + "INC-1159-A12", + "INC-1173-A13", + "INC-1230-A04", + "INC-917", + "KST-003-A01", + "KYS-006", + "LAB-557-A10", + "LAB-610-A05", + "LOG-001-A01", + "LOG-001-A02", + "LOG-0860-A05", + "LOG-1019", + "LOG-1019-A01", + "LOG-1019-A02", + "LOG-1019-A03", + "LOG-1032", + "LOG-1032-A03", + "LOG-1041-A02", + "LOG-1042-A01", + "LOG-1046-A07", + "LOG-1052-A08", + "LOG-1054-A02", + "LOG-1054-A03", + "LOG-1054-A04", + "LOG-1054-A09", + "LOG-1058-A03", + "LOG-1058-A06", + "LOG-1059-A06", + "LOG-1060", + "LOG-1066", + "LOG-1066-A01", + "LOG-1071-A01", + "LOG-1074-A05", + "LOG-1087-A12", + "LOG-1126", + "LOG-1126-A02", + "LOG-1239-A07", + "LOG-1478-A08", + "LOG-1480-A10", + "LOG-1491", + "LOG-1493-A07", + "LOG-1507-A04", + "LOG-1546-A02", + "LOG-1546-A09", + "LOG-1549-A02", + "LOG-1664", + "LOG-1664-A01", + "LOG-1679-A06", + "LOG-1705-A04", + "LOG-1706-A09", + "LOG-1728", + "LOG-1728-A15", + "LOG-1728-A16", + "LOG-1729", + "LOG-1733", + "LOG-1733-A05", + "LOG-1733-A08", + "LOG-1733-A12", + "LOG-1734-A03", + "LOG-1737-A01", + "LOG-1746", + "LOG-1746-A11", + "LOG-1747", + "LOG-1747-A05", + "LOG-1751", + "LOG-1755", + "LOG-1763", + "LOG-1764", + "LOG-1764-A03", + "LOG-1775", + "LOG-1780", + "LOG-1781", + "LOG-1783-A08", + "LOG-1825-A03", + "LOG-1830-A18", + "LOG-1848-A05", + "LOG-1945-A05", + "LOG-1947", + "LOG-1947-A01", + "LOG-1951-A04", + "LOG-1954-A04", + "LOG-1959", + "LOG-1959-A02", + "LOG-2021-A05", + "LOG-2021-A09", + "LOG-2021-A10", + "LOG-2023", + "LOG-2033-A03", + "LOG-2073-A05", + "LOG-2082-A01", + "LOG-2082-A08", + "LOG-641-A04", + "LOG-641-A05", + "LOG-641-A06", + "LOG-657-A06", + "LOG-667-A07", + "LOG-745-A10", + "LOG-745-A19", + "LOG-745-A20", + "LOG-745-A30", + "LOG-745-A40", + "LOG-745-A41", + "LOG-745-A51", + "LOG-745-A60", + "LOG-857-A05", + "LOG-857-A25", + "LOG-857-A34", + "LOG-857-A50", + "LOG-857-A58", + "LOG-857-A78", + "LOG-901", + "LOG-901-A06", + "LOG-910-A06", + "LOG-964", + "LOG-964-A01", + "LOG-967-A02", + "LOG-974-A04", + "MBT-003", + "NET-1347-A05", + "NET-1349-A02", + "NET-1459-A03", + "NET-1461-A03", + "NET-1612-A04", + "NET-1613-A12", + "NET-1639-A03", + "NET-1639-A09", + "NET-1689-A12", + "NET-1691-A07", + "NET-546-A45", + "NET-855-A01", + "NET-860-A09", + "NET-981-A06", + "PDT-004", + "PIL-001", + "SEC-1045-A09", + "SEC-2028", + "SEC-2118-A08", + "SEC-2180", + "SEC-2643-A13", + "SEC-2654-A09", + "SEC-2721-A09", + "SEC-2729-A13", + "SEC-2766-A04", + "SEC-2766-A05", + "SEC-2795-A08", + "SEC-2837-A05", + "SEC-2837-A10", + "SEC-2850-A07", + "SEC-2889-A11", + "SEC-2927-A06", + "SEC-3374-A08", + "SEC-3635-A07", + "SEC-3672-A10", + "SEC-3678-A07", + "SEC-383-A09", + "SEC-383-A18", + "SEC-3843-A09", + "SEC-3858-A08", + "SEC-3904-A05", + "SEC-3971-A09", + "SEC-3973-A16", + "SEC-4013-A04", + "SEC-4223-A08", + "SEC-4359-A06", + "SEC-4427-A10", + "SEC-450", + "SEC-4522-A08", + "SEC-5122-A09", + "SEC-5570-A05", + "SEC-5807-A04", + "SEC-5915-A04", + "SEC-5925-A05", + "SEC-6394-A07", + "SEC-6818-A08", + "SEC-6876-A10", + "SEC-6919-A09", + "SEC-6927-A05", + "SEC-6993-A11", + "SEC-7169-A05", + "SEC-7398-A04", + "SEC-7436-A04", + "SEC-7436-A11", + "SEC-7480-A09", + "SEC-7532-A09", + "SEC-7595-A05", + "SEC-7971-A04", + "SEC-7971-A06", + "SEC-8015-A08", + "SEC-8051-A06", + "SEC-8128", + "SEC-8226-A09", + "SEC-8246-A03", + "SEC-8257-A06", + "SEC-8295", + "SEC-8295-A07", + "SEC-8363-A06", + "SEC-8874", + "SEC-8874-A02", + "SEC-8911-A13", + "SEC-8930", + "SEC-9001-A03", + "SEC-9065-A16", + "SEC-9134-A08", + "SIG-008" + ], + "member_count": 505, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.92, + "source_meta_cluster": "M0", + "cluster_size": 365, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "audit_trail_admin_actions", + "name": "Audit-Trail administrativer und genehmigungspflichtiger Aktionen", + "description": "Administrative Aktionen, Genehmigungsentscheidungen und temporaere Befugnisse werden nachvollziehbar im Audit-Trail erfasst.", + "tier": "LEGAL_MINIMUM", + "subdomain": "admin_audit", + "applicability": "universal", + "evidence_facets": { + "governance": true, + "capability": true, + "evidence": true + }, + "source_role": "LEGAL_BASIS", + "legal_basis": [ + { + "source": "CRA", + "anchor": "Annex I Part I (2)(k)", + "citation": "monitor relevant internal activity including access to or modification of functions" + } + ], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "AU-2/AC-6", + "role": "best_practice" + } + ], + "member_review_units": [ + "M4", + "M5", + "M61", + "M40", + "M53", + "M45" + ], + "member_controls": [ + "ACC-483-A03", + "ACC-524-A06", + "ACC-534-A09", + "ACC-576-A10", + "ACC-576-A11", + "ACC-576-A17", + "ACC-686", + "ACC-734-A08", + "AI-1003-A05", + "AI-1003-A09", + "AI-1013-A05", + "AI-1387-A05", + "AI-1387-A10", + "AI-1389-A04", + "AI-1625-A06", + "AI-1625-A07", + "AI-1625-A08", + "AI-1701-A03", + "AUTH-1275-A05", + "AUTH-1444-A08", + "AUTH-1553-A02", + "AUTH-1553-A06", + "AUTH-1605-A02", + "AUTH-1605-A03", + "AUTH-1725-A04", + "AUTH-1886-A04", + "AUTH-2785-A02", + "AUTH-3034-A04", + "AUTH-3200-A03", + "AUTH-3200-A10", + "AUTH-3307-A09", + "AUTH-3338-A03", + "AUTH-3338-A16", + "AUTH-3473-A10", + "AUTH-3479-A01", + "AUTH-3510-A09", + "AUTH-3526-A02", + "AUTH-3667-A01", + "AUTH-3678", + "AUTH-3710", + "AUTH-3994-A11", + "AUTH-4115-A13", + "AUTH-663-A03", + "BIO-009-A02", + "COMP-1272-A10", + "COMP-1423-A06", + "COMP-1442-A12", + "COMP-2031-A06", + "COMP-2084-A05", + "COMP-2434", + "COMP-2726-A08", + "COMP-2734-A02", + "COMP-3305-A03", + "COMP-3309-A02", + "COMP-3309-A03", + "COMP-3309-A08", + "COMP-3313", + "COMP-3317-A04", + "COMP-3328-A01", + "COMP-3330", + "COMP-3330-A01", + "COMP-3330-A02", + "COMP-3351-A03", + "COMP-3514-A03", + "COMP-3514-A06", + "COMP-3634-A05", + "COMP-3696-A01", + "COMP-3981-A02", + "COMP-3981-A03", + "COMP-4000-A07", + "COMP-4058", + "COMP-4058-A07", + "COMP-4088", + "CRYP-1094-A04", + "CRYP-1210-A08", + "CRYP-1238-A05", + "CRYP-1641-A08", + "CRYP-1803-A01", + "CRYP-1861-A09", + "CRYP-2027-A08", + "CRYP-2184-A03", + "CRYP-2301", + "CRYP-389-A04", + "CRYP-867-A04", + "DATA-1164-A07", + "DATA-1289-A12", + "DATA-1348-A01", + "DATA-1745-A02", + "DATA-1745-A06", + "DATA-1769-A03", + "DATA-2309-A03", + "DATA-2373-A01", + "DATA-2533-A03", + "DATA-2533-A08", + "DATA-2695-A09", + "DATA-2988-A08", + "DATA-3272-A01", + "DATA-3278-A02", + "DATA-3438-A04", + "DATA-3477-A06", + "DATA-3698-A16", + "DATA-3968-A03", + "DATA-4025-A03", + "DATA-4198-A04", + "DATA-4327-A04", + "DATA-4364-A04", + "DATA-4633-A08", + "GOV-1195", + "GOV-1206-A03", + "GOV-1206-A08", + "GOV-1404-A09", + "GOV-1438-A04", + "GOV-1438-A08", + "GOV-1751-A01", + "GOV-2302-A03", + "GOV-2444-A08", + "GOV-2791-A04", + "GOV-3005-A08", + "GOV-3052-A05", + "GOV-3134-A08", + "GOV-3134-A13", + "GOV-3173-A09", + "GOV-3175-A02", + "GOV-3191-A05", + "GOV-3220", + "GOV-3258-A03", + "GOV-3258-A08", + "GOV-3426-A03", + "GOV-3427-A12", + "GOV-3805", + "GOV-3805-A04", + "GOV-3805-A05", + "GOV-3805-A06", + "GOV-3821-A10", + "GOV-3849-A01", + "GOV-3853", + "GOV-3853-A03", + "GOV-771-A06", + "INC-1150-A14", + "INC-1299-A06", + "INC-1334-A04", + "INC-364-A08", + "INC-434", + "INC-881-A12", + "INC-892-A05", + "INC-892-A11", + "LAB-452-A06", + "LOG-0862-A01", + "LOG-0862-A02", + "LOG-0862-A04", + "LOG-0887-A04", + "LOG-0887-A05", + "LOG-0887-A06", + "LOG-1046-A05", + "LOG-1058-A10", + "LOG-1059-A05", + "LOG-1088", + "LOG-1475", + "LOG-1475-A05", + "LOG-1511-A05", + "LOG-1511-A06", + "LOG-1663-A01", + "LOG-1700-A03", + "LOG-1743-A12", + "LOG-1762-A02", + "LOG-1777", + "LOG-1784-A05", + "LOG-1946-A09", + "LOG-2033-A04", + "LOG-2037-A08", + "LOG-2064-A07", + "LOG-631", + "LOG-899-A05", + "LOG-899-A18", + "LOG-899-A28", + "LOG-899-A38", + "NET-1449-A08", + "NET-1487-A08", + "NET-1689-A01", + "NET-1760-A05", + "NET-975-A04", + "NET-983-A08", + "SEC-2710-A06", + "SEC-2740-A11", + "SEC-2753-A08", + "SEC-2754-A09", + "SEC-2787-A04", + "SEC-2792-A07", + "SEC-2876-A09", + "SEC-2886-A03", + "SEC-2983-A05", + "SEC-3175-A04", + "SEC-3176-A05", + "SEC-3176-A12", + "SEC-3412-A12", + "SEC-362-A04", + "SEC-362-A16", + "SEC-3859-A03", + "SEC-3894-A06", + "SEC-3946", + "SEC-3946-A05", + "SEC-3982-A05", + "SEC-4013", + "SEC-5227-A08", + "SEC-5308-A10", + "SEC-5645-A05", + "SEC-5656-A04", + "SEC-5794-A10", + "SEC-5843", + "SEC-6137-A05", + "SEC-6570-A06", + "SEC-6847-A05", + "SEC-6856-A04", + "SEC-6929-A04", + "SEC-6929-A08", + "SEC-7452-A05", + "SEC-7590-A01", + "SEC-7617-A05", + "SEC-7675-A02", + "SEC-7945-A04", + "SEC-7959-A08", + "SEC-8187-A04", + "SEC-8200-A07", + "SEC-8284-A05", + "SEC-8801-A05", + "SEC-9134" + ], + "member_count": 226, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.9, + "source_meta_cluster": "M4", + "cluster_size": 75, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "log_integrity_immutability", + "name": "Integritaet und Unveraenderbarkeit der Logs", + "description": "Audit-Logs werden gegen unbefugte Aenderung oder Loeschung geschuetzt (WORM/Append-Only, Integritaetssicherung, revisionssichere Speicherung).", + "tier": "LEGAL_MINIMUM", + "subdomain": "log_integrity", + "applicability": "universal", + "evidence_facets": { + "governance": false, + "capability": true, + "evidence": true + }, + "source_role": "LEGAL_BASIS", + "legal_basis": [ + { + "source": "CRA", + "anchor": "Annex I Part I (2)(k)", + "citation": "recording and monitoring ... in a secure manner" + } + ], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "AU-9 Protection of Audit Information", + "role": "best_practice" + }, + { + "source": "ISO", + "anchor": "ISO 27001 A.8.15", + "role": "best_practice" + } + ], + "member_review_units": [ + "M1", + "M41", + "M57", + "M17", + "M28", + "M83", + "M65", + "M37", + "M24" + ], + "member_controls": [ + "ACC-0320-A14", + "ACC-0320-A15", + "ACC-086", + "ACC-086-A03", + "ACC-086-A04", + "ACC-086-A05", + "ACC-086-A07", + "ACC-086-A11", + "ACC-086-A16", + "ACC-086-A17", + "ACC-086-A19", + "ACC-086-A23", + "ACC-086-A24", + "ACC-089-A09", + "ACC-089-A16", + "ACC-175-A06", + "ACC-175-A15", + "ACC-210-A13", + "ACC-210-A20", + "ACC-210-A27", + "ACC-210-A34", + "ACC-476-A08", + "ACC-499-A07", + "ACC-623-A09", + "ACC-642-A07", + "ACC-686-A06", + "ACC-686-A07", + "ACC-746-A07", + "ACL-002-A02", + "ACL-002-A04", + "ACL-002-A06", + "ACL-002-A08", + "AI-031-A19", + "AI-099-A29", + "AI-1597-A01", + "AI-594-A11", + "AI-648-A09", + "AI-684-A12", + "AI-760-A40", + "AI-942-A56", + "AI-942-A68", + "AI-951-A37", + "AUTH-079-A28", + "AUTH-1048-A71", + "AUTH-1441-A12", + "AUTH-1514-A12", + "AUTH-1669-A10", + "AUTH-1723-A01", + "AUTH-1723-A09", + "AUTH-2415", + "AUTH-2415-A07", + "AUTH-2415-A08", + "AUTH-2415-A13", + "AUTH-2448-A10", + "AUTH-2593-A03", + "AUTH-2593-A08", + "AUTH-2650-A11", + "AUTH-2734-A07", + "AUTH-2784-A06", + "AUTH-2836-A07", + "AUTH-2881-A07", + "AUTH-2903-A10", + "AUTH-2905-A05", + "AUTH-2941-A03", + "AUTH-3025-A13", + "AUTH-3199-A04", + "AUTH-3246-A03", + "AUTH-3338-A17", + "AUTH-3667", + "AUTH-3715-A11", + "AUTH-3904", + "AUTH-3936-A17", + "AUTH-4032-A07", + "AUTH-523", + "AUTH-523-A04", + "AUTH-552", + "AUTH-552-A01", + "AUTH-552-A03", + "AUTH-552-A04", + "AUTH-552-A07", + "AUTH-552-A08", + "AUTH-552-A09", + "AUTH-552-A13", + "AUTH-595-A09", + "AUTH-616-A08", + "AUTH-633-A11", + "AUTH-656", + "AUTH-656-A01", + "AUTH-656-A02", + "AUTH-656-A03", + "AUTH-656-A04", + "AUTH-656-A05", + "AUTH-656-A06", + "AUTH-656-A07", + "AUTH-656-A08", + "AUTH-656-A09", + "AUTH-656-A10", + "AUTH-656-A12", + "AUTH-656-A13", + "AUTH-656-A14", + "AUTH-656-A15", + "AUTH-656-A16", + "AUTH-656-A17", + "AUTH-656-A18", + "AUTH-656-A24", + "AUTH-656-A26", + "AUTH-656-A27", + "AUTH-663", + "AUTH-663-A01", + "AUTH-678-A06", + "AUTH-734-A04", + "AUTH-760-A03", + "AUTH-856-A04", + "AUTH-856-A15", + "AUTH-856-A26", + "AUTH-856-A37", + "AUTH-856-A48", + "AUTH-902-A03", + "BIO-009-A03", + "COMP-1053-A04", + "COMP-1053-A08", + "COMP-1103-A05", + "COMP-1103-A09", + "COMP-1103-A14", + "COMP-1150-A05", + "COMP-1150-A08", + "COMP-1150-A11", + "COMP-116-A09", + "COMP-116-A18", + "COMP-1231-A28", + "COMP-1247-A02", + "COMP-1247-A10", + "COMP-1247-A18", + "COMP-1247-A26", + "COMP-1247-A34", + "COMP-1247-A42", + "COMP-1249-A04", + "COMP-1249-A11", + "COMP-1249-A24", + "COMP-1249-A29", + "COMP-1249-A37", + "COMP-1249-A47", + "COMP-1249-A52", + "COMP-1249-A64", + "COMP-1249-A71", + "COMP-178-A08", + "COMP-178-A19", + "COMP-1919-A13", + "COMP-2462-A05", + "COMP-2734", + "COMP-2734-A04", + "COMP-2734-A05", + "COMP-2734-A11", + "COMP-2752", + "COMP-2752-A01", + "COMP-2752-A02", + "COMP-2752-A04", + "COMP-2768", + "COMP-2775", + "COMP-2775-A05", + "COMP-3280-A01", + "COMP-3292-A02", + "COMP-3301-A08", + "COMP-3304", + "COMP-3306", + "COMP-3306-A07", + "COMP-3306-A08", + "COMP-3309", + "COMP-3309-A04", + "COMP-3309-A07", + "COMP-3312-A05", + "COMP-3318", + "COMP-3324-A06", + "COMP-3326-A05", + "COMP-3326-A07", + "COMP-3326-A12", + "COMP-3327", + "COMP-3327-A03", + "COMP-3332", + "COMP-3339", + "COMP-3339-A03", + "COMP-3339-A06", + "COMP-3339-A08", + "COMP-3343-A01", + "COMP-3351", + "COMP-3351-A01", + "COMP-3351-A02", + "COMP-3351-A04", + "COMP-3351-A07", + "COMP-3362", + "COMP-3362-A01", + "COMP-3442-A15", + "COMP-356-A06", + "COMP-3696-A06", + "COMP-3733", + "COMP-4059-A11", + "COMP-4088-A12", + "COMP-498-A03", + "COMP-498-A04", + "COMP-714-A06", + "COMP-786-A06", + "COMP-786-A11", + "COMP-786-A20", + "COMP-786-A25", + "COMP-911", + "COMP-911-A02", + "COMP-911-A04", + "CRA-006-A03", + "CRA-006-A04", + "CRYP-1014-A07", + "CRYP-1044-A13", + "CRYP-118-A11", + "CRYP-1247", + "CRYP-1247-A01", + "CRYP-1451-A05", + "CRYP-1477-A09", + "CRYP-1855", + "CRYP-186-A10", + "CRYP-186-A21", + "CRYP-1881-A12", + "CRYP-1892-A11", + "CRYP-1910-A10", + "CRYP-1968-A18", + "CRYP-2027-A10", + "CRYP-2168-A08", + "CRYP-225-A06", + "CRYP-285-A03", + "CRYP-376-A09", + "CRYP-389-A13", + "DATA-002-A09", + "DATA-1135-A08", + "DATA-1164-A10", + "DATA-1235-A05", + "DATA-1235-A11", + "DATA-1237-A05", + "DATA-137-A21", + "DATA-2017-A04", + "DATA-2213-A02", + "DATA-2309", + "DATA-2309-A01", + "DATA-2309-A05", + "DATA-2309-A07", + "DATA-2695-A02", + "DATA-2724-A08", + "DATA-3026-A10", + "DATA-3437-A12", + "DATA-4242-A07", + "DATA-4277-A07", + "DATA-4294-A10", + "DATA-4303-A10", + "DATA-4556-A04", + "DATA-4633-A03", + "DATA-716-A01", + "DATA-716-A02", + "DATA-716-A03", + "DATA-716-A04", + "DATA-827-A04", + "DATA-827-A05", + "DATA-827-A06", + "DATA-917-A02", + "DATA-917-A03", + "DATA-917-A05", + "DATA-917-A06", + "DATA-917-A08", + "DATA-917-A10", + "DATA-917-A11", + "DATA-947-A02", + "DATA-947-A03", + "DATA-947-A06", + "DATA-947-A11", + "DATA-947-A15", + "DATA-947-A16", + "DATA-947-A17", + "DATA-947-A20", + "DOC-010-A01", + "DOC-010-A03", + "DOC-010-A07", + "FIN-298-A21", + "GLM-001-A02", + "GLM-001-A04", + "GOV-0683-A04", + "GOV-0683-A10", + "GOV-0686-A04", + "GOV-0686-A10", + "GOV-0697-A01", + "GOV-0697-A03", + "GOV-1045-A04", + "GOV-1195-A02", + "GOV-1540", + "GOV-1540-A01", + "GOV-2435-A10", + "GOV-3061-A09", + "GOV-3175-A03", + "GOV-3175-A04", + "GOV-322-A11", + "GOV-445-A13", + "GOV-462-A13", + "GOV-640-A30", + "GOV-741-A05", + "HLT-120-A09", + "HLT-148-A03", + "HLT-148-A07", + "HLT-560-A18", + "IAM-009-A07", + "IAM-009-A10", + "IDF-010-A02", + "INC-0358-A29", + "INC-091", + "INC-091-A05", + "INC-091-A07", + "INC-091-A08", + "INC-091-A09", + "INC-091-A10", + "INC-151-A10", + "INC-188-A05", + "INC-205-A02", + "ISS-003-A02", + "KMG-002-A04", + "KYS-006-A08", + "LOG-045-A17", + "LOG-060-A07", + "LOG-0861-A01", + "LOG-0861-A07", + "LOG-0861-A13", + "LOG-0863", + "LOG-0863-A01", + "LOG-0867-A04", + "LOG-0868-A04", + "LOG-0869-A07", + "LOG-0874-A01", + "LOG-0874-A02", + "LOG-0874-A04", + "LOG-0874-A06", + "LOG-0879-A03", + "LOG-0885-A04", + "LOG-0885-A05", + "LOG-0886-A01", + "LOG-1048-A05", + "LOG-1066-A02", + "LOG-107-A05", + "LOG-1088-A01", + "LOG-1088-A04", + "LOG-1478-A06", + "LOG-1480", + "LOG-1480-A01", + "LOG-1481-A10", + "LOG-1512-A05", + "LOG-1695-A11", + "LOG-1728-A17", + "LOG-1762-A03", + "LOG-1830-A20", + "LOG-1859-A11", + "LOG-1892-A01", + "LOG-1959-A10", + "LOG-2028-A05", + "LOG-2037", + "LOG-2054-A06", + "LOG-2065", + "LOG-2067-A05", + "LOG-341", + "LOG-407-A18", + "LOG-410-A11", + "LOG-595-A08", + "LOG-596", + "LOG-596-A01", + "LOG-599", + "LOG-599-A01", + "LOG-605-A05", + "LOG-622", + "LOG-622-A12", + "LOG-622-A13", + "LOG-626-A04", + "LOG-633-A07", + "LOG-643", + "LOG-643-A01", + "LOG-643-A02", + "LOG-643-A03", + "LOG-652-A03", + "LOG-652-A07", + "LOG-652-A08", + "LOG-667", + "LOG-667-A04", + "LOG-667-A06", + "LOG-684-A06", + "LOG-686", + "LOG-686-A01", + "LOG-686-A09", + "LOG-705", + "LOG-706-A10", + "LOG-706-A11", + "LOG-711", + "LOG-711-A18", + "LOG-745-A08", + "LOG-745-A09", + "LOG-745-A18", + "LOG-745-A28", + "LOG-745-A29", + "LOG-745-A38", + "LOG-745-A39", + "LOG-745-A49", + "LOG-745-A50", + "LOG-745-A59", + "LOG-855", + "LOG-856-A07", + "LOG-856-A17", + "LOG-856-A27", + "LOG-856-A42", + "LOG-856-A47", + "LOG-856-A57", + "LOG-857", + "LOG-858", + "LOG-899", + "LOG-900-A60", + "LOG-901-A08", + "LOG-962-A06", + "LOG-966", + "LOG-974-A01", + "NET-029-A07", + "NET-029-A20", + "NET-1143", + "NET-1689-A11", + "NET-374-A04", + "NET-374-A15", + "NET-377", + "NET-798-A04", + "NET-981-A12", + "PHY-003-A04", + "PHY-003-A09", + "PLG-006-A02", + "REL-001-A01", + "REL-001-A07", + "SEC-038-A07", + "SEC-038-A08", + "SEC-1044-A03", + "SEC-1144-A14", + "SEC-1144-A25", + "SEC-1144-A39", + "SEC-1144-A53", + "SEC-1144-A67", + "SEC-2172-A08", + "SEC-2392-A10", + "SEC-2623-A07", + "SEC-264-A08", + "SEC-264-A13", + "SEC-264-A18", + "SEC-264-A29", + "SEC-2645-A02", + "SEC-2751-A09", + "SEC-2789-A10", + "SEC-2792", + "SEC-2792-A01", + "SEC-2792-A03", + "SEC-2792-A08", + "SEC-2792-A09", + "SEC-2838-A01", + "SEC-3161-A08", + "SEC-3174-A04", + "SEC-3175-A10", + "SEC-3184-A11", + "SEC-3389-A09", + "SEC-362-A09", + "SEC-362-A11", + "SEC-362-A20", + "SEC-362-A22", + "SEC-3866", + "SEC-3895-A09", + "SEC-3904-A04", + "SEC-3915-A05", + "SEC-3933-A05", + "SEC-3933-A10", + "SEC-3937-A03", + "SEC-3945-A09", + "SEC-3974-A19", + "SEC-3982-A01", + "SEC-5136-A09", + "SEC-5782-A07", + "SEC-5917-A12", + "SEC-6320-A08", + "SEC-6515-A08", + "SEC-6830-A10", + "SEC-6894", + "SEC-6938-A13", + "SEC-7562-A03", + "SEC-7595-A10", + "SEC-7705-A01", + "SEC-8002-A10", + "SEC-8014-A12", + "SEC-8062-A04", + "SEC-8106-A07", + "SEC-8208-A08", + "SEC-8257-A13", + "SEC-8286-A09", + "SEC-830-A12", + "SEC-8303", + "SEC-834-A24", + "SEC-836-A02", + "SEC-836-A18", + "SEC-9020-A10", + "SEC-9068-A05", + "SEC-9197-A13", + "TPM-004", + "TPM-004-A07", + "TRD-532-A07", + "TSA-006-A02", + "TSA-006-A04" + ], + "member_count": 505, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.93, + "source_meta_cluster": "M41", + "cluster_size": 21, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "log_access_control_protection", + "name": "Zugriffsschutz auf Protokollierungssysteme", + "description": "Der Zugriff auf Audit-Logs und Protokollierungssysteme wird eingeschraenkt und kontrolliert; nur autorisierte Rollen duerfen Logs einsehen oder konfigurieren.", + "tier": "LEGAL_MINIMUM", + "subdomain": "log_access", + "applicability": "universal", + "evidence_facets": { + "governance": true, + "capability": true, + "evidence": true + }, + "source_role": "LEGAL_BASIS", + "legal_basis": [ + { + "source": "CRA", + "anchor": "Annex I Part I (2)(k)", + "citation": "in a secure manner" + } + ], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "AU-9(4) Access by Subset of Privileged Users", + "role": "best_practice" + } + ], + "member_review_units": [ + "M57", + "M27", + "M39", + "M84" + ], + "member_controls": [ + "AUTH-3591-A05", + "AUTH-3687-A01", + "COMP-2775-A01", + "COMP-2778", + "COMP-2778-A01", + "COMP-2778-A05", + "CRYP-2028-A01", + "DATA-1164-A10", + "DATA-1235-A05", + "DATA-1732-A10", + "DATA-2213-A02", + "DATA-2309", + "DATA-2309-A01", + "DATA-3367-A04", + "DATA-4300-A08", + "DATA-4633-A03", + "DATA-827-A06", + "DATA-947-A02", + "DATA-947-A03", + "DATA-947-A16", + "DATA-947-A17", + "GOV-3833", + "LOG-053", + "LOG-053-A03", + "LOG-053-A09", + "LOG-060", + "LOG-060-A06", + "LOG-060-A15", + "LOG-0860-A05", + "LOG-0879-A03", + "LOG-1041-A02", + "LOG-1054-A02", + "LOG-1058-A03", + "LOG-1237-A06", + "LOG-1513", + "LOG-1513-A01", + "LOG-1515-A03", + "LOG-1664", + "LOG-1664-A01", + "LOG-1731-A04", + "LOG-1830-A18", + "LOG-1947-A07", + "LOG-2026-A05", + "LOG-2065-A05", + "LOG-595-A08", + "LOG-641-A04", + "LOG-641-A05", + "LOG-641-A06", + "LOG-643", + "LOG-643-A01", + "LOG-643-A02", + "LOG-967-A02", + "LOG-974-A04", + "NET-1691-A07", + "SEC-2792", + "SEC-2792-A01", + "SEC-6319-A11", + "SEC-7060-A04", + "SEC-7080-A10" + ], + "member_count": 59, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.88, + "source_meta_cluster": "M57", + "cluster_size": 18, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "log_retention_archival", + "name": "Aufbewahrung und Archivierung von Audit-Logs", + "description": "Audit-Logs werden fuer definierte Aufbewahrungszeitraeume gespeichert, archiviert und bei Bedarf uebertragen, inkl. Speicherkapazitaetsplanung.", + "tier": "BEST_PRACTICE", + "subdomain": "log_retention", + "applicability": "conditional:retention_required", + "evidence_facets": { + "governance": true, + "capability": true, + "evidence": true + }, + "source_role": "GUIDANCE", + "legal_basis": [], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "AU-11 Audit Record Retention", + "role": "best_practice" + }, + { + "source": "ISO", + "anchor": "ISO 27001 A.8.15", + "role": "best_practice" + } + ], + "member_review_units": [ + "M38", + "M69", + "M44", + "M22" + ], + "member_controls": [ + "AUTH-2905-A07", + "COMP-2734-A07", + "COMP-2752-A09", + "COMP-2928", + "COMP-3299-A04", + "COMP-3312-A06", + "COMP-3324", + "COMP-3324-A01", + "COMP-3324-A02", + "COMP-3324-A03", + "COMP-3324-A04", + "COMP-3326-A11", + "COMP-3339-A02", + "COMP-3340", + "COMP-3347", + "COMP-3363", + "COMP-3363-A03", + "COMP-3441-A09", + "COMP-3521-A03", + "COMP-3521-A04", + "COMP-3617-A12", + "COMP-4059-A12", + "COMP-4113-A05", + "COMP-911-A03", + "COMP-911-A09", + "CRYP-1103-A08", + "CRYP-1156-A10", + "CRYP-1244-A10", + "CRYP-1688-A15", + "CRYP-1839-A03", + "CRYP-1936", + "CRYP-244", + "CRYP-807-A08", + "CRYP-911-A09", + "DATA-1164-A06", + "DATA-1230", + "DATA-1235-A04", + "DATA-2017-A02", + "DATA-2429-A11", + "DATA-3222-A12", + "DATA-3278-A06", + "GOV-1414-A07", + "GOV-1420-A11", + "GOV-1562-A09", + "GOV-1664-A08", + "GOV-2495-A08", + "GOV-2596-A06", + "GOV-3494-A13", + "INC-1334-A02", + "LOG-0860-A01", + "LOG-1036-A01", + "LOG-1044-A05", + "LOG-1052-A05", + "LOG-1053-A02", + "LOG-1056-A02", + "LOG-1057-A06", + "LOG-1062", + "LOG-1062-A01", + "LOG-1062-A02", + "LOG-1074-A03", + "LOG-1087-A01", + "LOG-1100-A03", + "LOG-1102-A03", + "LOG-1235-A07", + "LOG-1237-A03", + "LOG-1237-A05", + "LOG-1465-A01", + "LOG-1465-A02", + "LOG-1480-A08", + "LOG-1494", + "LOG-1515-A04", + "LOG-172-A05", + "LOG-1830-A21", + "LOG-1901-A02", + "LOG-1901-A08", + "LOG-1901-A09", + "LOG-1956", + "LOG-1959-A08", + "LOG-2057-A05", + "LOG-595", + "LOG-595-A01", + "LOG-616", + "LOG-616-A01", + "LOG-667-A05", + "LOG-667-A09", + "LOG-667-A10", + "LOG-667-A14", + "LOG-688", + "LOG-688-A01", + "LOG-688-A04", + "LOG-688-A05", + "LOG-688-A07", + "NET-1088-A06", + "NET-1751-A12", + "NET-959", + "SEC-2007-A05", + "SEC-2019-A01", + "SEC-2697-A08", + "SEC-2746-A09", + "SEC-2792-A02", + "SEC-2827-A10", + "SEC-2835-A08", + "SEC-3159-A11", + "SEC-3305-A03", + "SEC-3379-A10", + "SEC-3436-A12", + "SEC-3718-A01", + "SEC-3726-A09", + "SEC-3904-A03", + "SEC-3983", + "SEC-4016-A11", + "SEC-4124", + "SEC-5134-A06", + "SEC-5485", + "SEC-6194-A08", + "SEC-6232-A13", + "SEC-7482-A08", + "SEC-7726-A11", + "SEC-7932-A08", + "SEC-8015-A05", + "SEC-8308-A04", + "SEC-8993-A02", + "SEC-9134-A01" + ], + "member_count": 123, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.85, + "source_meta_cluster": "M38", + "cluster_size": 85, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "centralized_log_management", + "name": "Zentrales Log-Management und Korrelation", + "description": "Logs werden in eine zentrale Log-Management-Loesung integriert, korreliert und auf separaten Systemen gespeichert.", + "tier": "BEST_PRACTICE", + "subdomain": "log_management", + "applicability": "conditional:centralized_logging", + "evidence_facets": { + "governance": true, + "capability": true, + "evidence": false + }, + "source_role": "GUIDANCE", + "legal_basis": [], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "AU-6 Audit Record Review/SIEM", + "role": "best_practice" + } + ], + "member_review_units": [ + "M6", + "M20", + "M43", + "M70", + "M34", + "M53", + "M60", + "M93" + ], + "member_controls": [ + "ACC-652-A03", + "AUTH-1279-A01", + "AUTH-1279-A05", + "AUTH-1562-A01", + "AUTH-1924-A01", + "AUTH-2415-A06", + "AUTH-2415-A12", + "AUTH-2849-A10", + "AUTH-2936-A02", + "AUTH-2941-A12", + "AUTH-3025-A07", + "AUTH-3918-A02", + "AUTH-973", + "COMP-1455", + "COMP-1789-A14", + "COMP-2033-A08", + "COMP-2724-A04", + "COMP-2775-A06", + "COMP-2928-A01", + "COMP-3301-A07", + "COMP-3324-A10", + "COMP-3326-A09", + "COMP-3327-A05", + "COMP-3356-A02", + "COMP-3356-A03", + "COMP-3544-A05", + "COMP-3658-A01", + "COMP-3739-A02", + "CRYP-1068-A08", + "CRYP-1227-A05", + "CRYP-1451-A01", + "CRYP-1600-A11", + "CRYP-1600-A12", + "CRYP-2020-A06", + "CRYP-2301", + "CRYP-423", + "CRYP-743-A06", + "CRYP-805-A07", + "CRYP-841-A07", + "CRYP-845-A07", + "DATA-1050-A11", + "DATA-1732-A09", + "DATA-1903-A04", + "DATA-2309-A06", + "DATA-2388-A10", + "DATA-4300", + "DATA-4670-A09", + "GOV-1439-A08", + "GOV-1443", + "GOV-3504-A09", + "GOV-3530-A02", + "INC-1307-A06", + "LOG-1041-A03", + "LOG-1044-A01", + "LOG-1044-A02", + "LOG-1044-A03", + "LOG-1045", + "LOG-1045-A01", + "LOG-1054-A10", + "LOG-1058", + "LOG-1058-A01", + "LOG-1058-A09", + "LOG-1063-A05", + "LOG-1065-A02", + "LOG-1066-A04", + "LOG-1067", + "LOG-1067-A04", + "LOG-1069-A01", + "LOG-1075", + "LOG-1075-A01", + "LOG-1075-A02", + "LOG-1087", + "LOG-1093", + "LOG-1093-A01", + "LOG-1251-A09", + "LOG-1467", + "LOG-1467-A02", + "LOG-1475-A02", + "LOG-1485-A05", + "LOG-1511-A13", + "LOG-1515-A01", + "LOG-1545-A04", + "LOG-1731-A02", + "LOG-1733-A04", + "LOG-1734-A04", + "LOG-1736", + "LOG-1751-A11", + "LOG-1753", + "LOG-1761", + "LOG-1761-A01", + "LOG-1767", + "LOG-1767-A01", + "LOG-1772", + "LOG-1772-A01", + "LOG-1776-A01", + "LOG-1950", + "LOG-1950-A01", + "LOG-1953", + "LOG-2037-A08", + "LOG-2065-A08", + "LOG-2067-A03", + "LOG-2083-A01", + "LOG-699", + "LOG-710", + "LOG-859", + "LOG-900", + "LOG-902-A09", + "NET-048-A04", + "NET-048-A05", + "NET-048-A14", + "NET-048-A15", + "NET-1166-A11", + "NET-1356-A12", + "NET-1357-A08", + "NET-1491-A03", + "NET-1491-A09", + "NET-1530-A07", + "NET-1612-A05", + "NET-1689-A01", + "NET-1689-A06", + "NET-1689-A07", + "NET-1691", + "NET-1691-A01", + "NET-494-A12", + "NET-504", + "SEC-3904", + "SEC-3920-A09", + "SEC-3954", + "SEC-3954-A03", + "SEC-4009", + "SEC-4009-A01", + "SEC-5909-A09", + "SEC-6153-A09", + "SEC-6811-A07", + "SEC-6831-A08", + "SEC-7013-A05", + "SEC-7013-A08", + "SEC-7130", + "SEC-7154", + "SEC-7591-A04", + "SEC-7971-A01", + "SEC-8228-A03", + "SEC-8869-A05", + "SEC-8869-A06", + "SEC-8869-A07", + "SEC-980" + ], + "member_count": 146, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.84, + "source_meta_cluster": "M6", + "cluster_size": 64, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "log_monitoring_alerting", + "name": "Monitoring, Anomalieerkennung und Alarmierung", + "description": "Logs werden ueberwacht; bei Anomalien, Angriffsversuchen oder Sicherheitsvorfaellen wird alarmiert und ausgewertet.", + "tier": "LEGAL_MINIMUM", + "subdomain": "monitoring", + "applicability": "universal", + "evidence_facets": { + "governance": true, + "capability": true, + "evidence": true + }, + "source_role": "LEGAL_BASIS", + "legal_basis": [ + { + "source": "CRA", + "anchor": "Annex I Part I (2)(k)", + "citation": "monitor relevant internal activity" + } + ], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "AU-6/SI-4", + "role": "best_practice" + } + ], + "member_review_units": [ + "M18", + "M26", + "M30", + "M87", + "M96", + "M90", + "M9", + "M20", + "M79" + ], + "member_controls": [ + "AI-1254-A02", + "AI-1434-A06", + "AUTH-1279-A04", + "AUTH-1312-A03", + "AUTH-1443-A03", + "AUTH-1563-A04", + "AUTH-2415-A03", + "AUTH-2798-A07", + "AUTH-2798-A08", + "AUTH-2798-A15", + "AUTH-2840-A04", + "AUTH-2849-A10", + "AUTH-2949-A11", + "AUTH-3005-A08", + "AUTH-3025-A07", + "AUTH-3473-A01", + "AUTH-3473-A02", + "AUTH-3644-A05", + "AUTH-3712-A02", + "AUTH-3712-A08", + "AUTH-3887-A05", + "AUTH-3894-A16", + "AUTH-3894-A17", + "AUTH-3895", + "AUTH-3895-A03", + "AUTH-3924", + "AUTH-4045-A05", + "AUTH-4052", + "AUTH-535-A04", + "AUTH-656-A23", + "AUTH-660-A12", + "CLG-001-A03", + "CLG-001-A07", + "COMP-1150", + "COMP-196-A05", + "COMP-2765-A10", + "COMP-2775-A07", + "COMP-2780-A06", + "COMP-3324-A10", + "COMP-3326-A04", + "COMP-3326-A06", + "COMP-3326-A09", + "COMP-3327-A05", + "COMP-3332-A10", + "COMP-3356-A02", + "COMP-3356-A03", + "COMP-3739-A02", + "COMP-4088-A03", + "CRYP-1031-A03", + "CRYP-1068-A08", + "CRYP-1451-A01", + "CRYP-1600-A01", + "CRYP-1763-A02", + "CRYP-1763-A08", + "CRYP-1889-A09", + "CRYP-2020-A06", + "CRYP-415-A11", + "CRYP-415-A34", + "CRYP-630-A06", + "CRYP-743-A06", + "CRYP-805-A07", + "CRYP-867-A09", + "DATA-1257-A08", + "DATA-1729-A01", + "DATA-1729-A03", + "DATA-2229", + "DATA-2229-A01", + "DATA-2309-A06", + "DATA-2388-A10", + "DATA-2417-A05", + "DATA-2481-A08", + "DATA-3369-A06", + "DATA-4348", + "DATA-4348-A04", + "DATA-4353-A02", + "DATA-4358-A05", + "DATA-652-A07", + "DATA-652-A17", + "DATA-652-A30", + "DATA-680-A02", + "DATA-680-A06", + "GLM-001-A06", + "GOV-1439-A08", + "GOV-3504-A09", + "GOV-3868-A10", + "HLT-262-A07", + "INC-251-A03", + "INC-251-A04", + "INC-251-A18", + "INC-251-A37", + "INC-271", + "INC-271-A01", + "INC-271-A08", + "LOG-009", + "LOG-009-A01", + "LOG-009-A02", + "LOG-009-A03", + "LOG-009-A05", + "LOG-009-A06", + "LOG-060-A03", + "LOG-0862-A06", + "LOG-0862-A07", + "LOG-1030", + "LOG-1030-A01", + "LOG-1030-A04", + "LOG-1039-A04", + "LOG-1039-A06", + "LOG-1040-A04", + "LOG-1045-A03", + "LOG-1045-A04", + "LOG-1045-A05", + "LOG-1046-A06", + "LOG-1051-A01", + "LOG-1054-A05", + "LOG-1054-A10", + "LOG-1055-A03", + "LOG-1059-A08", + "LOG-1069-A01", + "LOG-1069-A04", + "LOG-1071-A02", + "LOG-1072-A01", + "LOG-1090-A01", + "LOG-1231-A06", + "LOG-1467", + "LOG-1475-A01", + "LOG-1498", + "LOG-1507", + "LOG-1507-A01", + "LOG-1507-A02", + "LOG-1511-A13", + "LOG-1515", + "LOG-1515-A01", + "LOG-1712-A01", + "LOG-1729-A04", + "LOG-1733-A01", + "LOG-1736", + "LOG-1743-A19", + "LOG-1747-A02", + "LOG-1751-A03", + "LOG-1753-A10", + "LOG-1768-A03", + "LOG-1780-A02", + "LOG-1780-A13", + "LOG-1784-A04", + "LOG-1825", + "LOG-1825-A07", + "LOG-1825-A12", + "LOG-1900-A01", + "LOG-1901", + "LOG-1901-A11", + "LOG-1950-A03", + "LOG-1954-A03", + "LOG-2029-A03", + "LOG-2029-A04", + "LOG-2029-A05", + "LOG-2035-A01", + "LOG-2039", + "LOG-2039-A04", + "LOG-2042", + "LOG-2051-A04", + "LOG-2053", + "LOG-2059-A02", + "LOG-2064-A03", + "LOG-2064-A05", + "LOG-2065-A08", + "LOG-2067", + "LOG-2067-A01", + "LOG-2072", + "LOG-2083-A01", + "LOG-605", + "LOG-615", + "LOG-615-A03", + "LOG-615-A06", + "LOG-626-A05", + "LOG-626-A07", + "LOG-652", + "LOG-652-A01", + "LOG-657", + "LOG-657-A01", + "LOG-657-A02", + "LOG-657-A03", + "LOG-657-A04", + "LOG-657-A05", + "LOG-720", + "LOG-762", + "LOG-774", + "LOG-792-A01", + "LOG-792-A17", + "LOG-792-A35", + "LOG-856", + "LOG-856-A01", + "LOG-856-A02", + "LOG-856-A06", + "LOG-856-A09", + "LOG-856-A10", + "LOG-856-A11", + "LOG-856-A12", + "LOG-856-A16", + "LOG-856-A19", + "LOG-856-A20", + "LOG-856-A21", + "LOG-856-A22", + "LOG-856-A26", + "LOG-856-A28", + "LOG-856-A29", + "LOG-856-A33", + "LOG-856-A34", + "LOG-856-A39", + "LOG-856-A40", + "LOG-856-A41", + "LOG-856-A46", + "LOG-856-A51", + "LOG-856-A52", + "LOG-856-A56", + "LOG-857-A03", + "LOG-857-A23", + "LOG-857-A32", + "LOG-857-A48", + "LOG-857-A56", + "LOG-857-A76", + "LOG-955-A01", + "LOG-958", + "LOG-958-A05", + "LOG-965", + "LOG-965-A01", + "LOG-965-A02", + "LOG-974", + "MLS-001-A02", + "MLS-001-A06", + "NET-048", + "NET-1137", + "NET-1166-A11", + "NET-1258", + "NET-1356-A12", + "NET-1360", + "NET-1530-A07", + "NET-1612-A05", + "NET-1691-A09", + "NET-1738", + "NET-1778", + "NET-1788-A03", + "NET-1798-A06", + "NET-525", + "NET-525-A11", + "NET-788-A12", + "NET-959-A01", + "NET-962-A03", + "PIL-001-A03", + "REL-001-A15", + "SEC-1249-A13", + "SEC-2870-A09", + "SEC-3325", + "SEC-3325-A10", + "SEC-3332-A02", + "SEC-3931-A12", + "SEC-4009-A06", + "SEC-4142-A08", + "SEC-5180-A05", + "SEC-5180-A09", + "SEC-5909-A08", + "SEC-5909-A09", + "SEC-5965-A10", + "SEC-6137", + "SEC-6439-A02", + "SEC-6724-A07", + "SEC-6811-A07", + "SEC-6831-A08", + "SEC-6973-A05", + "SEC-7013-A05", + "SEC-7013-A08", + "SEC-7130", + "SEC-7154", + "SEC-7452-A02", + "SEC-7492-A08", + "SEC-7705", + "SEC-7839-A19", + "SEC-8224-A03", + "SEC-8305", + "SEC-8787", + "SEC-8869-A05", + "SEC-8869-A06", + "SEC-8869-A07", + "TPM-004-A08" + ], + "member_count": 283, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.9, + "source_meta_cluster": "M18", + "cluster_size": 147, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "log_data_minimization_privacy", + "name": "Datenminimierung und Datenschutz in Logs", + "description": "Sensible/personenbezogene Daten werden vor der Protokollierung gefiltert, anonymisiert oder ausgeschlossen; Logging respektiert Datenschutzanforderungen.", + "tier": "BEST_PRACTICE", + "subdomain": "log_privacy", + "applicability": "conditional:processes_personal_data", + "evidence_facets": { + "governance": true, + "capability": true, + "evidence": false + }, + "source_role": "GUIDANCE", + "legal_basis": [], + "guidance_basis": [ + { + "source": "OWASP", + "anchor": "ASVS V7.1 Log Content", + "role": "best_practice" + }, + { + "source": "ISO", + "anchor": "ISO 27701", + "role": "best_practice" + } + ], + "member_review_units": [ + "M68", + "M66", + "M19", + "M57", + "M48", + "M22", + "M42", + "M7" + ], + "member_controls": [ + "ACC-762-A04", + "AUTH-1555-A04", + "AUTH-1561-A01", + "AUTH-1561-A02", + "AUTH-2798", + "AUTH-2840-A01", + "AUTH-2840-A03", + "AUTH-2840-A05", + "AUTH-2840-A06", + "AUTH-2905-A07", + "AUTH-2950-A08", + "AUTH-3686-A05", + "AUTH-3918", + "AUTH-535", + "AUTH-663-A07", + "CLG-001", + "CLG-001-A02", + "CLG-001-A06", + "COMP-2752-A03", + "COMP-2778-A02", + "COMP-3362-A05", + "CRYP-1111-A11", + "CRYP-1308-A06", + "CRYP-1338-A09", + "CRYP-1794-A09", + "CRYP-1855-A01", + "DATA-1164-A10", + "DATA-1191-A14", + "DATA-1235-A05", + "DATA-2213-A02", + "DATA-2309", + "DATA-2309-A01", + "DATA-3961-A07", + "DATA-4300-A02", + "DATA-4300-A09", + "DATA-4418-A12", + "DATA-4633-A03", + "DATA-4669", + "DATA-4669-A01", + "DATA-4669-A04", + "DATA-827-A06", + "DATA-852-A03", + "DATA-852-A12", + "DATA-947-A02", + "DATA-947-A03", + "DATA-947-A16", + "DATA-947-A17", + "GOV-3865-A03", + "HLG-001", + "HLT-197-A08", + "INC-215-A06", + "LGM-001", + "LOG-001", + "LOG-0879-A03", + "LOG-1052-A05", + "LOG-1058-A11", + "LOG-1063", + "LOG-1238-A10", + "LOG-1475-A03", + "LOG-1663-A02", + "LOG-1663-A03", + "LOG-1727", + "LOG-1731-A01", + "LOG-1733-A11", + "LOG-1743-A15", + "LOG-1749-A04", + "LOG-1752", + "LOG-1755-A09", + "LOG-1776-A02", + "LOG-1830-A15", + "LOG-1956", + "LOG-2051-A02", + "LOG-2051-A03", + "LOG-2057", + "LOG-2057-A01", + "LOG-2057-A03", + "LOG-2057-A04", + "LOG-2067-A04", + "LOG-2072-A05", + "LOG-595-A08", + "LOG-626", + "LOG-626-A01", + "LOG-626-A02", + "LOG-639", + "LOG-641", + "LOG-641-A02", + "LOG-643", + "LOG-643-A01", + "LOG-643-A02", + "LOG-672", + "LOG-672-A01", + "LOG-675-A03", + "LOG-710-A04", + "LOG-710-A05", + "LOG-710-A07", + "LOG-745", + "LOG-900-A11", + "LOG-900-A27", + "LOG-900-A43", + "LOG-900-A59", + "LOG-900-A73", + "LOG-958-A01", + "LOG-971-A06", + "NET-1445-A06", + "NET-1690-A09", + "NET-1691-A06", + "NET-759-A03", + "PLG-001", + "RIL-001", + "SEC-1226-A06", + "SEC-2792", + "SEC-2792-A01", + "SEC-3193-A07", + "SEC-3305", + "SEC-3305-A01", + "SEC-3305-A02", + "SEC-3308-A04", + "SEC-6728-A03", + "SEC-7099-A09", + "SEC-7119-A17" + ], + "member_count": 120, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.83, + "source_meta_cluster": "M68", + "cluster_size": 7, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "log_format_standardization", + "name": "Standardisierte und strukturierte Log-Formate", + "description": "Logs werden in standardisierten, strukturierten Formaten erzeugt (z.B. mit Trace/Span-Kontext) fuer Auswertbarkeit und Log-Management-Integration.", + "tier": "BEST_PRACTICE", + "subdomain": "log_format", + "applicability": "conditional:structured_logging", + "evidence_facets": { + "governance": false, + "capability": true, + "evidence": false + }, + "source_role": "GUIDANCE", + "legal_basis": [], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "AU-3 Content of Audit Records", + "role": "best_practice" + } + ], + "member_review_units": [ + "M15", + "M16", + "M77", + "M75", + "M49" + ], + "member_controls": [ + "AUTH-2160-A02", + "AUTH-2161", + "AUTH-2785-A05", + "AUTH-2919-A05", + "AUTH-2919-A11", + "COMP-3305", + "COMP-3305-A01", + "COMP-3305-A02", + "COMP-3305-A04", + "COMP-3429-A02", + "CRYP-1600-A02", + "CRYP-1600-A03", + "CRYP-1600-A04", + "CRYP-1600-A05", + "CRYP-1600-A06", + "CRYP-1600-A09", + "CRYP-1600-A15", + "CRYP-1936-A02", + "CRYP-382-A01", + "DATA-1735", + "DATA-1735-A01", + "GOV-2143", + "GOV-2143-A01", + "GOV-2143-A05", + "GOV-2281-A07", + "INC-991", + "INC-991-A02", + "LOG-001-A11", + "LOG-1093-A02", + "LOG-1235-A01", + "LOG-1237", + "LOG-1237-A02", + "LOG-1237-A04", + "LOG-1238", + "LOG-1238-A01", + "LOG-1238-A04", + "LOG-1238-A05", + "LOG-1238-A06", + "LOG-1238-A07", + "LOG-1238-A08", + "LOG-1238-A09", + "LOG-1246", + "LOG-1251", + "LOG-1251-A04", + "LOG-1478-A03", + "LOG-1478-A07", + "LOG-1739-A04", + "LOG-1780-A10", + "LOG-1825-A06", + "LOG-1941-A01", + "LOG-2027-A01", + "LOG-2055", + "LOG-714-A14", + "LOG-714-A27", + "LOG-714-A28", + "LOG-714-A33", + "LOG-714-A40", + "LOG-714-A41", + "NET-1095-A02", + "NET-1491", + "NET-476-A02", + "NET-476-A30", + "NET-476-A43", + "NET-476-A71", + "SEC-5202", + "SEC-8224-A08" + ], + "member_count": 66, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.8, + "source_meta_cluster": "M15", + "cluster_size": 22, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "log_timestamp_synchronization", + "name": "Zeitstempel und Zeitsynchronisation der Logs", + "description": "Logs enthalten verlaessliche Zeitstempel; Logging-Dienste werden auf eine gemeinsame Zeitquelle synchronisiert (ggf. zertifizierte Zeitstempel).", + "tier": "BEST_PRACTICE", + "subdomain": "log_time", + "applicability": "universal", + "evidence_facets": { + "governance": false, + "capability": true, + "evidence": true + }, + "source_role": "GUIDANCE", + "legal_basis": [], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "AU-8 Time Stamps", + "role": "best_practice" + } + ], + "member_review_units": [ + "M37", + "M85", + "M51", + "M64" + ], + "member_controls": [ + "COMP-2462-A05", + "COMP-3351", + "COMP-3351-A01", + "COMP-3351-A02", + "CRYP-1806-A12", + "DATA-1186-A01", + "DATA-2194", + "GOV-3824", + "LOG-1075-A06", + "LOG-1075-A08", + "LOG-1092-A01", + "LOG-1484-A05", + "LOG-1900", + "LOG-2037", + "LOG-2060", + "LOG-2065", + "LOG-2067-A06", + "LOG-711", + "LOG-711-A06", + "LOG-711-A14", + "LOG-711-A18", + "LOG-857", + "LOG-962-A06", + "LOG-964-A03", + "LOG-964-A04", + "NET-058-A18", + "NET-058-A36", + "NET-1103-A08", + "NET-1487-A12", + "NET-1689-A10", + "NET-980-A01", + "SEC-2720-A07", + "SEC-2836-A01", + "SEC-3924-A05", + "SEC-3937-A03", + "SEC-5118-A04", + "SEC-5136-A09", + "SEC-6948-A10", + "SEC-8035-A03", + "SEC-8304-A01", + "SEC-8998", + "TSA-006-A01" + ], + "member_count": 42, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.82, + "source_meta_cluster": "M37", + "cluster_size": 12, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "logging_availability_resilience", + "name": "Verfuegbarkeit und Resilienz der Protokollierung", + "description": "Bei Ausfall oder Erschoepfung der Protokollierung greifen alternative Verfahren/Redundanz; das System reagiert definiert auf Logging-Fehler.", + "tier": "BEST_PRACTICE", + "subdomain": "log_resilience", + "applicability": "conditional:logging_failure_handling", + "evidence_facets": { + "governance": true, + "capability": true, + "evidence": false + }, + "source_role": "GUIDANCE", + "legal_basis": [], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "AU-5 Response to Audit Logging Process Failures", + "role": "best_practice" + } + ], + "member_review_units": [ + "M69", + "M32", + "M50", + "M65", + "M14", + "M67" + ], + "member_controls": [ + "AUTH-1555-A10", + "AUTH-1565-A02", + "AUTH-3680-A02", + "AUTH-3680-A04", + "AUTH-3686-A02", + "AUTH-3686-A08", + "AUTH-639-A06", + "AUTH-852-A27", + "AUTH-852-A43", + "AUTH-852-A59", + "AUTH-852-A75", + "COMP-3429-A01", + "COMP-3747-A05", + "CRYP-1600-A08", + "CRYP-1600-A13", + "CRYP-1600-A14", + "CRYP-1600-A16", + "CRYP-1842-A05", + "CRYP-2184-A05", + "CRYP-2184-A07", + "CRYP-2184-A10", + "DATA-095-A13", + "DATA-1349-A08", + "DATA-3912", + "DATA-4342-A03", + "DATA-4355-A03", + "FRD-006-A03", + "INC-1307", + "INC-188-A05", + "INC-926-A06", + "LOG-060-A13", + "LOG-0863", + "LOG-0863-A01", + "LOG-1028-A03", + "LOG-1036", + "LOG-1036-A01", + "LOG-1036-A05", + "LOG-1044-A05", + "LOG-1050", + "LOG-1050-A01", + "LOG-1053-A02", + "LOG-1055-A04", + "LOG-1056-A02", + "LOG-1057", + "LOG-1057-A09", + "LOG-1062", + "LOG-1062-A01", + "LOG-1062-A02", + "LOG-1066-A03", + "LOG-1074-A03", + "LOG-1087-A01", + "LOG-1087-A13", + "LOG-1100-A03", + "LOG-1102-A03", + "LOG-1235-A07", + "LOG-1237-A03", + "LOG-1237-A05", + "LOG-1507-A03", + "LOG-172-A05", + "LOG-1764-A01", + "LOG-1848-A13", + "LOG-1901-A02", + "LOG-1901-A08", + "LOG-1901-A12", + "LOG-2039-A03", + "LOG-2051", + "LOG-2055-A01", + "LOG-2057-A05", + "LOG-2064-A01", + "LOG-615-A04", + "LOG-615-A07", + "LOG-955-A04", + "LOG-962", + "LOG-962-A01", + "LOG-973-A03", + "NET-1691-A02", + "NET-1691-A03", + "NET-1691-A04", + "NET-959", + "REL-001-A01", + "REL-001-A07", + "SEC-2019-A01", + "SEC-3305-A03", + "SEC-3305-A05", + "SEC-4124", + "SEC-5485", + "SEC-5843-A05", + "SEC-5852", + "SEC-8295-A06", + "SEC-8308-A04", + "SEC-9020-A10" + ], + "member_count": 91, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.82, + "source_meta_cluster": "M32", + "cluster_size": 15, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "logging_thread_safety_correctness", + "name": "Korrektheit und Threadsicherheit der Logging-Komponenten", + "description": "Logging-Komponenten arbeiten threadsicher, ohne Ressourcenverluste/Livelocks; No-Op-Implementierungen verhalten sich definiert.", + "tier": "BEST_PRACTICE", + "subdomain": "log_implementation", + "applicability": "conditional:implementation_level", + "evidence_facets": { + "governance": false, + "capability": true, + "evidence": false + }, + "source_role": "IMPLEMENTATION", + "legal_basis": [], + "guidance_basis": [ + { + "source": "OWASP", + "anchor": "Secure Coding", + "role": "best_practice" + } + ], + "member_review_units": [ + "M49", + "M75", + "M50", + "M32", + "M97", + "M78" + ], + "member_controls": [ + "AUTH-639-A06", + "AUTH-852-A27", + "AUTH-852-A43", + "AUTH-852-A59", + "AUTH-852-A75", + "COMP-3429-A01", + "CRYP-1600-A02", + "CRYP-1600-A03", + "CRYP-1600-A04", + "CRYP-1600-A05", + "CRYP-1600-A06", + "CRYP-1600-A08", + "CRYP-1600-A09", + "CRYP-1600-A13", + "CRYP-1600-A14", + "CRYP-1600-A15", + "CRYP-1600-A16", + "DATA-095-A13", + "FRD-006-A03", + "GOV-2143-A05", + "LOG-1055-A04", + "LOG-1087-A13", + "LOG-1093-A02", + "LOG-1237", + "LOG-1237-A02", + "LOG-1237-A04", + "LOG-1238", + "LOG-1238-A01", + "LOG-1238-A04", + "LOG-1238-A05", + "LOG-1238-A06", + "LOG-1238-A07", + "LOG-1238-A08", + "LOG-1238-A09", + "LOG-1251-A08", + "LOG-1478-A03", + "LOG-1478-A07", + "LOG-1825-A06", + "LOG-615-A04", + "LOG-615-A07", + "NET-1491", + "SEC-5241", + "SEC-8295-A06" + ], + "member_count": 43, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.78, + "source_meta_cluster": "M49", + "cluster_size": 13, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "logging_library_supply_chain", + "name": "Sicherheit von Logging-Bibliotheken (Supply Chain)", + "description": "Eingesetzte Logging-Bibliotheken werden auf Schwachstellen geprueft (SCA), gepatcht und gegen Log-Injection/JNDI-Lookups gehaertet.", + "tier": "BEST_PRACTICE", + "subdomain": "log_supply_chain", + "applicability": "conditional:uses_third_party_logging", + "evidence_facets": { + "governance": true, + "capability": true, + "evidence": true + }, + "source_role": "GUIDANCE", + "legal_basis": [], + "guidance_basis": [ + { + "source": "OWASP", + "anchor": "A06 Vulnerable Components / Log Injection", + "role": "best_practice" + } + ], + "member_review_units": [ + "M91", + "M86", + "M55", + "M74" + ], + "member_controls": [ + "CRYP-415-A22", + "CRYP-415-A51", + "LOG-1232", + "LOG-714-A08", + "LOG-714-A16", + "LOG-714-A25", + "NET-476", + "NET-476-A07", + "NET-476-A09", + "NET-476-A12", + "NET-476-A14", + "NET-476-A23", + "NET-476-A53", + "NET-476-A70", + "NET-476-A72", + "NET-476-A76", + "NET-476-A78", + "NET-476-A79", + "NET-476-A81", + "NET-476-A83", + "SEC-7532-A06" + ], + "member_count": 21, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.85, + "source_meta_cluster": "M91", + "cluster_size": 8, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "logging_config_management", + "name": "Konfiguration und Aktivierungsstatus der Protokollierung", + "description": "Logging-Konfiguration und Aktivierungsstatus werden definiert, dokumentiert, dynamisch verifiziert und gegen unsichere Defaults geprueft.", + "tier": "BEST_PRACTICE", + "subdomain": "log_config", + "applicability": "universal", + "evidence_facets": { + "governance": true, + "capability": true, + "evidence": true + }, + "source_role": "GUIDANCE", + "legal_basis": [], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "AU-1/CM-6", + "role": "best_practice" + } + ], + "member_review_units": [ + "M73", + "M14", + "M46", + "M52", + "M74", + "M76", + "M21", + "M39" + ], + "member_controls": [ + "AUTH-1555-A10", + "AUTH-1565-A02", + "AUTH-2870-A08", + "AUTH-2903-A01", + "AUTH-3016-A10", + "AUTH-3430-A12", + "AUTH-3680-A02", + "AUTH-3680-A04", + "AUTH-3686-A02", + "AUTH-3686-A08", + "AUTH-3687-A07", + "AUTH-3689", + "AUTH-455", + "COMP-2775-A01", + "COMP-2778", + "COMP-2778-A01", + "COMP-2778-A05", + "COMP-3322-A08", + "COMP-3429", + "COMP-3747-A05", + "COMP-4088-A11", + "COMP-801-A05", + "COMP-805-A02", + "COMP-805-A07", + "CRYP-1842-A05", + "CRYP-190-A11", + "CRYP-193-A06", + "CRYP-2184-A05", + "CRYP-2184-A07", + "CRYP-2184-A10", + "CRYP-2330-A09", + "DATA-099-A08", + "DATA-1085-A08", + "DATA-1349-A08", + "DATA-1745", + "DATA-2057-A19", + "DATA-3402", + "DATA-3912", + "DATA-4300-A08", + "DATA-4342-A03", + "DATA-4355-A03", + "DATA-735-A03", + "DATA-735-A04", + "DATA-969-A02", + "DATA-969-A09", + "GOV-1213-A09", + "GOV-3833", + "INC-1307", + "LOG-053", + "LOG-053-A03", + "LOG-053-A09", + "LOG-060", + "LOG-060-A06", + "LOG-060-A15", + "LOG-1028-A03", + "LOG-1036", + "LOG-1036-A05", + "LOG-1050", + "LOG-1050-A01", + "LOG-1055", + "LOG-1055-A02", + "LOG-1057-A09", + "LOG-1066-A03", + "LOG-1231", + "LOG-1231-A03", + "LOG-1231-A04", + "LOG-1231-A05", + "LOG-1231-A10", + "LOG-1231-A11", + "LOG-1231-A12", + "LOG-1232", + "LOG-1235-A05", + "LOG-1237-A06", + "LOG-1248-A05", + "LOG-1513", + "LOG-1513-A01", + "LOG-1515-A03", + "LOG-1695-A07", + "LOG-1731-A04", + "LOG-1739", + "LOG-1762", + "LOG-1848-A13", + "LOG-1901-A12", + "LOG-1947-A07", + "LOG-1956-A02", + "LOG-2026-A05", + "LOG-2029", + "LOG-2053-A10", + "LOG-2065-A05", + "LOG-708-A04", + "LOG-709-A06", + "LOG-709-A07", + "LOG-709-A10", + "LOG-709-A20", + "LOG-709-A23", + "LOG-709-A24", + "LOG-714-A17", + "LOG-762-A04", + "LOG-762-A07", + "LOG-762-A08", + "LOG-762-A09", + "LOG-762-A10", + "LOG-762-A14", + "LOG-762-A17", + "LOG-762-A18", + "LOG-762-A19", + "LOG-762-A23", + "LOG-762-A26", + "LOG-774-A05", + "LOG-774-A12", + "LOG-774-A19", + "LOG-774-A26", + "LOG-774-A33", + "LOG-901-A05", + "LOG-961-A02", + "LOG-964-A02", + "NET-077-A11", + "NET-077-A29", + "NET-1005-A08", + "NET-1233", + "NET-1751", + "NET-1761-A06", + "NET-474-A11", + "NET-474-A47", + "NET-476-A07", + "NET-476-A76", + "NET-960-A02", + "SEC-029-A14", + "SEC-1657", + "SEC-2661-A11", + "SEC-2662-A13", + "SEC-3217-A05", + "SEC-3305-A05", + "SEC-3330", + "SEC-3954-A05", + "SEC-3956-A07", + "SEC-5190-A07", + "SEC-5843-A05", + "SEC-5852", + "SEC-6319-A11", + "SEC-6920", + "SEC-7060-A04", + "SEC-7080-A10" + ], + "member_count": 143, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.82, + "source_meta_cluster": "M73", + "cluster_size": 28, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "logging_governance_roles", + "name": "Organisatorische Verankerung und Rollen fuer Logging", + "description": "Verantwortlichkeiten, Stellvertretung, Schulung und organisatorische Prozesse fuer Protokollierung und Dokumentation werden etabliert.", + "tier": "BEST_PRACTICE", + "subdomain": "log_governance", + "applicability": "universal", + "evidence_facets": { + "governance": true, + "capability": false, + "evidence": true + }, + "source_role": "GUIDANCE", + "legal_basis": [], + "guidance_basis": [ + { + "source": "ISO", + "anchor": "ISO 27001 A.5.2/A.6.3", + "role": "best_practice" + } + ], + "member_review_units": [ + "M12", + "M29", + "M82", + "M98", + "M67", + "M46" + ], + "member_controls": [ + "AUTH-1191-A01", + "AUTH-1191-A02", + "AUTH-1191-A05", + "AUTH-1220-A01", + "AUTH-1292", + "AUTH-1292-A01", + "AUTH-1562", + "AUTH-1563", + "AUTH-1563-A01", + "AUTH-1563-A02", + "AUTH-1563-A03", + "AUTH-1924-A03", + "AUTH-1924-A04", + "AUTH-2757-A05", + "AUTH-3034-A06", + "AUTH-3034-A07", + "AUTH-3563-A07", + "AUTH-3678-A01", + "AUTH-3678-A04", + "AUTH-3678-A05", + "AUTH-3678-A08", + "AUTH-3680", + "AUTH-3680-A01", + "AUTH-3683-A04", + "AUTH-3685", + "AUTH-3685-A01", + "AUTH-3686", + "AUTH-3686-A04", + "AUTH-3710-A04", + "AUTH-3895-A02", + "AUTH-3918-A01", + "AUTH-3918-A04", + "AUTH-3994", + "COMP-1011-A04", + "COMP-1150-A07", + "COMP-1150-A10", + "COMP-116-A08", + "COMP-116-A17", + "COMP-2054", + "COMP-2928-A04", + "COMP-3324-A05", + "COMP-3326-A08", + "COMP-3678", + "COMP-801-A05", + "COMP-805-A02", + "COMP-805-A07", + "CRYP-193-A06", + "CRYP-376-A08", + "DATA-1085-A04", + "DATA-1085-A05", + "DATA-1085-A08", + "DATA-1349-A02", + "DATA-2212", + "DATA-2212-A01", + "DATA-2212-A04", + "DATA-2232-A01", + "DATA-2266", + "DATA-2266-A01", + "DATA-2266-A02", + "DATA-2535-A04", + "DATA-3961", + "DATA-3968-A02", + "DATA-4345-A03", + "DATA-4353-A01", + "DATA-4355", + "DATA-4355-A01", + "DATA-4355-A04", + "DATA-4358-A06", + "DATA-4364-A03", + "DATA-4366", + "DATA-4634-A02", + "FIN-1018", + "FIN-1044", + "GOV-3423-A02", + "GOV-753-A05", + "INC-151-A09", + "INC-461-A01", + "INC-462", + "INC-462-A01", + "INC-462-A02", + "INC-496", + "INC-698", + "INC-698-A03", + "INC-795-A04", + "INC-926-A06", + "LOG-060-A13", + "LOG-1028", + "LOG-1028-A01", + "LOG-1028-A02", + "LOG-1028-A04", + "LOG-1029-A03", + "LOG-1032-A01", + "LOG-1033-A02", + "LOG-1039", + "LOG-1041", + "LOG-1041-A01", + "LOG-1046", + "LOG-1046-A01", + "LOG-1047-A03", + "LOG-1054-A07", + "LOG-1057", + "LOG-1058-A05", + "LOG-1063-A01", + "LOG-1064", + "LOG-1064-A01", + "LOG-1074", + "LOG-1102-A02", + "LOG-1126-A03", + "LOG-1126-A04", + "LOG-1245", + "LOG-1245-A02", + "LOG-1245-A05", + "LOG-1486-A02", + "LOG-1507-A03", + "LOG-1529-A02", + "LOG-1662", + "LOG-1663", + "LOG-1695", + "LOG-1712-A07", + "LOG-172-A02", + "LOG-1764-A01", + "LOG-1784", + "LOG-1947-A05", + "LOG-1951-A05", + "LOG-1953-A07", + "LOG-1954", + "LOG-1954-A01", + "LOG-1955-A03", + "LOG-2021-A08", + "LOG-2021-A11", + "LOG-2039-A03", + "LOG-2051", + "LOG-2055-A01", + "LOG-2064-A01", + "LOG-622-A01", + "LOG-631-A04", + "LOG-667-A01", + "LOG-762-A04", + "LOG-762-A09", + "LOG-762-A10", + "LOG-762-A14", + "LOG-762-A19", + "LOG-762-A23", + "LOG-906", + "LOG-910", + "LOG-938", + "LOG-940", + "LOG-943", + "LOG-943-A03", + "LOG-948", + "LOG-955-A04", + "LOG-962", + "LOG-962-A01", + "LOG-973-A03", + "LOG-975", + "NET-077-A11", + "NET-077-A29", + "NET-1691-A02", + "NET-1691-A03", + "NET-1691-A04", + "NET-1691-A08", + "NET-1798", + "NET-958-A02", + "SEC-003-A07", + "SEC-003-A08", + "SEC-003-A15", + "SEC-1617-A04", + "SEC-1800-A03", + "SEC-1813", + "SEC-3330-A03", + "SEC-3344-A05", + "SEC-6712", + "SEC-6712-A02", + "SEC-7452-A06", + "SEC-8033", + "SEC-8113" + ], + "member_count": 176, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.8, + "source_meta_cluster": "M12", + "cluster_size": 130, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "incident_response_logging", + "name": "Protokollierung im Incident-Response-Prozess", + "description": "Vorfallreaktionen werden mit Root-Cause, Auswirkung, Kommunikation und beteiligten Ressourcen protokolliert und mit Logging-Daten verknuepft.", + "tier": "BEST_PRACTICE", + "subdomain": "incident_logging", + "applicability": "conditional:incident_response", + "evidence_facets": { + "governance": true, + "capability": true, + "evidence": true + }, + "source_role": "GUIDANCE", + "legal_basis": [], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "IR-4/IR-5", + "role": "best_practice" + } + ], + "member_review_units": [ + "M31", + "M67", + "M88", + "M89" + ], + "member_controls": [ + "AUTH-3927-A05", + "AUTH-3927-A07", + "AUTH-3927-A08", + "AUTH-3979", + "AUTH-947", + "COMP-3327-A02", + "INC-246", + "INC-246-A03", + "INC-926-A06", + "LOG-060-A13", + "LOG-1057", + "LOG-1507-A03", + "LOG-1764-A01", + "LOG-1952", + "LOG-2039-A03", + "LOG-2051", + "LOG-2055-A01", + "LOG-2064-A01", + "LOG-723-A07", + "LOG-723-A22", + "LOG-902", + "LOG-938-A04", + "LOG-955-A04", + "LOG-962", + "LOG-962-A01", + "LOG-973-A03", + "NET-1691-A02", + "NET-1691-A03", + "NET-1691-A04", + "SEC-1226", + "SEC-7485-A05" + ], + "member_count": 31, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.8, + "source_meta_cluster": "M31", + "cluster_size": 11, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "log_transmission_security", + "name": "Sichere Uebertragung von Logs", + "description": "Audit-Logs werden bei Uebertragung (z.B. zu zentralen Systemen) integritaetsgesichert und verschluesselt; gegenseitige Authentifizierung zwischen Logging-Systemen.", + "tier": "BEST_PRACTICE", + "subdomain": "log_transmission", + "applicability": "conditional:transmits_logs", + "evidence_facets": { + "governance": false, + "capability": true, + "evidence": true + }, + "source_role": "GUIDANCE", + "legal_basis": [], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "AU-9/SC-8", + "role": "best_practice" + } + ], + "member_review_units": [ + "M13", + "M20", + "M23", + "M60", + "M72" + ], + "member_controls": [ + "AUTH-1306-A02", + "AUTH-1306-A06", + "AUTH-2849-A10", + "AUTH-2928", + "AUTH-3025-A07", + "AUTH-3231-A09", + "AUTH-506-A06", + "COMP-3324-A10", + "COMP-3326-A09", + "COMP-3327-A05", + "COMP-3356-A02", + "COMP-3356-A03", + "COMP-3362-A04", + "COMP-3739-A02", + "COMP-4059-A05", + "CRYP-1068-A08", + "CRYP-1451-A01", + "CRYP-1530-A03", + "CRYP-2020-A06", + "CRYP-743-A06", + "CRYP-805-A07", + "DATA-1732-A09", + "DATA-2309-A06", + "DATA-2388-A10", + "GOV-1439-A08", + "GOV-3504-A09", + "LOG-1053-A01", + "LOG-1054-A10", + "LOG-1058-A12", + "LOG-1069-A01", + "LOG-1100-A02", + "LOG-1126-A05", + "LOG-1126-A06", + "LOG-1251-A09", + "LOG-1467", + "LOG-1511-A13", + "LOG-1515-A01", + "LOG-1736", + "LOG-2026-A04", + "LOG-2065-A04", + "LOG-2065-A08", + "LOG-2067-A02", + "LOG-2083-A01", + "LOG-792", + "LOG-792-A09", + "LOG-792-A25", + "LOG-902-A09", + "LOG-967", + "LOG-967-A01", + "NET-1166-A11", + "NET-1356-A12", + "NET-1530-A07", + "NET-1612-A05", + "NET-384", + "NET-951", + "NET-962", + "SEC-3305-A04", + "SEC-5909-A09", + "SEC-6811-A07", + "SEC-6831-A08", + "SEC-7013-A05", + "SEC-7013-A08", + "SEC-7130", + "SEC-7154", + "SEC-8869-A05", + "SEC-8869-A06", + "SEC-8869-A07" + ], + "member_count": 67, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.8, + "source_meta_cluster": "M13", + "cluster_size": 16, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + }, + { + "id": "network_traffic_logging", + "name": "Protokollierung von Netzwerk- und Schnittstellenverkehr", + "description": "Netzwerk- und Schnittstellenereignisse (Egress, Proxy, ZTA, ICS/SCADA, Cloud-Zugriffe) werden protokolliert und inspiziert.", + "tier": "BEST_PRACTICE", + "subdomain": "network_logging", + "applicability": "domain:network", + "evidence_facets": { + "governance": false, + "capability": true, + "evidence": true + }, + "source_role": "GUIDANCE", + "legal_basis": [], + "guidance_basis": [ + { + "source": "NIST", + "anchor": "AU-2/SC-7", + "role": "best_practice" + } + ], + "member_review_units": [ + "M72", + "M87", + "M92", + "M94", + "M34", + "M6" + ], + "member_controls": [ + "ACC-652-A03", + "AUTH-1279-A01", + "AUTH-1279-A05", + "AUTH-1562-A01", + "AUTH-1924-A01", + "AUTH-2415-A06", + "AUTH-2415-A12", + "AUTH-2936-A02", + "AUTH-2941-A12", + "AUTH-3918-A02", + "AUTH-973", + "COMP-1455", + "COMP-1789-A14", + "COMP-2033-A08", + "COMP-2724-A04", + "COMP-2775-A06", + "COMP-2928-A01", + "COMP-3301-A07", + "COMP-3658-A01", + "CRYP-1227-A05", + "CRYP-1600-A11", + "CRYP-1600-A12", + "CRYP-423", + "CRYP-841-A07", + "CRYP-845-A07", + "DATA-1050-A11", + "DATA-4300", + "DATA-4670-A09", + "GOV-1443", + "GOV-3530-A02", + "LOG-1044-A03", + "LOG-1093", + "LOG-1093-A01", + "LOG-1100-A02", + "LOG-1126-A05", + "LOG-1126-A06", + "LOG-1475-A02", + "LOG-1545-A04", + "LOG-1731-A02", + "LOG-1733-A04", + "LOG-1734-A04", + "LOG-1753", + "LOG-1761", + "LOG-1761-A01", + "LOG-1767", + "LOG-1767-A01", + "LOG-1772", + "LOG-1772-A01", + "LOG-1776-A01", + "LOG-1950", + "LOG-1950-A01", + "LOG-2067-A02", + "LOG-699", + "LOG-710", + "LOG-720", + "LOG-859", + "LOG-900", + "LOG-974", + "NET-048-A04", + "NET-048-A05", + "NET-048-A14", + "NET-048-A15", + "NET-1357-A08", + "NET-1491-A03", + "NET-1491-A09", + "NET-1691", + "NET-1691-A01", + "NET-1778", + "NET-1788-A03", + "NET-476-A75", + "NET-476-A82", + "NET-504", + "NET-506-A68", + "NET-525", + "NET-525-A11", + "NET-951", + "NET-962", + "SEC-2870-A09", + "SEC-3305-A04", + "SEC-3904", + "SEC-3920-A09", + "SEC-3954", + "SEC-3954-A03", + "SEC-4009", + "SEC-4009-A01", + "SEC-6153-A09", + "SEC-7591-A04", + "SEC-7971-A01", + "SEC-7971-A02", + "SEC-8228-A03", + "SEC-980" + ], + "member_count": 91, + "relationships": [], + "citation_anchor_ids": [], + "citation_status": "pending_span_anchor", + "review_status": "draft", + "provenance": { + "discovery_confidence": 0.78, + "source_meta_cluster": "M72", + "cluster_size": 7, + "llm_model": "claude-opus-4-8", + "synthesis_version": "v1" + }, + "family": "logging" + } + ], + "relationships": [ + { + "type": "supports", + "from": "log_integrity_immutability", + "to": "event_logging_security_events", + "note": "Integritaetsschutz sichert Beweiswert der Protokolle" + }, + { + "type": "supports", + "from": "log_access_control_protection", + "to": "log_integrity_immutability", + "note": "Zugriffsbeschraenkung schuetzt Logs vor Manipulation" + }, + { + "type": "depends_on", + "from": "log_monitoring_alerting", + "to": "event_logging_security_events", + "note": "Monitoring setzt erzeugte Logs voraus" + }, + { + "type": "supports", + "from": "log_timestamp_synchronization", + "to": "log_integrity_immutability", + "note": "Korrelierbare Zeitstempel staerken Nachvollziehbarkeit" + }, + { + "type": "supports", + "from": "log_format_standardization", + "to": "centralized_log_management", + "note": "Standardformate ermoeglichen zentrale Auswertung" + }, + { + "type": "depends_on", + "from": "centralized_log_management", + "to": "event_logging_security_events", + "note": "zentrale Aggregation setzt Logerzeugung voraus" + }, + { + "type": "implements", + "from": "logging_thread_safety_correctness", + "to": "event_logging_security_events", + "note": "Implementierungsdetail zuverlaessiger Protokollierung" + }, + { + "type": "supports", + "from": "logging_library_supply_chain", + "to": "log_integrity_immutability", + "note": "gehaertete Bibliotheken verhindern Log-Manipulation" + }, + { + "type": "supports", + "from": "log_data_minimization_privacy", + "to": "event_logging_security_events", + "note": "Datenschutzfilter formen Loginhalt" + }, + { + "type": "produces_evidence_for", + "from": "incident_response_logging", + "to": "log_monitoring_alerting", + "note": "IR-Protokolle dokumentieren Reaktion auf Alerts" + }, + { + "type": "supports", + "from": "log_transmission_security", + "to": "centralized_log_management", + "note": "sichere Uebertragung speist zentrale Aggregation" + }, + { + "type": "supports", + "from": "logging_config_management", + "to": "event_logging_security_events", + "note": "korrekte Konfiguration ermoeglicht vollstaendige Protokollierung" + }, + { + "type": "out_of_scope", + "review_units": [ + "M8", + "M59", + "M58", + "M71", + "M56", + "M5", + "M81", + "M63" + ], + "note": "M8/M5/M81 KI-/FRT- bzw. domaenenspezifische Trainings-/PIN-/Biometrie-Protokollierung (AI Act/sektorale Regulierung); M58/M59/M71/M56/M63 reine DSGVO-/datenschutzrechtliche bzw. nationale Verwaltungs-Protokollierungspflichten, nicht CRA Annex I (2)(k)" + } + ] +} \ No newline at end of file diff --git a/obligations/obligation_join_keys.json b/obligations/obligation_join_keys.json index 872ae771..6351aedb 100644 --- a/obligations/obligation_join_keys.json +++ b/obligations/obligation_join_keys.json @@ -1,7 +1,7 @@ { "schema_version": "obligation_join_keys_v1", "contract": "obligation_id ist der stabile Join-Key. Legal Knowledge Graph haengt citation_spans an obligation_id; Compliance Execution Graph mappt control_mapping.source_norm -> obligation_id. Interim-Bruecke = citation_units. obligation_id NIE neu vergeben (re-link).", - "count": 47, + "count": 66, "obligation_ids": [ { "obligation_id": "sbom_creation", @@ -418,6 +418,170 @@ "Annex I (2)(c)" ], "source_role": "LEGAL_BASIS" + }, + { + "obligation_id": "event_logging_security_events", + "regulation": "CRA", + "family": "logging", + "tier": "LEGAL_MINIMUM", + "citation_units": [ + "Annex I Part I (2)(k)" + ], + "source_role": "LEGAL_BASIS" + }, + { + "obligation_id": "access_control_event_logging", + "regulation": "CRA", + "family": "logging", + "tier": "LEGAL_MINIMUM", + "citation_units": [ + "Annex I Part I (2)(k)" + ], + "source_role": "LEGAL_BASIS" + }, + { + "obligation_id": "audit_trail_admin_actions", + "regulation": "CRA", + "family": "logging", + "tier": "LEGAL_MINIMUM", + "citation_units": [ + "Annex I Part I (2)(k)" + ], + "source_role": "LEGAL_BASIS" + }, + { + "obligation_id": "log_integrity_immutability", + "regulation": "CRA", + "family": "logging", + "tier": "LEGAL_MINIMUM", + "citation_units": [ + "Annex I Part I (2)(k)" + ], + "source_role": "LEGAL_BASIS" + }, + { + "obligation_id": "log_access_control_protection", + "regulation": "CRA", + "family": "logging", + "tier": "LEGAL_MINIMUM", + "citation_units": [ + "Annex I Part I (2)(k)" + ], + "source_role": "LEGAL_BASIS" + }, + { + "obligation_id": "log_retention_archival", + "regulation": "CRA", + "family": "logging", + "tier": "BEST_PRACTICE", + "citation_units": [], + "source_role": "GUIDANCE" + }, + { + "obligation_id": "centralized_log_management", + "regulation": "CRA", + "family": "logging", + "tier": "BEST_PRACTICE", + "citation_units": [], + "source_role": "GUIDANCE" + }, + { + "obligation_id": "log_monitoring_alerting", + "regulation": "CRA", + "family": "logging", + "tier": "LEGAL_MINIMUM", + "citation_units": [ + "Annex I Part I (2)(k)" + ], + "source_role": "LEGAL_BASIS" + }, + { + "obligation_id": "log_data_minimization_privacy", + "regulation": "CRA", + "family": "logging", + "tier": "BEST_PRACTICE", + "citation_units": [], + "source_role": "GUIDANCE" + }, + { + "obligation_id": "log_format_standardization", + "regulation": "CRA", + "family": "logging", + "tier": "BEST_PRACTICE", + "citation_units": [], + "source_role": "GUIDANCE" + }, + { + "obligation_id": "log_timestamp_synchronization", + "regulation": "CRA", + "family": "logging", + "tier": "BEST_PRACTICE", + "citation_units": [], + "source_role": "GUIDANCE" + }, + { + "obligation_id": "logging_availability_resilience", + "regulation": "CRA", + "family": "logging", + "tier": "BEST_PRACTICE", + "citation_units": [], + "source_role": "GUIDANCE" + }, + { + "obligation_id": "logging_thread_safety_correctness", + "regulation": "CRA", + "family": "logging", + "tier": "BEST_PRACTICE", + "citation_units": [], + "source_role": "IMPLEMENTATION" + }, + { + "obligation_id": "logging_library_supply_chain", + "regulation": "CRA", + "family": "logging", + "tier": "BEST_PRACTICE", + "citation_units": [], + "source_role": "GUIDANCE" + }, + { + "obligation_id": "logging_config_management", + "regulation": "CRA", + "family": "logging", + "tier": "BEST_PRACTICE", + "citation_units": [], + "source_role": "GUIDANCE" + }, + { + "obligation_id": "logging_governance_roles", + "regulation": "CRA", + "family": "logging", + "tier": "BEST_PRACTICE", + "citation_units": [], + "source_role": "GUIDANCE" + }, + { + "obligation_id": "incident_response_logging", + "regulation": "CRA", + "family": "logging", + "tier": "BEST_PRACTICE", + "citation_units": [], + "source_role": "GUIDANCE" + }, + { + "obligation_id": "log_transmission_security", + "regulation": "CRA", + "family": "logging", + "tier": "BEST_PRACTICE", + "citation_units": [], + "source_role": "GUIDANCE" + }, + { + "obligation_id": "network_traffic_logging", + "regulation": "CRA", + "family": "logging", + "tier": "BEST_PRACTICE", + "citation_units": [], + "source_role": "GUIDANCE" } ] } \ No newline at end of file diff --git a/scripts/obligation_discovery/precluster.py b/scripts/obligation_discovery/precluster.py index 254ea5cb..ed81294b 100644 --- a/scripts/obligation_discovery/precluster.py +++ b/scripts/obligation_discovery/precluster.py @@ -19,6 +19,9 @@ SCOPES = { "vuln": ["%schwachstellenbehandl%", "%schwachstellenmanagement%", "%vulnerability handling%", "%coordinated vulnerab%", "%vulnerability disclosure%", "%cvd-konzept%"], "auth": ["%authentisierung%", "%authentifizierung%", "%authentication%"], + "logging": ["%logging%", "%protokollierung%", "%audit-log%", "%audit-trail%", + "%ereignisprotokoll%", "%sicherheitsprotokoll%", "%audit-protokoll%", + "%log-management%", "%sicherheitsereignis%protokoll%", "%audit-trail%"], }