breakpilot-compliance

Benjamin_Boenisch/breakpilot-compliance

Fork 0

Commit Graph

Author	SHA1	Message	Date
Benjamin Admin	4e761c1363	feat: #5b materialize capability layer (Modell C) — capabilities.json + cra_core.json User-Entscheidung Modell C + objective_tags-Safeguard (Tags, keine Klasse). Deterministisch via materialize_capabilities.py: - obligations/capabilities.json: 5 Capabilities (multi_factor_authentication/session_management/ transport_encryption/code_signing/security_monitoring_alerting), realized_by (n:m) + guidance_basis KANONISCH hochgezogen. access_control gedroppt (OVERLAP). - obligations/cra_core.json: 2 CORE-Sicherheitsziele (attack_surface_minimization (2)(j)/CM-7 + software_integrity_protection (2)(f)/SI-7) -> fuellt den #4-NIST-Gap. - DOMAIN specializes->CORE (remote_access_attack_surface_min, component_remote_interface_security, signed_update_integrity, firmware_software_authentication) + objective_tags. - Merge: vuln_remediation_patching -> deprecated_alias von provide_security_updates. - remote_access_data_export_protection bleibt BEST_PRACTICE (pending Data-Act-Scope). - join_keys 93->95 (core 2). Bidirektional validiert. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-26 00:54:23 +02:00

Author

SHA1

Message

Date

Benjamin Admin

4e761c1363

feat: #5b materialize capability layer (Modell C) — capabilities.json + cra_core.json

User-Entscheidung Modell C + objective_tags-Safeguard (Tags, keine Klasse). Deterministisch
via materialize_capabilities.py:
- obligations/capabilities.json: 5 Capabilities (multi_factor_authentication/session_management/
  transport_encryption/code_signing/security_monitoring_alerting), realized_by (n:m) +
  guidance_basis KANONISCH hochgezogen. access_control gedroppt (OVERLAP).
- obligations/cra_core.json: 2 CORE-Sicherheitsziele (attack_surface_minimization (2)(j)/CM-7 +
  software_integrity_protection (2)(f)/SI-7) -> fuellt den #4-NIST-Gap.
- DOMAIN specializes->CORE (remote_access_attack_surface_min, component_remote_interface_security,
  signed_update_integrity, firmware_software_authentication) + objective_tags.
- Merge: vuln_remediation_patching -> deprecated_alias von provide_security_updates.
- remote_access_data_export_protection bleibt BEST_PRACTICE (pending Data-Act-Scope).
- join_keys 93->95 (core 2). Bidirektional validiert.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-26 00:54:23 +02:00

1 Commits