refactor(cra): pull Machinery-Reg obligations from Controls-API, drop hardcode
Machinery Regulation 2023/1230 cyber-with-safety obligations are already in the shared Controls-API (use_case=maschinen, atom-grain, classified, license-clean) — so remove the hand-authored machinery_reg_cyber.py spine. The readiness check now fetches them from use_case=maschinen (sub_topics sicherheitsanforderungen -> code, risikomanagement -> process, konformitaetsbewertung -> document), tagged source "Maschinen-VO" alongside the CRA obligations. Same pattern as the security cluster; no own formulation, no license question. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -1,50 +0,0 @@
|
|||||||
"""Machinery Regulation (EU) 2023/1230 — the NEW cyber-with-safety essential
|
|
||||||
requirements (Annex III). Applies from 20 Jan 2027 and, for the first time,
|
|
||||||
puts cybersecurity-affecting-safety into the CE machinery framework — the
|
|
||||||
counterpart to the CRA for machine/plant builders.
|
|
||||||
|
|
||||||
Own-words summaries of the regulation text (EU legal texts are freely reusable
|
|
||||||
incl. commercial with source acknowledgement, Commission Decision 2011/833/EU).
|
|
||||||
We do NOT reproduce verbatim, and harmonised standards (prEN 50742, EN ISO 13849,
|
|
||||||
EN ISO 12100) are referenced BY IDENTIFIER ONLY — they are copyrighted (CEN/ISO).
|
|
||||||
|
|
||||||
Scope note: only the two well-corroborated Annex III cyber clauses (1.1.9, 1.2.1)
|
|
||||||
are modelled. Further clauses are intentionally omitted rather than guessed.
|
|
||||||
"""
|
|
||||||
|
|
||||||
SOURCE_REGULATION = "Maschinenverordnung (EU) 2023/1230"
|
|
||||||
|
|
||||||
MACHINERY_REG_CYBER = [
|
|
||||||
{
|
|
||||||
"req_id": "MR-1.1.9",
|
|
||||||
"annex_anchor": "Anhang III, 1.1.9",
|
|
||||||
"title": "Schutz vor Korruption/Manipulation",
|
|
||||||
"category": "Manipulationsschutz",
|
|
||||||
"description": (
|
|
||||||
"Vernetzung oder Fernzugriff darf keine gefaehrliche Situation ausloesen. "
|
|
||||||
"Sicherheitsrelevante Hardware, Software und uebertragene Signale muessen identifiziert und "
|
|
||||||
"gegen versehentliche wie absichtliche Manipulation geschuetzt werden; Eingriffe in "
|
|
||||||
"sicherheitsrelevante Software/Konfiguration muessen als legitim oder unzulaessig "
|
|
||||||
"nachvollziehbar (protokolliert) sein."
|
|
||||||
),
|
|
||||||
"severity": "HIGH",
|
|
||||||
"evidence_type": "hybrid",
|
|
||||||
"norm_references": ["Maschinenverordnung (EU) 2023/1230, Anhang III, 1.1.9", "prEN 50742 (Entwurf)"],
|
|
||||||
"source_regulation": SOURCE_REGULATION,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"req_id": "MR-1.2.1",
|
|
||||||
"annex_anchor": "Anhang III, 1.2.1",
|
|
||||||
"title": "Sicherheit und Zuverlaessigkeit der Steuerungen",
|
|
||||||
"category": "Steuerungssicherheit",
|
|
||||||
"description": (
|
|
||||||
"Steuerungen sind so auszulegen, dass Fehler, aeussere Einfluesse (auch Funkstoerungen), "
|
|
||||||
"Bedienfehler und vernuenftigerweise vorhersehbare Manipulationsversuche Dritter zu keiner "
|
|
||||||
"gefaehrlichen Situation fuehren — die Sicherheit der Sicherheitsfunktionen muss erhalten bleiben."
|
|
||||||
),
|
|
||||||
"severity": "HIGH",
|
|
||||||
"evidence_type": "code",
|
|
||||||
"norm_references": ["Maschinenverordnung (EU) 2023/1230, Anhang III, 1.2.1", "EN ISO 13849", "prEN 50742 (Entwurf)"],
|
|
||||||
"source_regulation": SOURCE_REGULATION,
|
|
||||||
},
|
|
||||||
]
|
|
||||||
Reference in New Issue
Block a user