feat(bridge): export 7 accepted CRA->OWASP controls for obligation_id proposal
CI / detect-changes (push) Successful in 5s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / secret-scan (push) Has been skipped
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / build-sha-integrity (push) Successful in 9s
CI / validate-canonical-controls (push) Successful in 5s
CI / loc-budget (push) Successful in 23s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Has been skipped
CI / test-go (push) Has been skipped
CI / iace-gt-coverage (push) Has been skipped
CI / test-python-backend (push) Has been skipped
CI / test-python-document-crawler (push) Has been skipped
CI / test-python-dsms-gateway (push) Has been skipped
CI / detect-changes (push) Successful in 5s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / secret-scan (push) Has been skipped
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / build-sha-integrity (push) Successful in 9s
CI / validate-canonical-controls (push) Successful in 5s
CI / loc-budget (push) Successful in 23s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Has been skipped
CI / test-go (push) Has been skipped
CI / iace-gt-coverage (push) Has been skipped
CI / test-python-backend (push) Has been skipped
CI / test-python-document-crawler (push) Has been skipped
CI / test-python-dsms-gateway (push) Has been skipped
obligations/controls_for_obligation_mapping.json — the Compliance Execution Graph's accepted controls (V6 auth / V11 crypto / V16 logging) handed to the Obligation Registry to propose the SEMANTIC control->obligation_id, replacing the coarse citation_unit interim join (Befund 1). Registry fills proposed_obligation_id; we then adopt it into control_mapping.obligation_id. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -0,0 +1,71 @@
|
||||
{
|
||||
"schema_version": "controls_for_obligation_mapping_v1",
|
||||
"purpose": "Accepted CRA->OWASP controls (Compliance Execution Graph) for the Obligation Registry to propose the SEMANTIC control->obligation_id, replacing the coarse citation_unit interim join. Fill proposed_obligation_id per control, then we adopt it into control_mapping.obligation_id.",
|
||||
"source": "ai-compliance-sdk control_mappings, mapping_status=accepted, reviewed_by=benjamin 2026-06-25",
|
||||
"count": 7,
|
||||
"controls": [
|
||||
{
|
||||
"framework": "OWASP ASVS",
|
||||
"control": "V6.3.1",
|
||||
"source_norm": "CRA Annex I Part I (2)(c) — Schutz vor unbefugtem Zugriff",
|
||||
"citation_unit": "Annex I (2)(c)",
|
||||
"family": "auth",
|
||||
"mapping_type": "supports",
|
||||
"proposed_obligation_id": ""
|
||||
},
|
||||
{
|
||||
"framework": "OWASP ASVS",
|
||||
"control": "V6.1.1",
|
||||
"source_norm": "CRA Annex I Part I (2)(c) — Schutz vor unbefugtem Zugriff",
|
||||
"citation_unit": "Annex I (2)(c)",
|
||||
"family": "auth",
|
||||
"mapping_type": "supports",
|
||||
"proposed_obligation_id": ""
|
||||
},
|
||||
{
|
||||
"framework": "OWASP ASVS",
|
||||
"control": "V11.2.1",
|
||||
"source_norm": "CRA Annex I Part I (2)(d) — Vertraulichkeit / Verschluesselung",
|
||||
"citation_unit": "Annex I (2)(d)",
|
||||
"family": "crypto",
|
||||
"mapping_type": "supports",
|
||||
"proposed_obligation_id": ""
|
||||
},
|
||||
{
|
||||
"framework": "OWASP ASVS",
|
||||
"control": "V11.7.1",
|
||||
"source_norm": "CRA Annex I Part I (2)(d) — Vertraulichkeit / Verschluesselung",
|
||||
"citation_unit": "Annex I (2)(d)",
|
||||
"family": "crypto",
|
||||
"mapping_type": "supports",
|
||||
"proposed_obligation_id": ""
|
||||
},
|
||||
{
|
||||
"framework": "OWASP ASVS",
|
||||
"control": "V16.3.3",
|
||||
"source_norm": "CRA Annex I Part I (2)(k) — Sicherheitsrelevante Ereignisse / Logging",
|
||||
"citation_unit": "Annex I (2)(k)",
|
||||
"family": "logging",
|
||||
"mapping_type": "supports",
|
||||
"proposed_obligation_id": ""
|
||||
},
|
||||
{
|
||||
"framework": "OWASP ASVS",
|
||||
"control": "V16.3.4",
|
||||
"source_norm": "CRA Annex I Part I (2)(k) — Sicherheitsrelevante Ereignisse / Logging",
|
||||
"citation_unit": "Annex I (2)(k)",
|
||||
"family": "logging",
|
||||
"mapping_type": "supports",
|
||||
"proposed_obligation_id": ""
|
||||
},
|
||||
{
|
||||
"framework": "OWASP ASVS",
|
||||
"control": "V16.1.1",
|
||||
"source_norm": "CRA Annex I Part I (2)(k) — Sicherheitsrelevante Ereignisse / Logging",
|
||||
"citation_unit": "Annex I (2)(k)",
|
||||
"family": "logging",
|
||||
"mapping_type": "supports",
|
||||
"proposed_obligation_id": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user