From e091bbc85597a21b88e530fb70f487451c28bbab Mon Sep 17 00:00:00 2001 From: Benjamin Admin Date: Mon, 13 Apr 2026 12:45:10 +0200 Subject: [PATCH] =?UTF-8?q?feat:=20ZVT/OPI/Terminal=20Controls=20=E2=80=94?= =?UTF-8?q?=20408=20total=20(9=20neue=20Domaenen)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit +90 Controls fuer Terminal-Protokollverhalten: - ZVTCORE (10): Rahmenstruktur, Parser, Feldvalidierung - ZVTFLOW (10): Kommandosequenzen, Zustandsuebergaenge - ZVTERROR (10): Fehlercodes, Klassifikation, Eskalation - ZVTTIME (10): Timeouts, Retry, Busy-States - OPICORE (10): Nachrichtenstruktur, Schema, Parser - OPIFLOW (10): Ablaufsteuerung, Korrelation, Recovery - PROTOINT (10): Protokollkonverter, Mapping, Adapter - TERMSTATE (10): Terminalzustaende, Reconnect, Safe States - TERMREC (10): Belegdaten, Validierung, Datenschutz 408 Controls total (war 318), 35 Domaenen Co-Authored-By: Claude Opus 4.6 (1M context) --- .../policies/payment_controls_v1.json | 1130 +++++++++++++++++ 1 file changed, 1130 insertions(+) diff --git a/ai-compliance-sdk/policies/payment_controls_v1.json b/ai-compliance-sdk/policies/payment_controls_v1.json index ccd6652..da359a0 100644 --- a/ai-compliance-sdk/policies/payment_controls_v1.json +++ b/ai-compliance-sdk/policies/payment_controls_v1.json @@ -142,6 +142,56 @@ "id": "OPS", "name": "Operations & Runbooks", "description": "Betriebsprozesse, Runbooks, Wartung, Recovery" + }, + { + "id": "ZVTCORE", + "name": "ZVT Core Protocol", + "description": "ZVT-Rahmenstruktur, Parser, Feldvalidierung, Kodierung" + }, + { + "id": "ZVTFLOW", + "name": "ZVT Protocol Flow", + "description": "ZVT-Kommandosequenzen, Zustandsuebergaenge, Sitzungslogik" + }, + { + "id": "ZVTERROR", + "name": "ZVT Error Handling", + "description": "ZVT-Fehlercodes, Fehlerklassifikation, Eskalation" + }, + { + "id": "ZVTTIME", + "name": "ZVT Timing & Timeout", + "description": "ZVT-Timeouts, Retry, Busy-States, Zeitsteuerung" + }, + { + "id": "OPICORE", + "name": "OPI Core Protocol", + "description": "OPI-Nachrichtenstruktur, Schema, Validierung, Parser" + }, + { + "id": "OPIFLOW", + "name": "OPI Protocol Flow", + "description": "OPI-Ablaufsteuerung, Korrelation, Storno, Recovery" + }, + { + "id": "PROTOINT", + "name": "Protocol Integration", + "description": "Protokollkonverter, Mapping, Serialisierung, Adapter" + }, + { + "id": "TERMSTATE", + "name": "Terminal State Management", + "description": "Terminalzustaende, Busy, Reconnect, Sicherheitsflags" + }, + { + "id": "TERMREC", + "name": "Terminal Receipt & Records", + "description": "Belegdaten, Validierung, Zuordnung, Datenschutz" + }, + { + "id": "TERMSYNC", + "name": "Terminal Synchronization", + "description": "Abgleich, Settlement, Offline-Sync, Konsistenz" } ], "controls": [ @@ -3939,6 +3989,1086 @@ "reporting_docs" ], "automation": "low" + }, + { + "control_id": "ZVTCORE-001", + "domain": "ZVTCORE", + "title": "ZVT-Nachrichten auf vollstaendige Rahmenstruktur geprueft", + "objective": "Verhindert Verarbeitung beschaedigter Frames", + "check_target": "code", + "evidence": [ + "source_code", + "protocol_tests" + ], + "automation": "high" + }, + { + "control_id": "ZVTCORE-002", + "domain": "ZVTCORE", + "title": "Unbekannte ZVT-Kommandos definiert abgewiesen", + "objective": "Verhindert undefiniertes Verhalten", + "check_target": "code", + "evidence": [ + "source_code", + "protocol_tests" + ], + "automation": "high" + }, + { + "control_id": "ZVTCORE-003", + "domain": "ZVTCORE", + "title": "ZVT-Nachrichtenlaengen vor Verarbeitung validiert", + "objective": "Verhindert Parser-Ueberlaeufe", + "check_target": "code", + "evidence": [ + "source_code", + "fuzz_tests" + ], + "automation": "high" + }, + { + "control_id": "ZVTCORE-004", + "domain": "ZVTCORE", + "title": "Feldgrenzen in ZVT-Datenstrukturen strikt eingehalten", + "objective": "Verhindert Fehlinterpretation", + "check_target": "code", + "evidence": [ + "source_code", + "schema_tests" + ], + "automation": "high" + }, + { + "control_id": "ZVTCORE-005", + "domain": "ZVTCORE", + "title": "Optionale ZVT-Felder nur bei formaler Korrektheit verarbeitet", + "objective": "Verhindert Fehlannahmen", + "check_target": "code", + "evidence": [ + "source_code", + "negative_tests" + ], + "automation": "medium" + }, + { + "control_id": "ZVTCORE-006", + "domain": "ZVTCORE", + "title": "Unerwartete Feldreihenfolgen kontrolliert behandelt", + "objective": "Verhindert Parserdrift", + "check_target": "code", + "evidence": [ + "source_code", + "protocol_tests" + ], + "automation": "medium" + }, + { + "control_id": "ZVTCORE-007", + "domain": "ZVTCORE", + "title": "Parser trennt Transport- von fachlichen Zahlungsfehlern", + "objective": "Korrekte Fehlerbehandlung und Retry", + "check_target": "code", + "evidence": [ + "source_code", + "error_mapping" + ], + "automation": "medium" + }, + { + "control_id": "ZVTCORE-008", + "domain": "ZVTCORE", + "title": "Reservierte/verbotene Werte in ZVT-Frames erkannt", + "objective": "Verhindert unsaubere Verarbeitung", + "check_target": "code", + "evidence": [ + "source_code", + "negative_tests" + ], + "automation": "medium" + }, + { + "control_id": "ZVTCORE-009", + "domain": "ZVTCORE", + "title": "Definierte Zeichensaetze und Kodierungen verwendet", + "objective": "Verhindert Fehlinterpretation von Belegdaten", + "check_target": "code", + "evidence": [ + "source_code", + "protocol_docs" + ], + "automation": "medium" + }, + { + "control_id": "ZVTCORE-010", + "domain": "ZVTCORE", + "title": "ZVT-Nachrichten vor Fachlogik normalisiert und typisiert", + "objective": "Reduziert Parserkomplexitaet", + "check_target": "code", + "evidence": [ + "source_code", + "unit_test" + ], + "automation": "medium" + }, + { + "control_id": "ZVTFLOW-001", + "domain": "ZVTFLOW", + "title": "Zahlung erst nach Protokollinitialisierung gesendet", + "objective": "Verhindert fehlerhafte Sequenzen", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "medium" + }, + { + "control_id": "ZVTFLOW-002", + "domain": "ZVTFLOW", + "title": "Kommandos nur in zulaessigen Zustaenden ausgeloest", + "objective": "Verhindert ungueltige Kommandofolgen", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "medium" + }, + { + "control_id": "ZVTFLOW-003", + "domain": "ZVTFLOW", + "title": "Parallele Zahlungen auf gleicher Verbindung serialisiert", + "objective": "Verhindert kollidierende Ablaeufe", + "check_target": "code", + "evidence": [ + "source_code", + "concurrency_tests" + ], + "automation": "medium" + }, + { + "control_id": "ZVTFLOW-004", + "domain": "ZVTFLOW", + "title": "Statusabfragen veraendern Zahlungszustand nicht", + "objective": "Verhindert Seiteneffekte diagnostischer Ops", + "check_target": "code", + "evidence": [ + "source_code", + "protocol_tests" + ], + "automation": "medium" + }, + { + "control_id": "ZVTFLOW-005", + "domain": "ZVTFLOW", + "title": "Abbruchkommandos nur in zulaessigen Phasen", + "objective": "Verhindert inkonsistente Abbruchzustaende", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "medium" + }, + { + "control_id": "ZVTFLOW-006", + "domain": "ZVTFLOW", + "title": "Storno referenziert eindeutig Ursprungstransaktion", + "objective": "Verhindert falsche Zuordnung", + "check_target": "code", + "evidence": [ + "source_code", + "db_schema" + ], + "automation": "medium" + }, + { + "control_id": "ZVTFLOW-007", + "domain": "ZVTFLOW", + "title": "Wiederanlauf nur mit eindeutigem Transaktionskontext", + "objective": "Verhindert doppelte Fortsetzung", + "check_target": "code", + "evidence": [ + "source_code", + "reconnect_tests" + ], + "automation": "low" + }, + { + "control_id": "ZVTFLOW-008", + "domain": "ZVTFLOW", + "title": "Terminalseitige Zwischenzustaende vor Folgebefehlen beruecksichtigt", + "objective": "Verhindert vorschnelle Kommandos", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "medium" + }, + { + "control_id": "ZVTFLOW-009", + "domain": "ZVTFLOW", + "title": "Async Rueckmeldungen korrekt zugeordnet", + "objective": "Verhindert Vermischung paralleler Sitzungen", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "ZVTFLOW-010", + "domain": "ZVTFLOW", + "title": "Nach Transaktionsende expliziter Idle-Zustand", + "objective": "Verhindert haengende Sitzungskontexte", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "medium" + }, + { + "control_id": "ZVTERROR-001", + "domain": "ZVTERROR", + "title": "ZVT-Fehlercodes vollstaendig auf interne Klassen gemappt", + "objective": "Konsistente Fehlerbehandlung", + "check_target": "code", + "evidence": [ + "source_code", + "error_mapping" + ], + "automation": "medium" + }, + { + "control_id": "ZVTERROR-002", + "domain": "ZVTERROR", + "title": "Unbekannte Fehlercodes fuehren nicht zu Erfolgsbewertung", + "objective": "Verhindert False Positives", + "check_target": "code", + "evidence": [ + "source_code", + "negative_tests" + ], + "automation": "high" + }, + { + "control_id": "ZVTERROR-003", + "domain": "ZVTERROR", + "title": "Transport- und Terminalablehnungen erzeugen unterschiedliche Folgeaktionen", + "objective": "Korrekte Retry-Entscheidungen", + "check_target": "code", + "evidence": [ + "source_code", + "error_mode_tests" + ], + "automation": "medium" + }, + { + "control_id": "ZVTERROR-004", + "domain": "ZVTERROR", + "title": "Fehler ohne Transaktionskontext als unvollstaendig markiert", + "objective": "Verhindert unpruefbare Abschluesse", + "check_target": "code", + "evidence": [ + "source_code", + "db_schema" + ], + "automation": "medium" + }, + { + "control_id": "ZVTERROR-005", + "domain": "ZVTERROR", + "title": "Wiederholte Protokollfehler fuehren zu Eskalation/Reset", + "objective": "Verhindert korrupte Kommunikation", + "check_target": "code", + "evidence": [ + "source_code", + "reliability_tests" + ], + "automation": "low" + }, + { + "control_id": "ZVTERROR-006", + "domain": "ZVTERROR", + "title": "Belegdruckfehler ueberschreiben nicht Zahlungsstatus", + "objective": "Trennt Zahlungs- von Nebenfehlern", + "check_target": "code", + "evidence": [ + "source_code", + "protocol_tests" + ], + "automation": "low" + }, + { + "control_id": "ZVTERROR-007", + "domain": "ZVTERROR", + "title": "Bediener- und technischer Abbruch getrennt ausgewiesen", + "objective": "Aussagekraft im Audit/Support", + "check_target": "code", + "evidence": [ + "source_code", + "error_mapping" + ], + "automation": "medium" + }, + { + "control_id": "ZVTERROR-008", + "domain": "ZVTERROR", + "title": "Fehler in optionalen Erweiterungen beeintraechtigen Kernablauf nicht", + "objective": "Begrenzt Seiteneffekte", + "check_target": "code", + "evidence": [ + "source_code", + "negative_tests" + ], + "automation": "low" + }, + { + "control_id": "ZVTERROR-009", + "domain": "ZVTERROR", + "title": "Mehrdeutige Antworten als inkonsistenter Fehlerzustand behandelt", + "objective": "Verhindert unsichere Interpretation", + "check_target": "code", + "evidence": [ + "source_code", + "negative_tests" + ], + "automation": "low" + }, + { + "control_id": "ZVTERROR-010", + "domain": "ZVTERROR", + "title": "Fehlerzustaende erzeugen auditierbare Ereignisse", + "objective": "Nachvollziehbarkeit bei Protokollproblemen", + "check_target": "system", + "evidence": [ + "audit_log_sample", + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "ZVTTIME-001", + "domain": "ZVTTIME", + "title": "Antwort-Timeouts je ZVT-Kommando explizit definiert", + "objective": "Verhindert unkontrollierte Haenger", + "check_target": "config", + "evidence": [ + "source_code", + "config" + ], + "automation": "medium" + }, + { + "control_id": "ZVTTIME-002", + "domain": "ZVTTIME", + "title": "Timeouts differenziert nach Protokollphase", + "objective": "Realistische Zeitsteuerung", + "check_target": "code", + "evidence": [ + "source_code", + "timeout_tests" + ], + "automation": "medium" + }, + { + "control_id": "ZVTTIME-003", + "domain": "ZVTTIME", + "title": "Nach Timeout Protokollzustand explizit bereinigt", + "objective": "Verhindert haengende Sitzungen", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "medium" + }, + { + "control_id": "ZVTTIME-004", + "domain": "ZVTTIME", + "title": "Zeitkritische Nachrichten nicht durch Anwendungslogik verzoegert", + "objective": "Verhindert selbstverursachte Abbrueche", + "check_target": "code", + "evidence": [ + "source_code", + "performance_tests" + ], + "automation": "low" + }, + { + "control_id": "ZVTTIME-005", + "domain": "ZVTTIME", + "title": "Retry-Intervalle definiert und begrenzt", + "objective": "Verhindert aggressives Wiederholen", + "check_target": "code", + "evidence": [ + "source_code", + "retry_logic" + ], + "automation": "medium" + }, + { + "control_id": "ZVTTIME-006", + "domain": "ZVTTIME", + "title": "Verspaetete Antworten nach Timeout nicht als aktuell akzeptiert", + "objective": "Verhindert Fehlzuordnung", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "ZVTTIME-007", + "domain": "ZVTTIME", + "title": "Konfigurierbare Zeitwerte mit Mindest-/Hoechstgrenzen", + "objective": "Verhindert riskante Einstellungen", + "check_target": "config", + "evidence": [ + "config_validation", + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "ZVTTIME-008", + "domain": "ZVTTIME", + "title": "Busy-Zustaende zeitlich ueberwacht", + "objective": "Verhindert endloses Warten", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "low" + }, + { + "control_id": "ZVTTIME-009", + "domain": "ZVTTIME", + "title": "Zeitbezogene Events mit korrelierbarem Zeitstempel", + "objective": "Diagnose von Latenzproblemen", + "check_target": "system", + "evidence": [ + "log_samples", + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "ZVTTIME-010", + "domain": "ZVTTIME", + "title": "Timeout-Abbrueche fuehren nicht automatisch zu Stornierung", + "objective": "Verhindert falsche Schlussfolgerungen", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "low" + }, + { + "control_id": "OPICORE-001", + "domain": "OPICORE", + "title": "OPI-Nachrichten auf Schema- und Pflichtfeldkonformitaet geprueft", + "objective": "Verhindert ungueltige Anfragen/Antworten", + "check_target": "code", + "evidence": [ + "source_code", + "schema_tests" + ], + "automation": "high" + }, + { + "control_id": "OPICORE-002", + "domain": "OPICORE", + "title": "OPI-Nachrichtentypen eindeutig klassifiziert und geroutet", + "objective": "Verhindert Fehlbehandlung", + "check_target": "code", + "evidence": [ + "source_code", + "protocol_tests" + ], + "automation": "medium" + }, + { + "control_id": "OPICORE-003", + "domain": "OPICORE", + "title": "Unbekannte OPI-Felder/Erweiterungen kontrolliert behandelt", + "objective": "Robustheit gegenueber Versionen", + "check_target": "code", + "evidence": [ + "source_code", + "compatibility_tests" + ], + "automation": "medium" + }, + { + "control_id": "OPICORE-004", + "domain": "OPICORE", + "title": "OPI-Korrelationskennungen strikt validiert", + "objective": "Verhindert Kontextvermischung", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "high" + }, + { + "control_id": "OPICORE-005", + "domain": "OPICORE", + "title": "Widerspruechliche Pflichtinfos abgewiesen", + "objective": "Verhindert inkonsistente Verarbeitung", + "check_target": "code", + "evidence": [ + "source_code", + "negative_tests" + ], + "automation": "high" + }, + { + "control_id": "OPICORE-006", + "domain": "OPICORE", + "title": "Datum/Betrag/Waehrung typisiert und semantisch validiert", + "objective": "Verhindert manipulative Nutzlasten", + "check_target": "code", + "evidence": [ + "source_code", + "validation_tests" + ], + "automation": "high" + }, + { + "control_id": "OPICORE-007", + "domain": "OPICORE", + "title": "Protokollfehler und Geschaeftsantworten sauber getrennt", + "objective": "Korrekte Folgeentscheidungen", + "check_target": "code", + "evidence": [ + "source_code", + "error_mapping" + ], + "automation": "medium" + }, + { + "control_id": "OPICORE-008", + "domain": "OPICORE", + "title": "OPI-Payloads vor Logging/Persistenz maskiert", + "objective": "Verhindert Datenabfluss aus Nachrichten", + "check_target": "code", + "evidence": [ + "source_code", + "log_samples" + ], + "automation": "medium" + }, + { + "control_id": "OPICORE-009", + "domain": "OPICORE", + "title": "Protokollversion und Kompatibilitaet explizit geprueft", + "objective": "Verhindert verdeckte Inkompatibilitaeten", + "check_target": "code", + "evidence": [ + "source_code", + "compatibility_tests" + ], + "automation": "medium" + }, + { + "control_id": "OPICORE-010", + "domain": "OPICORE", + "title": "Parser schuetzt gegen uebergrosse/verschachtelte Nutzlasten", + "objective": "Reduziert DoS-Risiko", + "check_target": "code", + "evidence": [ + "source_code", + "fuzz_tests" + ], + "automation": "medium" + }, + { + "control_id": "OPIFLOW-001", + "domain": "OPIFLOW", + "title": "OPI-Anfragen nur in zulaessiger Reihenfolge gesendet", + "objective": "Verhindert Protokollverletzungen", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "medium" + }, + { + "control_id": "OPIFLOW-002", + "domain": "OPIFLOW", + "title": "Antworten eindeutig der Anforderung zugeordnet", + "objective": "Verhindert Vermischung", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "high" + }, + { + "control_id": "OPIFLOW-003", + "domain": "OPIFLOW", + "title": "Doppelte Responses dedupliziert", + "objective": "Verhindert Mehrfachverarbeitung", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "OPIFLOW-004", + "domain": "OPIFLOW", + "title": "Stornierungen referenzieren korrekte Ursprungstransaktion", + "objective": "Verhindert falsche Folgeaktionen", + "check_target": "code", + "evidence": [ + "source_code", + "db_schema" + ], + "automation": "medium" + }, + { + "control_id": "OPIFLOW-005", + "domain": "OPIFLOW", + "title": "Async Events nur ueber definierte Zustandsuebergaenge", + "objective": "Verhindert inkonsistente Statusspruenge", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "medium" + }, + { + "control_id": "OPIFLOW-006", + "domain": "OPIFLOW", + "title": "OPI-Timeouts fuehren zu expliziten Pending/Fehler-Zustaenden", + "objective": "Verhindert unklare Bewertung", + "check_target": "code", + "evidence": [ + "source_code", + "timeout_tests" + ], + "automation": "medium" + }, + { + "control_id": "OPIFLOW-007", + "domain": "OPIFLOW", + "title": "Keine Folgeanfragen auf Basis unvollstaendiger Antworten", + "objective": "Verhindert Kettenfehler", + "check_target": "code", + "evidence": [ + "source_code", + "validation_tests" + ], + "automation": "medium" + }, + { + "control_id": "OPIFLOW-008", + "domain": "OPIFLOW", + "title": "Wiederanlaeufe unterscheiden idempotente von nicht-idempotenten Aktionen", + "objective": "Verhindert doppelte Wirkung", + "check_target": "code", + "evidence": [ + "source_code", + "retry_logic" + ], + "automation": "medium" + }, + { + "control_id": "OPIFLOW-009", + "domain": "OPIFLOW", + "title": "Dialogbeendigung hinterlaesst keinen offenen fachlichen Status", + "objective": "Verhindert haengende Kontexte", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "medium" + }, + { + "control_id": "OPIFLOW-010", + "domain": "OPIFLOW", + "title": "Workflows gegen parallele Statusaenderungen abgesichert", + "objective": "Verhindert Race Conditions", + "check_target": "code", + "evidence": [ + "source_code", + "concurrency_tests" + ], + "automation": "low" + }, + { + "control_id": "PROTOINT-001", + "domain": "PROTOINT", + "title": "Protokollkonverter erhalten alle Informationen verlustfrei", + "objective": "Verhindert semantischen Informationsverlust", + "check_target": "code", + "evidence": [ + "source_code", + "mapping_tests" + ], + "automation": "medium" + }, + { + "control_id": "PROTOINT-002", + "domain": "PROTOINT", + "title": "Keine unmoeglichen Mischzustaende aus verschiedenen Protokollen", + "objective": "Verhindert inkonsistente Aggregation", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "low" + }, + { + "control_id": "PROTOINT-003", + "domain": "PROTOINT", + "title": "Korrelationskennungen beim Protokolluebergang erhalten", + "objective": "End-to-End Nachverfolgung", + "check_target": "code", + "evidence": [ + "source_code", + "message_schema" + ], + "automation": "medium" + }, + { + "control_id": "PROTOINT-004", + "domain": "PROTOINT", + "title": "Protokollfehler in normierte interne Semantik ueberfuehrt", + "objective": "Konsistente Behandlung", + "check_target": "code", + "evidence": [ + "source_code", + "error_mapping" + ], + "automation": "medium" + }, + { + "control_id": "PROTOINT-005", + "domain": "PROTOINT", + "title": "Nicht mappbare Infos explizit kenntlich, nicht still verworfen", + "objective": "Verhindert unsichtbaren Informationsverlust", + "check_target": "code", + "evidence": [ + "source_code", + "mapping_tests" + ], + "automation": "low" + }, + { + "control_id": "PROTOINT-006", + "domain": "PROTOINT", + "title": "Interne Modelle erzwingen zulaessige Wertebereiche vor Serialisierung", + "objective": "Verhindert ungueltige Protokollnachrichten", + "check_target": "code", + "evidence": [ + "source_code", + "validation_tests" + ], + "automation": "high" + }, + { + "control_id": "PROTOINT-007", + "domain": "PROTOINT", + "title": "Serialisierung deterministisch und testbar", + "objective": "Reproduzierbarkeit", + "check_target": "code", + "evidence": [ + "source_code", + "golden_tests" + ], + "automation": "medium" + }, + { + "control_id": "PROTOINT-008", + "domain": "PROTOINT", + "title": "Parser und Serializer verwenden gleiche Feldsemantik", + "objective": "Verhindert Drift", + "check_target": "code", + "evidence": [ + "source_code", + "roundtrip_tests" + ], + "automation": "medium" + }, + { + "control_id": "PROTOINT-009", + "domain": "PROTOINT", + "title": "Protokolladapter logisch von Geschaeftsregeln getrennt", + "objective": "Reduziert Seiteneffekte", + "check_target": "architecture", + "evidence": [ + "source_code", + "design_docs" + ], + "automation": "low" + }, + { + "control_id": "PROTOINT-010", + "domain": "PROTOINT", + "title": "Protokollmapping-Aenderungen durch Regressionstests abgesichert", + "objective": "Verhindert Integrationsbrueche", + "check_target": "test", + "evidence": [ + "regression_tests", + "protocol_tests" + ], + "automation": "medium" + }, + { + "control_id": "TERMSTATE-001", + "domain": "TERMSTATE", + "title": "Terminalzustaende als explizites Modell repraesentiert", + "objective": "Klarheit und Pruefbarkeit", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "medium" + }, + { + "control_id": "TERMSTATE-002", + "domain": "TERMSTATE", + "title": "Busy-Status blockiert unzulaessige Folgekommandos", + "objective": "Verhindert Kollisionen", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "medium" + }, + { + "control_id": "TERMSTATE-003", + "domain": "TERMSTATE", + "title": "Nach Reconnect aktive Neusynchronisation", + "objective": "Verhindert veraltetes Verbindungswissen", + "check_target": "code", + "evidence": [ + "source_code", + "reconnect_tests" + ], + "automation": "low" + }, + { + "control_id": "TERMSTATE-004", + "domain": "TERMSTATE", + "title": "Ungueltige Terminal+Transaktionsstatus-Kombinationen erkannt", + "objective": "Verhindert widerspruechliche Entscheidungen", + "check_target": "code", + "evidence": [ + "source_code", + "negative_tests" + ], + "automation": "medium" + }, + { + "control_id": "TERMSTATE-005", + "domain": "TERMSTATE", + "title": "Service-/Wartungszustaende vom Zahlungsbetrieb getrennt", + "objective": "Reduziert Seiteneffekte", + "check_target": "code", + "evidence": [ + "source_code", + "auth_tests" + ], + "automation": "low" + }, + { + "control_id": "TERMSTATE-006", + "domain": "TERMSTATE", + "title": "Statusaenderungen erzeugen nachvollziehbare Backend-Events", + "objective": "Sichtbarkeit kritischer Aenderungen", + "check_target": "system", + "evidence": [ + "audit_log_sample", + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "TERMSTATE-007", + "domain": "TERMSTATE", + "title": "Unklare Zustaende fuehren zu konservativem Verhalten", + "objective": "Verhindert unsichere Annahmen", + "check_target": "code", + "evidence": [ + "source_code", + "error_mode_tests" + ], + "automation": "medium" + }, + { + "control_id": "TERMSTATE-008", + "domain": "TERMSTATE", + "title": "Verfuegbarkeit nicht mit fachlichem Zahlungserfolg verwechselt", + "objective": "Verhindert falsche Geschaeftsentscheidungen", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "TERMSTATE-009", + "domain": "TERMSTATE", + "title": "Lokale Statuscaches verfallen kontrolliert", + "objective": "Verhindert veraltete Zustandsinformationen", + "check_target": "code", + "evidence": [ + "source_code", + "cache_tests" + ], + "automation": "low" + }, + { + "control_id": "TERMSTATE-010", + "domain": "TERMSTATE", + "title": "Sicherheitszustaende nicht durch Nutzeraktionen ruecksetzbar", + "objective": "Schuetzt kritische Geraetezustaende", + "check_target": "code", + "evidence": [ + "source_code", + "authorization_tests" + ], + "automation": "low" + }, + { + "control_id": "TERMREC-001", + "domain": "TERMREC", + "title": "Belegdaten vor Persistenz/Ausgabe formal validiert", + "objective": "Verhindert fehlerhafte Belegverarbeitung", + "check_target": "code", + "evidence": [ + "source_code", + "validation_tests" + ], + "automation": "medium" + }, + { + "control_id": "TERMREC-002", + "domain": "TERMREC", + "title": "Doppelte Belegmeldungen erkannt und nicht mehrfach verarbeitet", + "objective": "Verhindert Mehrfachablage", + "check_target": "code", + "evidence": [ + "source_code", + "dedup_tests" + ], + "automation": "medium" + }, + { + "control_id": "TERMREC-003", + "domain": "TERMREC", + "title": "Belegdaten dem korrekten Transaktionskontext zugeordnet", + "objective": "Verhindert Vermischung", + "check_target": "code", + "evidence": [ + "source_code", + "db_schema" + ], + "automation": "medium" + }, + { + "control_id": "TERMREC-004", + "domain": "TERMREC", + "title": "Fehlgeschlagener Belegdruck veraendert nicht Zahlungsstatus", + "objective": "Trennt Zahlungsabschluss von Druckproblemen", + "check_target": "code", + "evidence": [ + "source_code", + "protocol_tests" + ], + "automation": "low" + }, + { + "control_id": "TERMREC-005", + "domain": "TERMREC", + "title": "Belegtexte vor Logging auf sensitive Inhalte geprueft", + "objective": "Verhindert Datenabfluss ueber Ausgabepfade", + "check_target": "code", + "evidence": [ + "source_code", + "log_samples" + ], + "automation": "medium" + }, + { + "control_id": "TERMREC-006", + "domain": "TERMREC", + "title": "Belegereignisse auditierbar und zeitlich korrelierbar", + "objective": "Nachweis ueber Ausgabeverhalten", + "check_target": "system", + "evidence": [ + "audit_log_sample", + "report_samples" + ], + "automation": "medium" + }, + { + "control_id": "TERMREC-007", + "domain": "TERMREC", + "title": "Mehrteilige Belegdaten vollstaendig und korrekt zusammengefuehrt", + "objective": "Verhindert Datenverlust", + "check_target": "code", + "evidence": [ + "source_code", + "golden_tests" + ], + "automation": "medium" + }, + { + "control_id": "TERMREC-008", + "domain": "TERMREC", + "title": "Beschaedigte Belegsegmente als unvollstaendig markiert", + "objective": "Verhindert Nutzung defekter Daten", + "check_target": "code", + "evidence": [ + "source_code", + "negative_tests" + ], + "automation": "medium" + }, + { + "control_id": "TERMREC-009", + "domain": "TERMREC", + "title": "Belegformate zwischen Terminal und Backend kompatibel", + "objective": "Verhindert Zeichensatz-/Layoutfehler", + "check_target": "code", + "evidence": [ + "source_code", + "compatibility_tests" + ], + "automation": "low" + }, + { + "control_id": "TERMREC-010", + "domain": "TERMREC", + "title": "Belegdaten auf erforderliche Inhalte minimiert", + "objective": "Reduziert unnoetige Speicherung", + "check_target": "architecture", + "evidence": [ + "data_flow_docs", + "db_schema" + ], + "automation": "low" } ] } \ No newline at end of file