Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: #5b materialize capability layer (Modell C) — capabilities.json + cra_core.json

Browse Source 
User-Entscheidung Modell C + objective_tags-Safeguard (Tags, keine Klasse). Deterministisch
via materialize_capabilities.py:
- obligations/capabilities.json: 5 Capabilities (multi_factor_authentication/session_management/
  transport_encryption/code_signing/security_monitoring_alerting), realized_by (n:m) +
  guidance_basis KANONISCH hochgezogen. access_control gedroppt (OVERLAP).
- obligations/cra_core.json: 2 CORE-Sicherheitsziele (attack_surface_minimization (2)(j)/CM-7 +
  software_integrity_protection (2)(f)/SI-7) -> fuellt den #4-NIST-Gap.
- DOMAIN specializes->CORE (remote_access_attack_surface_min, component_remote_interface_security,
  signed_update_integrity, firmware_software_authentication) + objective_tags.
- Merge: vuln_remediation_patching -> deprecated_alias von provide_security_updates.
- remote_access_data_export_protection bleibt BEST_PRACTICE (pending Data-Act-Scope).
- join_keys 93->95 (core 2). Bidirektional validiert.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-26 00:54:23 +02:00
parent c72fd3eb5a
commit 4e761c1363
8 changed files with 552 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
obligations/cra_remote_access.json
+12 -3
View File
@@ -1187,7 +1187,11 @@
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "remote_access"
"family": "remote_access",
"specializes": "attack_surface_minimization",
"objective_tags": [
"attack_surface"
]
},
{
"id": "remote_access_vuln_patch_mgmt",
@@ -1465,7 +1469,8 @@
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "remote_access"
"family": "remote_access",
"tier_note": "Bleibt BEST_PRACTICE (NICHT LM) bis Data-Act/Export-Scope sauber ist (User #5b.6). Evtl. Capability-or-Procedure statt Obligation."
},
{
"id": "component_remote_interface_security",
@@ -1508,7 +1513,11 @@
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "remote_access"
"family": "remote_access",
"specializes": "attack_surface_minimization",
"objective_tags": [
"attack_surface"
]
},
{
"id": "remote_access_fallback_concept",