diff --git a/ai-compliance-sdk/policies/payment_controls_v1.json b/ai-compliance-sdk/policies/payment_controls_v1.json index cc579fd..cdb5afe 100644 --- a/ai-compliance-sdk/policies/payment_controls_v1.json +++ b/ai-compliance-sdk/policies/payment_controls_v1.json @@ -52,147 +52,2643 @@ "id": "BLD", "name": "Build, Deployment & Supply Chain", "description": "CI/CD Sicherheit, Abhaengigkeiten, Release-Integritaet" + }, + { + "id": "AUTH", + "name": "Authentication & Authorization", + "description": "Authentifizierung, Autorisierung, Rollen, Privilegien" + }, + { + "id": "SESSION", + "name": "Session Management", + "description": "Sitzungsverwaltung, Token, Cookies, Timeout" + }, + { + "id": "KEYMGMT", + "name": "Key Management", + "description": "Schluessellebenszyklen, Rotation, Provisioning" + }, + { + "id": "DEVICE", + "name": "Device Identity & Integrity", + "description": "Geraeteidentitaet, Provisioning, Tamper Detection" + }, + { + "id": "TRANS", + "name": "Transaction Integrity", + "description": "Transaktionslogik, State Machine, Idempotenz" + }, + { + "id": "DATA", + "name": "Data Minimization & Protection", + "description": "Datenminimierung, Maskierung, Klassifikation" + }, + { + "id": "ERROR", + "name": "Error Handling & Resilience", + "description": "Fehlerbehandlung, Retry, Fallback, Monitoring" + }, + { + "id": "REPORT", + "name": "Reporting & Reconciliation", + "description": "Berichte, Abgleich, Export, Audit Trail" } ], "controls": [ - {"control_id": "PAY-001", "domain": "PAY", "title": "Eindeutige Transaktions-ID pro Zahlungsvorgang", "objective": "Verhindert Vermischung und Mehrfachverarbeitung", "check_target": "code", "evidence": ["source_code", "integration_test"], "automation": "high"}, - {"control_id": "PAY-002", "domain": "PAY", "title": "Idempotente Verarbeitung wiederholter Zahlungsanfragen", "objective": "Verhindert doppelte Buchungen bei Retries", "check_target": "code", "evidence": ["source_code", "integration_test"], "automation": "medium"}, - {"control_id": "PAY-003", "domain": "PAY", "title": "Verhinderung doppelter Verbuchung bei Netzwerk-Retry", "objective": "Stellt konsistente Zahlungszustaende sicher", "check_target": "system", "evidence": ["integration_test", "architecture_doc"], "automation": "partial"}, - {"control_id": "PAY-004", "domain": "PAY", "title": "Definierter Initialzustand jeder Transaktion", "objective": "Verhindert undefinierte Startbedingungen", "check_target": "code", "evidence": ["source_code"], "automation": "high"}, - {"control_id": "PAY-005", "domain": "PAY", "title": "Definierte erlaubte Zustandsuebergaenge in der Transaktionslogik", "objective": "Verhindert ungueltige State Transitions", "check_target": "code", "evidence": ["source_code", "unit_test"], "automation": "medium"}, - {"control_id": "PAY-006", "domain": "PAY", "title": "Keine direkte Transition in terminalen Erfolgszustand ohne Autorisierung", "objective": "Verhindert vorzeitige Freigabe", "check_target": "code", "evidence": ["source_code", "unit_test"], "automation": "medium"}, - {"control_id": "PAY-007", "domain": "PAY", "title": "Abbruchpfade fuehren in definierten Endzustand", "objective": "Sichert sauberes Cancel-Handling", "check_target": "code", "evidence": ["source_code", "integration_test"], "automation": "medium"}, - {"control_id": "PAY-008", "domain": "PAY", "title": "Timeout fuehrt in nachvollziehbaren und sicheren Zustand", "objective": "Verhindert haengende Transaktionen", "check_target": "code", "evidence": ["source_code", "integration_test"], "automation": "medium"}, - {"control_id": "PAY-009", "domain": "PAY", "title": "Rollback oder Reversal-Handling bei Teilfehlschlag", "objective": "Reduziert Inkonsistenzen", "check_target": "system", "evidence": ["integration_test", "architecture_doc"], "automation": "partial"}, - {"control_id": "PAY-010", "domain": "PAY", "title": "Fehlerhafte Antworten werden nicht als Erfolg interpretiert", "objective": "Verhindert False Positive bei Zahlungsstatus", "check_target": "code", "evidence": ["source_code", "unit_test"], "automation": "high"}, - {"control_id": "PAY-011", "domain": "PAY", "title": "Betragsvalidierung bei jeder Zahlungsanfrage", "objective": "Verhindert Betragmanipulation und negative Werte", "check_target": "code", "evidence": ["source_code", "unit_test"], "automation": "high"}, - {"control_id": "PAY-012", "domain": "PAY", "title": "Waehrungsfeld wird validiert und konsistent verarbeitet", "objective": "Verhindert Fehlverarbeitung bei Mehrwaehrung", "check_target": "code", "evidence": ["source_code"], "automation": "high"}, - {"control_id": "PAY-013", "domain": "PAY", "title": "Betragsrundung erfolgt deterministisch und dokumentiert", "objective": "Verhindert Abweichungen Frontend/Terminal/Backend", "check_target": "code", "evidence": ["source_code", "unit_test"], "automation": "medium"}, - {"control_id": "PAY-014", "domain": "PAY", "title": "Keine lokale Manipulation des autorisierten Betrags nach Freigabe", "objective": "Schuetzt Integritaet der Zahlung", "check_target": "code", "evidence": ["source_code", "unit_test"], "automation": "medium"}, - {"control_id": "PAY-015", "domain": "PAY", "title": "Transaktionskontext bleibt ueber Retry-Versuche konsistent", "objective": "Verhindert Kontextverlust", "check_target": "code", "evidence": ["source_code", "integration_test"], "automation": "medium"}, - {"control_id": "PAY-016", "domain": "PAY", "title": "Antworten ohne Referenz-ID werden nicht akzeptiert", "objective": "Verhindert verwaiste Zuordnungen", "check_target": "code", "evidence": ["source_code"], "automation": "high"}, - {"control_id": "PAY-017", "domain": "PAY", "title": "Doppelte Callback-Verarbeitung wird unterdrueckt", "objective": "Verhindert doppelte Statusupdates", "check_target": "code", "evidence": ["source_code", "integration_test"], "automation": "medium"}, - {"control_id": "PAY-018", "domain": "PAY", "title": "Asynchrone Statusmeldungen werden korreliert und sequenziell verarbeitet", "objective": "Sichert korrekte Reihenfolge", "check_target": "code", "evidence": ["source_code", "integration_test"], "automation": "medium"}, - {"control_id": "PAY-019", "domain": "PAY", "title": "Geschaeftsvorfall wird erst nach bestaetigtem Zahlungsstatus finalisiert", "objective": "Verhindert Business Success ohne Payment Success", "check_target": "code", "evidence": ["source_code", "integration_test"], "automation": "medium"}, - {"control_id": "PAY-020", "domain": "PAY", "title": "Offline-Zahlungen werden explizit gekennzeichnet", "objective": "Verhindert Verwechslung mit final autorisierten Zahlungen", "check_target": "code", "evidence": ["source_code", "reporting_output"], "automation": "medium"}, - - {"control_id": "LOG-001", "domain": "LOG", "title": "Keine sensitiven Zahlungsdaten im Anwendungslog", "objective": "Verhindert Offenlegung sensitiver Daten", "check_target": "code", "evidence": ["source_code", "log_config"], "automation": "high"}, - {"control_id": "LOG-002", "domain": "LOG", "title": "PAN wird in Logs maskiert", "objective": "Reduziert Risiko bei Log-Einsicht", "check_target": "code", "evidence": ["source_code", "log_output_sample"], "automation": "high"}, - {"control_id": "LOG-003", "domain": "LOG", "title": "CVV/CVC wird niemals geloggt", "objective": "Verhindert Protokollierung sensitiver Authentifizierungsdaten", "check_target": "code", "evidence": ["source_code"], "automation": "high"}, - {"control_id": "LOG-004", "domain": "LOG", "title": "Kryptographische Schluessel werden nicht geloggt", "objective": "Verhindert Kompromittierung durch Logging", "check_target": "code", "evidence": ["source_code", "log_output_sample"], "automation": "high"}, - {"control_id": "LOG-005", "domain": "LOG", "title": "Admin-Aktionen werden auditierbar protokolliert", "objective": "Ermoeglicht Nachvollziehbarkeit privilegierter Handlungen", "check_target": "system", "evidence": ["source_code", "audit_log_sample"], "automation": "partial"}, - {"control_id": "LOG-006", "domain": "LOG", "title": "Konfigurationsaenderungen werden protokolliert", "objective": "Ermoeglicht Nachweis kritischer Aenderungen", "check_target": "system", "evidence": ["source_code", "audit_log_sample"], "automation": "partial"}, - {"control_id": "LOG-007", "domain": "LOG", "title": "Fehlgeschlagene Authentifizierungsversuche werden geloggt", "objective": "Unterstuetzt Erkennung von Missbrauch", "check_target": "code", "evidence": ["source_code", "audit_log_sample"], "automation": "high"}, - {"control_id": "LOG-008", "domain": "LOG", "title": "Sicherheitsrelevante Ereignisse erhalten eindeutige Event-Typen", "objective": "Erleichtert Korrelation und Monitoring", "check_target": "code", "evidence": ["source_code", "log_schema"], "automation": "medium"}, - {"control_id": "LOG-009", "domain": "LOG", "title": "Audit-Events enthalten konsistenten Zeitstempel", "objective": "Ermoeglicht zeitliche Rekonstruktion", "check_target": "system", "evidence": ["audit_log_sample", "config"], "automation": "partial"}, - {"control_id": "LOG-010", "domain": "LOG", "title": "Audit-Events enthalten eindeutige Terminalkennung", "objective": "Ermoeglicht Zuordnung zur Quelle", "check_target": "code", "evidence": ["log_schema", "audit_log_sample"], "automation": "medium"}, - {"control_id": "LOG-011", "domain": "LOG", "title": "Debug-Logging in Produktion deaktiviert", "objective": "Verhindert Leaks in produktiven Systemen", "check_target": "config", "evidence": ["deployment_config"], "automation": "high"}, - {"control_id": "LOG-012", "domain": "LOG", "title": "Manipulation von Audit-Logs technisch erschwert", "objective": "Schuetzt Integritaet des Audit Trails", "check_target": "system", "evidence": ["architecture_doc", "storage_config"], "automation": "low"}, - {"control_id": "LOG-013", "domain": "LOG", "title": "Fehlermeldungen enthalten keine Stacktraces mit sensitiven Payloads", "objective": "Verhindert indirekten Datenabfluss", "check_target": "code", "evidence": ["source_code", "log_output_sample"], "automation": "medium"}, - {"control_id": "LOG-014", "domain": "LOG", "title": "Jede Zahlungsentscheidung erzeugt Audit-Eintrag", "objective": "Verbindet Business Outcome mit technischer Evidenz", "check_target": "system", "evidence": ["audit_log_sample", "integration_test"], "automation": "partial"}, - {"control_id": "LOG-015", "domain": "LOG", "title": "Log-Retention konfiguriert und dokumentiert", "objective": "Sichert Verfuegbarkeit relevanter Ereignishistorie", "check_target": "config", "evidence": ["retention_policy", "deployment_config"], "automation": "medium"}, - - {"control_id": "CRYPTO-001", "domain": "CRYPTO", "title": "Keine Secrets im Quellcode", "objective": "Verhindert Offenlegung im Repository", "check_target": "code", "evidence": ["source_code", "secret_scan"], "automation": "high"}, - {"control_id": "CRYPTO-002", "domain": "CRYPTO", "title": "Keine Secrets in Commit-Historie", "objective": "Reduziert Leak-Risiko ueber Entwicklungsartefakte", "check_target": "repository", "evidence": ["secret_scan", "build_scripts"], "automation": "high"}, - {"control_id": "CRYPTO-003", "domain": "CRYPTO", "title": "Keine Schluessel im Klartext in Konfigurationsdateien", "objective": "Schuetzt ruhende Geheimnisse", "check_target": "config", "evidence": ["config", "secret_scan"], "automation": "high"}, - {"control_id": "CRYPTO-004", "domain": "CRYPTO", "title": "Secrets aus sicherem Secret Store bezogen", "objective": "Verhindert lokale Persistenz", "check_target": "system", "evidence": ["architecture_doc", "deployment_config"], "automation": "partial"}, - {"control_id": "CRYPTO-005", "domain": "CRYPTO", "title": "Zugriff auf Secrets rollen-/servicebezogen eingeschraenkt", "objective": "Begrenzt Blast Radius", "check_target": "system", "evidence": ["iam_config", "architecture_doc"], "automation": "partial"}, - {"control_id": "CRYPTO-006", "domain": "CRYPTO", "title": "Zentrale und freigegebene Krypto-Bibliotheken verwendet", "objective": "Verhindert unsichere Eigenimplementierungen", "check_target": "code", "evidence": ["source_code", "dependency_list"], "automation": "medium"}, - {"control_id": "CRYPTO-007", "domain": "CRYPTO", "title": "Keine veralteten kryptographischen Primitive (MD5, SHA1, DES)", "objective": "Verhindert Einsatz schwacher Verfahren", "check_target": "code", "evidence": ["source_code", "dependency_scan"], "automation": "medium"}, - {"control_id": "CRYPTO-008", "domain": "CRYPTO", "title": "TLS 1.2+ fuer alle externen Verbindungen", "objective": "Schuetzt Daten bei Uebertragung", "check_target": "config", "evidence": ["config", "network_scan"], "automation": "high"}, - {"control_id": "CRYPTO-009", "domain": "CRYPTO", "title": "Schluesselrotation implementiert und dokumentiert", "objective": "Reduziert Kompromittierungszeitraum", "check_target": "process", "evidence": ["key_mgmt_doc", "config"], "automation": "low"}, - {"control_id": "CRYPTO-010", "domain": "CRYPTO", "title": "HSM oder Secure Enclave fuer kryptographische Operationen", "objective": "Hardwarebasierter Schluesselschutz", "check_target": "system", "evidence": ["architecture_doc"], "automation": "low"}, - {"control_id": "CRYPTO-011", "domain": "CRYPTO", "title": "Zertifikats-Pinning fuer kritische Verbindungen", "objective": "Schuetzt gegen MITM", "check_target": "code", "evidence": ["source_code", "config"], "automation": "medium"}, - {"control_id": "CRYPTO-012", "domain": "CRYPTO", "title": "Kryptographische Zufallszahlen aus sicherem Generator", "objective": "Verhindert vorhersagbare Tokens/Nonces", "check_target": "code", "evidence": ["source_code"], "automation": "high"}, - {"control_id": "CRYPTO-013", "domain": "CRYPTO", "title": "PIN-Eingabe nur ueber Secure PIN Entry Device", "objective": "Schuetzt PIN vor Abgriff", "check_target": "system", "evidence": ["architecture_doc", "certification"], "automation": "low"}, - {"control_id": "CRYPTO-014", "domain": "CRYPTO", "title": "Kartendaten werden verschluesselt uebertragen (P2PE)", "objective": "End-to-End Schutz der Kartendaten", "check_target": "system", "evidence": ["architecture_doc", "network_config"], "automation": "partial"}, - {"control_id": "CRYPTO-015", "domain": "CRYPTO", "title": "Keine persistente Speicherung vollstaendiger Kartendaten", "objective": "Minimiert Daten bei Kompromittierung", "check_target": "code", "evidence": ["source_code", "db_schema"], "automation": "high"}, - - {"control_id": "API-001", "domain": "API", "title": "Authentifizierung fuer alle Admin-Endpunkte", "objective": "Verhindert unautorisierten Zugriff", "check_target": "code", "evidence": ["source_code", "api_spec"], "automation": "high"}, - {"control_id": "API-002", "domain": "API", "title": "Rollenbasierte Autorisierung", "objective": "Least-Privilege Prinzip", "check_target": "code", "evidence": ["source_code", "rbac_config"], "automation": "medium"}, - {"control_id": "API-003", "domain": "API", "title": "Rate Limiting implementiert", "objective": "Schuetzt gegen Brute Force und DoS", "check_target": "code", "evidence": ["source_code", "config"], "automation": "medium"}, - {"control_id": "API-004", "domain": "API", "title": "Keine sensiblen Daten in Fehlermeldungen", "objective": "Verhindert Information Leakage", "check_target": "code", "evidence": ["source_code", "api_test"], "automation": "high"}, - {"control_id": "API-005", "domain": "API", "title": "Input Validation gegen Injection", "objective": "Schuetzt gegen SQL/Command Injection", "check_target": "code", "evidence": ["source_code", "security_test"], "automation": "high"}, - {"control_id": "API-006", "domain": "API", "title": "CORS korrekt konfiguriert", "objective": "Verhindert Cross-Origin Angriffe", "check_target": "config", "evidence": ["config", "security_test"], "automation": "high"}, - {"control_id": "API-007", "domain": "API", "title": "Session-Timeout fuer Admin-Sessions", "objective": "Reduziert Risiko bei verlassenen Sessions", "check_target": "config", "evidence": ["config", "source_code"], "automation": "medium"}, - {"control_id": "API-008", "domain": "API", "title": "API-Versionierung implementiert", "objective": "Ermoeglicht kontrollierte Aenderungen", "check_target": "code", "evidence": ["api_spec", "source_code"], "automation": "medium"}, - {"control_id": "API-009", "domain": "API", "title": "Webhook-Callbacks werden authentifiziert", "objective": "Verhindert gefaelschte Callbacks", "check_target": "code", "evidence": ["source_code"], "automation": "medium"}, - {"control_id": "API-010", "domain": "API", "title": "Idempotenz-Keys fuer kritische POST-Operationen", "objective": "Verhindert doppelte Ausfuehrung", "check_target": "code", "evidence": ["source_code", "api_spec"], "automation": "medium"}, - {"control_id": "API-011", "domain": "API", "title": "Request-Signierung fuer sicherheitskritische Operationen", "objective": "Integritaetsschutz der Anfrage", "check_target": "code", "evidence": ["source_code", "api_spec"], "automation": "medium"}, - {"control_id": "API-012", "domain": "API", "title": "Keine sensiblen Daten in URL-Parametern", "objective": "Verhindert Leakage ueber Logs und Browser-History", "check_target": "code", "evidence": ["source_code"], "automation": "high"}, - {"control_id": "API-013", "domain": "API", "title": "Content-Type Validierung bei allen Endpunkten", "objective": "Verhindert Content-Type Confusion", "check_target": "code", "evidence": ["source_code"], "automation": "high"}, - {"control_id": "API-014", "domain": "API", "title": "Health- und Status-Endpunkte exponieren keine sensitiven Details", "objective": "Verhindert Reconnaissance", "check_target": "code", "evidence": ["source_code", "api_test"], "automation": "high"}, - {"control_id": "API-015", "domain": "API", "title": "Batch-Operationen sind groessenbeschraenkt", "objective": "Verhindert Ressourcenerschoepfung", "check_target": "code", "evidence": ["source_code"], "automation": "medium"}, - - {"control_id": "TERM-001", "domain": "TERM", "title": "Korrekte Sequenz von Zahlungsbefehlen", "objective": "Protokollkonformitaet", "check_target": "code", "evidence": ["source_code", "integration_test"], "automation": "medium"}, - {"control_id": "TERM-002", "domain": "TERM", "title": "Retry-Mechanismus bei Verbindungsabbruch", "objective": "Sichert Transaktionsabschluss", "check_target": "code", "evidence": ["source_code", "integration_test"], "automation": "medium"}, - {"control_id": "TERM-003", "domain": "TERM", "title": "Timeout Handling Terminal-Backend", "objective": "Verhindert Blockierung", "check_target": "code", "evidence": ["source_code", "config"], "automation": "medium"}, - {"control_id": "TERM-004", "domain": "TERM", "title": "Fehlercodes korrekt interpretiert", "objective": "Verhindert Fehlinterpretation", "check_target": "code", "evidence": ["source_code", "unit_test"], "automation": "medium"}, - {"control_id": "TERM-005", "domain": "TERM", "title": "Status-Synchronisation zwischen Terminal und Backend", "objective": "Konsistente Zustaende", "check_target": "system", "evidence": ["integration_test", "architecture_doc"], "automation": "partial"}, - {"control_id": "TERM-006", "domain": "TERM", "title": "Verbindungsaufbau zum Terminal authentifiziert", "objective": "Verhindert Rogue-Terminal", "check_target": "code", "evidence": ["source_code", "config"], "automation": "medium"}, - {"control_id": "TERM-007", "domain": "TERM", "title": "Terminal-Registrierung mit eindeutiger Kennung", "objective": "Ermoeglicht Asset-Tracking", "check_target": "system", "evidence": ["db_schema", "admin_ui"], "automation": "partial"}, - {"control_id": "TERM-008", "domain": "TERM", "title": "Heartbeat / Keep-Alive fuer Terminal-Verbindung", "objective": "Erkennt Verbindungsabbruch frueh", "check_target": "code", "evidence": ["source_code"], "automation": "medium"}, - {"control_id": "TERM-009", "domain": "TERM", "title": "Protokollversion wird geprueft und erzwungen", "objective": "Verhindert Downgrade-Angriffe", "check_target": "code", "evidence": ["source_code"], "automation": "medium"}, - {"control_id": "TERM-010", "domain": "TERM", "title": "Kontaktlos-Transaktionen nur ueber zugelassene Kernel", "objective": "Sichert NFC-Konformitaet", "check_target": "system", "evidence": ["certification", "config"], "automation": "low"}, - {"control_id": "TERM-011", "domain": "TERM", "title": "Terminal meldet Tamper-Events an Backend", "objective": "Zentrales Monitoring von Manipulationsversuchen", "check_target": "system", "evidence": ["integration_test", "architecture_doc"], "automation": "partial"}, - {"control_id": "TERM-012", "domain": "TERM", "title": "Offline-Queue bei Verbindungsunterbrechung", "objective": "Sichert Transaktionsdaten bei Netzausfall", "check_target": "code", "evidence": ["source_code", "integration_test"], "automation": "medium"}, - {"control_id": "TERM-013", "domain": "TERM", "title": "Maximale Queue-Groesse definiert", "objective": "Verhindert unkontrollierten Speicherverbrauch", "check_target": "config", "evidence": ["config", "source_code"], "automation": "medium"}, - {"control_id": "TERM-014", "domain": "TERM", "title": "End-of-Day / Settlement-Prozess implementiert", "objective": "Sichert taeglichen Transaktionsabschluss", "check_target": "system", "evidence": ["source_code", "integration_test"], "automation": "partial"}, - {"control_id": "TERM-015", "domain": "TERM", "title": "Terminal-Display zeigt korrekten Zahlungsstatus", "objective": "Verhindert Fehlkommunikation an Nutzer", "check_target": "system", "evidence": ["integration_test"], "automation": "low"}, - - {"control_id": "FW-001", "domain": "FW", "title": "Firmware signiert", "objective": "Verhindert Installation manipulierter Firmware", "check_target": "system", "evidence": ["build_pipeline", "signing_config"], "automation": "low"}, - {"control_id": "FW-002", "domain": "FW", "title": "Signaturpruefung vor Firmware-Update", "objective": "Blockiert unsignierte Updates", "check_target": "code", "evidence": ["source_code", "update_process"], "automation": "medium"}, - {"control_id": "FW-003", "domain": "FW", "title": "Rollback-Mechanismus vorhanden", "objective": "Ermoeglicht Recovery nach fehlerhaftem Update", "check_target": "system", "evidence": ["architecture_doc", "test_report"], "automation": "low"}, - {"control_id": "FW-004", "domain": "FW", "title": "Debug-Interfaces in Produktion deaktiviert", "objective": "Verhindert unautorisierten Zugriff", "check_target": "config", "evidence": ["deployment_config", "security_test"], "automation": "medium"}, - {"control_id": "FW-005", "domain": "FW", "title": "Manipulationserkennung loest Alarm/Sperre aus", "objective": "Reaktion auf physische Angriffe", "check_target": "system", "evidence": ["architecture_doc", "test_report"], "automation": "low"}, - {"control_id": "FW-006", "domain": "FW", "title": "Secure Boot implementiert", "objective": "Verhindert Ausfuehrung manipulierter Boot-Images", "check_target": "system", "evidence": ["architecture_doc"], "automation": "low"}, - {"control_id": "FW-007", "domain": "FW", "title": "Firmware-Version ist remote abfragbar", "objective": "Ermoeglicht Fleet-Management und Compliance-Nachweis", "check_target": "system", "evidence": ["api_spec", "admin_ui"], "automation": "partial"}, - {"control_id": "FW-008", "domain": "FW", "title": "Automatische Update-Benachrichtigung bei kritischen Patches", "objective": "Sichert zeitnahe Reaktion auf Schwachstellen", "check_target": "system", "evidence": ["architecture_doc"], "automation": "partial"}, - {"control_id": "FW-009", "domain": "FW", "title": "Keine Persistenz von Zahlungsdaten ueber Neustart hinaus", "objective": "Schuetzt Daten bei physischem Zugriff", "check_target": "code", "evidence": ["source_code", "architecture_doc"], "automation": "medium"}, - {"control_id": "FW-010", "domain": "FW", "title": "Physischer Speicher wird bei Tamper-Detection geloescht", "objective": "Zerstoert Schluessel bei Manipulation", "check_target": "system", "evidence": ["architecture_doc", "certification"], "automation": "low"}, - - {"control_id": "REP-001", "domain": "REP", "title": "Transaktionsstatus vollstaendig dokumentiert", "objective": "Ermoeglicht Nachvollziehbarkeit jeder Zahlung", "check_target": "system", "evidence": ["reporting_output", "db_schema"], "automation": "medium"}, - {"control_id": "REP-002", "domain": "REP", "title": "Audit-Trail verknuepft mit Transaktionen", "objective": "Sichert End-to-End Traceability", "check_target": "system", "evidence": ["reporting_output", "audit_log_sample"], "automation": "medium"}, - {"control_id": "REP-003", "domain": "REP", "title": "Exportdaten plausibel und vollstaendig", "objective": "Sichert korrekte Weitergabe", "check_target": "system", "evidence": ["export_sample", "integration_test"], "automation": "partial"}, - {"control_id": "REP-004", "domain": "REP", "title": "Fehlercodes nachvollziehbar dokumentiert", "objective": "Ermoeglicht Fehleranalyse", "check_target": "code", "evidence": ["source_code", "documentation"], "automation": "medium"}, - {"control_id": "REP-005", "domain": "REP", "title": "Revisionssichere Speicherung von Transaktionsdaten", "objective": "GoBD/GDPdU-konforme Aufbewahrung", "check_target": "system", "evidence": ["architecture_doc", "storage_config"], "automation": "low"}, - {"control_id": "REP-006", "domain": "REP", "title": "Tagesabschluss-Report vollstaendig und konsistent", "objective": "Sichert taeglichen Abgleich", "check_target": "system", "evidence": ["reporting_output", "integration_test"], "automation": "partial"}, - {"control_id": "REP-007", "domain": "REP", "title": "Summenabgleich Terminal vs. Backend", "objective": "Erkennt Differenzen", "check_target": "system", "evidence": ["reconciliation_report", "integration_test"], "automation": "partial"}, - {"control_id": "REP-008", "domain": "REP", "title": "Stornierte Transaktionen korrekt ausgewiesen", "objective": "Sichert korrekte Buchhaltungsgrundlage", "check_target": "system", "evidence": ["reporting_output"], "automation": "medium"}, - {"control_id": "REP-009", "domain": "REP", "title": "Historische Reports nicht nachtraeglich aenderbar", "objective": "Schuetzt Integritaet der Berichterstattung", "check_target": "system", "evidence": ["architecture_doc", "db_config"], "automation": "low"}, - {"control_id": "REP-010", "domain": "REP", "title": "Abrechnungsdaten enthalten keine vollstaendigen Kartennummern", "objective": "Minimiert Datenexposition in Reports", "check_target": "code", "evidence": ["source_code", "export_sample"], "automation": "high"}, - - {"control_id": "ACC-001", "domain": "ACC", "title": "Individuelle Benutzerkonten fuer alle Administratoren", "objective": "Verhindert geteilte Accounts", "check_target": "system", "evidence": ["admin_ui", "iam_config"], "automation": "partial"}, - {"control_id": "ACC-002", "domain": "ACC", "title": "Standard-Passwoerter werden bei Ersteinrichtung erzwungen zu aendern", "objective": "Verhindert Default-Credential-Angriffe", "check_target": "code", "evidence": ["source_code", "deployment_doc"], "automation": "medium"}, - {"control_id": "ACC-003", "domain": "ACC", "title": "Multi-Faktor-Authentifizierung fuer Admin-Zugang", "objective": "Erhoehter Schutz privilegierter Konten", "check_target": "system", "evidence": ["iam_config", "admin_ui"], "automation": "partial"}, - {"control_id": "ACC-004", "domain": "ACC", "title": "Passwort-Komplexitaetsanforderungen implementiert", "objective": "Verhindert schwache Passwoerter", "check_target": "code", "evidence": ["source_code", "config"], "automation": "high"}, - {"control_id": "ACC-005", "domain": "ACC", "title": "Account-Sperrung nach fehlgeschlagenen Anmeldeversuchen", "objective": "Schuetzt gegen Brute Force", "check_target": "code", "evidence": ["source_code", "config"], "automation": "high"}, - {"control_id": "ACC-006", "domain": "ACC", "title": "Privilegierte Aktionen erfordern erneute Authentifizierung", "objective": "Step-Up Authentication", "check_target": "code", "evidence": ["source_code"], "automation": "medium"}, - {"control_id": "ACC-007", "domain": "ACC", "title": "Inaktive Sessions werden automatisch beendet", "objective": "Reduziert Angriffsflaeche bei verlassenen Sessions", "check_target": "config", "evidence": ["config", "source_code"], "automation": "high"}, - {"control_id": "ACC-008", "domain": "ACC", "title": "Berechtigungsaenderungen werden auditiert", "objective": "Nachvollziehbarkeit von Rechteaenderungen", "check_target": "system", "evidence": ["audit_log_sample", "source_code"], "automation": "partial"}, - {"control_id": "ACC-009", "domain": "ACC", "title": "Least-Privilege Prinzip fuer alle Rollen", "objective": "Minimiert Rechte auf das Notwendige", "check_target": "system", "evidence": ["rbac_config", "architecture_doc"], "automation": "partial"}, - {"control_id": "ACC-010", "domain": "ACC", "title": "Service-Accounts haben keine interaktive Login-Moeglichkeit", "objective": "Verhindert Missbrauch technischer Konten", "check_target": "config", "evidence": ["iam_config"], "automation": "medium"}, - - {"control_id": "ERR-001", "domain": "ERR", "title": "Definierte Fehlerbehandlung fuer alle externen Aufrufe", "objective": "Verhindert unkontrollierte Abbrueche", "check_target": "code", "evidence": ["source_code"], "automation": "medium"}, - {"control_id": "ERR-002", "domain": "ERR", "title": "Graceful Degradation bei Teilausfall", "objective": "Sichert Basisfunktionalitaet", "check_target": "system", "evidence": ["architecture_doc", "integration_test"], "automation": "partial"}, - {"control_id": "ERR-003", "domain": "ERR", "title": "Recovery nach Stromausfall ohne Datenverlust", "objective": "Transaktionskonsistenz bei Hardwareausfall", "check_target": "system", "evidence": ["integration_test", "architecture_doc"], "automation": "low"}, - {"control_id": "ERR-004", "domain": "ERR", "title": "Offline-Modus mit definiertem Funktionsumfang", "objective": "Klare Grenzen bei fehlender Konnektivitaet", "check_target": "code", "evidence": ["source_code", "documentation"], "automation": "medium"}, - {"control_id": "ERR-005", "domain": "ERR", "title": "Automatische Wiederverbindung nach Netzwerkunterbrechung", "objective": "Minimiert manuelle Intervention", "check_target": "code", "evidence": ["source_code", "integration_test"], "automation": "medium"}, - {"control_id": "ERR-006", "domain": "ERR", "title": "Circuit Breaker bei Backend-Ueberlast", "objective": "Verhindert Kaskadenausfall", "check_target": "code", "evidence": ["source_code", "config"], "automation": "medium"}, - {"control_id": "ERR-007", "domain": "ERR", "title": "Fehlerhafte Datenpakete werden verworfen, nicht verarbeitet", "objective": "Verhindert Fehlverarbeitung korrupter Daten", "check_target": "code", "evidence": ["source_code", "unit_test"], "automation": "high"}, - {"control_id": "ERR-008", "domain": "ERR", "title": "Health-Check-Endpunkt fuer Terminal-Monitoring", "objective": "Ermoeglicht proaktive Fehlererkennung", "check_target": "code", "evidence": ["source_code", "api_spec"], "automation": "high"}, - {"control_id": "ERR-009", "domain": "ERR", "title": "Eskalationsprozess bei kritischen Fehlern definiert", "objective": "Sichert schnelle Reaktion bei Systemausfall", "check_target": "process", "evidence": ["documentation", "runbook"], "automation": "low"}, - {"control_id": "ERR-010", "domain": "ERR", "title": "Wartungsmodus ohne Transaktionsverlust aktivierbar", "objective": "Ermoeglicht geplante Wartung ohne Datenverlust", "check_target": "system", "evidence": ["admin_ui", "integration_test"], "automation": "partial"}, - - {"control_id": "BLD-001", "domain": "BLD", "title": "Build-Pipeline reproduzierbar", "objective": "Sichert Nachvollziehbarkeit der Artefakte", "check_target": "system", "evidence": ["ci_config", "build_log"], "automation": "medium"}, - {"control_id": "BLD-002", "domain": "BLD", "title": "Abhaengigkeiten werden auf bekannte Schwachstellen geprueft", "objective": "Verhindert vulnerable Dependencies", "check_target": "system", "evidence": ["dependency_scan", "ci_config"], "automation": "high"}, - {"control_id": "BLD-003", "domain": "BLD", "title": "Release-Artefakte sind signiert", "objective": "Integritaetsschutz der Auslieferung", "check_target": "system", "evidence": ["signing_config", "release_process"], "automation": "medium"}, - {"control_id": "BLD-004", "domain": "BLD", "title": "Keine Test-Credentials in Release-Konfiguration", "objective": "Verhindert Produktions-Leaks", "check_target": "config", "evidence": ["deployment_config", "secret_scan"], "automation": "high"}, - {"control_id": "BLD-005", "domain": "BLD", "title": "Container-Images werden auf Schwachstellen gescannt", "objective": "Sichert Basis-Image Integritaet", "check_target": "system", "evidence": ["container_scan", "ci_config"], "automation": "high"}, - {"control_id": "BLD-006", "domain": "BLD", "title": "SBOM (Software Bill of Materials) wird generiert", "objective": "Transparenz ueber verwendete Komponenten", "check_target": "system", "evidence": ["sbom_output", "ci_config"], "automation": "medium"}, - {"control_id": "BLD-007", "domain": "BLD", "title": "Deployment nur ueber autorisierte Pipeline", "objective": "Verhindert manuelle, unkontrollierte Deployments", "check_target": "system", "evidence": ["ci_config", "access_control"], "automation": "medium"}, - {"control_id": "BLD-008", "domain": "BLD", "title": "Rollback-Prozedur fuer Deployments definiert und getestet", "objective": "Ermoeglicht schnelle Recovery", "check_target": "process", "evidence": ["runbook", "deployment_doc"], "automation": "low"}, - {"control_id": "BLD-009", "domain": "BLD", "title": "Code-Review vor Merge in Release-Branch", "objective": "Vier-Augen-Prinzip", "check_target": "process", "evidence": ["git_config", "pr_policy"], "automation": "medium"}, - {"control_id": "BLD-010", "domain": "BLD", "title": "Automatisierte Tests vor jedem Release", "objective": "Sichert Qualitaet vor Auslieferung", "check_target": "system", "evidence": ["ci_config", "test_results"], "automation": "high"} + { + "control_id": "PAY-001", + "domain": "PAY", + "title": "Eindeutige Transaktions-ID pro Zahlungsvorgang", + "objective": "Verhindert Vermischung und Mehrfachverarbeitung", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "high" + }, + { + "control_id": "PAY-002", + "domain": "PAY", + "title": "Idempotente Verarbeitung wiederholter Zahlungsanfragen", + "objective": "Verhindert doppelte Buchungen bei Retries", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "PAY-003", + "domain": "PAY", + "title": "Verhinderung doppelter Verbuchung bei Netzwerk-Retry", + "objective": "Stellt konsistente Zahlungszustaende sicher", + "check_target": "system", + "evidence": [ + "integration_test", + "architecture_doc" + ], + "automation": "partial" + }, + { + "control_id": "PAY-004", + "domain": "PAY", + "title": "Definierter Initialzustand jeder Transaktion", + "objective": "Verhindert undefinierte Startbedingungen", + "check_target": "code", + "evidence": [ + "source_code" + ], + "automation": "high" + }, + { + "control_id": "PAY-005", + "domain": "PAY", + "title": "Definierte erlaubte Zustandsuebergaenge in der Transaktionslogik", + "objective": "Verhindert ungueltige State Transitions", + "check_target": "code", + "evidence": [ + "source_code", + "unit_test" + ], + "automation": "medium" + }, + { + "control_id": "PAY-006", + "domain": "PAY", + "title": "Keine direkte Transition in terminalen Erfolgszustand ohne Autorisierung", + "objective": "Verhindert vorzeitige Freigabe", + "check_target": "code", + "evidence": [ + "source_code", + "unit_test" + ], + "automation": "medium" + }, + { + "control_id": "PAY-007", + "domain": "PAY", + "title": "Abbruchpfade fuehren in definierten Endzustand", + "objective": "Sichert sauberes Cancel-Handling", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "PAY-008", + "domain": "PAY", + "title": "Timeout fuehrt in nachvollziehbaren und sicheren Zustand", + "objective": "Verhindert haengende Transaktionen", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "PAY-009", + "domain": "PAY", + "title": "Rollback oder Reversal-Handling bei Teilfehlschlag", + "objective": "Reduziert Inkonsistenzen", + "check_target": "system", + "evidence": [ + "integration_test", + "architecture_doc" + ], + "automation": "partial" + }, + { + "control_id": "PAY-010", + "domain": "PAY", + "title": "Fehlerhafte Antworten werden nicht als Erfolg interpretiert", + "objective": "Verhindert False Positive bei Zahlungsstatus", + "check_target": "code", + "evidence": [ + "source_code", + "unit_test" + ], + "automation": "high" + }, + { + "control_id": "PAY-011", + "domain": "PAY", + "title": "Betragsvalidierung bei jeder Zahlungsanfrage", + "objective": "Verhindert Betragmanipulation und negative Werte", + "check_target": "code", + "evidence": [ + "source_code", + "unit_test" + ], + "automation": "high" + }, + { + "control_id": "PAY-012", + "domain": "PAY", + "title": "Waehrungsfeld wird validiert und konsistent verarbeitet", + "objective": "Verhindert Fehlverarbeitung bei Mehrwaehrung", + "check_target": "code", + "evidence": [ + "source_code" + ], + "automation": "high" + }, + { + "control_id": "PAY-013", + "domain": "PAY", + "title": "Betragsrundung erfolgt deterministisch und dokumentiert", + "objective": "Verhindert Abweichungen Frontend/Terminal/Backend", + "check_target": "code", + "evidence": [ + "source_code", + "unit_test" + ], + "automation": "medium" + }, + { + "control_id": "PAY-014", + "domain": "PAY", + "title": "Keine lokale Manipulation des autorisierten Betrags nach Freigabe", + "objective": "Schuetzt Integritaet der Zahlung", + "check_target": "code", + "evidence": [ + "source_code", + "unit_test" + ], + "automation": "medium" + }, + { + "control_id": "PAY-015", + "domain": "PAY", + "title": "Transaktionskontext bleibt ueber Retry-Versuche konsistent", + "objective": "Verhindert Kontextverlust", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "PAY-016", + "domain": "PAY", + "title": "Antworten ohne Referenz-ID werden nicht akzeptiert", + "objective": "Verhindert verwaiste Zuordnungen", + "check_target": "code", + "evidence": [ + "source_code" + ], + "automation": "high" + }, + { + "control_id": "PAY-017", + "domain": "PAY", + "title": "Doppelte Callback-Verarbeitung wird unterdrueckt", + "objective": "Verhindert doppelte Statusupdates", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "PAY-018", + "domain": "PAY", + "title": "Asynchrone Statusmeldungen werden korreliert und sequenziell verarbeitet", + "objective": "Sichert korrekte Reihenfolge", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "PAY-019", + "domain": "PAY", + "title": "Geschaeftsvorfall wird erst nach bestaetigtem Zahlungsstatus finalisiert", + "objective": "Verhindert Business Success ohne Payment Success", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "PAY-020", + "domain": "PAY", + "title": "Offline-Zahlungen werden explizit gekennzeichnet", + "objective": "Verhindert Verwechslung mit final autorisierten Zahlungen", + "check_target": "code", + "evidence": [ + "source_code", + "reporting_output" + ], + "automation": "medium" + }, + { + "control_id": "LOG-001", + "domain": "LOG", + "title": "Keine sensitiven Zahlungsdaten im Anwendungslog", + "objective": "Verhindert Offenlegung sensitiver Daten", + "check_target": "code", + "evidence": [ + "source_code", + "log_config" + ], + "automation": "high" + }, + { + "control_id": "LOG-002", + "domain": "LOG", + "title": "PAN wird in Logs maskiert", + "objective": "Reduziert Risiko bei Log-Einsicht", + "check_target": "code", + "evidence": [ + "source_code", + "log_output_sample" + ], + "automation": "high" + }, + { + "control_id": "LOG-003", + "domain": "LOG", + "title": "CVV/CVC wird niemals geloggt", + "objective": "Verhindert Protokollierung sensitiver Authentifizierungsdaten", + "check_target": "code", + "evidence": [ + "source_code" + ], + "automation": "high" + }, + { + "control_id": "LOG-004", + "domain": "LOG", + "title": "Kryptographische Schluessel werden nicht geloggt", + "objective": "Verhindert Kompromittierung durch Logging", + "check_target": "code", + "evidence": [ + "source_code", + "log_output_sample" + ], + "automation": "high" + }, + { + "control_id": "LOG-005", + "domain": "LOG", + "title": "Admin-Aktionen werden auditierbar protokolliert", + "objective": "Ermoeglicht Nachvollziehbarkeit privilegierter Handlungen", + "check_target": "system", + "evidence": [ + "source_code", + "audit_log_sample" + ], + "automation": "partial" + }, + { + "control_id": "LOG-006", + "domain": "LOG", + "title": "Konfigurationsaenderungen werden protokolliert", + "objective": "Ermoeglicht Nachweis kritischer Aenderungen", + "check_target": "system", + "evidence": [ + "source_code", + "audit_log_sample" + ], + "automation": "partial" + }, + { + "control_id": "LOG-007", + "domain": "LOG", + "title": "Fehlgeschlagene Authentifizierungsversuche werden geloggt", + "objective": "Unterstuetzt Erkennung von Missbrauch", + "check_target": "code", + "evidence": [ + "source_code", + "audit_log_sample" + ], + "automation": "high" + }, + { + "control_id": "LOG-008", + "domain": "LOG", + "title": "Sicherheitsrelevante Ereignisse erhalten eindeutige Event-Typen", + "objective": "Erleichtert Korrelation und Monitoring", + "check_target": "code", + "evidence": [ + "source_code", + "log_schema" + ], + "automation": "medium" + }, + { + "control_id": "LOG-009", + "domain": "LOG", + "title": "Audit-Events enthalten konsistenten Zeitstempel", + "objective": "Ermoeglicht zeitliche Rekonstruktion", + "check_target": "system", + "evidence": [ + "audit_log_sample", + "config" + ], + "automation": "partial" + }, + { + "control_id": "LOG-010", + "domain": "LOG", + "title": "Audit-Events enthalten eindeutige Terminalkennung", + "objective": "Ermoeglicht Zuordnung zur Quelle", + "check_target": "code", + "evidence": [ + "log_schema", + "audit_log_sample" + ], + "automation": "medium" + }, + { + "control_id": "LOG-011", + "domain": "LOG", + "title": "Debug-Logging in Produktion deaktiviert", + "objective": "Verhindert Leaks in produktiven Systemen", + "check_target": "config", + "evidence": [ + "deployment_config" + ], + "automation": "high" + }, + { + "control_id": "LOG-012", + "domain": "LOG", + "title": "Manipulation von Audit-Logs technisch erschwert", + "objective": "Schuetzt Integritaet des Audit Trails", + "check_target": "system", + "evidence": [ + "architecture_doc", + "storage_config" + ], + "automation": "low" + }, + { + "control_id": "LOG-013", + "domain": "LOG", + "title": "Fehlermeldungen enthalten keine Stacktraces mit sensitiven Payloads", + "objective": "Verhindert indirekten Datenabfluss", + "check_target": "code", + "evidence": [ + "source_code", + "log_output_sample" + ], + "automation": "medium" + }, + { + "control_id": "LOG-014", + "domain": "LOG", + "title": "Jede Zahlungsentscheidung erzeugt Audit-Eintrag", + "objective": "Verbindet Business Outcome mit technischer Evidenz", + "check_target": "system", + "evidence": [ + "audit_log_sample", + "integration_test" + ], + "automation": "partial" + }, + { + "control_id": "LOG-015", + "domain": "LOG", + "title": "Log-Retention konfiguriert und dokumentiert", + "objective": "Sichert Verfuegbarkeit relevanter Ereignishistorie", + "check_target": "config", + "evidence": [ + "retention_policy", + "deployment_config" + ], + "automation": "medium" + }, + { + "control_id": "CRYPTO-001", + "domain": "CRYPTO", + "title": "Keine Secrets im Quellcode", + "objective": "Verhindert Offenlegung im Repository", + "check_target": "code", + "evidence": [ + "source_code", + "secret_scan" + ], + "automation": "high" + }, + { + "control_id": "CRYPTO-002", + "domain": "CRYPTO", + "title": "Keine Secrets in Commit-Historie", + "objective": "Reduziert Leak-Risiko ueber Entwicklungsartefakte", + "check_target": "repository", + "evidence": [ + "secret_scan", + "build_scripts" + ], + "automation": "high" + }, + { + "control_id": "CRYPTO-003", + "domain": "CRYPTO", + "title": "Keine Schluessel im Klartext in Konfigurationsdateien", + "objective": "Schuetzt ruhende Geheimnisse", + "check_target": "config", + "evidence": [ + "config", + "secret_scan" + ], + "automation": "high" + }, + { + "control_id": "CRYPTO-004", + "domain": "CRYPTO", + "title": "Secrets aus sicherem Secret Store bezogen", + "objective": "Verhindert lokale Persistenz", + "check_target": "system", + "evidence": [ + "architecture_doc", + "deployment_config" + ], + "automation": "partial" + }, + { + "control_id": "CRYPTO-005", + "domain": "CRYPTO", + "title": "Zugriff auf Secrets rollen-/servicebezogen eingeschraenkt", + "objective": "Begrenzt Blast Radius", + "check_target": "system", + "evidence": [ + "iam_config", + "architecture_doc" + ], + "automation": "partial" + }, + { + "control_id": "CRYPTO-006", + "domain": "CRYPTO", + "title": "Zentrale und freigegebene Krypto-Bibliotheken verwendet", + "objective": "Verhindert unsichere Eigenimplementierungen", + "check_target": "code", + "evidence": [ + "source_code", + "dependency_list" + ], + "automation": "medium" + }, + { + "control_id": "CRYPTO-007", + "domain": "CRYPTO", + "title": "Keine veralteten kryptographischen Primitive (MD5, SHA1, DES)", + "objective": "Verhindert Einsatz schwacher Verfahren", + "check_target": "code", + "evidence": [ + "source_code", + "dependency_scan" + ], + "automation": "medium" + }, + { + "control_id": "CRYPTO-008", + "domain": "CRYPTO", + "title": "TLS 1.2+ fuer alle externen Verbindungen", + "objective": "Schuetzt Daten bei Uebertragung", + "check_target": "config", + "evidence": [ + "config", + "network_scan" + ], + "automation": "high" + }, + { + "control_id": "CRYPTO-009", + "domain": "CRYPTO", + "title": "Schluesselrotation implementiert und dokumentiert", + "objective": "Reduziert Kompromittierungszeitraum", + "check_target": "process", + "evidence": [ + "key_mgmt_doc", + "config" + ], + "automation": "low" + }, + { + "control_id": "CRYPTO-010", + "domain": "CRYPTO", + "title": "HSM oder Secure Enclave fuer kryptographische Operationen", + "objective": "Hardwarebasierter Schluesselschutz", + "check_target": "system", + "evidence": [ + "architecture_doc" + ], + "automation": "low" + }, + { + "control_id": "CRYPTO-011", + "domain": "CRYPTO", + "title": "Zertifikats-Pinning fuer kritische Verbindungen", + "objective": "Schuetzt gegen MITM", + "check_target": "code", + "evidence": [ + "source_code", + "config" + ], + "automation": "medium" + }, + { + "control_id": "CRYPTO-012", + "domain": "CRYPTO", + "title": "Kryptographische Zufallszahlen aus sicherem Generator", + "objective": "Verhindert vorhersagbare Tokens/Nonces", + "check_target": "code", + "evidence": [ + "source_code" + ], + "automation": "high" + }, + { + "control_id": "CRYPTO-013", + "domain": "CRYPTO", + "title": "PIN-Eingabe nur ueber Secure PIN Entry Device", + "objective": "Schuetzt PIN vor Abgriff", + "check_target": "system", + "evidence": [ + "architecture_doc", + "certification" + ], + "automation": "low" + }, + { + "control_id": "CRYPTO-014", + "domain": "CRYPTO", + "title": "Kartendaten werden verschluesselt uebertragen (P2PE)", + "objective": "End-to-End Schutz der Kartendaten", + "check_target": "system", + "evidence": [ + "architecture_doc", + "network_config" + ], + "automation": "partial" + }, + { + "control_id": "CRYPTO-015", + "domain": "CRYPTO", + "title": "Keine persistente Speicherung vollstaendiger Kartendaten", + "objective": "Minimiert Daten bei Kompromittierung", + "check_target": "code", + "evidence": [ + "source_code", + "db_schema" + ], + "automation": "high" + }, + { + "control_id": "API-001", + "domain": "API", + "title": "Authentifizierung fuer alle Admin-Endpunkte", + "objective": "Verhindert unautorisierten Zugriff", + "check_target": "code", + "evidence": [ + "source_code", + "api_spec" + ], + "automation": "high" + }, + { + "control_id": "API-002", + "domain": "API", + "title": "Rollenbasierte Autorisierung", + "objective": "Least-Privilege Prinzip", + "check_target": "code", + "evidence": [ + "source_code", + "rbac_config" + ], + "automation": "medium" + }, + { + "control_id": "API-003", + "domain": "API", + "title": "Rate Limiting implementiert", + "objective": "Schuetzt gegen Brute Force und DoS", + "check_target": "code", + "evidence": [ + "source_code", + "config" + ], + "automation": "medium" + }, + { + "control_id": "API-004", + "domain": "API", + "title": "Keine sensiblen Daten in Fehlermeldungen", + "objective": "Verhindert Information Leakage", + "check_target": "code", + "evidence": [ + "source_code", + "api_test" + ], + "automation": "high" + }, + { + "control_id": "API-005", + "domain": "API", + "title": "Input Validation gegen Injection", + "objective": "Schuetzt gegen SQL/Command Injection", + "check_target": "code", + "evidence": [ + "source_code", + "security_test" + ], + "automation": "high" + }, + { + "control_id": "API-006", + "domain": "API", + "title": "CORS korrekt konfiguriert", + "objective": "Verhindert Cross-Origin Angriffe", + "check_target": "config", + "evidence": [ + "config", + "security_test" + ], + "automation": "high" + }, + { + "control_id": "API-007", + "domain": "API", + "title": "Session-Timeout fuer Admin-Sessions", + "objective": "Reduziert Risiko bei verlassenen Sessions", + "check_target": "config", + "evidence": [ + "config", + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "API-008", + "domain": "API", + "title": "API-Versionierung implementiert", + "objective": "Ermoeglicht kontrollierte Aenderungen", + "check_target": "code", + "evidence": [ + "api_spec", + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "API-009", + "domain": "API", + "title": "Webhook-Callbacks werden authentifiziert", + "objective": "Verhindert gefaelschte Callbacks", + "check_target": "code", + "evidence": [ + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "API-010", + "domain": "API", + "title": "Idempotenz-Keys fuer kritische POST-Operationen", + "objective": "Verhindert doppelte Ausfuehrung", + "check_target": "code", + "evidence": [ + "source_code", + "api_spec" + ], + "automation": "medium" + }, + { + "control_id": "API-011", + "domain": "API", + "title": "Request-Signierung fuer sicherheitskritische Operationen", + "objective": "Integritaetsschutz der Anfrage", + "check_target": "code", + "evidence": [ + "source_code", + "api_spec" + ], + "automation": "medium" + }, + { + "control_id": "API-012", + "domain": "API", + "title": "Keine sensiblen Daten in URL-Parametern", + "objective": "Verhindert Leakage ueber Logs und Browser-History", + "check_target": "code", + "evidence": [ + "source_code" + ], + "automation": "high" + }, + { + "control_id": "API-013", + "domain": "API", + "title": "Content-Type Validierung bei allen Endpunkten", + "objective": "Verhindert Content-Type Confusion", + "check_target": "code", + "evidence": [ + "source_code" + ], + "automation": "high" + }, + { + "control_id": "API-014", + "domain": "API", + "title": "Health- und Status-Endpunkte exponieren keine sensitiven Details", + "objective": "Verhindert Reconnaissance", + "check_target": "code", + "evidence": [ + "source_code", + "api_test" + ], + "automation": "high" + }, + { + "control_id": "API-015", + "domain": "API", + "title": "Batch-Operationen sind groessenbeschraenkt", + "objective": "Verhindert Ressourcenerschoepfung", + "check_target": "code", + "evidence": [ + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "TERM-001", + "domain": "TERM", + "title": "Korrekte Sequenz von Zahlungsbefehlen", + "objective": "Protokollkonformitaet", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "TERM-002", + "domain": "TERM", + "title": "Retry-Mechanismus bei Verbindungsabbruch", + "objective": "Sichert Transaktionsabschluss", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "TERM-003", + "domain": "TERM", + "title": "Timeout Handling Terminal-Backend", + "objective": "Verhindert Blockierung", + "check_target": "code", + "evidence": [ + "source_code", + "config" + ], + "automation": "medium" + }, + { + "control_id": "TERM-004", + "domain": "TERM", + "title": "Fehlercodes korrekt interpretiert", + "objective": "Verhindert Fehlinterpretation", + "check_target": "code", + "evidence": [ + "source_code", + "unit_test" + ], + "automation": "medium" + }, + { + "control_id": "TERM-005", + "domain": "TERM", + "title": "Status-Synchronisation zwischen Terminal und Backend", + "objective": "Konsistente Zustaende", + "check_target": "system", + "evidence": [ + "integration_test", + "architecture_doc" + ], + "automation": "partial" + }, + { + "control_id": "TERM-006", + "domain": "TERM", + "title": "Verbindungsaufbau zum Terminal authentifiziert", + "objective": "Verhindert Rogue-Terminal", + "check_target": "code", + "evidence": [ + "source_code", + "config" + ], + "automation": "medium" + }, + { + "control_id": "TERM-007", + "domain": "TERM", + "title": "Terminal-Registrierung mit eindeutiger Kennung", + "objective": "Ermoeglicht Asset-Tracking", + "check_target": "system", + "evidence": [ + "db_schema", + "admin_ui" + ], + "automation": "partial" + }, + { + "control_id": "TERM-008", + "domain": "TERM", + "title": "Heartbeat / Keep-Alive fuer Terminal-Verbindung", + "objective": "Erkennt Verbindungsabbruch frueh", + "check_target": "code", + "evidence": [ + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "TERM-009", + "domain": "TERM", + "title": "Protokollversion wird geprueft und erzwungen", + "objective": "Verhindert Downgrade-Angriffe", + "check_target": "code", + "evidence": [ + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "TERM-010", + "domain": "TERM", + "title": "Kontaktlos-Transaktionen nur ueber zugelassene Kernel", + "objective": "Sichert NFC-Konformitaet", + "check_target": "system", + "evidence": [ + "certification", + "config" + ], + "automation": "low" + }, + { + "control_id": "TERM-011", + "domain": "TERM", + "title": "Terminal meldet Tamper-Events an Backend", + "objective": "Zentrales Monitoring von Manipulationsversuchen", + "check_target": "system", + "evidence": [ + "integration_test", + "architecture_doc" + ], + "automation": "partial" + }, + { + "control_id": "TERM-012", + "domain": "TERM", + "title": "Offline-Queue bei Verbindungsunterbrechung", + "objective": "Sichert Transaktionsdaten bei Netzausfall", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "TERM-013", + "domain": "TERM", + "title": "Maximale Queue-Groesse definiert", + "objective": "Verhindert unkontrollierten Speicherverbrauch", + "check_target": "config", + "evidence": [ + "config", + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "TERM-014", + "domain": "TERM", + "title": "End-of-Day / Settlement-Prozess implementiert", + "objective": "Sichert taeglichen Transaktionsabschluss", + "check_target": "system", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "partial" + }, + { + "control_id": "TERM-015", + "domain": "TERM", + "title": "Terminal-Display zeigt korrekten Zahlungsstatus", + "objective": "Verhindert Fehlkommunikation an Nutzer", + "check_target": "system", + "evidence": [ + "integration_test" + ], + "automation": "low" + }, + { + "control_id": "FW-001", + "domain": "FW", + "title": "Firmware signiert", + "objective": "Verhindert Installation manipulierter Firmware", + "check_target": "system", + "evidence": [ + "build_pipeline", + "signing_config" + ], + "automation": "low" + }, + { + "control_id": "FW-002", + "domain": "FW", + "title": "Signaturpruefung vor Firmware-Update", + "objective": "Blockiert unsignierte Updates", + "check_target": "code", + "evidence": [ + "source_code", + "update_process" + ], + "automation": "medium" + }, + { + "control_id": "FW-003", + "domain": "FW", + "title": "Rollback-Mechanismus vorhanden", + "objective": "Ermoeglicht Recovery nach fehlerhaftem Update", + "check_target": "system", + "evidence": [ + "architecture_doc", + "test_report" + ], + "automation": "low" + }, + { + "control_id": "FW-004", + "domain": "FW", + "title": "Debug-Interfaces in Produktion deaktiviert", + "objective": "Verhindert unautorisierten Zugriff", + "check_target": "config", + "evidence": [ + "deployment_config", + "security_test" + ], + "automation": "medium" + }, + { + "control_id": "FW-005", + "domain": "FW", + "title": "Manipulationserkennung loest Alarm/Sperre aus", + "objective": "Reaktion auf physische Angriffe", + "check_target": "system", + "evidence": [ + "architecture_doc", + "test_report" + ], + "automation": "low" + }, + { + "control_id": "FW-006", + "domain": "FW", + "title": "Secure Boot implementiert", + "objective": "Verhindert Ausfuehrung manipulierter Boot-Images", + "check_target": "system", + "evidence": [ + "architecture_doc" + ], + "automation": "low" + }, + { + "control_id": "FW-007", + "domain": "FW", + "title": "Firmware-Version ist remote abfragbar", + "objective": "Ermoeglicht Fleet-Management und Compliance-Nachweis", + "check_target": "system", + "evidence": [ + "api_spec", + "admin_ui" + ], + "automation": "partial" + }, + { + "control_id": "FW-008", + "domain": "FW", + "title": "Automatische Update-Benachrichtigung bei kritischen Patches", + "objective": "Sichert zeitnahe Reaktion auf Schwachstellen", + "check_target": "system", + "evidence": [ + "architecture_doc" + ], + "automation": "partial" + }, + { + "control_id": "FW-009", + "domain": "FW", + "title": "Keine Persistenz von Zahlungsdaten ueber Neustart hinaus", + "objective": "Schuetzt Daten bei physischem Zugriff", + "check_target": "code", + "evidence": [ + "source_code", + "architecture_doc" + ], + "automation": "medium" + }, + { + "control_id": "FW-010", + "domain": "FW", + "title": "Physischer Speicher wird bei Tamper-Detection geloescht", + "objective": "Zerstoert Schluessel bei Manipulation", + "check_target": "system", + "evidence": [ + "architecture_doc", + "certification" + ], + "automation": "low" + }, + { + "control_id": "REP-001", + "domain": "REP", + "title": "Transaktionsstatus vollstaendig dokumentiert", + "objective": "Ermoeglicht Nachvollziehbarkeit jeder Zahlung", + "check_target": "system", + "evidence": [ + "reporting_output", + "db_schema" + ], + "automation": "medium" + }, + { + "control_id": "REP-002", + "domain": "REP", + "title": "Audit-Trail verknuepft mit Transaktionen", + "objective": "Sichert End-to-End Traceability", + "check_target": "system", + "evidence": [ + "reporting_output", + "audit_log_sample" + ], + "automation": "medium" + }, + { + "control_id": "REP-003", + "domain": "REP", + "title": "Exportdaten plausibel und vollstaendig", + "objective": "Sichert korrekte Weitergabe", + "check_target": "system", + "evidence": [ + "export_sample", + "integration_test" + ], + "automation": "partial" + }, + { + "control_id": "REP-004", + "domain": "REP", + "title": "Fehlercodes nachvollziehbar dokumentiert", + "objective": "Ermoeglicht Fehleranalyse", + "check_target": "code", + "evidence": [ + "source_code", + "documentation" + ], + "automation": "medium" + }, + { + "control_id": "REP-005", + "domain": "REP", + "title": "Revisionssichere Speicherung von Transaktionsdaten", + "objective": "GoBD/GDPdU-konforme Aufbewahrung", + "check_target": "system", + "evidence": [ + "architecture_doc", + "storage_config" + ], + "automation": "low" + }, + { + "control_id": "REP-006", + "domain": "REP", + "title": "Tagesabschluss-Report vollstaendig und konsistent", + "objective": "Sichert taeglichen Abgleich", + "check_target": "system", + "evidence": [ + "reporting_output", + "integration_test" + ], + "automation": "partial" + }, + { + "control_id": "REP-007", + "domain": "REP", + "title": "Summenabgleich Terminal vs. Backend", + "objective": "Erkennt Differenzen", + "check_target": "system", + "evidence": [ + "reconciliation_report", + "integration_test" + ], + "automation": "partial" + }, + { + "control_id": "REP-008", + "domain": "REP", + "title": "Stornierte Transaktionen korrekt ausgewiesen", + "objective": "Sichert korrekte Buchhaltungsgrundlage", + "check_target": "system", + "evidence": [ + "reporting_output" + ], + "automation": "medium" + }, + { + "control_id": "REP-009", + "domain": "REP", + "title": "Historische Reports nicht nachtraeglich aenderbar", + "objective": "Schuetzt Integritaet der Berichterstattung", + "check_target": "system", + "evidence": [ + "architecture_doc", + "db_config" + ], + "automation": "low" + }, + { + "control_id": "REP-010", + "domain": "REP", + "title": "Abrechnungsdaten enthalten keine vollstaendigen Kartennummern", + "objective": "Minimiert Datenexposition in Reports", + "check_target": "code", + "evidence": [ + "source_code", + "export_sample" + ], + "automation": "high" + }, + { + "control_id": "ACC-001", + "domain": "ACC", + "title": "Individuelle Benutzerkonten fuer alle Administratoren", + "objective": "Verhindert geteilte Accounts", + "check_target": "system", + "evidence": [ + "admin_ui", + "iam_config" + ], + "automation": "partial" + }, + { + "control_id": "ACC-002", + "domain": "ACC", + "title": "Standard-Passwoerter werden bei Ersteinrichtung erzwungen zu aendern", + "objective": "Verhindert Default-Credential-Angriffe", + "check_target": "code", + "evidence": [ + "source_code", + "deployment_doc" + ], + "automation": "medium" + }, + { + "control_id": "ACC-003", + "domain": "ACC", + "title": "Multi-Faktor-Authentifizierung fuer Admin-Zugang", + "objective": "Erhoehter Schutz privilegierter Konten", + "check_target": "system", + "evidence": [ + "iam_config", + "admin_ui" + ], + "automation": "partial" + }, + { + "control_id": "ACC-004", + "domain": "ACC", + "title": "Passwort-Komplexitaetsanforderungen implementiert", + "objective": "Verhindert schwache Passwoerter", + "check_target": "code", + "evidence": [ + "source_code", + "config" + ], + "automation": "high" + }, + { + "control_id": "ACC-005", + "domain": "ACC", + "title": "Account-Sperrung nach fehlgeschlagenen Anmeldeversuchen", + "objective": "Schuetzt gegen Brute Force", + "check_target": "code", + "evidence": [ + "source_code", + "config" + ], + "automation": "high" + }, + { + "control_id": "ACC-006", + "domain": "ACC", + "title": "Privilegierte Aktionen erfordern erneute Authentifizierung", + "objective": "Step-Up Authentication", + "check_target": "code", + "evidence": [ + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "ACC-007", + "domain": "ACC", + "title": "Inaktive Sessions werden automatisch beendet", + "objective": "Reduziert Angriffsflaeche bei verlassenen Sessions", + "check_target": "config", + "evidence": [ + "config", + "source_code" + ], + "automation": "high" + }, + { + "control_id": "ACC-008", + "domain": "ACC", + "title": "Berechtigungsaenderungen werden auditiert", + "objective": "Nachvollziehbarkeit von Rechteaenderungen", + "check_target": "system", + "evidence": [ + "audit_log_sample", + "source_code" + ], + "automation": "partial" + }, + { + "control_id": "ACC-009", + "domain": "ACC", + "title": "Least-Privilege Prinzip fuer alle Rollen", + "objective": "Minimiert Rechte auf das Notwendige", + "check_target": "system", + "evidence": [ + "rbac_config", + "architecture_doc" + ], + "automation": "partial" + }, + { + "control_id": "ACC-010", + "domain": "ACC", + "title": "Service-Accounts haben keine interaktive Login-Moeglichkeit", + "objective": "Verhindert Missbrauch technischer Konten", + "check_target": "config", + "evidence": [ + "iam_config" + ], + "automation": "medium" + }, + { + "control_id": "ERR-001", + "domain": "ERR", + "title": "Definierte Fehlerbehandlung fuer alle externen Aufrufe", + "objective": "Verhindert unkontrollierte Abbrueche", + "check_target": "code", + "evidence": [ + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "ERR-002", + "domain": "ERR", + "title": "Graceful Degradation bei Teilausfall", + "objective": "Sichert Basisfunktionalitaet", + "check_target": "system", + "evidence": [ + "architecture_doc", + "integration_test" + ], + "automation": "partial" + }, + { + "control_id": "ERR-003", + "domain": "ERR", + "title": "Recovery nach Stromausfall ohne Datenverlust", + "objective": "Transaktionskonsistenz bei Hardwareausfall", + "check_target": "system", + "evidence": [ + "integration_test", + "architecture_doc" + ], + "automation": "low" + }, + { + "control_id": "ERR-004", + "domain": "ERR", + "title": "Offline-Modus mit definiertem Funktionsumfang", + "objective": "Klare Grenzen bei fehlender Konnektivitaet", + "check_target": "code", + "evidence": [ + "source_code", + "documentation" + ], + "automation": "medium" + }, + { + "control_id": "ERR-005", + "domain": "ERR", + "title": "Automatische Wiederverbindung nach Netzwerkunterbrechung", + "objective": "Minimiert manuelle Intervention", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "ERR-006", + "domain": "ERR", + "title": "Circuit Breaker bei Backend-Ueberlast", + "objective": "Verhindert Kaskadenausfall", + "check_target": "code", + "evidence": [ + "source_code", + "config" + ], + "automation": "medium" + }, + { + "control_id": "ERR-007", + "domain": "ERR", + "title": "Fehlerhafte Datenpakete werden verworfen, nicht verarbeitet", + "objective": "Verhindert Fehlverarbeitung korrupter Daten", + "check_target": "code", + "evidence": [ + "source_code", + "unit_test" + ], + "automation": "high" + }, + { + "control_id": "ERR-008", + "domain": "ERR", + "title": "Health-Check-Endpunkt fuer Terminal-Monitoring", + "objective": "Ermoeglicht proaktive Fehlererkennung", + "check_target": "code", + "evidence": [ + "source_code", + "api_spec" + ], + "automation": "high" + }, + { + "control_id": "ERR-009", + "domain": "ERR", + "title": "Eskalationsprozess bei kritischen Fehlern definiert", + "objective": "Sichert schnelle Reaktion bei Systemausfall", + "check_target": "process", + "evidence": [ + "documentation", + "runbook" + ], + "automation": "low" + }, + { + "control_id": "ERR-010", + "domain": "ERR", + "title": "Wartungsmodus ohne Transaktionsverlust aktivierbar", + "objective": "Ermoeglicht geplante Wartung ohne Datenverlust", + "check_target": "system", + "evidence": [ + "admin_ui", + "integration_test" + ], + "automation": "partial" + }, + { + "control_id": "BLD-001", + "domain": "BLD", + "title": "Build-Pipeline reproduzierbar", + "objective": "Sichert Nachvollziehbarkeit der Artefakte", + "check_target": "system", + "evidence": [ + "ci_config", + "build_log" + ], + "automation": "medium" + }, + { + "control_id": "BLD-002", + "domain": "BLD", + "title": "Abhaengigkeiten werden auf bekannte Schwachstellen geprueft", + "objective": "Verhindert vulnerable Dependencies", + "check_target": "system", + "evidence": [ + "dependency_scan", + "ci_config" + ], + "automation": "high" + }, + { + "control_id": "BLD-003", + "domain": "BLD", + "title": "Release-Artefakte sind signiert", + "objective": "Integritaetsschutz der Auslieferung", + "check_target": "system", + "evidence": [ + "signing_config", + "release_process" + ], + "automation": "medium" + }, + { + "control_id": "BLD-004", + "domain": "BLD", + "title": "Keine Test-Credentials in Release-Konfiguration", + "objective": "Verhindert Produktions-Leaks", + "check_target": "config", + "evidence": [ + "deployment_config", + "secret_scan" + ], + "automation": "high" + }, + { + "control_id": "BLD-005", + "domain": "BLD", + "title": "Container-Images werden auf Schwachstellen gescannt", + "objective": "Sichert Basis-Image Integritaet", + "check_target": "system", + "evidence": [ + "container_scan", + "ci_config" + ], + "automation": "high" + }, + { + "control_id": "BLD-006", + "domain": "BLD", + "title": "SBOM (Software Bill of Materials) wird generiert", + "objective": "Transparenz ueber verwendete Komponenten", + "check_target": "system", + "evidence": [ + "sbom_output", + "ci_config" + ], + "automation": "medium" + }, + { + "control_id": "BLD-007", + "domain": "BLD", + "title": "Deployment nur ueber autorisierte Pipeline", + "objective": "Verhindert manuelle, unkontrollierte Deployments", + "check_target": "system", + "evidence": [ + "ci_config", + "access_control" + ], + "automation": "medium" + }, + { + "control_id": "BLD-008", + "domain": "BLD", + "title": "Rollback-Prozedur fuer Deployments definiert und getestet", + "objective": "Ermoeglicht schnelle Recovery", + "check_target": "process", + "evidence": [ + "runbook", + "deployment_doc" + ], + "automation": "low" + }, + { + "control_id": "BLD-009", + "domain": "BLD", + "title": "Code-Review vor Merge in Release-Branch", + "objective": "Vier-Augen-Prinzip", + "check_target": "process", + "evidence": [ + "git_config", + "pr_policy" + ], + "automation": "medium" + }, + { + "control_id": "BLD-010", + "domain": "BLD", + "title": "Automatisierte Tests vor jedem Release", + "objective": "Sichert Qualitaet vor Auslieferung", + "check_target": "system", + "evidence": [ + "ci_config", + "test_results" + ], + "automation": "high" + }, + { + "control_id": "CRYPTO-016", + "domain": "CRYPTO", + "title": "Unsichere Betriebsmodi wie ECB werden nicht verwendet", + "objective": "Verhindert Musterlecks und schwache Verschluesselung", + "check_target": "code", + "evidence": [ + "source_code", + "crypto_config" + ], + "automation": "medium" + }, + { + "control_id": "CRYPTO-017", + "domain": "CRYPTO", + "title": "Feste IVs oder Nonces werden nicht wiederverwendet", + "objective": "Verhindert kryptographische Schwaechung", + "check_target": "code", + "evidence": [ + "source_code", + "unit_tests" + ], + "automation": "medium" + }, + { + "control_id": "CRYPTO-018", + "domain": "CRYPTO", + "title": "Klartextvergleich geheimer Werte ohne Timing-sichere Funktion", + "objective": "Verhindert Timing-Angriffe", + "check_target": "code", + "evidence": [ + "source_code" + ], + "automation": "low" + }, + { + "control_id": "CRYPTO-019", + "domain": "CRYPTO", + "title": "Schluessel im Speicher nur so lange wie erforderlich", + "objective": "Reduziert Exposition im Prozessspeicher", + "check_target": "code", + "evidence": [ + "source_code", + "code_review" + ], + "automation": "low" + }, + { + "control_id": "CRYPTO-020", + "domain": "CRYPTO", + "title": "Kryptographische Fehler fuehren nicht zu stillen Fallbacks", + "objective": "Verhindert unbemerkte Deaktivierung von Sicherheit", + "check_target": "code", + "evidence": [ + "source_code", + "unit_tests" + ], + "automation": "medium" + }, + { + "control_id": "AUTH-001", + "domain": "AUTH", + "title": "Admin-Schnittstellen erfordern starke Authentifizierung", + "objective": "Verhindert unbefugten Zugriff", + "check_target": "code", + "evidence": [ + "source_code", + "route_config" + ], + "automation": "high" + }, + { + "control_id": "AUTH-002", + "domain": "AUTH", + "title": "Standardpasswoerter in Produktivpfaden ausgeschlossen", + "objective": "Verhindert triviale Kompromittierung", + "check_target": "code", + "evidence": [ + "source_code", + "secret_scan" + ], + "automation": "high" + }, + { + "control_id": "AUTH-003", + "domain": "AUTH", + "title": "Fehlgeschlagene Anmeldeversuche begrenzt oder verzoegert", + "objective": "Erschwert Brute-Force", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "AUTH-004", + "domain": "AUTH", + "title": "Rollen explizit modelliert, nicht aus UI abgeleitet", + "objective": "Verhindert Autorisierungsfehler", + "check_target": "code", + "evidence": [ + "source_code", + "policy_definitions" + ], + "automation": "medium" + }, + { + "control_id": "AUTH-005", + "domain": "AUTH", + "title": "Privilegierte Aktionen erfordern serverseitige Pruefung", + "objective": "Verhindert Umgehung clientseitiger Schutz", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "high" + }, + { + "control_id": "AUTH-006", + "domain": "AUTH", + "title": "Autorisierung zentral implementiert", + "objective": "Reduziert Inkonsistenzen", + "check_target": "code", + "evidence": [ + "source_code", + "architecture_doc" + ], + "automation": "medium" + }, + { + "control_id": "AUTH-007", + "domain": "AUTH", + "title": "Service-zu-Service Auth ohne eingebettete Credentials", + "objective": "Verhindert Missbrauch statischer Geheimnisse", + "check_target": "code", + "evidence": [ + "source_code", + "secret_scan" + ], + "automation": "high" + }, + { + "control_id": "AUTH-008", + "domain": "AUTH", + "title": "Deaktivierte Nutzer/Geraete koennen nicht mehr authentifizieren", + "objective": "Wirksame Entzug von Zugriffsrechten", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "AUTH-009", + "domain": "AUTH", + "title": "MFA fuer besonders privilegierte Zugaenge", + "objective": "Erhoehter Schutz Hochrisiko-Funktionen", + "check_target": "code", + "evidence": [ + "source_code", + "auth_config" + ], + "automation": "medium" + }, + { + "control_id": "AUTH-010", + "domain": "AUTH", + "title": "Token auf Ablauf und Integritaet geprueft", + "objective": "Verhindert manipuliertes Auth-Material", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "high" + }, + { + "control_id": "AUTH-011", + "domain": "AUTH", + "title": "Autorisierung basiert auf Serverzustand, nicht Client-Rollen", + "objective": "Verhindert Privilege Escalation", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "high" + }, + { + "control_id": "AUTH-012", + "domain": "AUTH", + "title": "Admin-Funktionen logisch von Transaktionsfunktionen getrennt", + "objective": "Reduziert Angriffsflaeche", + "check_target": "architecture", + "evidence": [ + "source_code", + "route_maps" + ], + "automation": "medium" + }, + { + "control_id": "AUTH-013", + "domain": "AUTH", + "title": "Authentifizierungsereignisse werden protokolliert", + "objective": "Nachvollziehbarkeit", + "check_target": "code", + "evidence": [ + "source_code", + "audit_log_sample" + ], + "automation": "medium" + }, + { + "control_id": "AUTH-014", + "domain": "AUTH", + "title": "Passwort-Reset umgeht keine Autorisierungsschranken", + "objective": "Verhindert Missbrauch Recovery-Flows", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "AUTH-015", + "domain": "AUTH", + "title": "Maschinen- und Personenidentitaeten getrennt verwaltet", + "objective": "Verhindert Vermischung", + "check_target": "config", + "evidence": [ + "iam_config", + "architecture_doc" + ], + "automation": "low" + }, + { + "control_id": "AUTH-016", + "domain": "AUTH", + "title": "Cross-Tenant-Zugriffe geschuetzt", + "objective": "Verhindert Zugriff auf fremde Mandanten", + "check_target": "code", + "evidence": [ + "source_code", + "tenant_tests" + ], + "automation": "medium" + }, + { + "control_id": "AUTH-017", + "domain": "AUTH", + "title": "Berechtigungsfehler liefern generische Meldungen", + "objective": "Reduziert Informationsleckage", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "high" + }, + { + "control_id": "AUTH-018", + "domain": "AUTH", + "title": "Autorisierungsregeln durch Tests abgedeckt", + "objective": "Beweisbarkeit der Zugriffskontrollen", + "check_target": "test", + "evidence": [ + "unit_test", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "AUTH-019", + "domain": "AUTH", + "title": "Fallback-Modi umgehen keine Authentifizierung", + "objective": "Verhindert Sicherheitsverlust in Ausnahmezustaenden", + "check_target": "code", + "evidence": [ + "source_code", + "error_mode_tests" + ], + "automation": "low" + }, + { + "control_id": "AUTH-020", + "domain": "AUTH", + "title": "Temporaere Berechtigungen verfallen automatisch", + "objective": "Reduziert dauerhafte Ueberprivilegierung", + "check_target": "code", + "evidence": [ + "source_code", + "policy_definitions" + ], + "automation": "low" + }, + { + "control_id": "SESSION-001", + "domain": "SESSION", + "title": "Sitzungstoken werden nicht im Klartext geloggt", + "objective": "Verhindert Missbrauch gestohlener Sitzungen", + "check_target": "code", + "evidence": [ + "source_code", + "log_output" + ], + "automation": "high" + }, + { + "control_id": "SESSION-002", + "domain": "SESSION", + "title": "Sitzungs-IDs ausreichend zufaellig", + "objective": "Verhindert Session Guessing", + "check_target": "code", + "evidence": [ + "source_code", + "auth_config" + ], + "automation": "medium" + }, + { + "control_id": "SESSION-003", + "domain": "SESSION", + "title": "Sessions verfallen nach Inaktivitaet", + "objective": "Begrenzt Missbrauch", + "check_target": "config", + "evidence": [ + "session_config", + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "SESSION-004", + "domain": "SESSION", + "title": "Sessions nach Rollenwechsel rotiert", + "objective": "Verhindert Session Fixation", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "SESSION-005", + "domain": "SESSION", + "title": "Logout invalidiert serverseitig alle Token", + "objective": "Verhindert weitere Nutzung nach Logout", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "SESSION-006", + "domain": "SESSION", + "title": "Cookies mit Secure und HttpOnly Attributen", + "objective": "Reduziert Diebstahl ueber unsichere Kanaele", + "check_target": "config", + "evidence": [ + "http_config", + "integration_test" + ], + "automation": "high" + }, + { + "control_id": "SESSION-007", + "domain": "SESSION", + "title": "SameSite-Richtlinien explizit gesetzt", + "objective": "Reduziert CSRF-Angriffe", + "check_target": "config", + "evidence": [ + "http_config", + "integration_test" + ], + "automation": "high" + }, + { + "control_id": "SESSION-008", + "domain": "SESSION", + "title": "Token-Pruefung validiert Audience, Issuer, Gueltigkeit", + "objective": "Verhindert Akzeptanz fremder Token", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "high" + }, + { + "control_id": "SESSION-009", + "domain": "SESSION", + "title": "Geraete-Sessions eindeutig einer Instanz zugeordnet", + "objective": "Verhindert Sitzungsuebernahme", + "check_target": "code", + "evidence": [ + "source_code", + "device_registry" + ], + "automation": "medium" + }, + { + "control_id": "SESSION-010", + "domain": "SESSION", + "title": "Sitzungsspeicher trennt Mandanten zuverlaessig", + "objective": "Verhindert Cross-Tenant Missbrauch", + "check_target": "architecture", + "evidence": [ + "session_config", + "architecture_doc" + ], + "automation": "low" + }, + { + "control_id": "KEYMGMT-001", + "domain": "KEYMGMT", + "title": "Schluessel ausserhalb des Quellcodes erzeugt und verwaltet", + "objective": "Verhindert Offenlegung durch Codezugriff", + "check_target": "code", + "evidence": [ + "source_code", + "secret_scan" + ], + "automation": "high" + }, + { + "control_id": "KEYMGMT-002", + "domain": "KEYMGMT", + "title": "Produktions- und Testschluessel strikt getrennt", + "objective": "Verhindert unsichere Testkonfigurationen in Produktion", + "check_target": "config", + "evidence": [ + "config", + "deployment_config" + ], + "automation": "medium" + }, + { + "control_id": "KEYMGMT-003", + "domain": "KEYMGMT", + "title": "Schluesselrotation technisch vorgesehen", + "objective": "Begrenzt Auswirkungen kompromittierter Schluessel", + "check_target": "system", + "evidence": [ + "key_rotation_jobs", + "source_code" + ], + "automation": "low" + }, + { + "control_id": "KEYMGMT-004", + "domain": "KEYMGMT", + "title": "Abgelaufene Schluessel werden nicht mehr akzeptiert", + "objective": "Verhindert Nutzung veralteten Materials", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "KEYMGMT-005", + "domain": "KEYMGMT", + "title": "Schluesselzugriffe rollenbasiert und protokolliert", + "objective": "Nachvollziehbarkeit", + "check_target": "system", + "evidence": [ + "iam_config", + "audit_log_sample" + ], + "automation": "low" + }, + { + "control_id": "KEYMGMT-006", + "domain": "KEYMGMT", + "title": "Schluessel nicht zwischen Komponenten unnoetig repliziert", + "objective": "Reduziert Verbreitung", + "check_target": "architecture", + "evidence": [ + "architecture_doc", + "source_code" + ], + "automation": "low" + }, + { + "control_id": "KEYMGMT-007", + "domain": "KEYMGMT", + "title": "Kompromittierte Schluessel koennen deaktiviert werden", + "objective": "Wirksame Reaktion auf Vorfaelle", + "check_target": "system", + "evidence": [ + "key_registry", + "incident_runbook" + ], + "automation": "low" + }, + { + "control_id": "KEYMGMT-008", + "domain": "KEYMGMT", + "title": "Terminal-Geraete nutzen eindeutiges Schluesselmaterial", + "objective": "Verhindert laterale Ausbreitung", + "check_target": "architecture", + "evidence": [ + "provisioning_docs", + "device_inventory" + ], + "automation": "low" + }, + { + "control_id": "KEYMGMT-009", + "domain": "KEYMGMT", + "title": "Schluessel nicht in Client-/Frontend-Artefakte eingebettet", + "objective": "Verhindert Extraktion", + "check_target": "build", + "evidence": [ + "artifact_scan", + "secret_scan" + ], + "automation": "high" + }, + { + "control_id": "KEYMGMT-010", + "domain": "KEYMGMT", + "title": "Schluessellebenszyklen versioniert und dokumentiert", + "objective": "Belastbare Pruef- und Rotationsnachweise", + "check_target": "process", + "evidence": [ + "key_registry", + "audit_log_sample" + ], + "automation": "low" + }, + { + "control_id": "DEVICE-001", + "domain": "DEVICE", + "title": "Geraeteidentitaeten eindeutig und nicht wiederverwendbar", + "objective": "Klare Zuordnung", + "check_target": "system", + "evidence": [ + "device_registry", + "provisioning_logic" + ], + "automation": "medium" + }, + { + "control_id": "DEVICE-002", + "domain": "DEVICE", + "title": "Unregistrierte Geraete koennen keine Verbindung aufbauen", + "objective": "Verhindert unautorisierte Hardware", + "check_target": "code", + "evidence": [ + "source_code", + "device_registry" + ], + "automation": "medium" + }, + { + "control_id": "DEVICE-003", + "domain": "DEVICE", + "title": "Provisioning prueft Identitaet und Sicherheitszustand", + "objective": "Verhindert Aufnahme kompromittierter Geraete", + "check_target": "system", + "evidence": [ + "provisioning_workflows", + "source_code" + ], + "automation": "low" + }, + { + "control_id": "DEVICE-004", + "domain": "DEVICE", + "title": "Geraetekonfigurationen versioniert und geschuetzt", + "objective": "Integritaet betrieblicher Einstellungen", + "check_target": "system", + "evidence": [ + "config_registry", + "audit_log_sample" + ], + "automation": "low" + }, + { + "control_id": "DEVICE-005", + "domain": "DEVICE", + "title": "Geraete-IDs serverseitig validiert", + "objective": "Verhindert Spoofing", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "DEVICE-006", + "domain": "DEVICE", + "title": "Tamper-Events systemseitig ausgewertet", + "objective": "Reaktion auf physische Eingriffe", + "check_target": "system", + "evidence": [ + "event_handlers", + "monitoring_rules" + ], + "automation": "low" + }, + { + "control_id": "DEVICE-007", + "domain": "DEVICE", + "title": "Geraetewechsel fuehrt zu Neuvalidierung", + "objective": "Verhindert Uebernahme alter Vertrauensstellungen", + "check_target": "process", + "evidence": [ + "provisioning_docs", + "device_registry" + ], + "automation": "low" + }, + { + "control_id": "DEVICE-008", + "domain": "DEVICE", + "title": "Geraete melden Zustandsaenderungen an Backend", + "objective": "Zentrale Sichtbarkeit", + "check_target": "system", + "evidence": [ + "source_code", + "message_schema" + ], + "automation": "medium" + }, + { + "control_id": "DEVICE-009", + "domain": "DEVICE", + "title": "Nicht vertrauenswuerdiger Zustand blockiert Kommunikation", + "objective": "Verhindert Betrieb kompromittierter Geraete", + "check_target": "code", + "evidence": [ + "source_code", + "tamper_tests" + ], + "automation": "low" + }, + { + "control_id": "DEVICE-010", + "domain": "DEVICE", + "title": "Zustandsuebergaenge explizit modelliert und getestet", + "objective": "Verhindert inkonsistente Betriebszustaende", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "medium" + }, + { + "control_id": "DEVICE-011", + "domain": "DEVICE", + "title": "Fehlzustaende fuehren zu definierten Safe States", + "objective": "Verhindert unsicheren Weiterbetrieb", + "check_target": "code", + "evidence": [ + "source_code", + "error_mode_tests" + ], + "automation": "medium" + }, + { + "control_id": "DEVICE-012", + "domain": "DEVICE", + "title": "Diagnose-/Wartungsmodi getrennt und zugriffsbeschraenkt", + "objective": "Reduziert Missbrauch", + "check_target": "code", + "evidence": [ + "source_code", + "auth_config" + ], + "automation": "low" + }, + { + "control_id": "DEVICE-013", + "domain": "DEVICE", + "title": "Sicherheitsflags nicht unautorisiert ruecksetzbar", + "objective": "Verhindert Umgehung kritischer Schutzmechanismen", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "low" + }, + { + "control_id": "DEVICE-014", + "domain": "DEVICE", + "title": "Geraete-Registrierung und -Deregistrierung auditierbar", + "objective": "Nachvollziehbarkeit Geraetebestand", + "check_target": "system", + "evidence": [ + "audit_log_sample", + "device_registry" + ], + "automation": "low" + }, + { + "control_id": "DEVICE-015", + "domain": "DEVICE", + "title": "Offlinemodus funktional und sicherheitlich klar begrenzt", + "objective": "Verhindert unkontrollierte Zustaende", + "check_target": "code", + "evidence": [ + "source_code", + "offline_tests" + ], + "automation": "low" + }, + { + "control_id": "TRANS-001", + "domain": "TRANS", + "title": "Transaktionsstatus als explizite Zustandsmaschine modelliert", + "objective": "Verhindert ungueltige Statusuebergaenge", + "check_target": "code", + "evidence": [ + "source_code", + "state_machine_tests" + ], + "automation": "medium" + }, + { + "control_id": "TRANS-002", + "domain": "TRANS", + "title": "Nur definierte Statusuebergaenge technisch zulaessig", + "objective": "Verhindert inkonsistente Verlaeufe", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "TRANS-003", + "domain": "TRANS", + "title": "Abgebrochene Transaktionen konsistent zurueckgerollt", + "objective": "Verhindert schwebende Zustaende", + "check_target": "system", + "evidence": [ + "integration_test", + "error_mode_tests" + ], + "automation": "medium" + }, + { + "control_id": "TRANS-004", + "domain": "TRANS", + "title": "Asynchrone Rueckmeldungen korrekt zugeordnet", + "objective": "Verhindert Vermischung paralleler Ablaeufe", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "TRANS-005", + "domain": "TRANS", + "title": "Doppelte Nachrichten erkannt und sicher behandelt", + "objective": "Verhindert Mehrfachverarbeitung", + "check_target": "code", + "evidence": [ + "source_code", + "integration_test" + ], + "automation": "medium" + }, + { + "control_id": "TRANS-006", + "domain": "TRANS", + "title": "Unvollstaendige Transaktionen periodisch erkannt", + "objective": "Kontrollierte Bereinigung", + "check_target": "system", + "evidence": [ + "scheduler_jobs", + "source_code" + ], + "automation": "low" + }, + { + "control_id": "TRANS-007", + "domain": "TRANS", + "title": "Fehlende Antworten erzeugen keinen stillen Erfolg", + "objective": "Verhindert irreführende Erfolgsmeldungen", + "check_target": "code", + "evidence": [ + "source_code", + "timeout_tests" + ], + "automation": "high" + }, + { + "control_id": "TRANS-008", + "domain": "TRANS", + "title": "Stornierungen an berechtigte Rollen gebunden", + "objective": "Verhindert unautorisierte Manipulation", + "check_target": "code", + "evidence": [ + "source_code", + "authorization_tests" + ], + "automation": "medium" + }, + { + "control_id": "TRANS-009", + "domain": "TRANS", + "title": "Race Conditions durch Sperrmechanismen reduziert", + "objective": "Verhindert konkurrierende Verarbeitung", + "check_target": "code", + "evidence": [ + "source_code", + "concurrency_tests" + ], + "automation": "low" + }, + { + "control_id": "TRANS-010", + "domain": "TRANS", + "title": "Betragsrelevante Felder gegen Rundungsfehler abgesichert", + "objective": "Verhindert finanzielle Abweichungen", + "check_target": "code", + "evidence": [ + "source_code", + "unit_test" + ], + "automation": "medium" + }, + { + "control_id": "DATA-001", + "domain": "DATA", + "title": "Sensitive Daten nur bei fachlicher Erforderlichkeit verarbeitet", + "objective": "Reduziert unnoetige Exposition", + "check_target": "architecture", + "evidence": [ + "data_flow_docs", + "source_code" + ], + "automation": "low" + }, + { + "control_id": "DATA-002", + "domain": "DATA", + "title": "Felder mit erhoehtem Schutzbedarf im Code identifizierbar", + "objective": "Erleichtert gezielte Schutzmassnahmen", + "check_target": "code", + "evidence": [ + "source_code", + "data_catalog" + ], + "automation": "medium" + }, + { + "control_id": "DATA-003", + "domain": "DATA", + "title": "Persistierte Daten auf notwendige Felder minimiert", + "objective": "Verhindert unnoetige Speicherung", + "check_target": "database", + "evidence": [ + "db_schema", + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "DATA-004", + "domain": "DATA", + "title": "Testdaten enthalten keine produktiven Zahlungsdaten", + "objective": "Verhindert Offenlegung in Testumgebungen", + "check_target": "process", + "evidence": [ + "test_fixtures", + "secret_scan" + ], + "automation": "medium" + }, + { + "control_id": "DATA-005", + "domain": "DATA", + "title": "Sensitive Daten in Telemetrie/Tracing nicht offengelegt", + "objective": "Verhindert Abfluss ueber Observability", + "check_target": "code", + "evidence": [ + "source_code", + "telemetry_config" + ], + "automation": "medium" + }, + { + "control_id": "DATA-006", + "domain": "DATA", + "title": "Export-/Reporting-Pfade geben Daten nur maskiert aus", + "objective": "Verhindert Abfluss ueber Nebenausgaben", + "check_target": "code", + "evidence": [ + "source_code", + "report_samples" + ], + "automation": "medium" + }, + { + "control_id": "DATA-007", + "domain": "DATA", + "title": "Datentypen fuer zahlungsrelevante Felder begrenzt", + "objective": "Verhindert fehlerhafte Eingaben", + "check_target": "code", + "evidence": [ + "source_code", + "db_schema" + ], + "automation": "high" + }, + { + "control_id": "DATA-008", + "domain": "DATA", + "title": "Datei-Uploads vor Verarbeitung validiert", + "objective": "Verhindert Einschleusen manipulierten Inhalts", + "check_target": "code", + "evidence": [ + "source_code", + "validation_tests" + ], + "automation": "high" + }, + { + "control_id": "ERROR-001", + "domain": "ERR", + "title": "Sicherheitsrelevante Fehler nicht stillschweigend unterdrueckt", + "objective": "Verhindert verdeckte Sicherheitsverluste", + "check_target": "code", + "evidence": [ + "source_code", + "error_paths" + ], + "automation": "medium" + }, + { + "control_id": "ERROR-002", + "domain": "ERR", + "title": "Retry unterscheidet transiente von fachlichen Fehlern", + "objective": "Verhindert falsche Wiederholungen", + "check_target": "code", + "evidence": [ + "source_code", + "retry_logic" + ], + "automation": "medium" + }, + { + "control_id": "ERROR-003", + "domain": "ERR", + "title": "Fehlercodes konsistent gemappt und dokumentiert", + "objective": "Verbessert Diagnose und Audit", + "check_target": "system", + "evidence": [ + "error_mapping", + "source_code" + ], + "automation": "medium" + }, + { + "control_id": "ERROR-004", + "domain": "ERR", + "title": "Fehlerbehandlung durch Negativtests abgedeckt", + "objective": "Beweisbarkeit robuster Fehlerpfade", + "check_target": "test", + "evidence": [ + "negative_tests", + "coverage_reports" + ], + "automation": "medium" + }, + { + "control_id": "ERROR-005", + "domain": "ERR", + "title": "Dead-letter-Queues fuer asynchrone Fehlerfaelle", + "objective": "Verhindert Verlust problematischer Nachrichten", + "check_target": "system", + "evidence": [ + "queue_config", + "ops_docs" + ], + "automation": "low" + }, + { + "control_id": "REPORT-001", + "domain": "REP", + "title": "Ablehnungen und Fehler nachvollziehbar im Reporting", + "objective": "Verhindert beschoenigte Sicht", + "check_target": "system", + "evidence": [ + "report_samples", + "error_mapping" + ], + "automation": "medium" + }, + { + "control_id": "REPORT-002", + "domain": "REP", + "title": "Reportgenerierung veraendert keine Ursprungsdaten", + "objective": "Schuetzt primaeren Datenbestand", + "check_target": "code", + "evidence": [ + "source_code", + "db_permissions" + ], + "automation": "low" + }, + { + "control_id": "REPORT-003", + "domain": "REP", + "title": "Reports offenbaren nur rollenerforderliche Daten", + "objective": "Reduziert Datenabfluss", + "check_target": "code", + "evidence": [ + "authorization_tests", + "report_samples" + ], + "automation": "medium" + }, + { + "control_id": "REPORT-004", + "domain": "REP", + "title": "Reconciliation-Reports determininstisch reproduzierbar", + "objective": "Belastbare Nachweise bei Abweichungen", + "check_target": "process", + "evidence": [ + "reporting_docs", + "integration_test" + ], + "automation": "low" + }, + { + "control_id": "REPORT-005", + "domain": "REP", + "title": "Berichte beruecksichtigen Zeitzonen konsistent", + "objective": "Verhindert Abstimmungsfehler", + "check_target": "code", + "evidence": [ + "source_code", + "report_samples" + ], + "automation": "medium" + } ] -} +} \ No newline at end of file