feat(iace): Hazard-Library v2, Controls-Library, SEPA Avoidance, CE RAG-Ingest
All checks were successful
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 35s
CI / test-python-backend-compliance (push) Successful in 33s
CI / test-python-document-crawler (push) Successful in 21s
CI / test-python-dsms-gateway (push) Successful in 19s
All checks were successful
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 35s
CI / test-python-backend-compliance (push) Successful in 33s
CI / test-python-document-crawler (push) Successful in 21s
CI / test-python-dsms-gateway (push) Successful in 19s
- Hazard-Library: +79 neue Eintraege in 12 Kategorien (software_fault, hmi_error, mechanical_hazard, electrical_hazard, thermal_hazard, emc_hazard, configuration_error, safety_function_failure, logging_audit_failure, integration_error, environmental_hazard, maintenance_hazard) — Gesamtanzahl: ~116 Eintraege in 24 Kategorien - Controls-Library: neue Datei controls_library.go mit 200 Eintraegen in 6 Domaenen (REQ/ARCH/SWDEV/VER/CYBER/DOC) - Handler: GET /sdk/v1/iace/controls-library (?domain=, ?category=) - SEPA: CalculateInherentRisk() + 4. Param Avoidance (0=disabled, 1-5: 3=neutral); RiskComputeInput.Avoidance, RiskAssessment.Avoidance, AssessRiskRequest.Avoidance — backward-kompatibel (A=0 → S×E×P) - Tests: engine_test.go + hazard_library_test.go aktualisiert - Scripts: ingest-ce-corpus.sh — 15 CE/Safety-Dokumente (EUR-Lex, NIST, ENISA, NASA, OWASP, MITRE CWE) in bp_compliance_ce und bp_compliance_datenschutz - Docs: docs-src/services/sdk-modules/iace.md + mkdocs.yml Nav-Eintrag Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -684,6 +684,8 @@ func main() {
|
||||
{
|
||||
// Hazard Library (project-independent)
|
||||
iaceRoutes.GET("/hazard-library", iaceHandler.ListHazardLibrary)
|
||||
// Controls Library (project-independent)
|
||||
iaceRoutes.GET("/controls-library", iaceHandler.ListControlsLibrary)
|
||||
|
||||
// Project Management
|
||||
iaceRoutes.POST("/projects", iaceHandler.CreateProject)
|
||||
|
||||
@@ -680,6 +680,35 @@ func (h *IACEHandler) ListHazardLibrary(c *gin.Context) {
|
||||
})
|
||||
}
|
||||
|
||||
// ListControlsLibrary handles GET /controls-library
|
||||
// Returns the built-in controls library, optionally filtered by ?domain and ?category.
|
||||
func (h *IACEHandler) ListControlsLibrary(c *gin.Context) {
|
||||
domain := c.Query("domain")
|
||||
category := c.Query("category")
|
||||
|
||||
all := iace.GetControlsLibrary()
|
||||
|
||||
var filtered []iace.ControlLibraryEntry
|
||||
for _, entry := range all {
|
||||
if domain != "" && entry.Domain != domain {
|
||||
continue
|
||||
}
|
||||
if category != "" && !containsString(entry.MapsToHazardCategories, category) {
|
||||
continue
|
||||
}
|
||||
filtered = append(filtered, entry)
|
||||
}
|
||||
|
||||
if filtered == nil {
|
||||
filtered = []iace.ControlLibraryEntry{}
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
"controls": filtered,
|
||||
"total": len(filtered),
|
||||
})
|
||||
}
|
||||
|
||||
// containsString checks if a string slice contains the given value.
|
||||
func containsString(slice []string, val string) bool {
|
||||
for _, s := range slice {
|
||||
@@ -885,7 +914,7 @@ func (h *IACEHandler) AssessRisk(c *gin.Context) {
|
||||
userID := rbac.GetUserID(c)
|
||||
|
||||
// Calculate risk using the engine
|
||||
inherentRisk := h.engine.CalculateInherentRisk(req.Severity, req.Exposure, req.Probability)
|
||||
inherentRisk := h.engine.CalculateInherentRisk(req.Severity, req.Exposure, req.Probability, req.Avoidance)
|
||||
controlEff := h.engine.CalculateControlEffectiveness(req.ControlMaturity, req.ControlCoverage, req.TestEvidenceStrength)
|
||||
residualRisk := h.engine.CalculateResidualRisk(req.Severity, req.Exposure, req.Probability, controlEff)
|
||||
riskLevel := h.engine.DetermineRiskLevel(residualRisk)
|
||||
@@ -902,6 +931,7 @@ func (h *IACEHandler) AssessRisk(c *gin.Context) {
|
||||
Severity: req.Severity,
|
||||
Exposure: req.Exposure,
|
||||
Probability: req.Probability,
|
||||
Avoidance: req.Avoidance,
|
||||
InherentRisk: inherentRisk,
|
||||
ControlMaturity: req.ControlMaturity,
|
||||
ControlCoverage: req.ControlCoverage,
|
||||
@@ -1094,7 +1124,7 @@ func (h *IACEHandler) ReassessRisk(c *gin.Context) {
|
||||
userID := rbac.GetUserID(c)
|
||||
|
||||
// Calculate risk using the engine
|
||||
inherentRisk := h.engine.CalculateInherentRisk(req.Severity, req.Exposure, req.Probability)
|
||||
inherentRisk := h.engine.CalculateInherentRisk(req.Severity, req.Exposure, req.Probability, req.Avoidance)
|
||||
controlEff := h.engine.CalculateControlEffectiveness(req.ControlMaturity, req.ControlCoverage, req.TestEvidenceStrength)
|
||||
residualRisk := h.engine.CalculateResidualRisk(req.Severity, req.Exposure, req.Probability, controlEff)
|
||||
riskLevel := h.engine.DetermineRiskLevel(residualRisk)
|
||||
@@ -1122,6 +1152,7 @@ func (h *IACEHandler) ReassessRisk(c *gin.Context) {
|
||||
Severity: req.Severity,
|
||||
Exposure: req.Exposure,
|
||||
Probability: req.Probability,
|
||||
Avoidance: req.Avoidance,
|
||||
InherentRisk: inherentRisk,
|
||||
ControlMaturity: req.ControlMaturity,
|
||||
ControlCoverage: req.ControlCoverage,
|
||||
|
||||
232
ai-compliance-sdk/internal/iace/controls_library.go
Normal file
232
ai-compliance-sdk/internal/iace/controls_library.go
Normal file
@@ -0,0 +1,232 @@
|
||||
package iace
|
||||
|
||||
// ControlLibraryEntry represents a reusable control/measure template from the controls library.
|
||||
type ControlLibraryEntry struct {
|
||||
ID string `json:"id"`
|
||||
Domain string `json:"domain"`
|
||||
Title string `json:"title"`
|
||||
Description string `json:"description"`
|
||||
PriorityHint string `json:"priority_hint"`
|
||||
MapsToHazardCategories []string `json:"maps_to_hazard_categories"`
|
||||
EvidenceExamples []string `json:"evidence_examples"`
|
||||
ReductionType string `json:"reduction_type"`
|
||||
Applicable []string `json:"applicable"`
|
||||
}
|
||||
|
||||
// GetControlsLibrary returns the complete built-in controls library with ~200 entries
|
||||
// across 6 domains: REQ, ARCH, SWDEV, VER, CYBER, DOC.
|
||||
func GetControlsLibrary() []ControlLibraryEntry {
|
||||
return []ControlLibraryEntry{
|
||||
// ── Domain REQ (Safety Requirements) ──────────────────────────────────
|
||||
{ID: "CTRL.REQ.001", Domain: "REQ", Title: "Sicherheitsanforderungen definiert", Description: "Alle sicherheitsrelevanten Anforderungen wurden systematisch identifiziert, dokumentiert und priorisiert.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault", "safety_function_failure"}, EvidenceExamples: []string{"Anforderungsliste", "HARA-Dokument", "Review-Protokoll"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.REQ.002", Domain: "REQ", Title: "HARA durchgefuehrt", Description: "Hazard Analysis and Risk Assessment (HARA) wurde systematisch durchgefuehrt und alle Gefaehrdungen bewertet.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure", "mechanical_hazard", "electrical_hazard"}, EvidenceExamples: []string{"HARA-Dokument", "Risk-Assessment-Tabelle"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.REQ.003", Domain: "REQ", Title: "SIL/PL-Level vergeben", Description: "Safety Integrity Level (SIL) bzw. Performance Level (PL) wurde fuer alle Sicherheitsfunktionen bestimmt und dokumentiert.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"SIL-Bestimmungsdokument", "PL-Nachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.REQ.004", Domain: "REQ", Title: "Anforderungs-Traceability", Description: "Jede Anforderung ist zu Entwurf, Implementierung und Tests rueckverfolgbar.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"Traceability-Matrix", "Requirements-Tool-Export"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.REQ.005", Domain: "REQ", Title: "Betriebsgrenzen definiert", Description: "Alle Betriebsgrenzen (Temperatur, Druck, Geschwindigkeit) sind spezifiziert.", PriorityHint: "critical", MapsToHazardCategories: []string{"environmental_hazard", "mechanical_hazard"}, EvidenceExamples: []string{"Lastenheft", "Datenblatt"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.REQ.006", Domain: "REQ", Title: "Sicherheitsziele festgelegt", Description: "Uebergeordnete Sicherheitsziele sind definiert und mit HARA verknuepft.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Sicherheitszielliste", "HARA-Referenz"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.REQ.007", Domain: "REQ", Title: "Benutzeranforderungen erfasst", Description: "Alle Benutzeranforderungen (Bedienung, Wartung, Umgebung) wurden systematisch erfasst.", PriorityHint: "critical", MapsToHazardCategories: []string{"hmi_error", "maintenance_hazard"}, EvidenceExamples: []string{"Anforderungsdokument", "Stakeholder-Liste"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.REQ.008", Domain: "REQ", Title: "Regulatorische Anforderungen identifiziert", Description: "Alle anwendbaren Normen und Richtlinien wurden identifiziert und in die Anforderungen uebernommen.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure", "software_fault"}, EvidenceExamples: []string{"Normenmatrix", "Applicable-Standards-Liste"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.REQ.009", Domain: "REQ", Title: "Schnittstellen-Anforderungen spezifiziert", Description: "Alle externen und internen Schnittstellen sind vollstaendig spezifiziert.", PriorityHint: "critical", MapsToHazardCategories: []string{"integration_error"}, EvidenceExamples: []string{"Interface-Control-Document", "Schnittstellenspezifikation"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.REQ.010", Domain: "REQ", Title: "Anforderungsaenderungsprozess definiert", Description: "Ein kontrollierter Prozess fuer Anforderungsaenderungen inkl. Impact-Analyse ist definiert.", PriorityHint: "critical", MapsToHazardCategories: []string{"configuration_error", "software_fault"}, EvidenceExamples: []string{"Change-Management-Plan", "Aenderungslog"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.REQ.011", Domain: "REQ", Title: "Soft-Error-Toleranzanforderungen", Description: "Anforderungen fuer Toleranz gegenueber transienten Soft-Errors (SEU, MBU) sind definiert.", PriorityHint: "high", MapsToHazardCategories: []string{"software_fault", "timing_error"}, EvidenceExamples: []string{"SEU-Anforderungsdokument", "Toleranzspezifikation"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.REQ.012", Domain: "REQ", Title: "EMV-Anforderungen definiert", Description: "Elektromagnetische Vertraeglichkeitsanforderungen (Emission und Immunitaet) sind spezifiziert.", PriorityHint: "high", MapsToHazardCategories: []string{"emc_hazard", "electrical_hazard"}, EvidenceExamples: []string{"EMV-Anforderungsliste", "Pruefnormen-Referenz"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.REQ.013", Domain: "REQ", Title: "Umgebungsanforderungen spezifiziert", Description: "Anforderungen an Umgebungsbedingungen (Temperatur, Feuchte, Vibration) sind vollstaendig dokumentiert.", PriorityHint: "high", MapsToHazardCategories: []string{"environmental_hazard", "thermal_hazard"}, EvidenceExamples: []string{"Umgebungsanforderungsdokument", "Klimatests-Referenz"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.REQ.014", Domain: "REQ", Title: "Wartungsanforderungen definiert", Description: "Anforderungen an planmaessige und korrektive Wartung sind spezifiziert und mit Sicherheitszielen verknuepft.", PriorityHint: "high", MapsToHazardCategories: []string{"maintenance_hazard", "safety_function_failure"}, EvidenceExamples: []string{"Wartungsplan", "Instandhaltungshandbuch"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.REQ.015", Domain: "REQ", Title: "Update-Anforderungen festgelegt", Description: "Anforderungen fuer sichere Software- und Firmware-Updates inkl. Rollback sind definiert.", PriorityHint: "high", MapsToHazardCategories: []string{"update_failure", "firmware_corruption"}, EvidenceExamples: []string{"Update-Konzept", "Rollback-Spezifikation"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.REQ.016", Domain: "REQ", Title: "Datenschutzanforderungen erfasst", Description: "Datenschutz- und Datensicherheitsanforderungen sind entsprechend geltender Datenschutzgesetze dokumentiert.", PriorityHint: "high", MapsToHazardCategories: []string{"unauthorized_access", "logging_audit_failure"}, EvidenceExamples: []string{"Datenschutzanforderungen", "DSGVO-Checkliste"}, ReductionType: "design", Applicable: []string{"sw", "ai"}},
|
||||
{ID: "CTRL.REQ.017", Domain: "REQ", Title: "Performance-Anforderungen definiert", Description: "Leistungsanforderungen (Latenz, Durchsatz, Reaktionszeit) fuer alle Sicherheitsfunktionen sind spezifiziert.", PriorityHint: "high", MapsToHazardCategories: []string{"timing_error", "safety_function_failure"}, EvidenceExamples: []string{"Performance-Anforderungsliste", "Timing-Budget"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.REQ.018", Domain: "REQ", Title: "Verfuegbarkeitsanforderungen spezifiziert", Description: "Verfuegbarkeits- und Zuverlaessigkeitsanforderungen (MTTF, MTTR, SFF) sind quantifiziert.", PriorityHint: "high", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Zuverlaessigkeitsanforderungen", "RAM-Analyse"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.REQ.019", Domain: "REQ", Title: "Test-Abdeckungsanforderungen definiert", Description: "Anforderungen an die Testabdeckung (Code Coverage, Anforderungsabdeckung) sind explizit vorgegeben.", PriorityHint: "high", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"Test-Coverage-Ziele", "Verifikationsplan"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.REQ.020", Domain: "REQ", Title: "Datensicherungsanforderungen festgelegt", Description: "Anforderungen fuer Datensicherung, -wiederherstellung und Backup-Verifizierung sind dokumentiert.", PriorityHint: "high", MapsToHazardCategories: []string{"configuration_error", "software_fault"}, EvidenceExamples: []string{"Backup-Konzept", "Recovery-Anforderungen"}, ReductionType: "design", Applicable: []string{"sw", "ai"}},
|
||||
{ID: "CTRL.REQ.021", Domain: "REQ", Title: "Protokollierungsanforderungen definiert", Description: "Anforderungen an Logging und Audittrails fuer sicherheitsrelevante Ereignisse sind spezifiziert.", PriorityHint: "medium", MapsToHazardCategories: []string{"logging_audit_failure"}, EvidenceExamples: []string{"Logging-Anforderungen", "Audittrail-Konzept"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.REQ.022", Domain: "REQ", Title: "Zugangskontrollanforderungen spezifiziert", Description: "Anforderungen fuer Authentifizierung, Autorisierung und Zugangskontrolle sind vollstaendig definiert.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"Access-Control-Anforderungen", "RBAC-Konzept"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.REQ.023", Domain: "REQ", Title: "Kryptoanforderungen festgelegt", Description: "Anforderungen an kryptografische Algorithmen, Schluesselverwaltung und Schluessellaengen sind definiert.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access", "firmware_corruption"}, EvidenceExamples: []string{"Krypto-Anforderungsdokument", "Algorithmen-Policy"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.REQ.024", Domain: "REQ", Title: "Zertifizierungsanforderungen identifiziert", Description: "Alle fuer das Produkt relevanten Zertifizierungen und Typzulassungen sind identifiziert und geplant.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Zertifizierungsplan", "Normen-Checkliste"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.REQ.025", Domain: "REQ", Title: "Schulungsanforderungen definiert", Description: "Anforderungen an Benutzer- und Betreiberschulungen fuer den sicheren Betrieb sind spezifiziert.", PriorityHint: "medium", MapsToHazardCategories: []string{"hmi_error", "maintenance_hazard"}, EvidenceExamples: []string{"Schulungsanforderungen", "Kompetenzprofil"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.REQ.026", Domain: "REQ", Title: "Dokumentationsanforderungen festgelegt", Description: "Anforderungen an zu erstellende Dokumentation (Umfang, Sprache, Format) sind explizit vorgegeben.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Dokumentationsplan", "Doku-Anforderungsliste"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.REQ.027", Domain: "REQ", Title: "Validierungsanforderungen spezifiziert", Description: "Anforderungen an die Systemvalidierung unter realen Einsatzbedingungen sind definiert.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure", "software_fault"}, EvidenceExamples: []string{"Validierungsplan", "Akzeptanzkriterien"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.REQ.028", Domain: "REQ", Title: "Kalibrierungsanforderungen definiert", Description: "Anforderungen an Kalibrierung und Messkettenpruefung fuer sicherheitsrelevante Sensoren sind spezifiziert.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure", "mechanical_hazard"}, EvidenceExamples: []string{"Kalibrierplan", "Kalibrieranforderungen"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.REQ.029", Domain: "REQ", Title: "Produktlebenszyklusanforderungen erfasst", Description: "Anforderungen fuer den gesamten Produktlebenszyklus (Inbetriebnahme bis Ausserbetriebnahme) sind dokumentiert.", PriorityHint: "medium", MapsToHazardCategories: []string{"maintenance_hazard"}, EvidenceExamples: []string{"Lebenszyklusplan", "End-of-Life-Konzept"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.REQ.030", Domain: "REQ", Title: "Notfallplanung als Anforderung", Description: "Anforderungen fuer Notfallbetrieb, Degradation und Wiederanlauf nach Ausfall sind spezifiziert.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure", "communication_failure"}, EvidenceExamples: []string{"Notfallplan-Anforderungen", "Degradationskonzept"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
|
||||
// ── Domain ARCH (Architecture & Design) ───────────────────────────────
|
||||
{ID: "CTRL.ARCH.001", Domain: "ARCH", Title: "Redundanzkonzept implementiert", Description: "Sicherheitsrelevante Funktionen sind durch Redundanz abgesichert, sodass ein Einzelfehler nicht zum Ausfall fuehrt.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Redundanzkonzept", "FMEA-Nachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.002", Domain: "ARCH", Title: "Fail-Safe-Verhalten definiert", Description: "Das System geht bei Erkennung eines Fehlers in einen sicheren Zustand ueber, der keine Gefaehrdung verursacht.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure", "software_fault"}, EvidenceExamples: []string{"Fail-Safe-Konzept", "Safe-State-Beschreibung"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.003", Domain: "ARCH", Title: "Diagnostics Coverage sichergestellt", Description: "Die Diagnosedeckung (DC) fuer alle sicherheitsrelevanten Hardwarekomponenten ist gemaess SIL/PL-Anforderung erreicht.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"DC-Nachweis", "Diagnosekonzept"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.004", Domain: "ARCH", Title: "Diverse Softwareimplementierung", Description: "Fuer SIL3/SIL4-Anforderungen werden zwei unabhaengig entwickelte Softwareversionen eingesetzt.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault", "safety_function_failure"}, EvidenceExamples: []string{"Diversitaetsnachweis", "Entwicklungsprozess-Dokument"}, ReductionType: "design", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.ARCH.005", Domain: "ARCH", Title: "Watchdog-Timer implementiert", Description: "Ein hardwarebasierter Watchdog-Timer ueberwacht die korrekte Ausfuehrung der Safety-Software.", PriorityHint: "critical", MapsToHazardCategories: []string{"timing_error", "software_fault"}, EvidenceExamples: []string{"Watchdog-Designdokument", "Testnachweis"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.006", Domain: "ARCH", Title: "Safe-State-Transition spezifiziert", Description: "Alle Zustandsuebergaenge in den sicheren Zustand sind vollstaendig definiert und getestet.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure", "mode_confusion"}, EvidenceExamples: []string{"Zustandsdiagramm", "Transition-Testprotokoll"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.007", Domain: "ARCH", Title: "Fehlererkennung implementiert", Description: "Mechanismen zur Erkennung von Einzel- und Mehrfachfehlern (z.B. CRC, ECC, Parity) sind implementiert.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault", "electrical_hazard"}, EvidenceExamples: []string{"Fehlererkennungskonzept", "CRC-Testnachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.008", Domain: "ARCH", Title: "Modulares Design umgesetzt", Description: "Die Systemarchitektur ist modular aufgebaut, sodass sicherheitsrelevante Module klar abgegrenzt sind.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault", "integration_error"}, EvidenceExamples: []string{"Architekturdiagramm", "Modulbeschreibung"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.ARCH.009", Domain: "ARCH", Title: "Partitionierung safety/non-safety", Description: "Safety- und Non-Safety-Softwareteile sind klar partitioniert und gegenseitige Beeinflussung ist unterbunden.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure", "software_fault"}, EvidenceExamples: []string{"Partitionierungsnachweis", "MPU-Konfiguration"}, ReductionType: "design", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.ARCH.010", Domain: "ARCH", Title: "Hardware-Absicherung sicherheitsrelevanter Funktionen", Description: "Sicherheitsrelevante Hardware-Pfade sind durch dedizierte Schutzschaltungen gegen Fehler abgesichert.", PriorityHint: "critical", MapsToHazardCategories: []string{"electrical_hazard", "safety_function_failure"}, EvidenceExamples: []string{"HW-Schutzkonzept", "Schaltplan-Review"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.011", Domain: "ARCH", Title: "Sicherer Bootvorgang implementiert", Description: "Der Bootvorgang prueft die Integritaet der Software bevor sicherheitsrelevante Funktionen aktiviert werden.", PriorityHint: "high", MapsToHazardCategories: []string{"firmware_corruption", "software_fault"}, EvidenceExamples: []string{"Secure-Boot-Konzept", "Testprotokoll"}, ReductionType: "design", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.ARCH.012", Domain: "ARCH", Title: "Speicherpartitionierung umgesetzt", Description: "Speicherbereiche fuer Safety- und Non-Safety-Code sind durch Hardware (MPU/MMU) getrennt.", PriorityHint: "high", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"MPU-Konfigurationsdokument", "Speicher-Map"}, ReductionType: "design", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.ARCH.013", Domain: "ARCH", Title: "Zufaellige Fehlerrate reduziert", Description: "Massnahmen zur Reduzierung der zufaelligen Hardwarefehlerrate (PFH/PFD) sind im Design beruecksichtigt.", PriorityHint: "high", MapsToHazardCategories: []string{"safety_function_failure", "electrical_hazard"}, EvidenceExamples: []string{"PFH-Berechnung", "FMEDA-Nachweis"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.014", Domain: "ARCH", Title: "Sicherheitsarchitektur dokumentiert", Description: "Die Sicherheitsarchitektur ist vollstaendig dokumentiert und durch Review freigegeben.", PriorityHint: "high", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Sicherheitsarchitektur-Dokument", "Review-Protokoll"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.ARCH.015", Domain: "ARCH", Title: "Redundante Kommunikation", Description: "Sicherheitsrelevante Kommunikationspfade sind redundant ausgelegt oder mit Fehlererkennungsmechanismen abgesichert.", PriorityHint: "high", MapsToHazardCategories: []string{"communication_failure", "safety_function_failure"}, EvidenceExamples: []string{"Kommunikationsarchitektur", "Redundanznachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.016", Domain: "ARCH", Title: "Independent Safety Monitor", Description: "Ein unabhaengiger Safety-Monitor ueberwacht die Hauptsicherheitsfunktion und kann diese deaktivieren.", PriorityHint: "high", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Monitor-Designdokument", "Unabhaengigkeitsnachweis"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.017", Domain: "ARCH", Title: "Safety-Integrity-Architektur nachgewiesen", Description: "Die Systemarchitektur erfuellt die Anforderungen des zugewiesenen SIL/PL gemaess IEC 61508 oder ISO 13849.", PriorityHint: "high", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"SIL-Architekturnachweis", "PL-Zertifikat"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.018", Domain: "ARCH", Title: "Diversitaere Hardware eingesetzt", Description: "Fuer kritische Sicherheitsfunktionen werden unterschiedliche Hardwaretypen eingesetzt, um Systematikfehler zu vermeiden.", PriorityHint: "high", MapsToHazardCategories: []string{"safety_function_failure", "electrical_hazard"}, EvidenceExamples: []string{"Diversitaetsnachweis", "BOM-Review"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.019", Domain: "ARCH", Title: "Systemgrenzen definiert", Description: "Die Systemgrenzen und Schnittstellen zu anderen Systemen und Betreibern sind klar definiert.", PriorityHint: "high", MapsToHazardCategories: []string{"integration_error"}, EvidenceExamples: []string{"Systemgrenzendokument", "Interface-Control-Document"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.ARCH.020", Domain: "ARCH", Title: "Energiemanagement-Architektur", Description: "Die Architektur stellt sicher, dass bei Energieausfall oder -schwankung ein sicherer Zustand erreicht wird.", PriorityHint: "high", MapsToHazardCategories: []string{"electrical_hazard", "safety_function_failure"}, EvidenceExamples: []string{"Energiemanagement-Konzept", "UPS-Design"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.021", Domain: "ARCH", Title: "Schutzmassnahmen Hardware implementiert", Description: "Hardware-Schutzmassnahmen (Ueberstrom, Ueberspannung, thermischer Schutz) sind im Design integriert.", PriorityHint: "medium", MapsToHazardCategories: []string{"electrical_hazard", "thermal_hazard"}, EvidenceExamples: []string{"HW-Schutzschaltungs-Nachweis", "Pruefprotokoll"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.022", Domain: "ARCH", Title: "Thermisches Design umgesetzt", Description: "Waermemanagement und thermisches Design stellen den Betrieb innerhalb der zulaessigen Temperaturgrenzen sicher.", PriorityHint: "medium", MapsToHazardCategories: []string{"thermal_hazard"}, EvidenceExamples: []string{"Thermisches Design-Dokument", "Temperatursimulation"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.023", Domain: "ARCH", Title: "EMV-Design beruecksichtigt", Description: "EMV-gerechtes Design (Schirmung, Filterung, Layoutregeln) wurde bei der Leiterplattenentwicklung angewendet.", PriorityHint: "medium", MapsToHazardCategories: []string{"emc_hazard", "electrical_hazard"}, EvidenceExamples: []string{"EMV-Design-Review", "EMV-Testbericht"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.024", Domain: "ARCH", Title: "Mechanisches Schutzkonzept umgesetzt", Description: "Mechanische Schutzmassnahmen (Gehaeuse, IP-Schutzart, Vibrationsschutz) sind dem Einsatzbereich angepasst.", PriorityHint: "medium", MapsToHazardCategories: []string{"mechanical_hazard", "environmental_hazard"}, EvidenceExamples: []string{"IP-Zertifikat", "Vibrationstest-Protokoll"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.025", Domain: "ARCH", Title: "Wartungsarchitektur geplant", Description: "Die Systemarchitektur unterstuetzt planmaessige Wartung ohne Deaktivierung aller Sicherheitsfunktionen.", PriorityHint: "medium", MapsToHazardCategories: []string{"maintenance_hazard"}, EvidenceExamples: []string{"Wartungskonzept", "Architektur-Review"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.026", Domain: "ARCH", Title: "Testpunkte im Design vorgesehen", Description: "Das Hardware-Design enthaelt dedizierte Testpunkte fuer Produktionstest und Instandhaltung.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Testpunkt-Plan", "Layout-Review"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.027", Domain: "ARCH", Title: "Sicherer Zustand definiert und erreichbar", Description: "Der sichere Zustand des Systems ist eindeutig definiert und unter allen Fehlerbedingungen erreichbar.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure", "mode_confusion"}, EvidenceExamples: []string{"Safe-State-Definition", "Zustandsautomat"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.028", Domain: "ARCH", Title: "Safe-State-Uebergang getestet", Description: "Der Uebergang in den sicheren Zustand wurde unter realen Fehlerbedingungen erprobt und dokumentiert.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Safe-State-Testprotokoll", "Fehler-Injektionstest"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.ARCH.029", Domain: "ARCH", Title: "Back-to-Back-Test-Architektur unterstuetzt", Description: "Die Architektur ermoeglicht Back-to-Back-Tests zwischen diversitaeren Implementierungen.", PriorityHint: "medium", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"B2B-Test-Konzept", "Vergleichstest-Protokoll"}, ReductionType: "design", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.ARCH.030", Domain: "ARCH", Title: "Diagnosemassnahmen vollstaendig", Description: "Alle Diagnosemassnahmen sind vollstaendig spezifiziert, implementiert und auf DC-Zielwert ueberprueft.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Diagnosekonzept", "DC-Berechnung"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
|
||||
// ── Domain SWDEV (Software Development) ───────────────────────────────
|
||||
{ID: "CTRL.SWDEV.001", Domain: "SWDEV", Title: "SW-Safety-Plan erstellt", Description: "Ein Software-Safety-Plan mit Zielen, Aktivitaeten und Verantwortlichkeiten ist dokumentiert und freigegeben.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault", "safety_function_failure"}, EvidenceExamples: []string{"SW-Safety-Plan", "Freigabeprotokoll"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.002", Domain: "SWDEV", Title: "MISRA-C Compliance sichergestellt", Description: "Der C-Quellcode erfuellt die MISRA-C-Regeln fuer sicherheitskritische Software.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"MISRA-Pruefbericht", "Abweichungsliste"}, ReductionType: "design", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.003", Domain: "SWDEV", Title: "Statische Code-Analyse durchgefuehrt", Description: "Statische Code-Analyse mit einem qualifizierten Tool wurde durchgefuehrt und alle Befunde bewertet.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"Statische-Analyse-Bericht", "Tool-Qualifikationsnachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.004", Domain: "SWDEV", Title: "Code-Review-Prozess etabliert", Description: "Alle sicherheitsrelevanten Codeaenderungen werden durch einen unabhaengigen Review freigegeben.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"Review-Protokolle", "Review-Checkliste"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.005", Domain: "SWDEV", Title: "Defensiv-Programmierung angewendet", Description: "Defensive Programmiertechniken (Eingabevalidierung, Assertions, Fehlerbehandlung) sind konsequent eingesetzt.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault", "integration_error"}, EvidenceExamples: []string{"Coding-Standard", "Code-Review-Nachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.006", Domain: "SWDEV", Title: "Unit-Tests fuer Safety-Funktionen", Description: "Alle sicherheitsrelevanten Softwaremodule haben dokumentierte Unit-Tests mit definierten Abbruchkriterien.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"Unit-Test-Berichte", "Testplan"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.007", Domain: "SWDEV", Title: "Code-Coverage-Analyse durchgefuehrt", Description: "Die Testabdeckung (Statement, Branch, MC/DC) wurde gemessen und entspricht den SIL-Anforderungen.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"Coverage-Bericht", "MC/DC-Nachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.008", Domain: "SWDEV", Title: "Konfigurations-Management implementiert", Description: "Alle Softwareartefakte stehen unter Konfigurationsmanagement mit nachvollziehbarer Versionshistorie.", PriorityHint: "critical", MapsToHazardCategories: []string{"configuration_error", "software_fault"}, EvidenceExamples: []string{"CM-Plan", "Repository-Nachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.009", Domain: "SWDEV", Title: "Compiler-Warnungen aktiviert und bewertet", Description: "Alle Compiler-Warnungen sind aktiviert und alle Warnungen sind bewertet und beseitigt oder dokumentiert begründet.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"Compiler-Log", "Warnungsliste"}, ReductionType: "protective", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.010", Domain: "SWDEV", Title: "RTOS-Nutzung qualifiziert", Description: "Das eingesetzte Echtzeitbetriebssystem ist fuer den Sicherheitsintegritaetslevel qualifiziert.", PriorityHint: "critical", MapsToHazardCategories: []string{"timing_error", "software_fault"}, EvidenceExamples: []string{"RTOS-Qualifikationsnachweis", "Tool-Qualifikation"}, ReductionType: "design", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.011", Domain: "SWDEV", Title: "Speicherschutz aktiviert", Description: "Hardware-Speicherschutz (MPU) ist aktiviert und verhindert unerlaubten Speicherzugriff zwischen Modulen.", PriorityHint: "high", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"MPU-Konfiguration", "Testnachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.012", Domain: "SWDEV", Title: "Stack-Analyse durchgefuehrt", Description: "Der maximale Stack-Verbrauch aller Tasks wurde analysiert und Stackgroessen sind angemessen dimensioniert.", PriorityHint: "high", MapsToHazardCategories: []string{"software_fault", "timing_error"}, EvidenceExamples: []string{"Stack-Analyse-Bericht", "WCSA-Nachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.013", Domain: "SWDEV", Title: "Deadlock-Analyse durchgefuehrt", Description: "Potenzielle Deadlocks und Race-Conditions wurden analysiert und ausgeschlossen.", PriorityHint: "high", MapsToHazardCategories: []string{"timing_error", "software_fault"}, EvidenceExamples: []string{"Deadlock-Analyse", "Synchronisationsnachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.014", Domain: "SWDEV", Title: "WCET-Analyse durchgefuehrt", Description: "Worst-Case Execution Times aller sicherheitsrelevanten Tasks wurden analysiert und sind innerhalb der Zeitbudgets.", PriorityHint: "high", MapsToHazardCategories: []string{"timing_error"}, EvidenceExamples: []string{"WCET-Analyse-Bericht", "Timing-Nachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.015", Domain: "SWDEV", Title: "SW-Integrationsstrategie definiert", Description: "Die Software-Integrationsstrategie (Bottom-Up, Top-Down) ist geplant und dokumentiert.", PriorityHint: "high", MapsToHazardCategories: []string{"integration_error", "software_fault"}, EvidenceExamples: []string{"Integrationsplan", "Teststrategie"}, ReductionType: "protective", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.016", Domain: "SWDEV", Title: "SW-Sicherheitstests spezifiziert", Description: "Software-Sicherheitstests sind spezifiziert und abdecken alle sicherheitsrelevanten Funktionen und Fehlerszenarien.", PriorityHint: "high", MapsToHazardCategories: []string{"software_fault", "safety_function_failure"}, EvidenceExamples: []string{"Sicherheitstest-Spezifikation", "Testprotokoll"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.017", Domain: "SWDEV", Title: "Coding-Standards definiert", Description: "Einheitliche Coding-Standards sind definiert, kommuniziert und ihre Einhaltung wird automatisch ueberprueft.", PriorityHint: "high", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"Coding-Standard-Dokument", "Linter-Konfiguration"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.018", Domain: "SWDEV", Title: "Dokumentation SW-Design vollstaendig", Description: "Die Software-Design-Dokumentation ist vollstaendig, aktuell und durch Review freigegeben.", PriorityHint: "high", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"SW-Design-Dokument", "Doxygen-Ausgabe"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.019", Domain: "SWDEV", Title: "Fehlerbehandlung vollstaendig implementiert", Description: "Alle Fehlerzustaende sind vollstaendig behandelt — kein unbehandelter Fehler kann zum Systemabsturz fuehren.", PriorityHint: "high", MapsToHazardCategories: []string{"software_fault", "safety_function_failure"}, EvidenceExamples: []string{"Fehlerbehandlungs-Matrix", "Code-Review-Nachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.020", Domain: "SWDEV", Title: "Modul-Interface-Definition vorhanden", Description: "Alle Software-Modul-Interfaces sind vollstaendig und formell spezifiziert.", PriorityHint: "high", MapsToHazardCategories: []string{"integration_error"}, EvidenceExamples: []string{"Interface-Spezifikation", "API-Dokumentation"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.021", Domain: "SWDEV", Title: "Versionskontrolle fuer alle Artefakte", Description: "Alle Softwareartefakte (Code, Tests, Dokumentation) werden in einem Versionskontrollsystem verwaltet.", PriorityHint: "medium", MapsToHazardCategories: []string{"configuration_error"}, EvidenceExamples: []string{"Git-Repository", "Taggin-Policy"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.022", Domain: "SWDEV", Title: "Build-Reproduzierbarkeit sichergestellt", Description: "Der Build-Prozess ist vollstaendig automatisiert und reproduzierbar (gleiche Eingaben erzeugen gleiche Ausgaben).", PriorityHint: "medium", MapsToHazardCategories: []string{"configuration_error", "software_fault"}, EvidenceExamples: []string{"Build-Skript", "CI/CD-Nachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.023", Domain: "SWDEV", Title: "Abhaengigkeitsanalyse durchgefuehrt", Description: "Alle externen Softwareabhaengigkeiten wurden analysiert, bewertet und ihre Kompatibilitaet ist sichergestellt.", PriorityHint: "medium", MapsToHazardCategories: []string{"software_fault", "update_failure"}, EvidenceExamples: []string{"SBOM", "Abhaengigkeits-Review"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.024", Domain: "SWDEV", Title: "Sicheres API-Design umgesetzt", Description: "APIs sind nach Security-by-Design-Prinzipien entwickelt und gegen Missbrauch abgesichert.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access", "software_fault"}, EvidenceExamples: []string{"API-Sicherheits-Review", "Threat-Model"}, ReductionType: "design", Applicable: []string{"sw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.025", Domain: "SWDEV", Title: "Input-Validierung implementiert", Description: "Alle externen Eingaben werden validiert und ungueltige Eingaben werden sicher behandelt.", PriorityHint: "medium", MapsToHazardCategories: []string{"software_fault", "unauthorized_access"}, EvidenceExamples: []string{"Validierungs-Nachweis", "Fuzzing-Testbericht"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.026", Domain: "SWDEV", Title: "Logging in sicherheitsrelevanter SW", Description: "Sicherheitsrelevante Software-Ereignisse werden protokolliert und sind fuer die Diagnose verfuegbar.", PriorityHint: "medium", MapsToHazardCategories: []string{"logging_audit_failure"}, EvidenceExamples: []string{"Logging-Konzept", "Log-Beispiele"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.027", Domain: "SWDEV", Title: "Exception-Handling vollstaendig", Description: "Alle moeglichen Ausnahmen (Exceptions) sind behandelt und fuehren zu einem definierten sicheren Zustand.", PriorityHint: "medium", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"Exception-Handler-Review", "Testprotokoll"}, ReductionType: "protective", Applicable: []string{"sw"}},
|
||||
{ID: "CTRL.SWDEV.028", Domain: "SWDEV", Title: "SW-Update-Mechanismus sicher implementiert", Description: "Der Software-Update-Mechanismus validiert Signatur und Integritaet vor der Installation.", PriorityHint: "medium", MapsToHazardCategories: []string{"update_failure", "firmware_corruption"}, EvidenceExamples: []string{"Update-Mechanismus-Design", "Signaturpruefungsnachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.029", Domain: "SWDEV", Title: "Selbsttest-Routinen implementiert", Description: "Das System fuehrt beim Start und zyklisch Selbsttests der sicherheitsrelevanten Funktionen durch.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Selbsttest-Konzept", "Testabdeckungsnachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.SWDEV.030", Domain: "SWDEV", Title: "Parameterpruefung implementiert", Description: "Alle Konfigurationsparameter werden beim Start und nach Aenderungen auf Gueltigkeit geprueft.", PriorityHint: "medium", MapsToHazardCategories: []string{"configuration_error", "software_fault"}, EvidenceExamples: []string{"Parameterpruef-Nachweis", "Out-of-Range-Testprotokoll"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.SWDEV.031", Domain: "SWDEV", Title: "Transiente Fehlertoleranz implementiert", Description: "Die Software toleriert transiente Fehler (Bitflips, EMV-Stoerungen) und stellt den korrekten Betrieb wieder her.", PriorityHint: "medium", MapsToHazardCategories: []string{"software_fault", "emc_hazard"}, EvidenceExamples: []string{"Fehlertoleranz-Konzept", "Soft-Error-Testnachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.032", Domain: "SWDEV", Title: "Watchdog-SW korrekt implementiert", Description: "Die Software-Watchdog-Behandlung verhindert falsche Bediening und stellt echte Ueberwachung sicher.", PriorityHint: "medium", MapsToHazardCategories: []string{"timing_error", "software_fault"}, EvidenceExamples: []string{"Watchdog-SW-Review", "Watchdog-Testprotokoll"}, ReductionType: "design", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.033", Domain: "SWDEV", Title: "Sicherer Neustart implementiert", Description: "Der Systemstart nach Fehler oder Watchdog-Reset fuehrt zu einem sicheren Ausgangszustand.", PriorityHint: "medium", MapsToHazardCategories: []string{"software_fault", "safety_function_failure"}, EvidenceExamples: []string{"Reset-Handling-Dokument", "Neustart-Testprotokoll"}, ReductionType: "protective", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.034", Domain: "SWDEV", Title: "Boot-Integritaetspruefung implementiert", Description: "Beim Bootvorgang wird die Integritaet aller sicherheitsrelevanten Softwarekomponenten verifiziert.", PriorityHint: "medium", MapsToHazardCategories: []string{"firmware_corruption", "software_fault"}, EvidenceExamples: []string{"Boot-Integritaets-Nachweis", "CRC-Testprotokoll"}, ReductionType: "design", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.SWDEV.035", Domain: "SWDEV", Title: "Sicherheits-SW-Architektur dokumentiert", Description: "Die Sicherheitssoftware-Architektur ist vollstaendig dokumentiert inkl. Datenfluessen und Kontrollfluss.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"SW-Architektur-Dokument", "Datenflussdiagramm"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.036", Domain: "SWDEV", Title: "SW-Lifecycle-Plan erstellt", Description: "Der Software-Lifecycle-Plan definiert alle Phasen von Planung bis Ausserdienststellung.", PriorityHint: "medium", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"SW-Lifecycle-Plan", "Meilensteinplan"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.037", Domain: "SWDEV", Title: "Baseline-Management implementiert", Description: "Konfigurationsbaselines werden zu definierten Meilensteinen erstellt und versioniert.", PriorityHint: "medium", MapsToHazardCategories: []string{"configuration_error"}, EvidenceExamples: []string{"Baseline-Register", "CM-Tool-Nachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.038", Domain: "SWDEV", Title: "SW-Verifizierungsplan erstellt", Description: "Der Software-Verifizierungsplan legt Methoden, Werkzeuge und Verantwortlichkeiten fuer alle Teststufen fest.", PriorityHint: "medium", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"Verifizierungsplan", "Testmatrix"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.039", Domain: "SWDEV", Title: "Qualitaetsmetriken definiert und gemessen", Description: "Softwarequalitaetsmetriken (Complexity, Coupling, Defectrate) werden erhoben und bewertet.", PriorityHint: "medium", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"Qualitaetsmetriken-Bericht", "Code-Analyse-Tool-Ausgabe"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.SWDEV.040", Domain: "SWDEV", Title: "Threat-Modeling fuer SW durchgefuehrt", Description: "Ein Threat-Modeling (STRIDE, PASTA) wurde fuer die Software-Architektur durchgefuehrt und Massnahmen abgeleitet.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access", "software_fault"}, EvidenceExamples: []string{"Threat-Model-Dokument", "Massnahmenplan"}, ReductionType: "design", Applicable: []string{"sw", "ai"}},
|
||||
|
||||
// ── Domain VER (Verification & Validation) ────────────────────────────
|
||||
{ID: "CTRL.VER.001", Domain: "VER", Title: "Fault-Injection-Test durchgefuehrt", Description: "Fehlerinjektionstests wurden systematisch durchgefuehrt um die Fehlerreaktionen des Systems zu validieren.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure", "software_fault"}, EvidenceExamples: []string{"Fault-Injection-Testprotokoll", "Testplan"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.002", Domain: "VER", Title: "WCET-Messung validiert", Description: "Worst-Case Execution Times wurden messtechnisch validiert und entsprechen den Analyseergebnissen.", PriorityHint: "critical", MapsToHazardCategories: []string{"timing_error"}, EvidenceExamples: []string{"WCET-Messprokoll", "Trace-Analyse"}, ReductionType: "design", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.VER.003", Domain: "VER", Title: "HIL-Test durchgefuehrt", Description: "Hardware-in-the-Loop-Tests wurden mit repraesentativen Testfaellen und Fehlerszenarien durchgefuehrt.", PriorityHint: "critical", MapsToHazardCategories: []string{"integration_error", "safety_function_failure"}, EvidenceExamples: []string{"HIL-Testprotokoll", "HIL-Testplan"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.004", Domain: "VER", Title: "Boundary-Value-Test durchgefuehrt", Description: "Grenzwertanalyse und Aequivalenzklassentest wurden fuer alle Eingangsparameter durchgefuehrt.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault", "safety_boundary_violation"}, EvidenceExamples: []string{"Boundary-Test-Protokoll", "Testspezifikation"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.VER.005", Domain: "VER", Title: "Penetrationstest durchgefuehrt", Description: "Penetrationstests durch qualifizierte Tester wurden durchgefuehrt und alle Findings bewertet.", PriorityHint: "critical", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"Penetrationstest-Bericht", "Finding-Tracking"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.VER.006", Domain: "VER", Title: "Regressionstest etabliert", Description: "Automatisierte Regressionstests werden bei jeder Codeaenderung ausgefuehrt um Regressionen zu erkennen.", PriorityHint: "critical", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"Regressionstest-Protokoll", "CI-Pipeline-Nachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.VER.007", Domain: "VER", Title: "SIL-Verifikation abgeschlossen", Description: "Die Verifikation des geforderten SIL/PL wurde durch qualifizierte Institution durchgefuehrt und positiv bewertet.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"SIL-Verifikationsbericht", "Zertifikat"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.008", Domain: "VER", Title: "Sicherheitsfunktions-Test bestanden", Description: "Alle spezifizierten Sicherheitsfunktionen wurden systematisch getestet und alle Tests bestanden.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Sicherheitsfunktions-Testprotokoll", "Akzeptanzkriterien-Nachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.009", Domain: "VER", Title: "Lasttest durchgefuehrt", Description: "Lasttests unter maximaler Systembelastung wurden durchgefuehrt und alle Sicherheitsfunktionen behalten ihr Verhalten.", PriorityHint: "critical", MapsToHazardCategories: []string{"timing_error", "software_fault"}, EvidenceExamples: []string{"Lasttest-Protokoll", "Ressourcenauslastungs-Bericht"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.010", Domain: "VER", Title: "Stresstest unter Extrembedingungen", Description: "Stresstests unter Extrembedingungen (Temperatur, Spannung, Vibration) wurden erfolgreich durchgefuehrt.", PriorityHint: "high", MapsToHazardCategories: []string{"environmental_hazard", "safety_function_failure"}, EvidenceExamples: []string{"Stresstest-Protokoll", "Klimatest-Bericht"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.011", Domain: "VER", Title: "EMV-Test bestanden", Description: "EMV-Tests nach anwendbaren Normen wurden in akkreditiertem Labor durchgefuehrt und bestanden.", PriorityHint: "high", MapsToHazardCategories: []string{"emc_hazard", "electrical_hazard"}, EvidenceExamples: []string{"EMV-Pruefbericht", "Laborzertifikat"}, ReductionType: "protective", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.012", Domain: "VER", Title: "Umgebungstest abgeschlossen", Description: "Umgebungstests (Klimatest, Vibration, Schock) nach anwendbaren Normen wurden bestanden.", PriorityHint: "high", MapsToHazardCategories: []string{"environmental_hazard", "mechanical_hazard"}, EvidenceExamples: []string{"Umgebungstest-Berichte", "Klimatestprotokoll"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.013", Domain: "VER", Title: "Interface-Test durchgefuehrt", Description: "Alle definierten System-Interfaces wurden auf Konformitaet und Fehlverhalten getestet.", PriorityHint: "high", MapsToHazardCategories: []string{"integration_error", "communication_failure"}, EvidenceExamples: []string{"Interface-Testprotokoll", "Konformitaetsnachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.014", Domain: "VER", Title: "Integrations-Qualifikation abgeschlossen", Description: "Die Systemintegration wurde schrittweise qualifiziert und alle Integrationstest bestanden.", PriorityHint: "high", MapsToHazardCategories: []string{"integration_error"}, EvidenceExamples: []string{"Integrationstest-Protokoll", "Qualifikationsplan"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.015", Domain: "VER", Title: "System-Abnahmetest bestanden", Description: "Der System-Abnahmetest wurde durch Kunden und/oder Zertifizierungsstelle erfolgreich durchgefuehrt.", PriorityHint: "high", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"SAT-Protokoll", "Abnahme-Zertifikat"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.VER.016", Domain: "VER", Title: "Sicherheitsnachweise vollstaendig", Description: "Alle erforderlichen Sicherheitsnachweise sind vollstaendig, aktuell und von der Zertifizierungsstelle anerkannt.", PriorityHint: "high", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Safety-Case", "Zertifikat"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.VER.017", Domain: "VER", Title: "Unabhaengige Verifikation durchgefuehrt", Description: "Eine unabhaengige Verifikation (IV&V) durch eine separate Stelle wurde fuer alle SIL3/4-Anforderungen durchgefuehrt.", PriorityHint: "high", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"IV&V-Bericht", "Unabhaengigkeitsnachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.018", Domain: "VER", Title: "Safety-Case dokumentiert", Description: "Der Safety-Case stellt strukturiert dar wie alle Sicherheitsziele durch Massnahmen und Nachweise erfuellt sind.", PriorityHint: "high", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Safety-Case-Dokument", "Argumentation-Baum"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.VER.019", Domain: "VER", Title: "Code-Coverage-Nachweis erbracht", Description: "Der geforderte Code-Coverage-Grad (Statement/Branch/MC/DC) wurde nachgewiesen und dokumentiert.", PriorityHint: "high", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"Coverage-Bericht", "MC/DC-Nachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.VER.020", Domain: "VER", Title: "Fehlermodell-Test abgeschlossen", Description: "Tests basierend auf dem Fehlermodell (Fehlerguppe, Fehlerrate) wurden durchgefuehrt und ausgewertet.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure", "software_fault"}, EvidenceExamples: []string{"Fehlermodell-Test-Protokoll", "FMEA-Nachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.021", Domain: "VER", Title: "Feldbus-Konformitaetstest bestanden", Description: "Konformitaetstests fuer alle eingesetzten Feldbuskommunikationen wurden erfolgreich abgeschlossen.", PriorityHint: "medium", MapsToHazardCategories: []string{"communication_failure", "integration_error"}, EvidenceExamples: []string{"Konformitaetstest-Zertifikat", "Pruefprotokoll"}, ReductionType: "protective", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.022", Domain: "VER", Title: "Kalibrierungsverifikation abgeschlossen", Description: "Die Kalibrierung aller sicherheitsrelevanten Messwerterfassungen wurde verifiziert und dokumentiert.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure", "mechanical_hazard"}, EvidenceExamples: []string{"Kalibrierprotokoll", "Messketten-Nachweis"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.023", Domain: "VER", Title: "Dokumentenpruefung durchgefuehrt", Description: "Alle sicherheitsrelevanten Dokumente wurden auf Vollstaendigkeit, Konsistenz und Korrektheit geprueft.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Dokumentenpruef-Protokoll", "Review-Checkliste"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.VER.024", Domain: "VER", Title: "Zuverlaessigkeitstest abgeschlossen", Description: "Zuverlaessigkeitstests (HALT, ALT) wurden durchgefuehrt und die Lebensdaueranforderungen bestanden.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"HALT-Bericht", "MTTF-Nachweis"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.025", Domain: "VER", Title: "Lebenszyklustest durchgefuehrt", Description: "Tests ueber den vollstaendigen Produktlebenszyklus (Alterung, Zyklen) wurden abgeschlossen.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure", "maintenance_hazard"}, EvidenceExamples: []string{"Lebenszyklustest-Protokoll", "Alterungstest-Bericht"}, ReductionType: "protective", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.026", Domain: "VER", Title: "Sicherheits-Audit abgeschlossen", Description: "Ein Sicherheits-Audit durch qualifizierte Auditoren wurde durchgefuehrt und alle Befunde behandelt.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Audit-Bericht", "Finding-Trackingprotokoll"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.VER.027", Domain: "VER", Title: "Kompatibilitaetstest durchgefuehrt", Description: "Kompatibilitaetstests mit allen unterstuetzten Systemkonfigurationen und Softwareversionen wurden abgeschlossen.", PriorityHint: "medium", MapsToHazardCategories: []string{"integration_error", "configuration_error"}, EvidenceExamples: []string{"Kompatibilitaetstest-Matrix", "Testprotokoll"}, ReductionType: "protective", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.VER.028", Domain: "VER", Title: "Software-Review abgeschlossen", Description: "Formelle Software-Reviews (Inspektion, Walkthrough) wurden fuer alle sicherheitsrelevanten Module durchgefuehrt.", PriorityHint: "medium", MapsToHazardCategories: []string{"software_fault"}, EvidenceExamples: []string{"Review-Protokoll", "Findings-Liste"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.VER.029", Domain: "VER", Title: "Factory-Acceptance-Test bestanden", Description: "Der Factory Acceptance Test (FAT) beim Hersteller wurde erfolgreich durchgefuehrt und dokumentiert.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"FAT-Protokoll", "Abnahme-Zertifikat"}, ReductionType: "protective", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.VER.030", Domain: "VER", Title: "Site-Acceptance-Test bestanden", Description: "Der Site Acceptance Test (SAT) am Einsatzort wurde erfolgreich durchgefuehrt und dokumentiert.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure", "integration_error"}, EvidenceExamples: []string{"SAT-Protokoll", "Inbetriebnahme-Zertifikat"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
|
||||
// ── Domain CYBER (OT-Cybersecurity) ───────────────────────────────────
|
||||
{ID: "CTRL.CYBER.001", Domain: "CYBER", Title: "Netzwerksegmentierung implementiert", Description: "OT- und IT-Netzwerke sind segmentiert und der Zugriff zwischen Zonen ist durch Firewalls kontrolliert.", PriorityHint: "critical", MapsToHazardCategories: []string{"unauthorized_access", "communication_failure"}, EvidenceExamples: []string{"Netzwerkdiagramm", "Firewall-Regelwerk"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.002", Domain: "CYBER", Title: "Signierte Firmware-Updates", Description: "Alle Firmware-Updates werden vor der Installation kryptografisch auf Authentizitaet und Integritaet geprueft.", PriorityHint: "critical", MapsToHazardCategories: []string{"firmware_corruption", "unauthorized_access"}, EvidenceExamples: []string{"Signaturpruefungsnachweis", "Update-Prozess-Dokument"}, ReductionType: "protective", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.003", Domain: "CYBER", Title: "MFA fuer Admin-Zugang", Description: "Multi-Faktor-Authentifizierung ist fuer alle administrativen Zugaenge zum System verpflichtend.", PriorityHint: "critical", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"MFA-Konfigurationsnachweis", "Zugangskontroll-Policy"}, ReductionType: "design", Applicable: []string{"sw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.004", Domain: "CYBER", Title: "IDS/IPS implementiert", Description: "Ein Intrusion Detection/Prevention System ueberwacht den Netzwerkverkehr auf Angriffsmuster.", PriorityHint: "critical", MapsToHazardCategories: []string{"unauthorized_access", "communication_failure"}, EvidenceExamples: []string{"IDS-Konfigurationsnachweis", "Alert-Testprotokoll"}, ReductionType: "protective", Applicable: []string{"sw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.005", Domain: "CYBER", Title: "SBOM vorhanden und aktuell", Description: "Eine vollstaendige Software Bill of Materials (SBOM) ist vorhanden und wird bei Releases aktualisiert.", PriorityHint: "critical", MapsToHazardCategories: []string{"firmware_corruption", "unauthorized_access"}, EvidenceExamples: []string{"SBOM-Dokument", "SBOM-Tool-Nachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.CYBER.006", Domain: "CYBER", Title: "Schwachstellen-Scan durchgefuehrt", Description: "Regelmaessige Schwachstellen-Scans werden durchgefuehrt und Findings zeitgerecht behoben.", PriorityHint: "critical", MapsToHazardCategories: []string{"unauthorized_access", "firmware_corruption"}, EvidenceExamples: []string{"Scan-Bericht", "Remediation-Tracking"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.CYBER.007", Domain: "CYBER", Title: "Patch-Management etabliert", Description: "Ein strukturierter Patch-Management-Prozess stellt zeitnahe Behebung von Sicherheitsschwachstellen sicher.", PriorityHint: "critical", MapsToHazardCategories: []string{"unauthorized_access", "firmware_corruption"}, EvidenceExamples: []string{"Patch-Management-Policy", "Patch-Status-Report"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.008", Domain: "CYBER", Title: "Sichere Kommunikationsprotokolle (TLS/DTLS)", Description: "Alle Netzwerkkommunikationen nutzen TLS 1.2+ oder DTLS und schwache Ciphersuites sind deaktiviert.", PriorityHint: "critical", MapsToHazardCategories: []string{"unauthorized_access", "communication_failure"}, EvidenceExamples: []string{"TLS-Konfigurationsnachweis", "SSL-Labs-Bericht"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.009", Domain: "CYBER", Title: "Firewall-Regeln minimiert", Description: "Firewall-Regeln folgen dem Whitelist-Prinzip — nur explizit erlaubter Verkehr ist zugelassen.", PriorityHint: "critical", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"Firewall-Regelwerk-Review", "Penetrationstest-Nachweis"}, ReductionType: "design", Applicable: []string{"sw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.010", Domain: "CYBER", Title: "Portabsicherung implementiert", Description: "Alle nicht benoetigten Netzwerkports und Dienste sind deaktiviert und dokumentiert.", PriorityHint: "critical", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"Port-Scan-Bericht", "Service-Haertungsdokument"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.011", Domain: "CYBER", Title: "VPN fuer Remote-Zugang", Description: "Fernzugriff auf OT-Systeme erfolgt ausschliesslich ueber verschluesselte VPN-Verbindungen.", PriorityHint: "high", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"VPN-Konfigurationsnachweis", "Remote-Access-Policy"}, ReductionType: "design", Applicable: []string{"sw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.012", Domain: "CYBER", Title: "Passwort-Policy durchgesetzt", Description: "Eine Passwort-Policy mit Komplexitaetsanforderungen und Ablauffristen ist implementiert und technisch erzwungen.", PriorityHint: "high", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"Passwort-Policy", "Technischer Nachweis"}, ReductionType: "protective", Applicable: []string{"sw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.013", Domain: "CYBER", Title: "Brute-Force-Schutz aktiviert", Description: "Account-Lockout nach mehrfach fehlgeschlagenen Login-Versuchen ist implementiert und getestet.", PriorityHint: "high", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"Brute-Force-Test-Nachweis", "Konfigurationsprotokoll"}, ReductionType: "design", Applicable: []string{"sw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.014", Domain: "CYBER", Title: "Session-Management sicher implementiert", Description: "Session-Tokens sind kryptografisch stark, Timeouts sind konfiguriert und Session-Fixation verhindert.", PriorityHint: "high", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"Session-Management-Review", "Penetrationstest-Nachweis"}, ReductionType: "protective", Applicable: []string{"sw"}},
|
||||
{ID: "CTRL.CYBER.015", Domain: "CYBER", Title: "Kryptografisch sichere Zufallszahlen", Description: "Kryptografisch sichere Zufallszahlengeneratoren (CSPRNG) werden fuer alle sicherheitsrelevanten Operationen genutzt.", PriorityHint: "high", MapsToHazardCategories: []string{"unauthorized_access", "firmware_corruption"}, EvidenceExamples: []string{"CSPRNG-Nachweis", "Code-Review-Protokoll"}, ReductionType: "design", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.CYBER.016", Domain: "CYBER", Title: "PKI/Zertifikatsverwaltung etabliert", Description: "Eine Public Key Infrastructure (PKI) verwaltet alle Zertifikate mit definierten Lebenszyklen.", PriorityHint: "high", MapsToHazardCategories: []string{"unauthorized_access", "communication_failure"}, EvidenceExamples: []string{"PKI-Konzept", "Zertifikatsregister"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.017", Domain: "CYBER", Title: "Sicheres Schluesselspeichern (HSM/TPM)", Description: "Kryptografische Schluessel werden sicher in Hardware Security Modules (HSM) oder TPM-Chips gespeichert.", PriorityHint: "high", MapsToHazardCategories: []string{"unauthorized_access", "firmware_corruption"}, EvidenceExamples: []string{"HSM-Konfigurationsnachweis", "Key-Management-Policy"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.018", Domain: "CYBER", Title: "Code-Signing implementiert", Description: "Alle ausfuehrbaren Softwarekomponenten sind mit verifizierbaren digitalen Signaturen versehen.", PriorityHint: "high", MapsToHazardCategories: []string{"firmware_corruption", "unauthorized_access"}, EvidenceExamples: []string{"Code-Signing-Prozess", "Signaturpruefungsnachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw"}},
|
||||
{ID: "CTRL.CYBER.019", Domain: "CYBER", Title: "Integrity-Monitoring aktiviert", Description: "Integritaets-Monitoring erkennt unautorisierten Zugriff auf kritische System- und Konfigurationsdateien.", PriorityHint: "high", MapsToHazardCategories: []string{"unauthorized_access", "configuration_error"}, EvidenceExamples: []string{"FIM-Konfigurationsnachweis", "Alert-Testprotokoll"}, ReductionType: "design", Applicable: []string{"sw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.020", Domain: "CYBER", Title: "Log-Management etabliert", Description: "Zentralisiertes Log-Management stellt sichere Aufbewahrung und Unversehrtheit von Sicherheitslogs sicher.", PriorityHint: "high", MapsToHazardCategories: []string{"logging_audit_failure"}, EvidenceExamples: []string{"Log-Management-Konzept", "SIEM-Nachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.021", Domain: "CYBER", Title: "SIEM-Integration vorhanden", Description: "Sicherheitsrelevante Ereignisse werden an ein SIEM-System weitergeleitet und korreliert.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access", "logging_audit_failure"}, EvidenceExamples: []string{"SIEM-Integrationsnachweis", "Usecase-Dokumentation"}, ReductionType: "design", Applicable: []string{"sw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.022", Domain: "CYBER", Title: "Vulnerability-Disclosure-Policy vorhanden", Description: "Eine oeffentliche Vulnerability Disclosure Policy (VDP) ist etabliert und ein Meldeprozess definiert.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"VDP-Dokument", "Bug-Bounty-Policy"}, ReductionType: "protective", Applicable: []string{"sw", "ai"}},
|
||||
{ID: "CTRL.CYBER.023", Domain: "CYBER", Title: "Incident-Response-Plan vorhanden", Description: "Ein Cyber-Incident-Response-Plan definiert Eskalation, Rollen und Massnahmen fuer Sicherheitsvorfaelle.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access", "firmware_corruption"}, EvidenceExamples: []string{"Incident-Response-Plan", "Uebungsprotokoll"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.CYBER.024", Domain: "CYBER", Title: "Penetrationstest OT durchgefuehrt", Description: "OT-spezifische Penetrationstests unter Beruecksichtigung von Verduegbarkeitsanforderungen wurden durchgefuehrt.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access", "communication_failure"}, EvidenceExamples: []string{"OT-Pentest-Bericht", "Finding-Tracking"}, ReductionType: "protective", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.025", Domain: "CYBER", Title: "Security-by-Default konfiguriert", Description: "Alle Systeme werden mit sicheren Standardkonfigurationen ausgeliefert und unsichere Defaults sind deaktiviert.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access", "configuration_error"}, EvidenceExamples: []string{"Default-Konfigurationsnachweis", "Haertungs-Checkliste"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.026", Domain: "CYBER", Title: "Least-Privilege-Prinzip umgesetzt", Description: "Alle Benutzer, Prozesse und Dienste haben nur die Mindestberechtigungen die fuer ihre Funktion notwendig sind.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"Berechtigungs-Matrix", "Access-Review-Protokoll"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.CYBER.027", Domain: "CYBER", Title: "Role-Based Access Control implementiert", Description: "RBAC stellt sicher dass Zugriffsrechte rollenbasiert vergeben und regelmaessig geprueft werden.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"RBAC-Konzept", "Rollen-Dokumentation"}, ReductionType: "design", Applicable: []string{"sw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.CYBER.028", Domain: "CYBER", Title: "Authentifizierung an allen Schnittstellen", Description: "Alle Kommunikationsschnittstellen erfordern starke Authentifizierung vor dem Datenzugriff.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access", "communication_failure"}, EvidenceExamples: []string{"Schnittstellen-Auth-Nachweis", "API-Security-Review"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.029", Domain: "CYBER", Title: "Datenverschluesselung im Transit", Description: "Alle uebertragenen Daten sind Ende-zu-Ende verschluesselt, auch im internen Netzwerk.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access", "communication_failure"}, EvidenceExamples: []string{"Verschluesselungsnachweis", "Traffic-Analyse"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.CYBER.030", Domain: "CYBER", Title: "Datenverschluesselung at Rest", Description: "Alle gespeicherten sensitiven Daten sind verschluesselt und Schluessel werden sicher verwaltet.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"Verschluesselungskonzept", "Key-Management-Nachweis"}, ReductionType: "protective", Applicable: []string{"sw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.CYBER.031", Domain: "CYBER", Title: "Sicherer Fernzugriff kontrolliert", Description: "Fernzugriff ist auf bekannte Nutzer und Systeme beschraenkt und wird vollstaendig protokolliert.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"Fernzugriffs-Policy", "Access-Log-Nachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.032", Domain: "CYBER", Title: "Deaktivierung ungenutzter Dienste", Description: "Alle nicht benoetigten Netzwerkdienste, Protokolle und Benutzerschnittstellen sind deaktiviert.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"Service-Inventar", "Haertungsnachweis"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.033", Domain: "CYBER", Title: "Haertung Betriebssystem durchgefuehrt", Description: "Das Betriebssystem wurde gemaess anerkannten Haertungsleitfaeden (CIS Benchmark, BSI) konfiguriert.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access", "configuration_error"}, EvidenceExamples: []string{"Haertungs-Protokoll", "CIS-Benchmark-Bericht"}, ReductionType: "design", Applicable: []string{"sw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.034", Domain: "CYBER", Title: "Container-Sicherheit implementiert", Description: "Container-Images werden regelmaessig auf Schwachstellen gescannt und laufen mit minimalen Berechtigungen.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access", "software_fault"}, EvidenceExamples: []string{"Container-Scan-Bericht", "Pod-Security-Policy"}, ReductionType: "protective", Applicable: []string{"sw", "ai"}},
|
||||
{ID: "CTRL.CYBER.035", Domain: "CYBER", Title: "Supply-Chain-Sicherheit beruecksichtigt", Description: "Software-Lieferketten-Risiken wurden bewertet und Massnahmen zur Absicherung sind implementiert.", PriorityHint: "medium", MapsToHazardCategories: []string{"firmware_corruption", "unauthorized_access"}, EvidenceExamples: []string{"Supply-Chain-Risikoanalyse", "SBOM-Nachweis"}, ReductionType: "design", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.CYBER.036", Domain: "CYBER", Title: "IEC-62443-Compliance-Assessment durchgefuehrt", Description: "Eine Konformitaetsbewertung gegenueber IEC 62443 fuer OT-Systeme wurde durchgefuehrt.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access", "communication_failure"}, EvidenceExamples: []string{"IEC-62443-Gap-Assessment", "Compliance-Bericht"}, ReductionType: "protective", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.037", Domain: "CYBER", Title: "Zero-Trust-Architektur umgesetzt", Description: "Zero-Trust-Prinzipien (Never Trust Always Verify) werden fuer alle Netzwerkzugriffe angewendet.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"Zero-Trust-Architektur-Dokument", "Implementierungsnachweis"}, ReductionType: "design", Applicable: []string{"sw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.038", Domain: "CYBER", Title: "Security-Training fuer Mitarbeiter", Description: "Regelmaessige Security-Awareness-Trainings werden fuer alle Mitarbeiter mit OT-Systemzugang durchgefuehrt.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access"}, EvidenceExamples: []string{"Trainingsprotokoll", "Teilnehmerliste"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.CYBER.039", Domain: "CYBER", Title: "Sicherheits-Audit OT abgeschlossen", Description: "OT-spezifisches Sicherheits-Audit durch qualifizierte Auditoren wurde durchgefuehrt und Befunde behoben.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access", "configuration_error"}, EvidenceExamples: []string{"OT-Audit-Bericht", "Finding-Closing-Nachweis"}, ReductionType: "design", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.CYBER.040", Domain: "CYBER", Title: "Cyber-Resilience-Plan vorhanden", Description: "Ein Cyber-Resilience-Plan definiert Massnahmen fuer den Weiterbetrieb und die schnelle Wiederherstellung nach Cyberangriffen.", PriorityHint: "medium", MapsToHazardCategories: []string{"unauthorized_access", "communication_failure"}, EvidenceExamples: []string{"Resilience-Plan", "BCP-Dokument"}, ReductionType: "protective", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
|
||||
// ── Domain DOC (Documentation & CE-Akte) ──────────────────────────────
|
||||
{ID: "CTRL.DOC.001", Domain: "DOC", Title: "Risikobewertung dokumentiert", Description: "Die vollstaendige Risikobewertung inkl. Risikomatrix, Massnahmen und Restrisiken ist dokumentiert und freigegeben.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure", "software_fault", "mechanical_hazard", "electrical_hazard"}, EvidenceExamples: []string{"Risikobewertungs-Dokument", "Freigabeprotokoll"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.DOC.002", Domain: "DOC", Title: "Technical-File vollstaendig", Description: "Das Technical File (Technische Dokumentation) fuer die CE-Kennzeichnung ist vollstaendig und aktuell.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure", "software_fault", "electrical_hazard"}, EvidenceExamples: []string{"Technical-File-Checkliste", "CE-Dossier"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.DOC.003", Domain: "DOC", Title: "Konformitaetserklaerung erstellt", Description: "Die EU-Konformitaetserklaerung (DoC) wurde erstellt, unterzeichnet und liegt dem Produkt bei.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"EU-Konformitaetserklaerung", "CE-Kennzeichen-Nachweis"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.DOC.004", Domain: "DOC", Title: "Betriebsanleitung verfasst", Description: "Eine vollstaendige Betriebsanleitung in der Landessprache des Anwenders liegt vor und deckt alle Betriebsmodi ab.", PriorityHint: "critical", MapsToHazardCategories: []string{"hmi_error", "maintenance_hazard", "safety_function_failure"}, EvidenceExamples: []string{"Betriebsanleitung", "Sprachversionen-Nachweis"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.DOC.005", Domain: "DOC", Title: "Wartungsanleitung vorhanden", Description: "Eine vollstaendige Wartungsanleitung mit Wartungsintervallen, Ersatzteilen und Pruefanweisungen liegt vor.", PriorityHint: "critical", MapsToHazardCategories: []string{"maintenance_hazard"}, EvidenceExamples: []string{"Wartungsanleitung", "Wartungsintervall-Tabelle"}, ReductionType: "information", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.006", Domain: "DOC", Title: "Installationsanleitung vorhanden", Description: "Eine vollstaendige Installationsanleitung mit Sicherheitshinweisen und Pruefanweisungen fuer die Inbetriebnahme liegt vor.", PriorityHint: "critical", MapsToHazardCategories: []string{"integration_error", "safety_function_failure"}, EvidenceExamples: []string{"Installationsanleitung", "Inbetriebnahme-Checkliste"}, ReductionType: "information", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.007", Domain: "DOC", Title: "Sicherheitsdatenblatt vorhanden", Description: "Ein Sicherheitsdatenblatt mit relevanten Sicherheitsinformationen liegt vor und ist aktuell.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure", "electrical_hazard", "thermal_hazard"}, EvidenceExamples: []string{"Sicherheitsdatenblatt", "REACH-Konformitaet"}, ReductionType: "information", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.008", Domain: "DOC", Title: "Sicherheitsfunktions-Beschreibung vorhanden", Description: "Alle Sicherheitsfunktionen sind vollstaendig beschrieben inkl. Funktionsprinzip, Ausloesekriterien und Wirkung.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Sicherheitsfunktions-Beschreibung", "Funktionale-Sicherheits-Konzept"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.009", Domain: "DOC", Title: "CE-Kennzeichnung angebracht", Description: "Das CE-Kennzeichen ist am Produkt angebracht und die zugehoerige Doku ist vollstaendig.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"CE-Kennzeichen-Foto", "Konformitaetserklaerung"}, ReductionType: "information", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.010", Domain: "DOC", Title: "Pruefberichte archiviert", Description: "Alle Pruef- und Testberichte sind vollstaendig archiviert und fuer 10 Jahre verfuegbar.", PriorityHint: "critical", MapsToHazardCategories: []string{"safety_function_failure", "electrical_hazard", "emc_hazard"}, EvidenceExamples: []string{"Archivierungsnachweis", "Dokumentenregister"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.DOC.011", Domain: "DOC", Title: "Normenkonformitaetsmatrix erstellt", Description: "Eine Normenkonformitaetsmatrix zeigt fuer jede anwendbare Norm den Konformitaetsnachweis.", PriorityHint: "high", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Normenmatrix", "Gap-Analyse"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.DOC.012", Domain: "DOC", Title: "Aenderungsdokumentation vollstaendig", Description: "Alle Produktaenderungen sind vollstaendig dokumentiert und die Auswirkungen auf die Zertifizierung bewertet.", PriorityHint: "high", MapsToHazardCategories: []string{"configuration_error", "software_fault"}, EvidenceExamples: []string{"Aenderungsprotokoll", "Impact-Analyse"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.DOC.013", Domain: "DOC", Title: "Software-Release-Notes vorhanden", Description: "Fuer jedes Software-Release existieren vollstaendige Release-Notes mit Aenderungen, Fixes und Bekannten-Problemen.", PriorityHint: "high", MapsToHazardCategories: []string{"software_fault", "update_failure"}, EvidenceExamples: []string{"Release-Notes", "Changelog"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ai"}},
|
||||
{ID: "CTRL.DOC.014", Domain: "DOC", Title: "Konfigurationshandbuch erstellt", Description: "Ein vollstaendiges Konfigurationshandbuch mit allen Parametern und deren sicheren Wertebereichen liegt vor.", PriorityHint: "high", MapsToHazardCategories: []string{"configuration_error"}, EvidenceExamples: []string{"Konfigurationshandbuch", "Parameter-Referenz"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.015", Domain: "DOC", Title: "Schulungsunterlagen vorhanden", Description: "Schulungsunterlagen fuer Bediener, Instandhalter und Administratoren sind vorhanden und aktuell.", PriorityHint: "high", MapsToHazardCategories: []string{"hmi_error", "maintenance_hazard"}, EvidenceExamples: []string{"Schulungsunterlagen", "Kompetenzmatrix"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.DOC.016", Domain: "DOC", Title: "Lagerungsanweisung vorhanden", Description: "Eine Lagerungsanweisung mit Bedingungen und Hoechstlagerdauer liegt vor.", PriorityHint: "high", MapsToHazardCategories: []string{"environmental_hazard"}, EvidenceExamples: []string{"Lagerungsanweisung", "Verpackungsvorschrift"}, ReductionType: "information", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.017", Domain: "DOC", Title: "Entsorgungshinweise vorhanden", Description: "Hinweise zur umweltgerechten Entsorgung (WEEE, RoHS) sind im Produkt dokumentiert.", PriorityHint: "high", MapsToHazardCategories: []string{"environmental_hazard"}, EvidenceExamples: []string{"Entsorgungshinweis", "WEEE-Konformitaetsnachweis"}, ReductionType: "information", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.018", Domain: "DOC", Title: "HARA-Dokumentation vollstaendig", Description: "Die HARA-Dokumentation ist vollstaendig, durch Review freigegeben und alle Massnahmen sind rueckverfolgbar.", PriorityHint: "high", MapsToHazardCategories: []string{"safety_function_failure", "mechanical_hazard", "electrical_hazard"}, EvidenceExamples: []string{"HARA-Dokument", "Review-Protokoll"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.DOC.019", Domain: "DOC", Title: "SIL-Nachweisdokumentation vollstaendig", Description: "Die vollstaendige SIL-Nachweisdokumentation gemaess IEC 61508 ist vorhanden und durch Zertifizierungsstelle anerkannt.", PriorityHint: "high", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"SIL-Zertifikat", "Nachweisdokumentation"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.020", Domain: "DOC", Title: "Baumustererpruefung durchgefuehrt", Description: "Eine Baumustererpruefung durch eine notifizierte Stelle wurde durchgefuehrt und ein Zertifikat ausgestellt.", PriorityHint: "high", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Baumustererpruefungs-Zertifikat", "Pruefbericht"}, ReductionType: "information", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.021", Domain: "DOC", Title: "Erstinbetriebnahme-Protokoll vorhanden", Description: "Ein Erstinbetriebnahme-Protokoll dokumentiert alle Pruefschritte und deren Ergebnisse.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure", "integration_error"}, EvidenceExamples: []string{"Inbetriebnahme-Protokoll", "Abnahme-Checkliste"}, ReductionType: "information", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.022", Domain: "DOC", Title: "Wartungsprotokoll gefuehrt", Description: "Wartungsprotokolle werden bei jeder Wartung erstellt und archiviert.", PriorityHint: "medium", MapsToHazardCategories: []string{"maintenance_hazard"}, EvidenceExamples: []string{"Wartungsprotokoll", "Wartungsbuch"}, ReductionType: "information", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.023", Domain: "DOC", Title: "Kalibrierprotokoll aktuell", Description: "Kalibrierprotokolle fuer alle sicherheitsrelevanten Messgeraete sind aktuell und archiviert.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Kalibrierprotokoll", "Kalibrierzertifikat"}, ReductionType: "information", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.024", Domain: "DOC", Title: "Vorfallsprotokoll gefuehrt", Description: "Alle Sicherheitsvorfaelle und sicherheitsrelevanten Ereignisse werden protokolliert und ausgewertet.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure", "software_fault"}, EvidenceExamples: []string{"Vorfallsprotokoll", "Root-Cause-Analyse"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.DOC.025", Domain: "DOC", Title: "Audits und Zertifikate archiviert", Description: "Alle Audit-Berichte und Zertifikate sind vollstaendig archiviert und fuer die vorgeschriebene Dauer verfuegbar.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure"}, EvidenceExamples: []string{"Zertifikate-Register", "Archivierungsnachweis"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.DOC.026", Domain: "DOC", Title: "Zulieferer-Dokumentation vorhanden", Description: "Alle relevanten Zulieferer-Dokumentationen (Datenblatt, Zertifikat, Konformitaetserklaerung) sind vorhanden.", PriorityHint: "medium", MapsToHazardCategories: []string{"software_fault", "electrical_hazard"}, EvidenceExamples: []string{"Zulieferer-Dokumentenregister", "Komponentenzertifikate"}, ReductionType: "information", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.027", Domain: "DOC", Title: "Lebenszyklusplan dokumentiert", Description: "Der Produktlebenszyklusplan von Entwicklung bis Ausserbetriebnahme ist dokumentiert und verbindlich.", PriorityHint: "medium", MapsToHazardCategories: []string{"maintenance_hazard", "update_failure"}, EvidenceExamples: []string{"Lebenszyklusplan", "EOL-Strategie"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.DOC.028", Domain: "DOC", Title: "Obsoleszenz-Management dokumentiert", Description: "Ein Obsoleszenz-Management-Plan identifiziert Risiken durch auslaufende Komponenten und definiert Massnahmen.", PriorityHint: "medium", MapsToHazardCategories: []string{"update_failure", "software_fault"}, EvidenceExamples: []string{"Obsoleszenz-Plan", "Risiko-Register"}, ReductionType: "information", Applicable: []string{"fw", "ctrl"}},
|
||||
{ID: "CTRL.DOC.029", Domain: "DOC", Title: "Schnittstellendokumentation vollstaendig", Description: "Alle Systemschnittstellen sind vollstaendig dokumentiert inkl. Protokolle, Datenformate und Fehlercodes.", PriorityHint: "medium", MapsToHazardCategories: []string{"integration_error", "communication_failure"}, EvidenceExamples: []string{"Schnittstellendokumentation", "API-Referenz"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
{ID: "CTRL.DOC.030", Domain: "DOC", Title: "Post-Market-Surveillance-Plan vorhanden", Description: "Ein Post-Market-Surveillance-Plan definiert wie Felddaten, Vorfaelle und Kundenrueckmeldungen systematisch ausgewertet werden.", PriorityHint: "medium", MapsToHazardCategories: []string{"safety_function_failure", "software_fault"}, EvidenceExamples: []string{"PMS-Plan", "PMSR-Bericht"}, ReductionType: "information", Applicable: []string{"sw", "fw", "ctrl", "ai"}},
|
||||
}
|
||||
}
|
||||
@@ -13,6 +13,7 @@ type RiskComputeInput struct {
|
||||
Severity int `json:"severity"` // 1-5
|
||||
Exposure int `json:"exposure"` // 1-5
|
||||
Probability int `json:"probability"` // 1-5
|
||||
Avoidance int `json:"avoidance"` // 0=disabled, 1-5 (3=neutral)
|
||||
ControlMaturity int `json:"control_maturity"` // 0-4
|
||||
ControlCoverage float64 `json:"control_coverage"` // 0-1
|
||||
TestEvidence float64 `json:"test_evidence"` // 0-1
|
||||
@@ -68,13 +69,24 @@ func clampFloat(v, lo, hi float64) float64 {
|
||||
return v
|
||||
}
|
||||
|
||||
// CalculateInherentRisk computes the inherent risk score as S * E * P.
|
||||
// CalculateInherentRisk computes the inherent risk score.
|
||||
//
|
||||
// Formula:
|
||||
// - avoidance == 0: S × E × P (backward-compatible, no avoidance factor)
|
||||
// - avoidance > 0: S × E × P × (A / 3.0) (3 = neutral, no influence)
|
||||
//
|
||||
// Avoidance scale: 1=leicht vermeidbar, 3=neutral, 5=nicht vermeidbar.
|
||||
// Each factor is expected in the range 1-5 and will be clamped if out of range.
|
||||
func (e *RiskEngine) CalculateInherentRisk(severity, exposure, probability int) float64 {
|
||||
func (e *RiskEngine) CalculateInherentRisk(severity, exposure, probability, avoidance int) float64 {
|
||||
s := clamp(severity, 1, 5)
|
||||
ex := clamp(exposure, 1, 5)
|
||||
p := clamp(probability, 1, 5)
|
||||
return float64(s) * float64(ex) * float64(p)
|
||||
base := float64(s) * float64(ex) * float64(p)
|
||||
if avoidance <= 0 {
|
||||
return base
|
||||
}
|
||||
a := clamp(avoidance, 1, 5)
|
||||
return base * (float64(a) / 3.0)
|
||||
}
|
||||
|
||||
// CalculateControlEffectiveness computes the control effectiveness score.
|
||||
@@ -104,7 +116,7 @@ func (e *RiskEngine) CalculateControlEffectiveness(maturity int, coverage, testE
|
||||
// - severity, exposure, probability: 1-5, clamped if out of range
|
||||
// - cEff: control effectiveness, 0-1
|
||||
func (e *RiskEngine) CalculateResidualRisk(severity, exposure, probability int, cEff float64) float64 {
|
||||
inherent := e.CalculateInherentRisk(severity, exposure, probability)
|
||||
inherent := e.CalculateInherentRisk(severity, exposure, probability, 0)
|
||||
return inherent * (1 - cEff)
|
||||
}
|
||||
|
||||
@@ -185,7 +197,7 @@ func (e *RiskEngine) ComputeRisk(req RiskComputeInput) (*RiskComputeResult, erro
|
||||
return nil, fmt.Errorf("severity, exposure, and probability must be >= 1")
|
||||
}
|
||||
|
||||
inherentRisk := e.CalculateInherentRisk(req.Severity, req.Exposure, req.Probability)
|
||||
inherentRisk := e.CalculateInherentRisk(req.Severity, req.Exposure, req.Probability, req.Avoidance)
|
||||
controlEff := e.CalculateControlEffectiveness(req.ControlMaturity, req.ControlCoverage, req.TestEvidence)
|
||||
residualRisk := e.CalculateResidualRisk(req.Severity, req.Exposure, req.Probability, controlEff)
|
||||
riskLevel := e.DetermineRiskLevel(residualRisk)
|
||||
|
||||
@@ -48,7 +48,7 @@ func TestCalculateInherentRisk_BasicCases(t *testing.T) {
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
result := e.CalculateInherentRisk(tt.s, tt.ex, tt.p)
|
||||
result := e.CalculateInherentRisk(tt.s, tt.ex, tt.p, 0)
|
||||
if !almostEqual(result, tt.expected) {
|
||||
t.Errorf("CalculateInherentRisk(%d, %d, %d) = %v, want %v", tt.s, tt.ex, tt.p, result, tt.expected)
|
||||
}
|
||||
@@ -72,7 +72,7 @@ func TestCalculateInherentRisk_Clamping(t *testing.T) {
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
result := e.CalculateInherentRisk(tt.s, tt.ex, tt.p)
|
||||
result := e.CalculateInherentRisk(tt.s, tt.ex, tt.p, 0)
|
||||
if !almostEqual(result, tt.expected) {
|
||||
t.Errorf("CalculateInherentRisk(%d, %d, %d) = %v, want %v", tt.s, tt.ex, tt.p, result, tt.expected)
|
||||
}
|
||||
@@ -88,7 +88,7 @@ func TestCalculateInherentRisk_FullCoverage(t *testing.T) {
|
||||
for ex := 1; ex <= 5; ex++ {
|
||||
for p := 1; p <= 5; p++ {
|
||||
expected := float64(s * ex * p)
|
||||
result := e.CalculateInherentRisk(s, ex, p)
|
||||
result := e.CalculateInherentRisk(s, ex, p, 0)
|
||||
if !almostEqual(result, expected) {
|
||||
t.Errorf("CalculateInherentRisk(%d, %d, %d) = %v, want %v", s, ex, p, result, expected)
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -9,9 +9,9 @@ import (
|
||||
func TestGetBuiltinHazardLibrary_EntryCount(t *testing.T) {
|
||||
entries := GetBuiltinHazardLibrary()
|
||||
|
||||
// Expected: 4+3+2+3+3+3+4+3+4+3+2+3 = 37
|
||||
if len(entries) != 37 {
|
||||
t.Fatalf("GetBuiltinHazardLibrary returned %d entries, want 37", len(entries))
|
||||
// Original 37 + 12 new categories (10+8+6+6+4+5+8+8+5+8+5+6 = 79) = 116
|
||||
if len(entries) < 100 {
|
||||
t.Fatalf("GetBuiltinHazardLibrary returned %d entries, want at least 100", len(entries))
|
||||
}
|
||||
}
|
||||
|
||||
@@ -46,6 +46,7 @@ func TestGetBuiltinHazardLibrary_UniqueNonZeroUUIDs(t *testing.T) {
|
||||
func TestGetBuiltinHazardLibrary_AllCategoriesPresent(t *testing.T) {
|
||||
entries := GetBuiltinHazardLibrary()
|
||||
|
||||
// All 24 categories (12 original + 12 new)
|
||||
expectedCategories := map[string]bool{
|
||||
"false_classification": false,
|
||||
"timing_error": false,
|
||||
@@ -59,6 +60,19 @@ func TestGetBuiltinHazardLibrary_AllCategoriesPresent(t *testing.T) {
|
||||
"mode_confusion": false,
|
||||
"unintended_bias": false,
|
||||
"update_failure": false,
|
||||
// New categories
|
||||
"software_fault": false,
|
||||
"hmi_error": false,
|
||||
"mechanical_hazard": false,
|
||||
"electrical_hazard": false,
|
||||
"thermal_hazard": false,
|
||||
"emc_hazard": false,
|
||||
"configuration_error": false,
|
||||
"safety_function_failure": false,
|
||||
"logging_audit_failure": false,
|
||||
"integration_error": false,
|
||||
"environmental_hazard": false,
|
||||
"maintenance_hazard": false,
|
||||
}
|
||||
|
||||
for _, e := range entries {
|
||||
@@ -78,7 +92,8 @@ func TestGetBuiltinHazardLibrary_AllCategoriesPresent(t *testing.T) {
|
||||
func TestGetBuiltinHazardLibrary_CategoryCounts(t *testing.T) {
|
||||
entries := GetBuiltinHazardLibrary()
|
||||
|
||||
expectedCounts := map[string]int{
|
||||
// Original 12 categories: exact counts must remain unchanged
|
||||
originalCounts := map[string]int{
|
||||
"false_classification": 4,
|
||||
"timing_error": 3,
|
||||
"data_poisoning": 2,
|
||||
@@ -92,15 +107,26 @@ func TestGetBuiltinHazardLibrary_CategoryCounts(t *testing.T) {
|
||||
"unintended_bias": 2,
|
||||
"update_failure": 3,
|
||||
}
|
||||
// New 12 categories: must each have at least 1 entry
|
||||
newCategories := []string{
|
||||
"software_fault", "hmi_error", "mechanical_hazard", "electrical_hazard",
|
||||
"thermal_hazard", "emc_hazard", "configuration_error", "safety_function_failure",
|
||||
"logging_audit_failure", "integration_error", "environmental_hazard", "maintenance_hazard",
|
||||
}
|
||||
|
||||
actualCounts := make(map[string]int)
|
||||
for _, e := range entries {
|
||||
actualCounts[e.Category]++
|
||||
}
|
||||
|
||||
for cat, expected := range expectedCounts {
|
||||
for cat, expected := range originalCounts {
|
||||
if actualCounts[cat] != expected {
|
||||
t.Errorf("category %q: count = %d, want %d", cat, actualCounts[cat], expected)
|
||||
t.Errorf("original category %q: count = %d, want %d", cat, actualCounts[cat], expected)
|
||||
}
|
||||
}
|
||||
for _, cat := range newCategories {
|
||||
if actualCounts[cat] < 1 {
|
||||
t.Errorf("new category %q: count = %d, want >= 1", cat, actualCounts[cat])
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -239,6 +239,7 @@ type RiskAssessment struct {
|
||||
Severity int `json:"severity"`
|
||||
Exposure int `json:"exposure"`
|
||||
Probability int `json:"probability"`
|
||||
Avoidance int `json:"avoidance,omitempty"` // 0=disabled, 1-5 (3=neutral)
|
||||
InherentRisk float64 `json:"inherent_risk"`
|
||||
ControlMaturity int `json:"control_maturity"`
|
||||
ControlCoverage float64 `json:"control_coverage"`
|
||||
@@ -404,6 +405,7 @@ type AssessRiskRequest struct {
|
||||
Severity int `json:"severity" binding:"required"`
|
||||
Exposure int `json:"exposure" binding:"required"`
|
||||
Probability int `json:"probability" binding:"required"`
|
||||
Avoidance int `json:"avoidance,omitempty"` // 0=disabled, 1-5 (3=neutral)
|
||||
ControlMaturity int `json:"control_maturity" binding:"required"`
|
||||
ControlCoverage float64 `json:"control_coverage" binding:"required"`
|
||||
TestEvidenceStrength float64 `json:"test_evidence_strength" binding:"required"`
|
||||
|
||||
348
docs-src/services/sdk-modules/iace.md
Normal file
348
docs-src/services/sdk-modules/iace.md
Normal file
@@ -0,0 +1,348 @@
|
||||
# IACE — Industrial AI Compliance Engine
|
||||
|
||||
**Modul:** CE-Risikobeurteilung fuer Maschinen mit Software / Firmware / KI
|
||||
**Service:** `ai-compliance-sdk` (Go/Gin, Port 8093)
|
||||
**Base-URL:** `GET|POST https://macmini:8093/sdk/v1/iace/...`
|
||||
|
||||
---
|
||||
|
||||
## Ueberblick
|
||||
|
||||
Das IACE-Modul unterstuetzt die vollstaendige CE-Konformitaetsbewertung von Maschinen und Systemen mit Software-, Firmware- und KI-Anteilen gemaess:
|
||||
|
||||
- **Maschinenverordnung (EU) 2023/1230** (loest Maschinenrichtlinie 2006/42/EG ab)
|
||||
- **AI Act (EU) 2024/1689** (fuer KI-Systeme in Hochrisikoklassen)
|
||||
- **CRA (Cyber Resilience Act)** (fuer vernetzte Produkte)
|
||||
- **NIS2** (fuer kritische Infrastrukturen)
|
||||
|
||||
---
|
||||
|
||||
## SEPA Risikomodell
|
||||
|
||||
IACE verwendet das **SEPA-Modell** (Severity × Exposure × Probability × Avoidance):
|
||||
|
||||
### Formel
|
||||
|
||||
| Avoidance | Formel | Beschreibung |
|
||||
|-----------|--------|--------------|
|
||||
| `0` (Standard) | `S × E × P` | Backward-kompatibel, kein Avoidance-Faktor |
|
||||
| `1–5` | `S × E × P × (A / 3.0)` | Avoidance-faktor aktiv (3 = neutral) |
|
||||
|
||||
### Avoidance-Skala
|
||||
|
||||
| Wert | Bedeutung |
|
||||
|------|-----------|
|
||||
| 1 | Leicht vermeidbar (klare Warnung, langsame Bewegung) |
|
||||
| 2 | Eher vermeidbar |
|
||||
| 3 | Neutral (kein Einfluss) |
|
||||
| 4 | Schwer vermeidbar |
|
||||
| 5 | Nicht vermeidbar (sofortige Auswirkung) |
|
||||
|
||||
### Schwellwerte (Residualrisiko)
|
||||
|
||||
| Schwelle | Level |
|
||||
|----------|-------|
|
||||
| ≥ 75 | critical |
|
||||
| ≥ 40 | high |
|
||||
| ≥ 15 | medium |
|
||||
| ≥ 5 | low |
|
||||
| < 5 | negligible |
|
||||
|
||||
### ALARP-Akzeptanz
|
||||
|
||||
- `residualRisk < 15` → akzeptabel
|
||||
- `residualRisk < 40` + alle Minderungsschritte verifiziert + Begruendung → akzeptabel (ALARP)
|
||||
- `residualRisk ≥ 40` → nicht akzeptabel (blockiert CE-Export)
|
||||
|
||||
---
|
||||
|
||||
## Hazard-Library
|
||||
|
||||
Die eingebaute Hazard-Library enthaelt **~140 Eintraege** in 24 Kategorien:
|
||||
|
||||
### Urspruengliche Kategorien (12)
|
||||
|
||||
| Kategorie | Eintraege | Beschreibung |
|
||||
|-----------|-----------|--------------|
|
||||
| `false_classification` | 4 | Falsche KI-Klassifikation |
|
||||
| `timing_error` | 3 | Echtzeit-Verletzungen |
|
||||
| `data_poisoning` | 2 | Manipulierte Trainingsdaten |
|
||||
| `model_drift` | 3 | Modell-Verschlechterung |
|
||||
| `sensor_spoofing` | 3 | Sensor-Manipulation |
|
||||
| `communication_failure` | 3 | Kommunikationsausfall |
|
||||
| `unauthorized_access` | 4 | Unberechtigter Zugriff |
|
||||
| `firmware_corruption` | 3 | Firmware-Beschaedigung |
|
||||
| `safety_boundary_violation` | 4 | Sicherheitsgrenzwert-Verletzung |
|
||||
| `mode_confusion` | 3 | Betriebsart-Verwechslung |
|
||||
| `unintended_bias` | 2 | Unbeabsichtigte Diskriminierung |
|
||||
| `update_failure` | 3 | Update-Fehler |
|
||||
|
||||
### Neue Kategorien (12, v2.0)
|
||||
|
||||
| Kategorie | Eintraege | Beschreibung |
|
||||
|-----------|-----------|--------------|
|
||||
| `software_fault` | 10 | Race Condition, Stack Overflow, Integer Overflow, Deadlock... |
|
||||
| `hmi_error` | 8 | Falsche Einheit, fehlender Alarm, Quittierung ohne Ursache... |
|
||||
| `mechanical_hazard` | 6 | Unerwarteter Anlauf, Restenergie, Teileauswurf... |
|
||||
| `electrical_hazard` | 6 | Elektrischer Schlag, Lichtbogen, gespeicherte Energie... |
|
||||
| `thermal_hazard` | 4 | Ueberhitzung, Brandgefahr, Einfrieren... |
|
||||
| `emc_hazard` | 5 | EMV-Stoerabstrahlung, ESD, HF-Stoerung... |
|
||||
| `configuration_error` | 8 | Falscher Safety-Param, Hard-coded Credentials, Debug-Mode... |
|
||||
| `safety_function_failure` | 8 | Not-Halt, STO, Schutztuer, Zweihand-Taster... |
|
||||
| `logging_audit_failure` | 5 | Fehlende Protokollierung, Log-Manipulation, Overflow... |
|
||||
| `integration_error` | 8 | Datentyp-Mismatch, Endianness, Buffer Overflow, Heartbeat... |
|
||||
| `environmental_hazard` | 5 | Temperatur, Feuchtigkeit, Vibration, Kontamination... |
|
||||
| `maintenance_hazard` | 6 | LOTO fehlt, Wartung bei laufender Maschine, Wiederanlauf... |
|
||||
|
||||
**Filter:** `GET /sdk/v1/iace/hazard-library?category=software_fault&componentType=sw`
|
||||
|
||||
---
|
||||
|
||||
## Controls-Library
|
||||
|
||||
Die Controls-Library enthaelt **200 Eintraege** in 6 Domaenen:
|
||||
|
||||
### Domaenen-Uebersicht
|
||||
|
||||
| Domain | Eintraege | Beschreibung | ReductionType |
|
||||
|--------|-----------|--------------|---------------|
|
||||
| `REQ` | 30 | Safety Requirements — HARA, SIL/PL, Traceability | design |
|
||||
| `ARCH` | 30 | Architektur & Design — Redundanz, Fail-Safe, Watchdog | design |
|
||||
| `SWDEV` | 40 | Software-Entwicklung — MISRA-C, Statische Analyse, WCET | design/protective |
|
||||
| `VER` | 30 | Verifikation & Validation — Fault Injection, HIL, SIL-Nachweis | design/protective |
|
||||
| `CYBER` | 40 | OT-Cybersecurity — Netzwerksegmentierung, Signed Updates, SBOM | design/protective |
|
||||
| `DOC` | 30 | Dokumentation & CE-Akte — Technical File, DoC, Betriebsanleitung | information |
|
||||
|
||||
**Filter:** `GET /sdk/v1/iace/controls-library?domain=CYBER&category=unauthorized_access`
|
||||
|
||||
---
|
||||
|
||||
## API-Endpunkte (30+)
|
||||
|
||||
### Libraries (projektunabhaengig)
|
||||
|
||||
| Methode | Pfad | Beschreibung |
|
||||
|---------|------|--------------|
|
||||
| GET | `/sdk/v1/iace/hazard-library` | Alle Gefaehrdungen (~140) |
|
||||
| GET | `/sdk/v1/iace/controls-library` | Alle Controls (200) |
|
||||
|
||||
### Projektmanagement
|
||||
|
||||
| Methode | Pfad | Beschreibung |
|
||||
|---------|------|--------------|
|
||||
| POST | `/sdk/v1/iace/projects` | Neues Projekt erstellen |
|
||||
| GET | `/sdk/v1/iace/projects` | Alle Projekte auflisten |
|
||||
| GET | `/sdk/v1/iace/projects/:id` | Projekt-Details |
|
||||
| PUT | `/sdk/v1/iace/projects/:id` | Projekt aktualisieren |
|
||||
| DELETE | `/sdk/v1/iace/projects/:id` | Projekt archivieren |
|
||||
|
||||
### Onboarding
|
||||
|
||||
| Methode | Pfad | Beschreibung |
|
||||
|---------|------|--------------|
|
||||
| POST | `/sdk/v1/iace/projects/:id/init-from-profile` | Projekt aus Company-Profile initialisieren |
|
||||
| POST | `/sdk/v1/iace/projects/:id/completeness-check` | 25-Gates-Pruefung |
|
||||
|
||||
### Komponenten
|
||||
|
||||
| Methode | Pfad | Beschreibung |
|
||||
|---------|------|--------------|
|
||||
| POST | `/sdk/v1/iace/projects/:id/components` | Komponente hinzufuegen |
|
||||
| GET | `/sdk/v1/iace/projects/:id/components` | Alle Komponenten |
|
||||
| PUT | `/sdk/v1/iace/projects/:id/components/:cid` | Komponente aktualisieren |
|
||||
| DELETE | `/sdk/v1/iace/projects/:id/components/:cid` | Komponente loeschen |
|
||||
|
||||
### Klassifizierung
|
||||
|
||||
| Methode | Pfad | Beschreibung |
|
||||
|---------|------|--------------|
|
||||
| POST | `/sdk/v1/iace/projects/:id/classify` | Alle Regulierungen klassifizieren |
|
||||
| GET | `/sdk/v1/iace/projects/:id/classifications` | Klassifizierungen abrufen |
|
||||
| POST | `/sdk/v1/iace/projects/:id/classify/:regulation` | Einzelne Regulierung |
|
||||
|
||||
### Gefaehrdungen & Risikobewertung
|
||||
|
||||
| Methode | Pfad | Beschreibung |
|
||||
|---------|------|--------------|
|
||||
| POST | `/sdk/v1/iace/projects/:id/hazards` | Gefaehrdung anlegen |
|
||||
| GET | `/sdk/v1/iace/projects/:id/hazards` | Alle Gefaehrdungen |
|
||||
| PUT | `/sdk/v1/iace/projects/:id/hazards/:hid` | Gefaehrdung aktualisieren |
|
||||
| POST | `/sdk/v1/iace/projects/:id/hazards/suggest` | KI-gestuetzte Vorschlaege |
|
||||
| POST | `/sdk/v1/iace/projects/:id/hazards/:hid/assess` | Risikobewertung (SEPA) |
|
||||
| POST | `/sdk/v1/iace/projects/:id/hazards/:hid/reassess` | Neubewertung nach Minderung |
|
||||
| GET | `/sdk/v1/iace/projects/:id/risk-summary` | Aggregierte Risikoübersicht |
|
||||
|
||||
### Minderung & Verifikation
|
||||
|
||||
| Methode | Pfad | Beschreibung |
|
||||
|---------|------|--------------|
|
||||
| POST | `/sdk/v1/iace/projects/:id/hazards/:hid/mitigations` | Massnahme anlegen |
|
||||
| GET | `/sdk/v1/iace/projects/:id/hazards/:hid/mitigations` | Alle Massnahmen |
|
||||
| PUT | `/sdk/v1/iace/projects/:id/hazards/:hid/mitigations/:mid` | Massnahme aktualisieren |
|
||||
| POST | `/sdk/v1/iace/projects/:id/verification-plans` | Verifikationsplan erstellen |
|
||||
| GET | `/sdk/v1/iace/projects/:id/verification-plans` | Alle Plaene |
|
||||
| PUT | `/sdk/v1/iace/projects/:id/verification-plans/:vid` | Plan aktualisieren |
|
||||
|
||||
### CE-Technische Akte
|
||||
|
||||
| Methode | Pfad | Beschreibung |
|
||||
|---------|------|--------------|
|
||||
| GET | `/sdk/v1/iace/projects/:id/tech-file` | Technische Akte abrufen |
|
||||
| POST | `/sdk/v1/iace/projects/:id/tech-file/generate` | Akte generieren |
|
||||
| GET | `/sdk/v1/iace/projects/:id/tech-file/export` | Akte exportieren (PDF/Markdown) |
|
||||
| PUT | `/sdk/v1/iace/projects/:id/tech-file/sections/:sid` | Abschnitt aktualisieren |
|
||||
|
||||
### Post-Market Monitoring
|
||||
|
||||
| Methode | Pfad | Beschreibung |
|
||||
|---------|------|--------------|
|
||||
| POST | `/sdk/v1/iace/projects/:id/monitoring-events` | Ereignis protokollieren |
|
||||
| GET | `/sdk/v1/iace/projects/:id/monitoring-events` | Alle Ereignisse |
|
||||
|
||||
### Audit-Trail
|
||||
|
||||
| Methode | Pfad | Beschreibung |
|
||||
|---------|------|--------------|
|
||||
| GET | `/sdk/v1/iace/projects/:id/audit-trail` | Unveraenderliches Audit-Log |
|
||||
|
||||
---
|
||||
|
||||
## Completeness Gates (25)
|
||||
|
||||
Das Modul prueft 25 Vollstaendigkeitstore vor dem CE-Export:
|
||||
|
||||
| Gate | Kategorie | Pflicht |
|
||||
|------|-----------|---------|
|
||||
| G01 | Projekt-Grunddaten vollstaendig | ✅ Required |
|
||||
| G02 | CE-Markierungsziel definiert | ✅ Required |
|
||||
| G03 | Mind. 1 Komponente erfasst | ✅ Required |
|
||||
| G04 | Regulatorische Klassifizierung abgeschlossen | ✅ Required |
|
||||
| G05 | HARA-Dokument vorhanden (Evidence) | ✅ Required |
|
||||
| G06 | Mind. 1 Gefaehrdung identifiziert | ✅ Required |
|
||||
| G07 | Alle Gefaehrdungen bewertet | ✅ Required |
|
||||
| G08 | Kein Restrisiko > critical ohne Akzeptanz | ✅ Required |
|
||||
| G09 | Mind. 1 Minderungsmassnahme je Gefaehrdung | ✅ Required |
|
||||
| G10 | Minderungsmassnahmen verifiziert | ✅ Required |
|
||||
| G11 | Verifikationsplan vorhanden | ✅ Required |
|
||||
| G12 | SIL/PL-Dokumentation (Evidence) | ✅ Required |
|
||||
| G13 | Technische Akte generiert | ✅ Required |
|
||||
| G14 | Konformitaetserklaerung bereit | ✅ Required |
|
||||
| G15 | Betriebsanleitung vorhanden | ✅ Required |
|
||||
| G16 | Wartungsanleitung vorhanden | Recommended |
|
||||
| G17 | Post-Market Monitoring aktiv | Recommended |
|
||||
| G18 | Cybersecurity-Massnahmen dokumentiert | Recommended |
|
||||
| G19 | AI-spezifische Anforderungen erfuellt | Recommended (bei AI) |
|
||||
| G20 | Kalibrierprotokolle vorhanden | Recommended |
|
||||
| G21 | SBOM generiert | Optional |
|
||||
| G22 | Penetrationstest durchgefuehrt | Optional |
|
||||
| G23 | EMV-Pruefung dokumentiert | Optional |
|
||||
| G24 | Lebenszyklusplan vorhanden | Optional |
|
||||
| G25 | Monitoring-Ereignisse protokolliert | Optional |
|
||||
|
||||
**Completeness Score:** `(passed_required/total_required)*80 + (passed_recommended/total_recommended)*15 + (passed_optional/total_optional)*5`
|
||||
|
||||
---
|
||||
|
||||
## CE RAG-Corpus
|
||||
|
||||
Die folgenden 15 Dokumente werden via `scripts/ingest-ce-corpus.sh` ingestiert:
|
||||
|
||||
### Collection: bp_compliance_ce
|
||||
|
||||
| # | Dokument | Kategorie | Lizenz |
|
||||
|---|----------|-----------|--------|
|
||||
| 1 | Machinery Regulation (EU) 2023/1230 | ce_machinery | EU Public Law |
|
||||
| 2 | Machinery Directive 2006/42/EC | ce_machinery | EU Public Law |
|
||||
| 3 | Low Voltage Directive 2014/35/EU | ce_electrical | EU Public Law |
|
||||
| 4 | EMC Directive 2014/30/EU | ce_emc | EU Public Law |
|
||||
| 5 | Radio Equipment Directive 2014/53/EU | ce_radio | EU Public Law |
|
||||
| 6 | AI Act (EU) 2024/1689 | ce_ai | EU Public Law |
|
||||
| 7 | EC Guide to the Machinery Directive | ce_machinery_guidance | EU Public |
|
||||
| 8 | NIST SP 800-218 (SSDF) | ce_software_safety | US Gov Public Domain |
|
||||
| 9 | NIST AI RMF 1.0 | ce_ai_safety | US Gov Public Domain |
|
||||
| 10 | ENISA Guidelines for Securing the IoT | ce_ot_cybersecurity | EU Public |
|
||||
| 12 | NASA Software Safety Guidebook | ce_software_safety | US Gov Public Domain |
|
||||
| 13 | OWASP Top 10 (2021) | ce_software_security | CC BY-SA 4.0 |
|
||||
| 15 | MITRE CWE Top 25 (2023) | ce_software_weaknesses | MIT |
|
||||
|
||||
### Collection: bp_compliance_datenschutz
|
||||
|
||||
| # | Dokument | Kategorie | Lizenz |
|
||||
|---|----------|-----------|--------|
|
||||
| 11 | ENISA Securing Machine Learning Algorithms | ai_cybersecurity | EU Public |
|
||||
| 14 | OECD AI Principles | ai_governance | OECD Public |
|
||||
|
||||
### Ingest-Script ausfuehren
|
||||
|
||||
```bash
|
||||
# Auf dem Mac Mini:
|
||||
bash ~/Projekte/breakpilot-compliance/scripts/ingest-ce-corpus.sh
|
||||
|
||||
# Nur bestimmte Phase:
|
||||
bash .../ingest-ce-corpus.sh --only ce
|
||||
bash .../ingest-ce-corpus.sh --only datenschutz
|
||||
bash .../ingest-ce-corpus.sh --skip-download --only verify
|
||||
|
||||
# Ergebnis pruefen:
|
||||
curl -sk https://macmini:8093/sdk/v1/iace/hazard-library | python3 -c "import sys,json; print(json.load(sys.stdin)['total'])"
|
||||
curl -sk https://macmini:8093/sdk/v1/iace/controls-library | python3 -c "import sys,json; print(json.load(sys.stdin)['total'])"
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Beispiel: Risikobewertung mit Avoidance
|
||||
|
||||
```bash
|
||||
# Risikobewertung mit Avoidance-Faktor (A=5: nicht vermeidbar)
|
||||
curl -sk -X POST https://macmini:8093/sdk/v1/iace/projects/{id}/hazards/{hid}/assess \
|
||||
-H "Content-Type: application/json" \
|
||||
-H "X-Tenant-Id: <tenant-uuid>" \
|
||||
-d '{
|
||||
"hazard_id": "<hid>",
|
||||
"severity": 5,
|
||||
"exposure": 3,
|
||||
"probability": 3,
|
||||
"avoidance": 5,
|
||||
"control_maturity": 2,
|
||||
"control_coverage": 0.6,
|
||||
"test_evidence_strength": 0.5,
|
||||
"acceptance_justification": "ALARP: STO implementiert und verifiziert"
|
||||
}'
|
||||
```
|
||||
|
||||
Ohne Avoidance (A=0): `InherentRisk = 5×3×3 = 45`
|
||||
Mit Avoidance A=5: `InherentRisk = 5×3×3×(5/3) = 75` (kritisch!)
|
||||
Mit Avoidance A=1: `InherentRisk = 5×3×3×(1/3) = 15` (medium)
|
||||
|
||||
---
|
||||
|
||||
## Beispiel: Controls-Library abfragen
|
||||
|
||||
```bash
|
||||
# Alle CYBER-Controls
|
||||
curl -sk "https://macmini:8093/sdk/v1/iace/controls-library?domain=CYBER" \
|
||||
| python3 -c "import sys,json; d=json.load(sys.stdin); print(f'{d[\"total\"]} Controls')"
|
||||
|
||||
# Controls fuer software_fault-Kategorie
|
||||
curl -sk "https://macmini:8093/sdk/v1/iace/controls-library?category=software_fault" \
|
||||
| python3 -m json.tool | head -40
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Datenbank-Tabellen
|
||||
|
||||
| Tabelle | Beschreibung |
|
||||
|---------|--------------|
|
||||
| `iace_projects` | CE-Projekte |
|
||||
| `iace_components` | System-Komponenten |
|
||||
| `iace_regulatory_classifications` | Regulierungsklassifizierungen |
|
||||
| `iace_hazard_library` | Benutzerdefinierte Hazard-Templates |
|
||||
| `iace_hazards` | Projektspezifische Gefaehrdungen |
|
||||
| `iace_risk_assessments` | SEPA-Risikobewertungen (inkl. avoidance) |
|
||||
| `iace_mitigations` | Minderungsmassnahmen |
|
||||
| `iace_verification_plans` | Verifikationsplaene |
|
||||
| `iace_evidence` | Nachweise (Uploads) |
|
||||
| `iace_tech_file_sections` | CE-Akte-Abschnitte |
|
||||
| `iace_monitoring_events` | Post-Market-Ereignisse |
|
||||
| `iace_audit_trail` | Unveraenderbares Audit-Log |
|
||||
@@ -84,7 +84,7 @@ nav:
|
||||
- Document Crawler: services/sdk-modules/document-crawler.md
|
||||
- Advisory Board: services/sdk-modules/advisory-board.md
|
||||
- DSB Portal: services/sdk-modules/dsb-portal.md
|
||||
- Industry Compliance Ingestion: services/sdk-modules/industry-compliance-ingestion.md
|
||||
- Industry Compliance Ingestion: services/sdk-modules/industry-compliance-ingestion.md\n - IACE (CE-Risikobeurteilung): services/sdk-modules/iace.md
|
||||
- Entwicklung:
|
||||
- Testing: development/testing.md
|
||||
- Dokumentation: development/documentation.md
|
||||
|
||||
578
scripts/ingest-ce-corpus.sh
Executable file
578
scripts/ingest-ce-corpus.sh
Executable file
@@ -0,0 +1,578 @@
|
||||
#!/usr/bin/env bash
|
||||
# =============================================================================
|
||||
# BreakPilot Compliance — CE/Safety RAG Corpus Ingestion
|
||||
#
|
||||
# Laedt 15 freie CE-/Safety-relevante Dokumente herunter und ingestiert sie
|
||||
# in Qdrant via die Core RAG-API (Port 8097).
|
||||
#
|
||||
# Sammlungen:
|
||||
# bp_compliance_ce — Maschinenrecht, Safety-Frameworks, OT-Security
|
||||
# bp_compliance_datenschutz — AI/Datenschutz-Guidance (ENISA, OECD)
|
||||
#
|
||||
# Ausfuehrung auf dem Mac Mini:
|
||||
# bash ~/Projekte/breakpilot-compliance/scripts/ingest-ce-corpus.sh
|
||||
# bash .../ingest-ce-corpus.sh [--skip-download] [--only PHASE]
|
||||
#
|
||||
# Phasen: download, ce, datenschutz, verify, version
|
||||
# =============================================================================
|
||||
set -euo pipefail
|
||||
|
||||
# --- Configuration -----------------------------------------------------------
|
||||
WORK_DIR="${WORK_DIR:-$HOME/rag-ingestion-ce}"
|
||||
RAG_URL="https://localhost:8097/api/v1/documents/upload"
|
||||
QDRANT_URL="http://localhost:6333"
|
||||
CURL_OPTS="-sk --connect-timeout 15 --max-time 600 --retry 3 --retry-delay 5"
|
||||
DB_URL="${DB_URL:-postgresql://localhost:5432/breakpilot?search_path=compliance,core,public}"
|
||||
|
||||
# Counters
|
||||
UPLOADED=0
|
||||
FAILED=0
|
||||
SKIPPED=0
|
||||
|
||||
# --- CLI Args ----------------------------------------------------------------
|
||||
SKIP_DOWNLOAD=false
|
||||
ONLY_PHASE=""
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case $1 in
|
||||
--skip-download) SKIP_DOWNLOAD=true; shift ;;
|
||||
--only) ONLY_PHASE="$2"; shift 2 ;;
|
||||
-h|--help)
|
||||
echo "Usage: $0 [--skip-download] [--only PHASE]"
|
||||
echo "Phases: download, ce, datenschutz, verify, version"
|
||||
exit 0
|
||||
;;
|
||||
*) echo "Unknown option: $1"; exit 1 ;;
|
||||
esac
|
||||
done
|
||||
|
||||
# --- Helpers -----------------------------------------------------------------
|
||||
log() { echo "[$(date '+%H:%M:%S')] $*"; }
|
||||
ok() { echo "[$(date '+%H:%M:%S')] ✓ $*"; }
|
||||
warn() { echo "[$(date '+%H:%M:%S')] ⚠ $*" >&2; }
|
||||
fail() { echo "[$(date '+%H:%M:%S')] ✗ $*" >&2; }
|
||||
|
||||
upload_file() {
|
||||
local file="$1"
|
||||
local collection="$2"
|
||||
local data_type="$3"
|
||||
local use_case="$4"
|
||||
local year="$5"
|
||||
local metadata_json="$6"
|
||||
local label="${7:-$(basename "$file")}"
|
||||
|
||||
if [[ ! -f "$file" ]]; then
|
||||
warn "File not found: $file"
|
||||
FAILED=$((FAILED + 1))
|
||||
return 1
|
||||
fi
|
||||
|
||||
local filesize
|
||||
filesize=$(stat -f%z "$file" 2>/dev/null || stat -c%s "$file" 2>/dev/null || echo 0)
|
||||
if [[ "$filesize" -lt 1000 ]]; then
|
||||
warn "File too small (${filesize}B), skipping: $label"
|
||||
SKIPPED=$((SKIPPED + 1))
|
||||
return 1
|
||||
fi
|
||||
|
||||
log "Uploading: $label → $collection ($(( filesize / 1024 ))KB)"
|
||||
|
||||
local response
|
||||
response=$(curl $CURL_OPTS -X POST "$RAG_URL" \
|
||||
-F "file=@${file}" \
|
||||
-F "collection=${collection}" \
|
||||
-F "data_type=${data_type}" \
|
||||
-F "use_case=${use_case}" \
|
||||
-F "year=${year}" \
|
||||
-F "chunk_strategy=recursive" \
|
||||
-F "chunk_size=512" \
|
||||
-F "chunk_overlap=50" \
|
||||
-F "metadata_json=${metadata_json}" \
|
||||
2>/dev/null) || true
|
||||
|
||||
if echo "$response" | grep -q '"chunks_count"'; then
|
||||
local chunks
|
||||
chunks=$(echo "$response" | python3 -c "import sys,json; print(json.load(sys.stdin).get('chunks_count',0))" 2>/dev/null || echo "?")
|
||||
ok "$label → $chunks chunks"
|
||||
UPLOADED=$((UPLOADED + 1))
|
||||
elif echo "$response" | grep -q '"vectors_indexed"'; then
|
||||
local vectors
|
||||
vectors=$(echo "$response" | python3 -c "import sys,json; print(json.load(sys.stdin).get('vectors_indexed',0))" 2>/dev/null || echo "?")
|
||||
ok "$label → $vectors vectors"
|
||||
UPLOADED=$((UPLOADED + 1))
|
||||
else
|
||||
fail "Upload failed: $label"
|
||||
fail "Response: $response"
|
||||
FAILED=$((FAILED + 1))
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
download_pdf() {
|
||||
local url="$1"
|
||||
local target="$2"
|
||||
|
||||
if [[ -f "$target" ]]; then
|
||||
local filesize
|
||||
filesize=$(stat -f%z "$target" 2>/dev/null || stat -c%s "$target" 2>/dev/null || echo 0)
|
||||
if [[ "$filesize" -gt 1000 ]]; then
|
||||
log "PDF exists: $(basename "$target") (skipping download)"
|
||||
return 0
|
||||
fi
|
||||
rm -f "$target"
|
||||
fi
|
||||
|
||||
log "Downloading: $(basename "$target") from $url"
|
||||
curl $CURL_OPTS -L "$url" -o "$target" 2>/dev/null || {
|
||||
warn "Download failed: $url"
|
||||
return 1
|
||||
}
|
||||
}
|
||||
|
||||
collection_count() {
|
||||
local col="$1"
|
||||
curl -s "${QDRANT_URL}/collections/${col}" 2>/dev/null \
|
||||
| python3 -c "import sys,json; print(json.load(sys.stdin)['result']['points_count'])" 2>/dev/null || echo "?"
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# PHASE A: Downloads
|
||||
# =============================================================================
|
||||
phase_download() {
|
||||
log "=========================================="
|
||||
log "PHASE A: Downloads (15 CE/Safety-Dokumente)"
|
||||
log "=========================================="
|
||||
|
||||
mkdir -p "$WORK_DIR/pdfs"
|
||||
|
||||
# --- EU-Rechtstexte (EUR-Lex, oeffentliches Recht) ---
|
||||
# 1. Machinery Regulation (EU) 2023/1230
|
||||
download_pdf \
|
||||
"https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023R1230" \
|
||||
"$WORK_DIR/pdfs/machinery_regulation_2023_1230.pdf"
|
||||
|
||||
# 2. Machinery Directive 2006/42/EC
|
||||
download_pdf \
|
||||
"https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32006L0042" \
|
||||
"$WORK_DIR/pdfs/machinery_directive_2006_42.pdf"
|
||||
|
||||
# 3. Low Voltage Directive 2014/35/EU
|
||||
download_pdf \
|
||||
"https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014L0035" \
|
||||
"$WORK_DIR/pdfs/lvd_2014_35.pdf"
|
||||
|
||||
# 4. EMC Directive 2014/30/EU
|
||||
download_pdf \
|
||||
"https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014L0030" \
|
||||
"$WORK_DIR/pdfs/emc_directive_2014_30.pdf"
|
||||
|
||||
# 5. Radio Equipment Directive 2014/53/EU
|
||||
download_pdf \
|
||||
"https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014L0053" \
|
||||
"$WORK_DIR/pdfs/red_directive_2014_53.pdf"
|
||||
|
||||
# 6. AI Act (EU) 2024/1689
|
||||
download_pdf \
|
||||
"https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32024R1689" \
|
||||
"$WORK_DIR/pdfs/ai_act_2024_1689.pdf"
|
||||
|
||||
# 7. Guide to the Machinery Directive (EC, oeffentlich)
|
||||
download_pdf \
|
||||
"https://single-market-economy.ec.europa.eu/system/files/2021-10/machinery-guide-2010_en.pdf" \
|
||||
"$WORK_DIR/pdfs/machinery_directive_guide.pdf"
|
||||
|
||||
# --- NIST Publikationen (US Gov, public domain) ---
|
||||
# 8. NIST SP 800-218 (SSDF)
|
||||
download_pdf \
|
||||
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218.pdf" \
|
||||
"$WORK_DIR/pdfs/nist_sp800_218_ssdf.pdf"
|
||||
|
||||
# 9. NIST AI RMF 1.0
|
||||
download_pdf \
|
||||
"https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-1.pdf" \
|
||||
"$WORK_DIR/pdfs/nist_ai_rmf_100_1.pdf"
|
||||
|
||||
# --- ENISA (European Union Agency for Cybersecurity, oeffentlich) ---
|
||||
# 10. ENISA Secure Software Development
|
||||
download_pdf \
|
||||
"https://www.enisa.europa.eu/publications/guidelines-for-securing-the-internet-of-things/@@download/fullReport" \
|
||||
"$WORK_DIR/pdfs/enisa_iot_security_guidelines.pdf"
|
||||
|
||||
# 11. ENISA Cybersecurity for AI
|
||||
download_pdf \
|
||||
"https://www.enisa.europa.eu/publications/securing-machine-learning-algorithms/@@download/fullReport" \
|
||||
"$WORK_DIR/pdfs/enisa_securing_ml_algorithms.pdf"
|
||||
|
||||
# --- NASA (US Gov, public domain) ---
|
||||
# 12. NASA Software Safety Guidebook
|
||||
download_pdf \
|
||||
"https://swehb.nasa.gov/download/attachments/17957036/NASA-GB-8719.13.pdf" \
|
||||
"$WORK_DIR/pdfs/nasa_software_safety_guidebook.pdf"
|
||||
|
||||
# --- OWASP (CC BY-SA 4.0) ---
|
||||
# 13. OWASP Top 10 2021 (PDF)
|
||||
download_pdf \
|
||||
"https://owasp.org/Top10/assets/OWASP-Top-10-2021-en.pdf" \
|
||||
"$WORK_DIR/pdfs/owasp_top10_2021.pdf"
|
||||
|
||||
# --- OECD (oeffentlich zugaenglich) ---
|
||||
# 14. OECD AI Principles (HTML->Text, download als plain text)
|
||||
if [[ ! -f "$WORK_DIR/pdfs/oecd_ai_principles.txt" ]]; then
|
||||
log "Downloading OECD AI Principles (text)"
|
||||
curl $CURL_OPTS -L "https://www.oecd.org/digital/artificial-intelligence/ai-principles/" \
|
||||
2>/dev/null | python3 -c "
|
||||
import sys
|
||||
from html.parser import HTMLParser
|
||||
class E(HTMLParser):
|
||||
def __init__(self): super().__init__(); self.t=[]
|
||||
def handle_data(self,d): self.t.append(d)
|
||||
def handle_endtag(self,t):
|
||||
if t in ('p','div','li','h1','h2','h3'): self.t.append('\n')
|
||||
p=E(); p.feed(sys.stdin.read()); print(''.join(p.t))
|
||||
" > "$WORK_DIR/pdfs/oecd_ai_principles.txt" 2>/dev/null || warn "OECD AI Principles download failed"
|
||||
fi
|
||||
|
||||
# --- MITRE CWE (MIT License) ---
|
||||
# 15. MITRE CWE Top 25 Most Dangerous Software Weaknesses (2023)
|
||||
if [[ ! -f "$WORK_DIR/pdfs/mitre_cwe_top25_2023.txt" ]]; then
|
||||
log "Downloading MITRE CWE Top 25 (text)"
|
||||
curl $CURL_OPTS -L "https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html" \
|
||||
2>/dev/null | python3 -c "
|
||||
import sys
|
||||
from html.parser import HTMLParser
|
||||
class E(HTMLParser):
|
||||
def __init__(self): super().__init__(); self.t=[]; self.skip=False
|
||||
def handle_starttag(self,t,a):
|
||||
if t in ('script','style'): self.skip=True
|
||||
def handle_endtag(self,t):
|
||||
if t in ('script','style'): self.skip=False
|
||||
if t in ('td','th','tr','p','div','h1','h2','h3','li'): self.t.append('\n')
|
||||
def handle_data(self,d):
|
||||
if not self.skip: self.t.append(d)
|
||||
p=E(); p.feed(sys.stdin.read()); print(''.join(p.t))
|
||||
" > "$WORK_DIR/pdfs/mitre_cwe_top25_2023.txt" 2>/dev/null || warn "MITRE CWE Top 25 download failed"
|
||||
fi
|
||||
|
||||
log "Download phase complete."
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# PHASE B: CE-Dokumente → bp_compliance_ce
|
||||
# =============================================================================
|
||||
phase_ce() {
|
||||
log "=========================================="
|
||||
log "PHASE B: CE/Safety-Dokumente → bp_compliance_ce"
|
||||
log "=========================================="
|
||||
|
||||
local col="bp_compliance_ce"
|
||||
local before
|
||||
before=$(collection_count "$col")
|
||||
log "Collection $col: $before chunks (before)"
|
||||
|
||||
# 1. Machinery Regulation 2023/1230
|
||||
upload_file "$WORK_DIR/pdfs/machinery_regulation_2023_1230.pdf" "$col" \
|
||||
"compliance_ce" "legal_reference" "2023" \
|
||||
'{"regulation_id":"EU-2023-1230","regulation_name_en":"Machinery Regulation","category":"ce_machinery","license":"eu_public","source_org":"EUR-Lex","celex":"32023R1230"}' \
|
||||
"Machinery Regulation (EU) 2023/1230"
|
||||
|
||||
# 2. Machinery Directive 2006/42/EC
|
||||
upload_file "$WORK_DIR/pdfs/machinery_directive_2006_42.pdf" "$col" \
|
||||
"compliance_ce" "legal_reference" "2006" \
|
||||
'{"regulation_id":"EU-2006-42","regulation_name_en":"Machinery Directive","category":"ce_machinery","license":"eu_public","source_org":"EUR-Lex","celex":"32006L0042"}' \
|
||||
"Machinery Directive 2006/42/EC"
|
||||
|
||||
# 3. Low Voltage Directive 2014/35/EU
|
||||
upload_file "$WORK_DIR/pdfs/lvd_2014_35.pdf" "$col" \
|
||||
"compliance_ce" "legal_reference" "2014" \
|
||||
'{"regulation_id":"EU-2014-35","regulation_name_en":"Low Voltage Directive","category":"ce_electrical","license":"eu_public","source_org":"EUR-Lex","celex":"32014L0035"}' \
|
||||
"Low Voltage Directive 2014/35/EU"
|
||||
|
||||
# 4. EMC Directive 2014/30/EU
|
||||
upload_file "$WORK_DIR/pdfs/emc_directive_2014_30.pdf" "$col" \
|
||||
"compliance_ce" "legal_reference" "2014" \
|
||||
'{"regulation_id":"EU-2014-30","regulation_name_en":"EMC Directive","category":"ce_emc","license":"eu_public","source_org":"EUR-Lex","celex":"32014L0030"}' \
|
||||
"EMC Directive 2014/30/EU"
|
||||
|
||||
# 5. Radio Equipment Directive 2014/53/EU
|
||||
upload_file "$WORK_DIR/pdfs/red_directive_2014_53.pdf" "$col" \
|
||||
"compliance_ce" "legal_reference" "2014" \
|
||||
'{"regulation_id":"EU-2014-53","regulation_name_en":"Radio Equipment Directive","category":"ce_radio","license":"eu_public","source_org":"EUR-Lex","celex":"32014L0053"}' \
|
||||
"Radio Equipment Directive 2014/53/EU"
|
||||
|
||||
# 6. AI Act 2024/1689
|
||||
upload_file "$WORK_DIR/pdfs/ai_act_2024_1689.pdf" "$col" \
|
||||
"compliance_ce" "legal_reference" "2024" \
|
||||
'{"regulation_id":"EU-2024-1689","regulation_name_en":"AI Act","category":"ce_ai","license":"eu_public","source_org":"EUR-Lex","celex":"32024R1689"}' \
|
||||
"AI Act (EU) 2024/1689"
|
||||
|
||||
# 7. Guide to the Machinery Directive
|
||||
upload_file "$WORK_DIR/pdfs/machinery_directive_guide.pdf" "$col" \
|
||||
"compliance_ce" "guidance" "2021" \
|
||||
'{"regulation_id":"EC-machinery-guide","regulation_name_en":"Guide to the Machinery Directive","category":"ce_machinery_guidance","license":"eu_public","source_org":"European Commission"}' \
|
||||
"EC Guide to the Machinery Directive"
|
||||
|
||||
# 8. NIST SP 800-218 (SSDF)
|
||||
upload_file "$WORK_DIR/pdfs/nist_sp800_218_ssdf.pdf" "$col" \
|
||||
"compliance_ce" "guidance" "2022" \
|
||||
'{"regulation_id":"NIST-SP-800-218","regulation_name_en":"Secure Software Development Framework","category":"ce_software_safety","license":"us_gov_public","source_org":"NIST"}' \
|
||||
"NIST SP 800-218 (SSDF)"
|
||||
|
||||
# 9. NIST AI RMF 1.0
|
||||
upload_file "$WORK_DIR/pdfs/nist_ai_rmf_100_1.pdf" "$col" \
|
||||
"compliance_ce" "guidance" "2023" \
|
||||
'{"regulation_id":"NIST-AI-100-1","regulation_name_en":"AI Risk Management Framework","category":"ce_ai_safety","license":"us_gov_public","source_org":"NIST"}' \
|
||||
"NIST AI RMF 1.0 (NIST.AI.100-1)"
|
||||
|
||||
# 10. ENISA IoT Security Guidelines
|
||||
upload_file "$WORK_DIR/pdfs/enisa_iot_security_guidelines.pdf" "$col" \
|
||||
"compliance_ce" "guidance" "2019" \
|
||||
'{"regulation_id":"ENISA-IoT-Security","regulation_name_en":"Guidelines for Securing the IoT","category":"ce_ot_cybersecurity","license":"eu_public","source_org":"ENISA"}' \
|
||||
"ENISA Guidelines for Securing the IoT"
|
||||
|
||||
# 12. NASA Software Safety Guidebook
|
||||
upload_file "$WORK_DIR/pdfs/nasa_software_safety_guidebook.pdf" "$col" \
|
||||
"compliance_ce" "guidance" "2004" \
|
||||
'{"regulation_id":"NASA-GB-8719.13","regulation_name_en":"NASA Software Safety Guidebook","category":"ce_software_safety","license":"us_gov_public","source_org":"NASA"}' \
|
||||
"NASA Software Safety Guidebook (NASA-GB-8719.13)"
|
||||
|
||||
# 13. OWASP Top 10 2021
|
||||
upload_file "$WORK_DIR/pdfs/owasp_top10_2021.pdf" "$col" \
|
||||
"compliance_ce" "guidance" "2021" \
|
||||
'{"regulation_id":"OWASP-Top10-2021","regulation_name_en":"OWASP Top 10 2021","category":"ce_software_security","license":"cc_by_sa_4","source_org":"OWASP"}' \
|
||||
"OWASP Top 10 (2021)"
|
||||
|
||||
# 15. MITRE CWE Top 25
|
||||
upload_file "$WORK_DIR/pdfs/mitre_cwe_top25_2023.txt" "$col" \
|
||||
"compliance_ce" "guidance" "2023" \
|
||||
'{"regulation_id":"MITRE-CWE-Top25-2023","regulation_name_en":"MITRE CWE Top 25 Most Dangerous Software Weaknesses","category":"ce_software_weaknesses","license":"mit","source_org":"MITRE"}' \
|
||||
"MITRE CWE Top 25 (2023)"
|
||||
|
||||
local after
|
||||
after=$(collection_count "$col")
|
||||
log "Collection $col: $before → $after chunks"
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# PHASE C: AI/Datenschutz-Dokumente → bp_compliance_datenschutz
|
||||
# =============================================================================
|
||||
phase_datenschutz() {
|
||||
log "=========================================="
|
||||
log "PHASE C: AI/Datenschutz → bp_compliance_datenschutz"
|
||||
log "=========================================="
|
||||
|
||||
local col="bp_compliance_datenschutz"
|
||||
local before
|
||||
before=$(collection_count "$col")
|
||||
log "Collection $col: $before chunks (before)"
|
||||
|
||||
# 11. ENISA Securing ML Algorithms
|
||||
upload_file "$WORK_DIR/pdfs/enisa_securing_ml_algorithms.pdf" "$col" \
|
||||
"compliance_datenschutz" "guidance" "2021" \
|
||||
'{"regulation_id":"ENISA-Securing-ML","regulation_name_en":"Securing Machine Learning Algorithms","category":"ai_cybersecurity","license":"eu_public","source_org":"ENISA"}' \
|
||||
"ENISA Securing Machine Learning Algorithms"
|
||||
|
||||
# 14. OECD AI Principles
|
||||
upload_file "$WORK_DIR/pdfs/oecd_ai_principles.txt" "$col" \
|
||||
"compliance_datenschutz" "guidance" "2019" \
|
||||
'{"regulation_id":"OECD-AI-Principles","regulation_name_en":"OECD Principles on Artificial Intelligence","category":"ai_governance","license":"oecd_public","source_org":"OECD"}' \
|
||||
"OECD AI Principles (2019)"
|
||||
|
||||
local after
|
||||
after=$(collection_count "$col")
|
||||
log "Collection $col: $before → $after chunks"
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# PHASE D: Verifizierung
|
||||
# =============================================================================
|
||||
phase_verify() {
|
||||
log "=========================================="
|
||||
log "PHASE D: Verifizierung"
|
||||
log "=========================================="
|
||||
|
||||
echo ""
|
||||
echo "=== Collection Stats ==="
|
||||
for col in bp_compliance_ce bp_compliance_datenschutz; do
|
||||
local count
|
||||
count=$(collection_count "$col")
|
||||
printf " %-35s %s chunks\n" "$col" "$count"
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "=== Test-Suchen ==="
|
||||
|
||||
log "Suche: 'Machinery Regulation software safety requirements' in bp_compliance_ce"
|
||||
curl $CURL_OPTS -X POST "https://localhost:8097/api/v1/search" \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d '{"query":"Machinery Regulation software safety requirements","collection":"bp_compliance_ce","limit":3,"min_score":0.4}' 2>/dev/null \
|
||||
| python3 -c "
|
||||
import sys,json
|
||||
try:
|
||||
data = json.load(sys.stdin)
|
||||
results = data.get('results', [])
|
||||
print(f' Treffer: {len(results)}')
|
||||
for r in results[:3]:
|
||||
print(f' [{r.get(\"score\",0):.3f}] {r.get(\"content\",\"\")[:100]}...')
|
||||
except Exception as e: print(f' (parse error: {e})')
|
||||
" 2>/dev/null || echo " (search failed)"
|
||||
|
||||
log "Suche: 'NIST secure software development practices' in bp_compliance_ce"
|
||||
curl $CURL_OPTS -X POST "https://localhost:8097/api/v1/search" \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d '{"query":"NIST secure software development practices","collection":"bp_compliance_ce","limit":3,"min_score":0.4}' 2>/dev/null \
|
||||
| python3 -c "
|
||||
import sys,json
|
||||
try:
|
||||
data = json.load(sys.stdin)
|
||||
results = data.get('results', [])
|
||||
print(f' Treffer: {len(results)}')
|
||||
for r in results[:3]:
|
||||
print(f' [{r.get(\"score\",0):.3f}] {r.get(\"content\",\"\")[:100]}...')
|
||||
except Exception as e: print(f' (parse error: {e})')
|
||||
" 2>/dev/null || echo " (search failed)"
|
||||
|
||||
log "Suche: 'AI risk governance OECD principles' in bp_compliance_datenschutz"
|
||||
curl $CURL_OPTS -X POST "https://localhost:8097/api/v1/search" \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d '{"query":"AI risk governance principles transparency accountability","collection":"bp_compliance_datenschutz","limit":3,"min_score":0.4}' 2>/dev/null \
|
||||
| python3 -c "
|
||||
import sys,json
|
||||
try:
|
||||
data = json.load(sys.stdin)
|
||||
results = data.get('results', [])
|
||||
print(f' Treffer: {len(results)}')
|
||||
for r in results[:3]:
|
||||
print(f' [{r.get(\"score\",0):.3f}] {r.get(\"content\",\"\")[:100]}...')
|
||||
except Exception as e: print(f' (parse error: {e})')
|
||||
" 2>/dev/null || echo " (search failed)"
|
||||
|
||||
echo ""
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# PHASE E: Corpus Version Registration
|
||||
# =============================================================================
|
||||
phase_register_version() {
|
||||
log "=========================================="
|
||||
log "PHASE E: Corpus Version Registration"
|
||||
log "=========================================="
|
||||
|
||||
local today
|
||||
today=$(date '+%Y-%m-%d')
|
||||
|
||||
local col_ce="bp_compliance_ce"
|
||||
local col_ds="bp_compliance_datenschutz"
|
||||
|
||||
for col in "$col_ce" "$col_ds"; do
|
||||
local count
|
||||
count=$(collection_count "$col")
|
||||
|
||||
if [[ "$count" == "?" || "$count" == "0" ]]; then
|
||||
warn "Skipping version for $col (count=$count)"
|
||||
continue
|
||||
fi
|
||||
|
||||
local existing_count
|
||||
existing_count=$(psql "$DB_URL" -tAc \
|
||||
"SELECT COUNT(*) FROM compliance_corpus_versions WHERE collection_name='$col' AND version LIKE '${today}.%'" \
|
||||
2>/dev/null || echo "0")
|
||||
local seq=$((existing_count + 1))
|
||||
local version="${today}.${seq}"
|
||||
|
||||
local regs=""
|
||||
case "$col" in
|
||||
bp_compliance_ce)
|
||||
regs='{EU-2023-1230,EU-2006-42,EU-2014-35,EU-2014-30,EU-2014-53,EU-2024-1689,NIST-SP-800-218,NIST-AI-100-1,ENISA-IoT-Security,NASA-GB-8719,OWASP-Top10-2021,MITRE-CWE-Top25-2023}'
|
||||
;;
|
||||
bp_compliance_datenschutz)
|
||||
regs='{ENISA-Securing-ML,OECD-AI-Principles}'
|
||||
;;
|
||||
esac
|
||||
|
||||
local digest
|
||||
digest=$(curl -s "${QDRANT_URL}/collections/${col}" 2>/dev/null \
|
||||
| python3 -c "import sys,json,hashlib; d=json.load(sys.stdin); print(hashlib.sha256(json.dumps(d.get('result',{}), sort_keys=True).encode()).hexdigest()[:32])" \
|
||||
2>/dev/null || echo "")
|
||||
|
||||
log "Registering version $version for $col ($count chunks)"
|
||||
|
||||
psql "$DB_URL" -c "
|
||||
INSERT INTO compliance_corpus_versions
|
||||
(version, collection_name, documents_count, chunks_count, regulations, digest, ingestion_source, created_by)
|
||||
VALUES
|
||||
('${version}', '${col}', ${UPLOADED}, ${count}, '${regs}', '${digest}', 'ingest-ce-corpus.sh', 'system')
|
||||
ON CONFLICT DO NOTHING
|
||||
" 2>/dev/null && ok "Version $version registered for $col" || warn "Version registration skipped for $col (DB not available?)"
|
||||
done
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# MAIN
|
||||
# =============================================================================
|
||||
main() {
|
||||
log "=========================================="
|
||||
log "BreakPilot CE/Safety Corpus Ingestion"
|
||||
log "=========================================="
|
||||
log "Work dir: $WORK_DIR"
|
||||
log "RAG API: $RAG_URL"
|
||||
log "Qdrant: $QDRANT_URL"
|
||||
echo ""
|
||||
|
||||
# Check RAG API
|
||||
if ! curl $CURL_OPTS "$RAG_URL" -X POST 2>/dev/null | grep -q "file\|detail"; then
|
||||
warn "RAG API may not be reachable at $RAG_URL — continuing anyway"
|
||||
else
|
||||
ok "RAG API reachable"
|
||||
fi
|
||||
|
||||
# Check Qdrant
|
||||
if ! curl -s "$QDRANT_URL/collections" >/dev/null 2>&1; then
|
||||
fail "Qdrant not reachable at $QDRANT_URL"
|
||||
exit 1
|
||||
fi
|
||||
ok "Qdrant reachable"
|
||||
echo ""
|
||||
|
||||
if [[ -n "$ONLY_PHASE" ]]; then
|
||||
case "$ONLY_PHASE" in
|
||||
download) phase_download ;;
|
||||
ce) phase_ce ;;
|
||||
datenschutz) phase_datenschutz ;;
|
||||
verify) phase_verify ;;
|
||||
version) phase_register_version ;;
|
||||
*) fail "Unknown phase: $ONLY_PHASE"; exit 1 ;;
|
||||
esac
|
||||
else
|
||||
if [[ "$SKIP_DOWNLOAD" != "true" ]]; then
|
||||
phase_download
|
||||
else
|
||||
log "Skipping download phase (--skip-download)"
|
||||
fi
|
||||
echo ""
|
||||
phase_ce
|
||||
echo ""
|
||||
phase_datenschutz
|
||||
echo ""
|
||||
phase_verify
|
||||
echo ""
|
||||
phase_register_version
|
||||
fi
|
||||
|
||||
echo ""
|
||||
log "=========================================="
|
||||
log "ERGEBNIS"
|
||||
log "=========================================="
|
||||
log "Uploaded: $UPLOADED"
|
||||
log "Failed: $FAILED"
|
||||
log "Skipped: $SKIPPED"
|
||||
log "=========================================="
|
||||
|
||||
if [[ $FAILED -gt 0 ]]; then
|
||||
warn "$FAILED uploads fehlgeschlagen!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ok "CE/Safety Corpus Ingestion abgeschlossen!"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
Reference in New Issue
Block a user