feat: #5b materialize capability layer (Modell C) — capabilities.json + cra_core.json · 4e761c1363 - breakpilot-compliance

feat: #5b materialize capability layer (Modell C) — capabilities.json + cra_core.json

User-Entscheidung Modell C + objective_tags-Safeguard (Tags, keine Klasse). Deterministisch
via materialize_capabilities.py:
- obligations/capabilities.json: 5 Capabilities (multi_factor_authentication/session_management/
  transport_encryption/code_signing/security_monitoring_alerting), realized_by (n:m) +
  guidance_basis KANONISCH hochgezogen. access_control gedroppt (OVERLAP).
- obligations/cra_core.json: 2 CORE-Sicherheitsziele (attack_surface_minimization (2)(j)/CM-7 +
  software_integrity_protection (2)(f)/SI-7) -> fuellt den #4-NIST-Gap.
- DOMAIN specializes->CORE (remote_access_attack_surface_min, component_remote_interface_security,
  signed_update_integrity, firmware_software_authentication) + objective_tags.
- Merge: vuln_remediation_patching -> deprecated_alias von provide_security_updates.
- remote_access_data_export_protection bleibt BEST_PRACTICE (pending Data-Act-Scope).
- join_keys 93->95 (core 2). Bidirektional validiert.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

This commit is contained in:

Benjamin Admin

2026-06-26 00:54:23 +02:00

parent c72fd3eb5a

commit 4e761c1363

8 changed files with 552 additions and 7 deletions

									
										obligations/cra_authentication.json
									
		+5
		-1
	
												View File
												
				@@ -10281,7 +10281,11 @@

				    "cluster_size": 4,

				    "llm_model": "claude-opus-4-8",

				    "synthesis_version": "v1"

				   }

				   },

				   "specializes": "software_integrity_protection",

				   "objective_tags": [

				    "integrity"

				   ]

				  }

				 ],

				 "relationships": [