{
 "schema_version": "obligation_registry_v1",
 "regulation": "CRA",
 "regulation_code": "CRA",
 "family": "core",
 "theme": "CORE Security Objectives (CRA Annex I als regulierungs-agnostische Sicherheitsziele)",
 "generated_by": "materialize_capabilities.py (#5b, Modell C)",
 "note": "CORE Legal Obligations = Sicherheitsziele (Modell C: KEINE eigene SecurityObjective-Klasse). DOMAIN-Obligations specializes-en hierauf. objective_tags = Vorwaerts-Kompat zu Modell B.",
 "citation_status": "pending_span_anchor",
 "obligations": [
  {
   "id": "attack_surface_minimization",
   "name": "Minimierung der Angriffsflaeche",
   "family": "core",
   "description": "Das Produkt minimiert seine Angriffsflaeche: unnoetige Funktionen/Ports/Dienste/Schnittstellen sind deaktiviert (Least Functionality).",
   "tier": "LEGAL_MINIMUM",
   "source_role": "LEGAL_BASIS",
   "applicability": "universal",
   "objective_tags": [
    "attack_surface"
   ],
   "legal_basis": [
    {
     "source": "CRA",
     "anchor": "Annex I Part I (2)(j)",
     "citation": "limit attack surfaces, including external interfaces"
    }
   ],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "CM-7 Least Functionality",
     "role": "best_practice"
    }
   ],
   "specialized_by": [
    "remote_access_attack_surface_min",
    "component_remote_interface_security"
   ],
   "primary_implementation": "NIST CM-7",
   "citation_status": "pending_span_anchor",
   "review_status": "core_from_5b"
  },
  {
   "id": "software_integrity_protection",
   "name": "Schutz der Software-/Firmware-Integritaet",
   "family": "core",
   "description": "Das Produkt schuetzt Integritaet und Authentizitaet von Software/Firmware (Manipulationserkennung, Secure Boot, Signaturpruefung, Runtime-Integritaet).",
   "tier": "LEGAL_MINIMUM",
   "source_role": "LEGAL_BASIS",
   "applicability": "universal",
   "objective_tags": [
    "integrity"
   ],
   "legal_basis": [
    {
     "source": "CRA",
     "anchor": "Annex I Part I (2)(f)",
     "citation": "protect the integrity of stored, transmitted or processed data, software and configuration"
    }
   ],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "SI-7 Software, Firmware, and Information Integrity",
     "role": "best_practice"
    }
   ],
   "specialized_by": [
    "signed_update_integrity",
    "firmware_software_authentication"
   ],
   "realized_by_capabilities": [
    "code_signing"
   ],
   "primary_implementation": "NIST SI-7",
   "citation_status": "pending_span_anchor",
   "review_status": "core_from_5b"
  }
 ],
 "relationships": []
}