Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/main' into feat/obligation-aggregation

Browse Source
This commit is contained in:
Benjamin Admin
2026-06-25 11:41:00 +02:00
parent c090617afd c5ecfa8f6c
commit 5e3ed4071b
1 changed files with 71 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
obligations/controls_for_obligation_mapping.json
+71
View File
@@ -0,0 +1,71 @@
{
"schema_version": "controls_for_obligation_mapping_v1",
"purpose": "Accepted CRA->OWASP controls (Compliance Execution Graph) for the Obligation Registry to propose the SEMANTIC control->obligation_id, replacing the coarse citation_unit interim join. Fill proposed_obligation_id per control, then we adopt it into control_mapping.obligation_id.",
"source": "ai-compliance-sdk control_mappings, mapping_status=accepted, reviewed_by=benjamin 2026-06-25",
"count": 7,
"controls": [
{
"framework": "OWASP ASVS",
"control": "V6.3.1",
"source_norm": "CRA Annex I Part I (2)(c) — Schutz vor unbefugtem Zugriff",
"citation_unit": "Annex I (2)(c)",
"family": "auth",
"mapping_type": "supports",
"proposed_obligation_id": ""
},
{
"framework": "OWASP ASVS",
"control": "V6.1.1",
"source_norm": "CRA Annex I Part I (2)(c) — Schutz vor unbefugtem Zugriff",
"citation_unit": "Annex I (2)(c)",
"family": "auth",
"mapping_type": "supports",
"proposed_obligation_id": ""
},
{
"framework": "OWASP ASVS",
"control": "V11.2.1",
"source_norm": "CRA Annex I Part I (2)(d) — Vertraulichkeit / Verschluesselung",
"citation_unit": "Annex I (2)(d)",
"family": "crypto",
"mapping_type": "supports",
"proposed_obligation_id": ""
},
{
"framework": "OWASP ASVS",
"control": "V11.7.1",
"source_norm": "CRA Annex I Part I (2)(d) — Vertraulichkeit / Verschluesselung",
"citation_unit": "Annex I (2)(d)",
"family": "crypto",
"mapping_type": "supports",
"proposed_obligation_id": ""
},
{
"framework": "OWASP ASVS",
"control": "V16.3.3",
"source_norm": "CRA Annex I Part I (2)(k) — Sicherheitsrelevante Ereignisse / Logging",
"citation_unit": "Annex I (2)(k)",
"family": "logging",
"mapping_type": "supports",
"proposed_obligation_id": ""
},
{
"framework": "OWASP ASVS",
"control": "V16.3.4",
"source_norm": "CRA Annex I Part I (2)(k) — Sicherheitsrelevante Ereignisse / Logging",
"citation_unit": "Annex I (2)(k)",
"family": "logging",
"mapping_type": "supports",
"proposed_obligation_id": ""
},
{
"framework": "OWASP ASVS",
"control": "V16.1.1",
"source_norm": "CRA Annex I Part I (2)(k) — Sicherheitsrelevante Ereignisse / Logging",
"citation_unit": "Annex I (2)(k)",
"family": "logging",
"mapping_type": "supports",
"proposed_obligation_id": ""
}
]
}