{
 "schema_version": "obligation_registry_v1",
 "regulation": "CRA",
 "regulation_code": "CRA",
 "family": "logging",
 "theme": "Logging/Audit (CRA Annex I Part I (2)(k))",
 "generated_by": "obligation_discovery/claude-opus-4-8",
 "synthesis_version": "v1",
 "citation_status": "pending_span_anchor",
 "curation": {
  "curated_by": "obligation-registry-session 2026-06-25",
  "method": "two-stage clustering (micro 0.78 -> meta 0.62) -> Opus synthesis -> key-free review",
  "scope_controls": 2601,
  "micro_clusters": 1361,
  "review_units": 100,
  "obligations": 19,
  "tier_split": {
   "LEGAL_MINIMUM": 6,
   "BEST_PRACTICE": 13
  },
  "out_of_scope": [
   "M8 (AI-Act Hochrisiko-Ausnahmen)",
   "M5 (FRT/Domaenen-Training)",
   "M81 (PIN/domaenenspezifisch)"
  ],
  "anchor_quality": "LEGAL_MINIMUM korrekt auf CRA Annex I Part I (2)(k) verankert (echte Logging-Subsektion, mit CRA-Originalzitat) — KEIN Fehl-Anker wie im Auth-Cut. Span-genaue Anker folgen mit Re-Ingest.",
  "join_note": "ASVS V16.1.1/V16.3.3/V16.3.4 (SDK-Store, anderer Namespace als member_controls) -> event_logging_security_events (Umbrella-LM). Spezifischere Alternativen via Control-Text durch die Engine-Session."
 },
 "obligations": [
  {
   "id": "event_logging_security_events",
   "name": "Protokollierung sicherheitsrelevanter Ereignisse",
   "description": "Das Produkt protokolliert sicherheitsrelevante Ereignisse und Aktivitaeten (Zugriffe, Aenderungen, sicherheitsrelevante interne Aktivitaeten), um Nachvollziehbarkeit und Erkennung von Vorfaellen zu ermoeglichen.",
   "tier": "LEGAL_MINIMUM",
   "subdomain": "event_logging",
   "applicability": "universal",
   "evidence_facets": {
    "governance": true,
    "capability": true,
    "evidence": true
   },
   "source_role": "LEGAL_BASIS",
   "legal_basis": [
    {
     "source": "CRA",
     "anchor": "Annex I Part I (2)(k)",
     "citation": "monitor relevant internal activity, including the access to or modification of data, services or functions, where applicable, through recording and monitoring"
    }
   ],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "AU-2 Event Logging",
     "role": "best_practice"
    },
    {
     "source": "OWASP",
     "anchor": "ASVS V7 Logging",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M1",
    "M0",
    "M19",
    "M9",
    "M7",
    "M24",
    "M21",
    "M45",
    "M33",
    "M99",
    "M62"
   ],
   "member_controls": [
    "ACC-005",
    "ACC-0320-A14",
    "ACC-0320-A15",
    "ACC-086",
    "ACC-086-A03",
    "ACC-086-A04",
    "ACC-086-A05",
    "ACC-086-A07",
    "ACC-086-A11",
    "ACC-086-A16",
    "ACC-086-A17",
    "ACC-086-A19",
    "ACC-086-A23",
    "ACC-086-A24",
    "ACC-089-A09",
    "ACC-089-A16",
    "ACC-175-A06",
    "ACC-175-A15",
    "ACC-188-A11",
    "ACC-188-A22",
    "ACC-188-A41",
    "ACC-188-A54",
    "ACC-189-A11",
    "ACC-189-A24",
    "ACC-189-A50",
    "ACC-189-A63",
    "ACC-195-A09",
    "ACC-195-A19",
    "ACC-195-A31",
    "ACC-195-A41",
    "ACC-195-A50",
    "ACC-199-A11",
    "ACC-199-A22",
    "ACC-199-A44",
    "ACC-199-A55",
    "ACC-210-A13",
    "ACC-210-A20",
    "ACC-210-A27",
    "ACC-210-A34",
    "ACC-470-A15",
    "ACC-474-A11",
    "ACC-476-A08",
    "ACC-487-A01",
    "ACC-499-A07",
    "ACC-512-A10",
    "ACC-533-A10",
    "ACC-578-A08",
    "ACC-584-A06",
    "ACC-584-A12",
    "ACC-598-A05",
    "ACC-612-A08",
    "ACC-623-A09",
    "ACC-631-A09",
    "ACC-642-A06",
    "ACC-642-A07",
    "ACC-659",
    "ACC-686-A03",
    "ACC-686-A06",
    "ACC-686-A07",
    "ACC-695-A05",
    "ACC-734",
    "ACC-735",
    "ACC-746-A07",
    "ACC-757-A01",
    "ACC-762-A04",
    "ACL-002-A02",
    "ACL-002-A04",
    "ACL-002-A06",
    "ACL-002-A08",
    "AI-031-A19",
    "AI-099-A29",
    "AI-1241-A10",
    "AI-1254-A02",
    "AI-1389-A08",
    "AI-1390-A05",
    "AI-1392-A07",
    "AI-1434-A06",
    "AI-1559-A08",
    "AI-1597-A01",
    "AI-1602-A02",
    "AI-1602-A05",
    "AI-1624-A04",
    "AI-594-A11",
    "AI-648-A09",
    "AI-684-A12",
    "AI-760-A40",
    "AI-942-A56",
    "AI-942-A68",
    "AI-951-A37",
    "API-005",
    "AUD-001",
    "AUTH-079-A28",
    "AUTH-1048-A71",
    "AUTH-1061-A19",
    "AUTH-1061-A77",
    "AUTH-1102-A14",
    "AUTH-1279-A04",
    "AUTH-1290",
    "AUTH-1303-A08",
    "AUTH-1312-A03",
    "AUTH-1441-A12",
    "AUTH-1443-A03",
    "AUTH-1443-A07",
    "AUTH-1448-A01",
    "AUTH-1455",
    "AUTH-1455-A07",
    "AUTH-1466-A09",
    "AUTH-148-A05",
    "AUTH-1514-A12",
    "AUTH-1525-A04",
    "AUTH-1530-A07",
    "AUTH-1538",
    "AUTH-1538-A10",
    "AUTH-1555-A04",
    "AUTH-1559",
    "AUTH-1561-A01",
    "AUTH-1561-A02",
    "AUTH-1563-A04",
    "AUTH-1589-A10",
    "AUTH-1668-A09",
    "AUTH-1669-A10",
    "AUTH-1682-A08",
    "AUTH-1699-A07",
    "AUTH-1705-A12",
    "AUTH-1723-A01",
    "AUTH-1723-A09",
    "AUTH-1818-A11",
    "AUTH-1834-A06",
    "AUTH-1862-A09",
    "AUTH-1886-A09",
    "AUTH-2406",
    "AUTH-2415",
    "AUTH-2415-A03",
    "AUTH-2415-A07",
    "AUTH-2415-A08",
    "AUTH-2415-A13",
    "AUTH-2419-A06",
    "AUTH-2448-A10",
    "AUTH-2466-A04",
    "AUTH-2544-A05",
    "AUTH-2544-A10",
    "AUTH-2546-A03",
    "AUTH-2547",
    "AUTH-2547-A02",
    "AUTH-2550-A13",
    "AUTH-2593-A08",
    "AUTH-2650-A05",
    "AUTH-2650-A11",
    "AUTH-2734-A07",
    "AUTH-2784-A06",
    "AUTH-2785-A04",
    "AUTH-2798",
    "AUTH-2798-A07",
    "AUTH-2809-A08",
    "AUTH-2830-A07",
    "AUTH-2836-A07",
    "AUTH-2840-A01",
    "AUTH-2840-A03",
    "AUTH-2840-A05",
    "AUTH-2840-A06",
    "AUTH-2855-A06",
    "AUTH-2870-A08",
    "AUTH-2879-A06",
    "AUTH-2879-A11",
    "AUTH-2881-A07",
    "AUTH-2903-A01",
    "AUTH-2903-A10",
    "AUTH-2905-A05",
    "AUTH-2919",
    "AUTH-2919-A08",
    "AUTH-2919-A09",
    "AUTH-2919-A10",
    "AUTH-2941-A01",
    "AUTH-2941-A02",
    "AUTH-2941-A03",
    "AUTH-2947-A01",
    "AUTH-2950-A08",
    "AUTH-2965-A03",
    "AUTH-2970-A06",
    "AUTH-3016-A10",
    "AUTH-3025",
    "AUTH-3025-A13",
    "AUTH-3089-A08",
    "AUTH-3171-A10",
    "AUTH-3199-A04",
    "AUTH-3228-A04",
    "AUTH-3246-A03",
    "AUTH-3246-A11",
    "AUTH-3252-A04",
    "AUTH-3252-A07",
    "AUTH-3296-A01",
    "AUTH-3338-A17",
    "AUTH-3430-A12",
    "AUTH-3452-A07",
    "AUTH-3478-A08",
    "AUTH-3595-A05",
    "AUTH-3595-A11",
    "AUTH-3665-A01",
    "AUTH-3683",
    "AUTH-3686-A05",
    "AUTH-3687-A02",
    "AUTH-3687-A07",
    "AUTH-3689",
    "AUTH-3715-A11",
    "AUTH-3887-A05",
    "AUTH-3904",
    "AUTH-3917-A09",
    "AUTH-3917-A13",
    "AUTH-3918",
    "AUTH-3930-A11",
    "AUTH-3936-A17",
    "AUTH-4032-A07",
    "AUTH-4045",
    "AUTH-4045-A01",
    "AUTH-4045-A04",
    "AUTH-4049-A02",
    "AUTH-4075-A03",
    "AUTH-4095-A05",
    "AUTH-4095-A09",
    "AUTH-455",
    "AUTH-523",
    "AUTH-523-A04",
    "AUTH-535",
    "AUTH-535-A04",
    "AUTH-552",
    "AUTH-552-A01",
    "AUTH-552-A03",
    "AUTH-552-A04",
    "AUTH-552-A07",
    "AUTH-552-A08",
    "AUTH-552-A09",
    "AUTH-552-A13",
    "AUTH-595-A09",
    "AUTH-616-A08",
    "AUTH-633-A11",
    "AUTH-639-A07",
    "AUTH-656",
    "AUTH-656-A01",
    "AUTH-656-A02",
    "AUTH-656-A03",
    "AUTH-656-A04",
    "AUTH-656-A05",
    "AUTH-656-A06",
    "AUTH-656-A07",
    "AUTH-656-A08",
    "AUTH-656-A09",
    "AUTH-656-A10",
    "AUTH-656-A12",
    "AUTH-656-A13",
    "AUTH-656-A14",
    "AUTH-656-A15",
    "AUTH-656-A16",
    "AUTH-656-A17",
    "AUTH-656-A18",
    "AUTH-656-A23",
    "AUTH-656-A24",
    "AUTH-656-A26",
    "AUTH-656-A27",
    "AUTH-660-A12",
    "AUTH-663",
    "AUTH-663-A01",
    "AUTH-663-A07",
    "AUTH-678-A06",
    "AUTH-734-A04",
    "AUTH-760-A03",
    "AUTH-785",
    "AUTH-856-A04",
    "AUTH-856-A15",
    "AUTH-856-A26",
    "AUTH-856-A37",
    "AUTH-856-A48",
    "AUTH-902-A03",
    "AUTH-947-A38",
    "BIO-009-A03",
    "CLG-001",
    "CLG-001-A02",
    "CLG-001-A06",
    "COMP-1053-A04",
    "COMP-1053-A08",
    "COMP-1103-A05",
    "COMP-1103-A09",
    "COMP-1103-A14",
    "COMP-1150-A05",
    "COMP-1150-A08",
    "COMP-1150-A11",
    "COMP-116-A09",
    "COMP-116-A18",
    "COMP-1231-A28",
    "COMP-1247-A02",
    "COMP-1247-A10",
    "COMP-1247-A18",
    "COMP-1247-A26",
    "COMP-1247-A34",
    "COMP-1247-A42",
    "COMP-1249-A04",
    "COMP-1249-A11",
    "COMP-1249-A24",
    "COMP-1249-A29",
    "COMP-1249-A37",
    "COMP-1249-A47",
    "COMP-1249-A52",
    "COMP-1249-A64",
    "COMP-1249-A71",
    "COMP-178-A08",
    "COMP-178-A19",
    "COMP-1891-A04",
    "COMP-1891-A08",
    "COMP-1919-A13",
    "COMP-1936-A07",
    "COMP-196-A05",
    "COMP-2128",
    "COMP-2128-A06",
    "COMP-2724-A03",
    "COMP-2734",
    "COMP-2734-A04",
    "COMP-2734-A05",
    "COMP-2734-A09",
    "COMP-2734-A11",
    "COMP-2752",
    "COMP-2752-A01",
    "COMP-2752-A02",
    "COMP-2752-A03",
    "COMP-2752-A04",
    "COMP-2765-A10",
    "COMP-2775",
    "COMP-2775-A05",
    "COMP-2778-A02",
    "COMP-2780-A05",
    "COMP-2780-A14",
    "COMP-3280-A01",
    "COMP-3292-A02",
    "COMP-3297-A04",
    "COMP-3301-A08",
    "COMP-3304",
    "COMP-3306",
    "COMP-3306-A07",
    "COMP-3306-A08",
    "COMP-3309",
    "COMP-3309-A04",
    "COMP-3309-A07",
    "COMP-3312-A05",
    "COMP-3318",
    "COMP-3322-A01",
    "COMP-3322-A02",
    "COMP-3322-A08",
    "COMP-3322-A10",
    "COMP-3324-A06",
    "COMP-3326-A01",
    "COMP-3326-A05",
    "COMP-3326-A06",
    "COMP-3326-A07",
    "COMP-3326-A12",
    "COMP-3326-A14",
    "COMP-3327",
    "COMP-3327-A03",
    "COMP-3327-A06",
    "COMP-3332",
    "COMP-3339",
    "COMP-3339-A03",
    "COMP-3339-A06",
    "COMP-3339-A08",
    "COMP-3343-A01",
    "COMP-3362",
    "COMP-3362-A01",
    "COMP-3378-A08",
    "COMP-3429",
    "COMP-3436-A09",
    "COMP-3449-A01",
    "COMP-3521-A05",
    "COMP-356-A06",
    "COMP-3696-A06",
    "COMP-3733",
    "COMP-3733-A08",
    "COMP-3733-A09",
    "COMP-3739-A03",
    "COMP-3983-A05",
    "COMP-4009-A03",
    "COMP-4058",
    "COMP-4058-A07",
    "COMP-4059",
    "COMP-4059-A01",
    "COMP-4059-A02",
    "COMP-4059-A11",
    "COMP-4088",
    "COMP-4088-A11",
    "COMP-4088-A12",
    "COMP-714-A06",
    "COMP-786-A06",
    "COMP-786-A11",
    "COMP-786-A20",
    "COMP-786-A25",
    "COMP-911",
    "COMP-911-A02",
    "COMP-911-A04",
    "CRA-006",
    "CRA-006-A03",
    "CRA-006-A04",
    "CRYP-1014-A07",
    "CRYP-1043-A09",
    "CRYP-1044-A13",
    "CRYP-1063-A10",
    "CRYP-1079-A10",
    "CRYP-1106-A11",
    "CRYP-1111-A11",
    "CRYP-1160-A05",
    "CRYP-1179-A05",
    "CRYP-118-A11",
    "CRYP-1247",
    "CRYP-1247-A01",
    "CRYP-1252-A06",
    "CRYP-1451-A05",
    "CRYP-1477-A09",
    "CRYP-1725-A04",
    "CRYP-1787-A06",
    "CRYP-1814-A14",
    "CRYP-1855",
    "CRYP-1855-A01",
    "CRYP-186-A10",
    "CRYP-186-A21",
    "CRYP-1881-A04",
    "CRYP-1881-A12",
    "CRYP-1889-A09",
    "CRYP-1892-A11",
    "CRYP-190-A10",
    "CRYP-1907-A05",
    "CRYP-1907-A09",
    "CRYP-1910-A10",
    "CRYP-1968-A18",
    "CRYP-2036-A11",
    "CRYP-2158-A11",
    "CRYP-2168-A08",
    "CRYP-225-A06",
    "CRYP-2282-A06",
    "CRYP-2330-A04",
    "CRYP-2330-A09",
    "CRYP-285-A03",
    "CRYP-376-A09",
    "CRYP-389-A13",
    "CRYP-630-A06",
    "CRYP-781-A07",
    "CRYP-827-A08",
    "CRYP-867-A09",
    "CRYP-957-A11",
    "DATA-002-A09",
    "DATA-099-A08",
    "DATA-1135-A08",
    "DATA-1163-A11",
    "DATA-1191-A14",
    "DATA-1230-A08",
    "DATA-1235-A11",
    "DATA-1237-A05",
    "DATA-1240-A13",
    "DATA-1247-A07",
    "DATA-1253-A08",
    "DATA-1257",
    "DATA-1273-A02",
    "DATA-1273-A10",
    "DATA-137-A21",
    "DATA-1461",
    "DATA-1490-A06",
    "DATA-1517-A06",
    "DATA-1745",
    "DATA-1851-A05",
    "DATA-1945-A17",
    "DATA-2014-A10",
    "DATA-2017-A04",
    "DATA-2057-A09",
    "DATA-2057-A19",
    "DATA-2190-A08",
    "DATA-2223-A01",
    "DATA-2309-A05",
    "DATA-2430-A06",
    "DATA-2516-A05",
    "DATA-2585-A08",
    "DATA-2695-A02",
    "DATA-2703-A06",
    "DATA-2724-A08",
    "DATA-3026-A05",
    "DATA-3026-A10",
    "DATA-3034-A08",
    "DATA-3240-A11",
    "DATA-3250-A06",
    "DATA-3326-A14",
    "DATA-3402",
    "DATA-3437-A12",
    "DATA-3556-A09",
    "DATA-3961-A07",
    "DATA-4138-A11",
    "DATA-4242-A07",
    "DATA-4277-A07",
    "DATA-4294-A10",
    "DATA-4300-A02",
    "DATA-4300-A09",
    "DATA-4303-A10",
    "DATA-4335-A05",
    "DATA-4418-A12",
    "DATA-4633-A07",
    "DATA-4669",
    "DATA-4669-A01",
    "DATA-4669-A04",
    "DATA-4683-A05",
    "DATA-4689-A02",
    "DATA-652",
    "DATA-652-A06",
    "DATA-652-A16",
    "DATA-680",
    "DATA-716-A01",
    "DATA-716-A02",
    "DATA-716-A03",
    "DATA-716-A04",
    "DATA-735-A03",
    "DATA-735-A04",
    "DATA-827-A04",
    "DATA-827-A05",
    "DATA-852-A03",
    "DATA-852-A12",
    "DATA-917-A02",
    "DATA-917-A03",
    "DATA-917-A05",
    "DATA-917-A06",
    "DATA-917-A08",
    "DATA-917-A10",
    "DATA-917-A11",
    "DATA-947-A06",
    "DATA-947-A11",
    "DATA-947-A15",
    "DATA-947-A20",
    "DATA-969-A02",
    "DATA-969-A09",
    "DOC-010-A01",
    "DOC-010-A03",
    "DOC-010-A07",
    "FIN-1094-A01",
    "FIN-298-A21",
    "FIN-696-A11",
    "FRD-006",
    "GLM-001",
    "GLM-001-A02",
    "GLM-001-A04",
    "GLM-001-A06",
    "GOV-0683-A04",
    "GOV-0683-A10",
    "GOV-0686-A04",
    "GOV-0686-A10",
    "GOV-0697-A01",
    "GOV-0697-A03",
    "GOV-1045-A04",
    "GOV-1195-A02",
    "GOV-1213-A09",
    "GOV-1398-A12",
    "GOV-1439-A10",
    "GOV-2435-A10",
    "GOV-2868-A12",
    "GOV-3061-A09",
    "GOV-3175-A03",
    "GOV-3175-A04",
    "GOV-3179-A07",
    "GOV-3191-A09",
    "GOV-3208-A09",
    "GOV-322-A11",
    "GOV-3500-A02",
    "GOV-3805-A01",
    "GOV-3805-A07",
    "GOV-3805-A08",
    "GOV-3805-A09",
    "GOV-3846-A05",
    "GOV-3853",
    "GOV-3853-A03",
    "GOV-3865-A03",
    "GOV-445-A13",
    "GOV-462-A13",
    "GOV-640-A30",
    "GOV-741-A05",
    "GOV-982-A03",
    "HLG-001",
    "HLT-120-A09",
    "HLT-125-A07",
    "HLT-181-A08",
    "HLT-197-A08",
    "HLT-514-A08",
    "HLT-528-A02",
    "HLT-532-A08",
    "HLT-533-A10",
    "HLT-558-A07",
    "HLT-560-A09",
    "HLT-560-A10",
    "HLT-560-A18",
    "HSM-005",
    "IAM-009-A07",
    "IAM-009-A10",
    "IDA-008",
    "IDF-010",
    "IDF-010-A02",
    "INC-0358-A29",
    "INC-091",
    "INC-091-A05",
    "INC-091-A07",
    "INC-091-A08",
    "INC-091-A09",
    "INC-091-A10",
    "INC-1104-A04",
    "INC-1153-A05",
    "INC-1159-A12",
    "INC-1173-A13",
    "INC-151-A10",
    "INC-205-A02",
    "ISS-003-A02",
    "KMG-002-A04",
    "KST-003-A01",
    "KYS-006",
    "KYS-006-A08",
    "LAB-557-A10",
    "LAB-610-A05",
    "LOG-045-A17",
    "LOG-060-A07",
    "LOG-0861-A01",
    "LOG-0861-A07",
    "LOG-0861-A13",
    "LOG-0862-A01",
    "LOG-0862-A02",
    "LOG-0862-A04",
    "LOG-0867-A04",
    "LOG-0868-A04",
    "LOG-0869-A07",
    "LOG-0885-A04",
    "LOG-0885-A05",
    "LOG-0886-A01",
    "LOG-1048-A05",
    "LOG-1055",
    "LOG-1055-A02",
    "LOG-1058-A10",
    "LOG-1058-A11",
    "LOG-1059-A05",
    "LOG-1060",
    "LOG-1063",
    "LOG-1066-A02",
    "LOG-107-A05",
    "LOG-1071-A01",
    "LOG-1071-A02",
    "LOG-1072-A01",
    "LOG-1074-A05",
    "LOG-1088-A01",
    "LOG-1088-A04",
    "LOG-1126",
    "LOG-1239-A07",
    "LOG-1475-A03",
    "LOG-1478-A06",
    "LOG-1480",
    "LOG-1480-A01",
    "LOG-1480-A10",
    "LOG-1481-A10",
    "LOG-1491",
    "LOG-1493-A07",
    "LOG-1507-A04",
    "LOG-1512-A05",
    "LOG-1546-A02",
    "LOG-1663-A01",
    "LOG-1663-A02",
    "LOG-1663-A03",
    "LOG-1695-A07",
    "LOG-1695-A11",
    "LOG-1705-A04",
    "LOG-1706-A09",
    "LOG-1728",
    "LOG-1728-A15",
    "LOG-1728-A16",
    "LOG-1728-A17",
    "LOG-1729",
    "LOG-1729-A04",
    "LOG-1731-A01",
    "LOG-1733",
    "LOG-1733-A01",
    "LOG-1733-A05",
    "LOG-1733-A08",
    "LOG-1733-A11",
    "LOG-1733-A12",
    "LOG-1734-A03",
    "LOG-1737-A01",
    "LOG-1739",
    "LOG-1743-A15",
    "LOG-1746",
    "LOG-1746-A11",
    "LOG-1747",
    "LOG-1747-A05",
    "LOG-1749-A04",
    "LOG-1751",
    "LOG-1753-A10",
    "LOG-1755",
    "LOG-1755-A09",
    "LOG-1762",
    "LOG-1763",
    "LOG-1764",
    "LOG-1764-A03",
    "LOG-1775",
    "LOG-1776-A02",
    "LOG-1780",
    "LOG-1780-A13",
    "LOG-1781",
    "LOG-1783-A08",
    "LOG-1825",
    "LOG-1825-A03",
    "LOG-1830-A15",
    "LOG-1830-A20",
    "LOG-1848-A05",
    "LOG-1859-A11",
    "LOG-1892-A01",
    "LOG-1947",
    "LOG-1947-A01",
    "LOG-1950-A03",
    "LOG-1956-A02",
    "LOG-1959",
    "LOG-1959-A10",
    "LOG-2033-A03",
    "LOG-2051-A02",
    "LOG-2051-A03",
    "LOG-2054-A06",
    "LOG-2057-A01",
    "LOG-2057-A03",
    "LOG-2072-A05",
    "LOG-2073-A05",
    "LOG-2082-A01",
    "LOG-2082-A08",
    "LOG-407-A18",
    "LOG-410-A11",
    "LOG-596",
    "LOG-596-A01",
    "LOG-599",
    "LOG-599-A01",
    "LOG-605-A05",
    "LOG-622",
    "LOG-622-A12",
    "LOG-622-A13",
    "LOG-626",
    "LOG-626-A01",
    "LOG-626-A02",
    "LOG-626-A04",
    "LOG-631",
    "LOG-633-A07",
    "LOG-639",
    "LOG-641",
    "LOG-641-A02",
    "LOG-643-A03",
    "LOG-652-A03",
    "LOG-652-A07",
    "LOG-652-A08",
    "LOG-657-A06",
    "LOG-667",
    "LOG-667-A04",
    "LOG-667-A06",
    "LOG-667-A07",
    "LOG-672",
    "LOG-672-A01",
    "LOG-675-A03",
    "LOG-684-A06",
    "LOG-686",
    "LOG-686-A01",
    "LOG-686-A09",
    "LOG-705",
    "LOG-706-A10",
    "LOG-706-A11",
    "LOG-745-A08",
    "LOG-745-A09",
    "LOG-745-A18",
    "LOG-745-A28",
    "LOG-745-A29",
    "LOG-745-A38",
    "LOG-745-A39",
    "LOG-745-A49",
    "LOG-745-A50",
    "LOG-745-A59",
    "LOG-774",
    "LOG-855",
    "LOG-856-A07",
    "LOG-856-A17",
    "LOG-856-A27",
    "LOG-856-A42",
    "LOG-856-A47",
    "LOG-856-A57",
    "LOG-857-A05",
    "LOG-857-A25",
    "LOG-857-A34",
    "LOG-857-A50",
    "LOG-857-A58",
    "LOG-857-A78",
    "LOG-858",
    "LOG-899",
    "LOG-900-A60",
    "LOG-901",
    "LOG-901-A05",
    "LOG-901-A06",
    "LOG-901-A08",
    "LOG-910-A06",
    "LOG-958-A01",
    "LOG-964-A02",
    "LOG-966",
    "LOG-971-A06",
    "LOG-974-A01",
    "MBT-003",
    "NET-029-A07",
    "NET-029-A20",
    "NET-1005-A08",
    "NET-1143",
    "NET-1233",
    "NET-1349-A02",
    "NET-1445-A06",
    "NET-1459-A03",
    "NET-1461-A03",
    "NET-1613-A12",
    "NET-1639-A03",
    "NET-1639-A09",
    "NET-1689-A11",
    "NET-1690-A09",
    "NET-1691-A06",
    "NET-1751",
    "NET-1761-A06",
    "NET-374-A04",
    "NET-374-A15",
    "NET-377",
    "NET-798-A04",
    "NET-855-A01",
    "NET-860-A09",
    "NET-959-A01",
    "NET-981-A06",
    "NET-981-A12",
    "PDT-004",
    "PHY-003-A04",
    "PHY-003-A09",
    "PIL-001",
    "PLG-001",
    "PLG-006-A02",
    "RIL-001",
    "SEC-029-A14",
    "SEC-1044-A03",
    "SEC-1045-A09",
    "SEC-1144-A14",
    "SEC-1144-A25",
    "SEC-1144-A39",
    "SEC-1144-A53",
    "SEC-1144-A67",
    "SEC-1226-A06",
    "SEC-2118-A08",
    "SEC-2172-A08",
    "SEC-2623-A07",
    "SEC-264-A08",
    "SEC-264-A13",
    "SEC-264-A18",
    "SEC-264-A29",
    "SEC-2643-A13",
    "SEC-2654-A09",
    "SEC-2661-A11",
    "SEC-2662-A13",
    "SEC-2721-A09",
    "SEC-2729-A13",
    "SEC-2751-A09",
    "SEC-2766-A04",
    "SEC-2766-A05",
    "SEC-2789-A10",
    "SEC-2792-A03",
    "SEC-2792-A08",
    "SEC-2795-A08",
    "SEC-2838-A01",
    "SEC-2850-A07",
    "SEC-2889-A11",
    "SEC-2927-A06",
    "SEC-3161-A08",
    "SEC-3174-A04",
    "SEC-3175-A10",
    "SEC-3184-A11",
    "SEC-3193-A07",
    "SEC-3305",
    "SEC-3305-A01",
    "SEC-3305-A02",
    "SEC-3330",
    "SEC-3374-A08",
    "SEC-3389-A09",
    "SEC-362-A09",
    "SEC-362-A11",
    "SEC-362-A20",
    "SEC-362-A22",
    "SEC-3635-A07",
    "SEC-3672-A10",
    "SEC-3678-A07",
    "SEC-383-A09",
    "SEC-383-A18",
    "SEC-3843-A09",
    "SEC-3858-A08",
    "SEC-3866",
    "SEC-3904-A04",
    "SEC-3904-A05",
    "SEC-3933-A10",
    "SEC-3945-A09",
    "SEC-3946-A05",
    "SEC-3971-A09",
    "SEC-3973-A16",
    "SEC-3974-A19",
    "SEC-3982-A01",
    "SEC-4013-A04",
    "SEC-4223-A08",
    "SEC-4359-A06",
    "SEC-4427-A10",
    "SEC-4522-A08",
    "SEC-5190-A07",
    "SEC-5570-A05",
    "SEC-5782-A07",
    "SEC-5807-A04",
    "SEC-5915-A04",
    "SEC-5917-A12",
    "SEC-5925-A05",
    "SEC-6320-A08",
    "SEC-6394-A07",
    "SEC-6515-A08",
    "SEC-6728-A03",
    "SEC-6818-A08",
    "SEC-6830-A10",
    "SEC-6876-A10",
    "SEC-6894",
    "SEC-6919-A09",
    "SEC-6920",
    "SEC-6927-A05",
    "SEC-6938-A13",
    "SEC-6993-A11",
    "SEC-7169-A05",
    "SEC-7436-A04",
    "SEC-7436-A11",
    "SEC-7480-A09",
    "SEC-7595-A05",
    "SEC-7595-A10",
    "SEC-7705",
    "SEC-7705-A01",
    "SEC-7971-A04",
    "SEC-8002-A10",
    "SEC-8014-A12",
    "SEC-8015-A08",
    "SEC-8051-A06",
    "SEC-8062-A04",
    "SEC-8106-A07",
    "SEC-8226-A09",
    "SEC-8246-A03",
    "SEC-8257-A06",
    "SEC-8257-A13",
    "SEC-8286-A09",
    "SEC-8295",
    "SEC-830-A12",
    "SEC-834-A24",
    "SEC-836-A02",
    "SEC-836-A18",
    "SEC-8363-A06",
    "SEC-8874-A02",
    "SEC-8911-A13",
    "SEC-9001-A03",
    "SEC-9065-A16",
    "SEC-9068-A05",
    "SEC-9096-A07",
    "SEC-9134",
    "SEC-9197-A13",
    "SIG-008",
    "TPM-004",
    "TPM-004-A07",
    "TRD-532-A07",
    "TSA-006-A02",
    "TSA-006-A04"
   ],
   "member_count": 961,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.95,
    "source_meta_cluster": "M1",
    "cluster_size": 412,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "access_control_event_logging",
   "name": "Protokollierung von Zugriffskontrollentscheidungen",
   "description": "Erlaubte und abgewiesene Zugriffsentscheidungen, insbesondere fuer privilegierte/administrative Konten und unberechtigte Zugriffsversuche, werden protokolliert.",
   "tier": "LEGAL_MINIMUM",
   "subdomain": "access_logging",
   "applicability": "universal",
   "evidence_facets": {
    "governance": true,
    "capability": true,
    "evidence": true
   },
   "source_role": "LEGAL_BASIS",
   "legal_basis": [
    {
     "source": "CRA",
     "anchor": "Annex I Part I (2)(k)",
     "citation": "recording and monitoring access to or modification of data, services or functions"
    }
   ],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "AC-2/AU-12",
     "role": "best_practice"
    },
    {
     "source": "OWASP",
     "anchor": "API1 BOLA",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M0",
    "M2",
    "M3",
    "M27",
    "M36",
    "M80",
    "M84",
    "M95"
   ],
   "member_controls": [
    "ACC-005",
    "ACC-188-A11",
    "ACC-188-A22",
    "ACC-188-A41",
    "ACC-188-A54",
    "ACC-189-A11",
    "ACC-189-A24",
    "ACC-189-A50",
    "ACC-189-A63",
    "ACC-195-A09",
    "ACC-195-A19",
    "ACC-195-A31",
    "ACC-195-A41",
    "ACC-195-A50",
    "ACC-199-A11",
    "ACC-199-A22",
    "ACC-199-A44",
    "ACC-199-A55",
    "ACC-449",
    "ACC-470-A15",
    "ACC-474-A11",
    "ACC-476-A05",
    "ACC-484-A05",
    "ACC-487-A01",
    "ACC-512-A10",
    "ACC-533-A10",
    "ACC-578-A08",
    "ACC-584-A06",
    "ACC-584-A12",
    "ACC-598-A05",
    "ACC-612-A08",
    "ACC-631-A09",
    "ACC-642-A06",
    "ACC-659",
    "ACC-686-A03",
    "ACC-695",
    "ACC-695-A05",
    "ACC-703",
    "ACC-717",
    "ACC-734",
    "ACC-735",
    "ACC-757-A01",
    "AI-1131-A07",
    "AI-1241-A10",
    "AI-1389-A08",
    "AI-1390-A05",
    "AI-1392-A07",
    "AI-1559-A08",
    "AI-1602-A02",
    "AI-1602-A05",
    "AI-1624-A04",
    "API-005",
    "AUD-001",
    "AUTH-1061-A19",
    "AUTH-1061-A77",
    "AUTH-1102-A14",
    "AUTH-112",
    "AUTH-112-A11",
    "AUTH-112-A24",
    "AUTH-1290",
    "AUTH-1292-A02",
    "AUTH-1303-A08",
    "AUTH-1443-A07",
    "AUTH-1448-A01",
    "AUTH-1455",
    "AUTH-1455-A07",
    "AUTH-1459-A09",
    "AUTH-1466-A09",
    "AUTH-148-A05",
    "AUTH-1525-A04",
    "AUTH-1530-A07",
    "AUTH-1538",
    "AUTH-1538-A10",
    "AUTH-1559",
    "AUTH-1589-A10",
    "AUTH-1668-A09",
    "AUTH-1682-A08",
    "AUTH-1699-A07",
    "AUTH-1705-A12",
    "AUTH-1716-A03",
    "AUTH-1818-A11",
    "AUTH-1834-A06",
    "AUTH-1862-A09",
    "AUTH-1886-A09",
    "AUTH-2406",
    "AUTH-2411",
    "AUTH-2419-A06",
    "AUTH-2461-A04",
    "AUTH-2466-A04",
    "AUTH-2544-A05",
    "AUTH-2544-A10",
    "AUTH-2546-A03",
    "AUTH-2547",
    "AUTH-2547-A02",
    "AUTH-2550-A13",
    "AUTH-2650-A05",
    "AUTH-2785-A04",
    "AUTH-2809-A08",
    "AUTH-2830-A07",
    "AUTH-2855-A06",
    "AUTH-2879-A06",
    "AUTH-2879-A11",
    "AUTH-2919",
    "AUTH-2919-A08",
    "AUTH-2919-A09",
    "AUTH-2919-A10",
    "AUTH-2941-A01",
    "AUTH-2941-A02",
    "AUTH-2947-A01",
    "AUTH-2965-A03",
    "AUTH-2970-A06",
    "AUTH-3025",
    "AUTH-3082-A09",
    "AUTH-3089-A08",
    "AUTH-3171-A10",
    "AUTH-3228-A04",
    "AUTH-3246-A11",
    "AUTH-3252-A04",
    "AUTH-3252-A07",
    "AUTH-3296-A01",
    "AUTH-3350-A01",
    "AUTH-3452-A07",
    "AUTH-3478-A08",
    "AUTH-3591-A05",
    "AUTH-3592-A05",
    "AUTH-3595-A05",
    "AUTH-3595-A11",
    "AUTH-3633-A07",
    "AUTH-3665-A01",
    "AUTH-3680-A03",
    "AUTH-3683",
    "AUTH-3686-A09",
    "AUTH-3687-A01",
    "AUTH-3687-A02",
    "AUTH-3687-A06",
    "AUTH-3688",
    "AUTH-3894",
    "AUTH-3917-A09",
    "AUTH-3917-A13",
    "AUTH-3930-A11",
    "AUTH-4045",
    "AUTH-4045-A01",
    "AUTH-4045-A04",
    "AUTH-4049-A02",
    "AUTH-4075-A03",
    "AUTH-4095-A05",
    "AUTH-4095-A09",
    "AUTH-639-A07",
    "AUTH-785",
    "AUTH-857-A03",
    "COMP-1625-A08",
    "COMP-1639-A04",
    "COMP-1891-A04",
    "COMP-1891-A08",
    "COMP-1919-A10",
    "COMP-1936-A07",
    "COMP-2128",
    "COMP-2128-A06",
    "COMP-2428-A08",
    "COMP-2724",
    "COMP-2724-A03",
    "COMP-2734-A09",
    "COMP-2780-A05",
    "COMP-2780-A14",
    "COMP-2928-A02",
    "COMP-3297-A04",
    "COMP-3309-A05",
    "COMP-3309-A10",
    "COMP-3322-A01",
    "COMP-3322-A02",
    "COMP-3322-A06",
    "COMP-3322-A10",
    "COMP-3326-A01",
    "COMP-3326-A14",
    "COMP-3327-A06",
    "COMP-3339-A10",
    "COMP-3378-A08",
    "COMP-3436-A09",
    "COMP-3449-A01",
    "COMP-3521-A05",
    "COMP-3658",
    "COMP-3733-A08",
    "COMP-3733-A09",
    "COMP-3739-A03",
    "COMP-3983-A04",
    "COMP-3983-A05",
    "COMP-4009-A03",
    "COMP-4059",
    "COMP-4059-A01",
    "COMP-4059-A02",
    "CRA-006",
    "CRYP-1043-A09",
    "CRYP-1063-A10",
    "CRYP-1079-A10",
    "CRYP-1106-A11",
    "CRYP-1160-A05",
    "CRYP-1179-A05",
    "CRYP-1252-A06",
    "CRYP-1720-A08",
    "CRYP-1725-A04",
    "CRYP-1751-A07",
    "CRYP-1787-A06",
    "CRYP-1814-A14",
    "CRYP-1881-A04",
    "CRYP-190-A10",
    "CRYP-1907-A05",
    "CRYP-1907-A09",
    "CRYP-2028-A01",
    "CRYP-2036-A11",
    "CRYP-2158-A11",
    "CRYP-2184-A08",
    "CRYP-2282-A06",
    "CRYP-2330-A04",
    "CRYP-348-A02",
    "CRYP-781-A07",
    "CRYP-827-A08",
    "CRYP-957-A11",
    "DATA-1065",
    "DATA-1163-A11",
    "DATA-1167",
    "DATA-1228-A10",
    "DATA-1230-A08",
    "DATA-1240-A13",
    "DATA-1247-A07",
    "DATA-1253-A08",
    "DATA-1257",
    "DATA-1267",
    "DATA-1273-A02",
    "DATA-1273-A10",
    "DATA-1349",
    "DATA-1349-A03",
    "DATA-1461",
    "DATA-1490-A06",
    "DATA-1517-A06",
    "DATA-1730-A06",
    "DATA-1732-A10",
    "DATA-1851-A05",
    "DATA-1945-A17",
    "DATA-2014-A10",
    "DATA-202",
    "DATA-202-A01",
    "DATA-202-A02",
    "DATA-2057-A09",
    "DATA-2190-A08",
    "DATA-2223-A01",
    "DATA-2430-A06",
    "DATA-2516-A05",
    "DATA-2585-A08",
    "DATA-2703-A06",
    "DATA-3026-A05",
    "DATA-3034-A08",
    "DATA-3240-A11",
    "DATA-3250-A06",
    "DATA-3326-A14",
    "DATA-3367-A04",
    "DATA-3556-A09",
    "DATA-4138-A11",
    "DATA-4335-A05",
    "DATA-4345-A05",
    "DATA-4364",
    "DATA-4633-A07",
    "DATA-4634-A01",
    "DATA-4670-A08",
    "DATA-4683-A05",
    "DATA-4689-A02",
    "FIN-1094-A01",
    "FIN-696-A11",
    "FRD-006",
    "GLM-001",
    "GOV-1398-A12",
    "GOV-1439-A10",
    "GOV-2868-A12",
    "GOV-3179-A07",
    "GOV-3191-A09",
    "GOV-3208-A09",
    "GOV-3256-A12",
    "GOV-3500-A02",
    "GOV-3805-A01",
    "GOV-3805-A07",
    "GOV-3805-A08",
    "GOV-3805-A09",
    "GOV-3846-A05",
    "GOV-485-A07",
    "GOV-485-A18",
    "GOV-982-A03",
    "HLT-125-A07",
    "HLT-181-A08",
    "HLT-262-A02",
    "HLT-514-A08",
    "HLT-515-A03",
    "HLT-528-A02",
    "HLT-532-A08",
    "HLT-533-A10",
    "HLT-558-A07",
    "HLT-560-A09",
    "HLT-560-A10",
    "HSM-005",
    "IDA-008",
    "IDF-010",
    "INC-1104-A04",
    "INC-1153-A05",
    "INC-1159-A12",
    "INC-1173-A13",
    "INC-1230-A04",
    "INC-917",
    "KST-003-A01",
    "KYS-006",
    "LAB-557-A10",
    "LAB-610-A05",
    "LOG-001-A01",
    "LOG-001-A02",
    "LOG-0860-A05",
    "LOG-1019",
    "LOG-1019-A01",
    "LOG-1019-A02",
    "LOG-1019-A03",
    "LOG-1032",
    "LOG-1032-A03",
    "LOG-1041-A02",
    "LOG-1042-A01",
    "LOG-1046-A07",
    "LOG-1052-A08",
    "LOG-1054-A02",
    "LOG-1054-A03",
    "LOG-1054-A04",
    "LOG-1054-A09",
    "LOG-1058-A03",
    "LOG-1058-A06",
    "LOG-1059-A06",
    "LOG-1060",
    "LOG-1066",
    "LOG-1066-A01",
    "LOG-1071-A01",
    "LOG-1074-A05",
    "LOG-1087-A12",
    "LOG-1126",
    "LOG-1126-A02",
    "LOG-1239-A07",
    "LOG-1478-A08",
    "LOG-1480-A10",
    "LOG-1491",
    "LOG-1493-A07",
    "LOG-1507-A04",
    "LOG-1546-A02",
    "LOG-1546-A09",
    "LOG-1549-A02",
    "LOG-1664",
    "LOG-1664-A01",
    "LOG-1679-A06",
    "LOG-1705-A04",
    "LOG-1706-A09",
    "LOG-1728",
    "LOG-1728-A15",
    "LOG-1728-A16",
    "LOG-1729",
    "LOG-1733",
    "LOG-1733-A05",
    "LOG-1733-A08",
    "LOG-1733-A12",
    "LOG-1734-A03",
    "LOG-1737-A01",
    "LOG-1746",
    "LOG-1746-A11",
    "LOG-1747",
    "LOG-1747-A05",
    "LOG-1751",
    "LOG-1755",
    "LOG-1763",
    "LOG-1764",
    "LOG-1764-A03",
    "LOG-1775",
    "LOG-1780",
    "LOG-1781",
    "LOG-1783-A08",
    "LOG-1825-A03",
    "LOG-1830-A18",
    "LOG-1848-A05",
    "LOG-1945-A05",
    "LOG-1947",
    "LOG-1947-A01",
    "LOG-1951-A04",
    "LOG-1954-A04",
    "LOG-1959",
    "LOG-1959-A02",
    "LOG-2021-A05",
    "LOG-2021-A09",
    "LOG-2021-A10",
    "LOG-2023",
    "LOG-2033-A03",
    "LOG-2073-A05",
    "LOG-2082-A01",
    "LOG-2082-A08",
    "LOG-641-A04",
    "LOG-641-A05",
    "LOG-641-A06",
    "LOG-657-A06",
    "LOG-667-A07",
    "LOG-745-A10",
    "LOG-745-A19",
    "LOG-745-A20",
    "LOG-745-A30",
    "LOG-745-A40",
    "LOG-745-A41",
    "LOG-745-A51",
    "LOG-745-A60",
    "LOG-857-A05",
    "LOG-857-A25",
    "LOG-857-A34",
    "LOG-857-A50",
    "LOG-857-A58",
    "LOG-857-A78",
    "LOG-901",
    "LOG-901-A06",
    "LOG-910-A06",
    "LOG-964",
    "LOG-964-A01",
    "LOG-967-A02",
    "LOG-974-A04",
    "MBT-003",
    "NET-1347-A05",
    "NET-1349-A02",
    "NET-1459-A03",
    "NET-1461-A03",
    "NET-1612-A04",
    "NET-1613-A12",
    "NET-1639-A03",
    "NET-1639-A09",
    "NET-1689-A12",
    "NET-1691-A07",
    "NET-546-A45",
    "NET-855-A01",
    "NET-860-A09",
    "NET-981-A06",
    "PDT-004",
    "PIL-001",
    "SEC-1045-A09",
    "SEC-2028",
    "SEC-2118-A08",
    "SEC-2180",
    "SEC-2643-A13",
    "SEC-2654-A09",
    "SEC-2721-A09",
    "SEC-2729-A13",
    "SEC-2766-A04",
    "SEC-2766-A05",
    "SEC-2795-A08",
    "SEC-2837-A05",
    "SEC-2837-A10",
    "SEC-2850-A07",
    "SEC-2889-A11",
    "SEC-2927-A06",
    "SEC-3374-A08",
    "SEC-3635-A07",
    "SEC-3672-A10",
    "SEC-3678-A07",
    "SEC-383-A09",
    "SEC-383-A18",
    "SEC-3843-A09",
    "SEC-3858-A08",
    "SEC-3904-A05",
    "SEC-3971-A09",
    "SEC-3973-A16",
    "SEC-4013-A04",
    "SEC-4223-A08",
    "SEC-4359-A06",
    "SEC-4427-A10",
    "SEC-450",
    "SEC-4522-A08",
    "SEC-5122-A09",
    "SEC-5570-A05",
    "SEC-5807-A04",
    "SEC-5915-A04",
    "SEC-5925-A05",
    "SEC-6394-A07",
    "SEC-6818-A08",
    "SEC-6876-A10",
    "SEC-6919-A09",
    "SEC-6927-A05",
    "SEC-6993-A11",
    "SEC-7169-A05",
    "SEC-7398-A04",
    "SEC-7436-A04",
    "SEC-7436-A11",
    "SEC-7480-A09",
    "SEC-7532-A09",
    "SEC-7595-A05",
    "SEC-7971-A04",
    "SEC-7971-A06",
    "SEC-8015-A08",
    "SEC-8051-A06",
    "SEC-8128",
    "SEC-8226-A09",
    "SEC-8246-A03",
    "SEC-8257-A06",
    "SEC-8295",
    "SEC-8295-A07",
    "SEC-8363-A06",
    "SEC-8874",
    "SEC-8874-A02",
    "SEC-8911-A13",
    "SEC-8930",
    "SEC-9001-A03",
    "SEC-9065-A16",
    "SEC-9134-A08",
    "SIG-008"
   ],
   "member_count": 505,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.92,
    "source_meta_cluster": "M0",
    "cluster_size": 365,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "audit_trail_admin_actions",
   "name": "Audit-Trail administrativer und genehmigungspflichtiger Aktionen",
   "description": "Administrative Aktionen, Genehmigungsentscheidungen und temporaere Befugnisse werden nachvollziehbar im Audit-Trail erfasst.",
   "tier": "LEGAL_MINIMUM",
   "subdomain": "admin_audit",
   "applicability": "universal",
   "evidence_facets": {
    "governance": true,
    "capability": true,
    "evidence": true
   },
   "source_role": "LEGAL_BASIS",
   "legal_basis": [
    {
     "source": "CRA",
     "anchor": "Annex I Part I (2)(k)",
     "citation": "monitor relevant internal activity including access to or modification of functions"
    }
   ],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "AU-2/AC-6",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M4",
    "M5",
    "M61",
    "M40",
    "M53",
    "M45"
   ],
   "member_controls": [
    "ACC-483-A03",
    "ACC-524-A06",
    "ACC-534-A09",
    "ACC-576-A10",
    "ACC-576-A11",
    "ACC-576-A17",
    "ACC-686",
    "ACC-734-A08",
    "AI-1003-A05",
    "AI-1003-A09",
    "AI-1013-A05",
    "AI-1387-A05",
    "AI-1387-A10",
    "AI-1389-A04",
    "AI-1625-A06",
    "AI-1625-A07",
    "AI-1625-A08",
    "AI-1701-A03",
    "AUTH-1275-A05",
    "AUTH-1444-A08",
    "AUTH-1553-A02",
    "AUTH-1553-A06",
    "AUTH-1605-A02",
    "AUTH-1605-A03",
    "AUTH-1725-A04",
    "AUTH-1886-A04",
    "AUTH-2785-A02",
    "AUTH-3034-A04",
    "AUTH-3200-A03",
    "AUTH-3200-A10",
    "AUTH-3307-A09",
    "AUTH-3338-A03",
    "AUTH-3338-A16",
    "AUTH-3473-A10",
    "AUTH-3479-A01",
    "AUTH-3510-A09",
    "AUTH-3526-A02",
    "AUTH-3667-A01",
    "AUTH-3678",
    "AUTH-3710",
    "AUTH-3994-A11",
    "AUTH-4115-A13",
    "AUTH-663-A03",
    "BIO-009-A02",
    "COMP-1272-A10",
    "COMP-1423-A06",
    "COMP-1442-A12",
    "COMP-2031-A06",
    "COMP-2084-A05",
    "COMP-2434",
    "COMP-2726-A08",
    "COMP-2734-A02",
    "COMP-3305-A03",
    "COMP-3309-A02",
    "COMP-3309-A03",
    "COMP-3309-A08",
    "COMP-3313",
    "COMP-3317-A04",
    "COMP-3328-A01",
    "COMP-3330",
    "COMP-3330-A01",
    "COMP-3330-A02",
    "COMP-3351-A03",
    "COMP-3514-A03",
    "COMP-3514-A06",
    "COMP-3634-A05",
    "COMP-3696-A01",
    "COMP-3981-A02",
    "COMP-3981-A03",
    "COMP-4000-A07",
    "COMP-4058",
    "COMP-4058-A07",
    "COMP-4088",
    "CRYP-1094-A04",
    "CRYP-1210-A08",
    "CRYP-1238-A05",
    "CRYP-1641-A08",
    "CRYP-1803-A01",
    "CRYP-1861-A09",
    "CRYP-2027-A08",
    "CRYP-2184-A03",
    "CRYP-2301",
    "CRYP-389-A04",
    "CRYP-867-A04",
    "DATA-1164-A07",
    "DATA-1289-A12",
    "DATA-1348-A01",
    "DATA-1745-A02",
    "DATA-1745-A06",
    "DATA-1769-A03",
    "DATA-2309-A03",
    "DATA-2373-A01",
    "DATA-2533-A03",
    "DATA-2533-A08",
    "DATA-2695-A09",
    "DATA-2988-A08",
    "DATA-3272-A01",
    "DATA-3278-A02",
    "DATA-3438-A04",
    "DATA-3477-A06",
    "DATA-3698-A16",
    "DATA-3968-A03",
    "DATA-4025-A03",
    "DATA-4198-A04",
    "DATA-4327-A04",
    "DATA-4364-A04",
    "DATA-4633-A08",
    "GOV-1195",
    "GOV-1206-A03",
    "GOV-1206-A08",
    "GOV-1404-A09",
    "GOV-1438-A04",
    "GOV-1438-A08",
    "GOV-1751-A01",
    "GOV-2302-A03",
    "GOV-2444-A08",
    "GOV-2791-A04",
    "GOV-3005-A08",
    "GOV-3052-A05",
    "GOV-3134-A08",
    "GOV-3134-A13",
    "GOV-3173-A09",
    "GOV-3175-A02",
    "GOV-3191-A05",
    "GOV-3220",
    "GOV-3258-A03",
    "GOV-3258-A08",
    "GOV-3426-A03",
    "GOV-3427-A12",
    "GOV-3805",
    "GOV-3805-A04",
    "GOV-3805-A05",
    "GOV-3805-A06",
    "GOV-3821-A10",
    "GOV-3849-A01",
    "GOV-3853",
    "GOV-3853-A03",
    "GOV-771-A06",
    "INC-1150-A14",
    "INC-1299-A06",
    "INC-1334-A04",
    "INC-364-A08",
    "INC-434",
    "INC-881-A12",
    "INC-892-A05",
    "INC-892-A11",
    "LAB-452-A06",
    "LOG-0862-A01",
    "LOG-0862-A02",
    "LOG-0862-A04",
    "LOG-0887-A04",
    "LOG-0887-A05",
    "LOG-0887-A06",
    "LOG-1046-A05",
    "LOG-1058-A10",
    "LOG-1059-A05",
    "LOG-1088",
    "LOG-1475",
    "LOG-1475-A05",
    "LOG-1511-A05",
    "LOG-1511-A06",
    "LOG-1663-A01",
    "LOG-1700-A03",
    "LOG-1743-A12",
    "LOG-1762-A02",
    "LOG-1777",
    "LOG-1784-A05",
    "LOG-1946-A09",
    "LOG-2033-A04",
    "LOG-2037-A08",
    "LOG-2064-A07",
    "LOG-631",
    "LOG-899-A05",
    "LOG-899-A18",
    "LOG-899-A28",
    "LOG-899-A38",
    "NET-1449-A08",
    "NET-1487-A08",
    "NET-1689-A01",
    "NET-1760-A05",
    "NET-975-A04",
    "NET-983-A08",
    "SEC-2710-A06",
    "SEC-2740-A11",
    "SEC-2753-A08",
    "SEC-2754-A09",
    "SEC-2787-A04",
    "SEC-2792-A07",
    "SEC-2876-A09",
    "SEC-2886-A03",
    "SEC-2983-A05",
    "SEC-3175-A04",
    "SEC-3176-A05",
    "SEC-3176-A12",
    "SEC-3412-A12",
    "SEC-362-A04",
    "SEC-362-A16",
    "SEC-3859-A03",
    "SEC-3894-A06",
    "SEC-3946",
    "SEC-3946-A05",
    "SEC-3982-A05",
    "SEC-4013",
    "SEC-5227-A08",
    "SEC-5308-A10",
    "SEC-5645-A05",
    "SEC-5656-A04",
    "SEC-5794-A10",
    "SEC-5843",
    "SEC-6137-A05",
    "SEC-6570-A06",
    "SEC-6847-A05",
    "SEC-6856-A04",
    "SEC-6929-A04",
    "SEC-6929-A08",
    "SEC-7452-A05",
    "SEC-7590-A01",
    "SEC-7617-A05",
    "SEC-7675-A02",
    "SEC-7945-A04",
    "SEC-7959-A08",
    "SEC-8187-A04",
    "SEC-8200-A07",
    "SEC-8284-A05",
    "SEC-8801-A05",
    "SEC-9134"
   ],
   "member_count": 226,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.9,
    "source_meta_cluster": "M4",
    "cluster_size": 75,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "log_integrity_immutability",
   "name": "Integritaet und Unveraenderbarkeit der Logs",
   "description": "Audit-Logs werden gegen unbefugte Aenderung oder Loeschung geschuetzt (WORM/Append-Only, Integritaetssicherung, revisionssichere Speicherung).",
   "tier": "LEGAL_MINIMUM",
   "subdomain": "log_integrity",
   "applicability": "universal",
   "evidence_facets": {
    "governance": false,
    "capability": true,
    "evidence": true
   },
   "source_role": "LEGAL_BASIS",
   "legal_basis": [
    {
     "source": "CRA",
     "anchor": "Annex I Part I (2)(k)",
     "citation": "recording and monitoring ... in a secure manner"
    }
   ],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "AU-9 Protection of Audit Information",
     "role": "best_practice"
    },
    {
     "source": "ISO",
     "anchor": "ISO 27001 A.8.15",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M1",
    "M41",
    "M57",
    "M17",
    "M28",
    "M83",
    "M65",
    "M37",
    "M24"
   ],
   "member_controls": [
    "ACC-0320-A14",
    "ACC-0320-A15",
    "ACC-086",
    "ACC-086-A03",
    "ACC-086-A04",
    "ACC-086-A05",
    "ACC-086-A07",
    "ACC-086-A11",
    "ACC-086-A16",
    "ACC-086-A17",
    "ACC-086-A19",
    "ACC-086-A23",
    "ACC-086-A24",
    "ACC-089-A09",
    "ACC-089-A16",
    "ACC-175-A06",
    "ACC-175-A15",
    "ACC-210-A13",
    "ACC-210-A20",
    "ACC-210-A27",
    "ACC-210-A34",
    "ACC-476-A08",
    "ACC-499-A07",
    "ACC-623-A09",
    "ACC-642-A07",
    "ACC-686-A06",
    "ACC-686-A07",
    "ACC-746-A07",
    "ACL-002-A02",
    "ACL-002-A04",
    "ACL-002-A06",
    "ACL-002-A08",
    "AI-031-A19",
    "AI-099-A29",
    "AI-1597-A01",
    "AI-594-A11",
    "AI-648-A09",
    "AI-684-A12",
    "AI-760-A40",
    "AI-942-A56",
    "AI-942-A68",
    "AI-951-A37",
    "AUTH-079-A28",
    "AUTH-1048-A71",
    "AUTH-1441-A12",
    "AUTH-1514-A12",
    "AUTH-1669-A10",
    "AUTH-1723-A01",
    "AUTH-1723-A09",
    "AUTH-2415",
    "AUTH-2415-A07",
    "AUTH-2415-A08",
    "AUTH-2415-A13",
    "AUTH-2448-A10",
    "AUTH-2593-A03",
    "AUTH-2593-A08",
    "AUTH-2650-A11",
    "AUTH-2734-A07",
    "AUTH-2784-A06",
    "AUTH-2836-A07",
    "AUTH-2881-A07",
    "AUTH-2903-A10",
    "AUTH-2905-A05",
    "AUTH-2941-A03",
    "AUTH-3025-A13",
    "AUTH-3199-A04",
    "AUTH-3246-A03",
    "AUTH-3338-A17",
    "AUTH-3667",
    "AUTH-3715-A11",
    "AUTH-3904",
    "AUTH-3936-A17",
    "AUTH-4032-A07",
    "AUTH-523",
    "AUTH-523-A04",
    "AUTH-552",
    "AUTH-552-A01",
    "AUTH-552-A03",
    "AUTH-552-A04",
    "AUTH-552-A07",
    "AUTH-552-A08",
    "AUTH-552-A09",
    "AUTH-552-A13",
    "AUTH-595-A09",
    "AUTH-616-A08",
    "AUTH-633-A11",
    "AUTH-656",
    "AUTH-656-A01",
    "AUTH-656-A02",
    "AUTH-656-A03",
    "AUTH-656-A04",
    "AUTH-656-A05",
    "AUTH-656-A06",
    "AUTH-656-A07",
    "AUTH-656-A08",
    "AUTH-656-A09",
    "AUTH-656-A10",
    "AUTH-656-A12",
    "AUTH-656-A13",
    "AUTH-656-A14",
    "AUTH-656-A15",
    "AUTH-656-A16",
    "AUTH-656-A17",
    "AUTH-656-A18",
    "AUTH-656-A24",
    "AUTH-656-A26",
    "AUTH-656-A27",
    "AUTH-663",
    "AUTH-663-A01",
    "AUTH-678-A06",
    "AUTH-734-A04",
    "AUTH-760-A03",
    "AUTH-856-A04",
    "AUTH-856-A15",
    "AUTH-856-A26",
    "AUTH-856-A37",
    "AUTH-856-A48",
    "AUTH-902-A03",
    "BIO-009-A03",
    "COMP-1053-A04",
    "COMP-1053-A08",
    "COMP-1103-A05",
    "COMP-1103-A09",
    "COMP-1103-A14",
    "COMP-1150-A05",
    "COMP-1150-A08",
    "COMP-1150-A11",
    "COMP-116-A09",
    "COMP-116-A18",
    "COMP-1231-A28",
    "COMP-1247-A02",
    "COMP-1247-A10",
    "COMP-1247-A18",
    "COMP-1247-A26",
    "COMP-1247-A34",
    "COMP-1247-A42",
    "COMP-1249-A04",
    "COMP-1249-A11",
    "COMP-1249-A24",
    "COMP-1249-A29",
    "COMP-1249-A37",
    "COMP-1249-A47",
    "COMP-1249-A52",
    "COMP-1249-A64",
    "COMP-1249-A71",
    "COMP-178-A08",
    "COMP-178-A19",
    "COMP-1919-A13",
    "COMP-2462-A05",
    "COMP-2734",
    "COMP-2734-A04",
    "COMP-2734-A05",
    "COMP-2734-A11",
    "COMP-2752",
    "COMP-2752-A01",
    "COMP-2752-A02",
    "COMP-2752-A04",
    "COMP-2768",
    "COMP-2775",
    "COMP-2775-A05",
    "COMP-3280-A01",
    "COMP-3292-A02",
    "COMP-3301-A08",
    "COMP-3304",
    "COMP-3306",
    "COMP-3306-A07",
    "COMP-3306-A08",
    "COMP-3309",
    "COMP-3309-A04",
    "COMP-3309-A07",
    "COMP-3312-A05",
    "COMP-3318",
    "COMP-3324-A06",
    "COMP-3326-A05",
    "COMP-3326-A07",
    "COMP-3326-A12",
    "COMP-3327",
    "COMP-3327-A03",
    "COMP-3332",
    "COMP-3339",
    "COMP-3339-A03",
    "COMP-3339-A06",
    "COMP-3339-A08",
    "COMP-3343-A01",
    "COMP-3351",
    "COMP-3351-A01",
    "COMP-3351-A02",
    "COMP-3351-A04",
    "COMP-3351-A07",
    "COMP-3362",
    "COMP-3362-A01",
    "COMP-3442-A15",
    "COMP-356-A06",
    "COMP-3696-A06",
    "COMP-3733",
    "COMP-4059-A11",
    "COMP-4088-A12",
    "COMP-498-A03",
    "COMP-498-A04",
    "COMP-714-A06",
    "COMP-786-A06",
    "COMP-786-A11",
    "COMP-786-A20",
    "COMP-786-A25",
    "COMP-911",
    "COMP-911-A02",
    "COMP-911-A04",
    "CRA-006-A03",
    "CRA-006-A04",
    "CRYP-1014-A07",
    "CRYP-1044-A13",
    "CRYP-118-A11",
    "CRYP-1247",
    "CRYP-1247-A01",
    "CRYP-1451-A05",
    "CRYP-1477-A09",
    "CRYP-1855",
    "CRYP-186-A10",
    "CRYP-186-A21",
    "CRYP-1881-A12",
    "CRYP-1892-A11",
    "CRYP-1910-A10",
    "CRYP-1968-A18",
    "CRYP-2027-A10",
    "CRYP-2168-A08",
    "CRYP-225-A06",
    "CRYP-285-A03",
    "CRYP-376-A09",
    "CRYP-389-A13",
    "DATA-002-A09",
    "DATA-1135-A08",
    "DATA-1164-A10",
    "DATA-1235-A05",
    "DATA-1235-A11",
    "DATA-1237-A05",
    "DATA-137-A21",
    "DATA-2017-A04",
    "DATA-2213-A02",
    "DATA-2309",
    "DATA-2309-A01",
    "DATA-2309-A05",
    "DATA-2309-A07",
    "DATA-2695-A02",
    "DATA-2724-A08",
    "DATA-3026-A10",
    "DATA-3437-A12",
    "DATA-4242-A07",
    "DATA-4277-A07",
    "DATA-4294-A10",
    "DATA-4303-A10",
    "DATA-4556-A04",
    "DATA-4633-A03",
    "DATA-716-A01",
    "DATA-716-A02",
    "DATA-716-A03",
    "DATA-716-A04",
    "DATA-827-A04",
    "DATA-827-A05",
    "DATA-827-A06",
    "DATA-917-A02",
    "DATA-917-A03",
    "DATA-917-A05",
    "DATA-917-A06",
    "DATA-917-A08",
    "DATA-917-A10",
    "DATA-917-A11",
    "DATA-947-A02",
    "DATA-947-A03",
    "DATA-947-A06",
    "DATA-947-A11",
    "DATA-947-A15",
    "DATA-947-A16",
    "DATA-947-A17",
    "DATA-947-A20",
    "DOC-010-A01",
    "DOC-010-A03",
    "DOC-010-A07",
    "FIN-298-A21",
    "GLM-001-A02",
    "GLM-001-A04",
    "GOV-0683-A04",
    "GOV-0683-A10",
    "GOV-0686-A04",
    "GOV-0686-A10",
    "GOV-0697-A01",
    "GOV-0697-A03",
    "GOV-1045-A04",
    "GOV-1195-A02",
    "GOV-1540",
    "GOV-1540-A01",
    "GOV-2435-A10",
    "GOV-3061-A09",
    "GOV-3175-A03",
    "GOV-3175-A04",
    "GOV-322-A11",
    "GOV-445-A13",
    "GOV-462-A13",
    "GOV-640-A30",
    "GOV-741-A05",
    "HLT-120-A09",
    "HLT-148-A03",
    "HLT-148-A07",
    "HLT-560-A18",
    "IAM-009-A07",
    "IAM-009-A10",
    "IDF-010-A02",
    "INC-0358-A29",
    "INC-091",
    "INC-091-A05",
    "INC-091-A07",
    "INC-091-A08",
    "INC-091-A09",
    "INC-091-A10",
    "INC-151-A10",
    "INC-188-A05",
    "INC-205-A02",
    "ISS-003-A02",
    "KMG-002-A04",
    "KYS-006-A08",
    "LOG-045-A17",
    "LOG-060-A07",
    "LOG-0861-A01",
    "LOG-0861-A07",
    "LOG-0861-A13",
    "LOG-0863",
    "LOG-0863-A01",
    "LOG-0867-A04",
    "LOG-0868-A04",
    "LOG-0869-A07",
    "LOG-0874-A01",
    "LOG-0874-A02",
    "LOG-0874-A04",
    "LOG-0874-A06",
    "LOG-0879-A03",
    "LOG-0885-A04",
    "LOG-0885-A05",
    "LOG-0886-A01",
    "LOG-1048-A05",
    "LOG-1066-A02",
    "LOG-107-A05",
    "LOG-1088-A01",
    "LOG-1088-A04",
    "LOG-1478-A06",
    "LOG-1480",
    "LOG-1480-A01",
    "LOG-1481-A10",
    "LOG-1512-A05",
    "LOG-1695-A11",
    "LOG-1728-A17",
    "LOG-1762-A03",
    "LOG-1830-A20",
    "LOG-1859-A11",
    "LOG-1892-A01",
    "LOG-1959-A10",
    "LOG-2028-A05",
    "LOG-2037",
    "LOG-2054-A06",
    "LOG-2065",
    "LOG-2067-A05",
    "LOG-341",
    "LOG-407-A18",
    "LOG-410-A11",
    "LOG-595-A08",
    "LOG-596",
    "LOG-596-A01",
    "LOG-599",
    "LOG-599-A01",
    "LOG-605-A05",
    "LOG-622",
    "LOG-622-A12",
    "LOG-622-A13",
    "LOG-626-A04",
    "LOG-633-A07",
    "LOG-643",
    "LOG-643-A01",
    "LOG-643-A02",
    "LOG-643-A03",
    "LOG-652-A03",
    "LOG-652-A07",
    "LOG-652-A08",
    "LOG-667",
    "LOG-667-A04",
    "LOG-667-A06",
    "LOG-684-A06",
    "LOG-686",
    "LOG-686-A01",
    "LOG-686-A09",
    "LOG-705",
    "LOG-706-A10",
    "LOG-706-A11",
    "LOG-711",
    "LOG-711-A18",
    "LOG-745-A08",
    "LOG-745-A09",
    "LOG-745-A18",
    "LOG-745-A28",
    "LOG-745-A29",
    "LOG-745-A38",
    "LOG-745-A39",
    "LOG-745-A49",
    "LOG-745-A50",
    "LOG-745-A59",
    "LOG-855",
    "LOG-856-A07",
    "LOG-856-A17",
    "LOG-856-A27",
    "LOG-856-A42",
    "LOG-856-A47",
    "LOG-856-A57",
    "LOG-857",
    "LOG-858",
    "LOG-899",
    "LOG-900-A60",
    "LOG-901-A08",
    "LOG-962-A06",
    "LOG-966",
    "LOG-974-A01",
    "NET-029-A07",
    "NET-029-A20",
    "NET-1143",
    "NET-1689-A11",
    "NET-374-A04",
    "NET-374-A15",
    "NET-377",
    "NET-798-A04",
    "NET-981-A12",
    "PHY-003-A04",
    "PHY-003-A09",
    "PLG-006-A02",
    "REL-001-A01",
    "REL-001-A07",
    "SEC-038-A07",
    "SEC-038-A08",
    "SEC-1044-A03",
    "SEC-1144-A14",
    "SEC-1144-A25",
    "SEC-1144-A39",
    "SEC-1144-A53",
    "SEC-1144-A67",
    "SEC-2172-A08",
    "SEC-2392-A10",
    "SEC-2623-A07",
    "SEC-264-A08",
    "SEC-264-A13",
    "SEC-264-A18",
    "SEC-264-A29",
    "SEC-2645-A02",
    "SEC-2751-A09",
    "SEC-2789-A10",
    "SEC-2792",
    "SEC-2792-A01",
    "SEC-2792-A03",
    "SEC-2792-A08",
    "SEC-2792-A09",
    "SEC-2838-A01",
    "SEC-3161-A08",
    "SEC-3174-A04",
    "SEC-3175-A10",
    "SEC-3184-A11",
    "SEC-3389-A09",
    "SEC-362-A09",
    "SEC-362-A11",
    "SEC-362-A20",
    "SEC-362-A22",
    "SEC-3866",
    "SEC-3895-A09",
    "SEC-3904-A04",
    "SEC-3915-A05",
    "SEC-3933-A05",
    "SEC-3933-A10",
    "SEC-3937-A03",
    "SEC-3945-A09",
    "SEC-3974-A19",
    "SEC-3982-A01",
    "SEC-5136-A09",
    "SEC-5782-A07",
    "SEC-5917-A12",
    "SEC-6320-A08",
    "SEC-6515-A08",
    "SEC-6830-A10",
    "SEC-6894",
    "SEC-6938-A13",
    "SEC-7562-A03",
    "SEC-7595-A10",
    "SEC-7705-A01",
    "SEC-8002-A10",
    "SEC-8014-A12",
    "SEC-8062-A04",
    "SEC-8106-A07",
    "SEC-8208-A08",
    "SEC-8257-A13",
    "SEC-8286-A09",
    "SEC-830-A12",
    "SEC-8303",
    "SEC-834-A24",
    "SEC-836-A02",
    "SEC-836-A18",
    "SEC-9020-A10",
    "SEC-9068-A05",
    "SEC-9197-A13",
    "TPM-004",
    "TPM-004-A07",
    "TRD-532-A07",
    "TSA-006-A02",
    "TSA-006-A04"
   ],
   "member_count": 505,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.93,
    "source_meta_cluster": "M41",
    "cluster_size": 21,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "log_access_control_protection",
   "name": "Zugriffsschutz auf Protokollierungssysteme",
   "description": "Der Zugriff auf Audit-Logs und Protokollierungssysteme wird eingeschraenkt und kontrolliert; nur autorisierte Rollen duerfen Logs einsehen oder konfigurieren.",
   "tier": "LEGAL_MINIMUM",
   "subdomain": "log_access",
   "applicability": "universal",
   "evidence_facets": {
    "governance": true,
    "capability": true,
    "evidence": true
   },
   "source_role": "LEGAL_BASIS",
   "legal_basis": [
    {
     "source": "CRA",
     "anchor": "Annex I Part I (2)(k)",
     "citation": "in a secure manner"
    }
   ],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "AU-9(4) Access by Subset of Privileged Users",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M57",
    "M27",
    "M39",
    "M84"
   ],
   "member_controls": [
    "AUTH-3591-A05",
    "AUTH-3687-A01",
    "COMP-2775-A01",
    "COMP-2778",
    "COMP-2778-A01",
    "COMP-2778-A05",
    "CRYP-2028-A01",
    "DATA-1164-A10",
    "DATA-1235-A05",
    "DATA-1732-A10",
    "DATA-2213-A02",
    "DATA-2309",
    "DATA-2309-A01",
    "DATA-3367-A04",
    "DATA-4300-A08",
    "DATA-4633-A03",
    "DATA-827-A06",
    "DATA-947-A02",
    "DATA-947-A03",
    "DATA-947-A16",
    "DATA-947-A17",
    "GOV-3833",
    "LOG-053",
    "LOG-053-A03",
    "LOG-053-A09",
    "LOG-060",
    "LOG-060-A06",
    "LOG-060-A15",
    "LOG-0860-A05",
    "LOG-0879-A03",
    "LOG-1041-A02",
    "LOG-1054-A02",
    "LOG-1058-A03",
    "LOG-1237-A06",
    "LOG-1513",
    "LOG-1513-A01",
    "LOG-1515-A03",
    "LOG-1664",
    "LOG-1664-A01",
    "LOG-1731-A04",
    "LOG-1830-A18",
    "LOG-1947-A07",
    "LOG-2026-A05",
    "LOG-2065-A05",
    "LOG-595-A08",
    "LOG-641-A04",
    "LOG-641-A05",
    "LOG-641-A06",
    "LOG-643",
    "LOG-643-A01",
    "LOG-643-A02",
    "LOG-967-A02",
    "LOG-974-A04",
    "NET-1691-A07",
    "SEC-2792",
    "SEC-2792-A01",
    "SEC-6319-A11",
    "SEC-7060-A04",
    "SEC-7080-A10"
   ],
   "member_count": 59,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.88,
    "source_meta_cluster": "M57",
    "cluster_size": 18,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "log_retention_archival",
   "name": "Aufbewahrung und Archivierung von Audit-Logs",
   "description": "Audit-Logs werden fuer definierte Aufbewahrungszeitraeume gespeichert, archiviert und bei Bedarf uebertragen, inkl. Speicherkapazitaetsplanung.",
   "tier": "BEST_PRACTICE",
   "subdomain": "log_retention",
   "applicability": "conditional:retention_required",
   "evidence_facets": {
    "governance": true,
    "capability": true,
    "evidence": true
   },
   "source_role": "GUIDANCE",
   "legal_basis": [],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "AU-11 Audit Record Retention",
     "role": "best_practice"
    },
    {
     "source": "ISO",
     "anchor": "ISO 27001 A.8.15",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M38",
    "M69",
    "M44",
    "M22"
   ],
   "member_controls": [
    "AUTH-2905-A07",
    "COMP-2734-A07",
    "COMP-2752-A09",
    "COMP-2928",
    "COMP-3299-A04",
    "COMP-3312-A06",
    "COMP-3324",
    "COMP-3324-A01",
    "COMP-3324-A02",
    "COMP-3324-A03",
    "COMP-3324-A04",
    "COMP-3326-A11",
    "COMP-3339-A02",
    "COMP-3340",
    "COMP-3347",
    "COMP-3363",
    "COMP-3363-A03",
    "COMP-3441-A09",
    "COMP-3521-A03",
    "COMP-3521-A04",
    "COMP-3617-A12",
    "COMP-4059-A12",
    "COMP-4113-A05",
    "COMP-911-A03",
    "COMP-911-A09",
    "CRYP-1103-A08",
    "CRYP-1156-A10",
    "CRYP-1244-A10",
    "CRYP-1688-A15",
    "CRYP-1839-A03",
    "CRYP-1936",
    "CRYP-244",
    "CRYP-807-A08",
    "CRYP-911-A09",
    "DATA-1164-A06",
    "DATA-1230",
    "DATA-1235-A04",
    "DATA-2017-A02",
    "DATA-2429-A11",
    "DATA-3222-A12",
    "DATA-3278-A06",
    "GOV-1414-A07",
    "GOV-1420-A11",
    "GOV-1562-A09",
    "GOV-1664-A08",
    "GOV-2495-A08",
    "GOV-2596-A06",
    "GOV-3494-A13",
    "INC-1334-A02",
    "LOG-0860-A01",
    "LOG-1036-A01",
    "LOG-1044-A05",
    "LOG-1052-A05",
    "LOG-1053-A02",
    "LOG-1056-A02",
    "LOG-1057-A06",
    "LOG-1062",
    "LOG-1062-A01",
    "LOG-1062-A02",
    "LOG-1074-A03",
    "LOG-1087-A01",
    "LOG-1100-A03",
    "LOG-1102-A03",
    "LOG-1235-A07",
    "LOG-1237-A03",
    "LOG-1237-A05",
    "LOG-1465-A01",
    "LOG-1465-A02",
    "LOG-1480-A08",
    "LOG-1494",
    "LOG-1515-A04",
    "LOG-172-A05",
    "LOG-1830-A21",
    "LOG-1901-A02",
    "LOG-1901-A08",
    "LOG-1901-A09",
    "LOG-1956",
    "LOG-1959-A08",
    "LOG-2057-A05",
    "LOG-595",
    "LOG-595-A01",
    "LOG-616",
    "LOG-616-A01",
    "LOG-667-A05",
    "LOG-667-A09",
    "LOG-667-A10",
    "LOG-667-A14",
    "LOG-688",
    "LOG-688-A01",
    "LOG-688-A04",
    "LOG-688-A05",
    "LOG-688-A07",
    "NET-1088-A06",
    "NET-1751-A12",
    "NET-959",
    "SEC-2007-A05",
    "SEC-2019-A01",
    "SEC-2697-A08",
    "SEC-2746-A09",
    "SEC-2792-A02",
    "SEC-2827-A10",
    "SEC-2835-A08",
    "SEC-3159-A11",
    "SEC-3305-A03",
    "SEC-3379-A10",
    "SEC-3436-A12",
    "SEC-3718-A01",
    "SEC-3726-A09",
    "SEC-3904-A03",
    "SEC-3983",
    "SEC-4016-A11",
    "SEC-4124",
    "SEC-5134-A06",
    "SEC-5485",
    "SEC-6194-A08",
    "SEC-6232-A13",
    "SEC-7482-A08",
    "SEC-7726-A11",
    "SEC-7932-A08",
    "SEC-8015-A05",
    "SEC-8308-A04",
    "SEC-8993-A02",
    "SEC-9134-A01"
   ],
   "member_count": 123,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.85,
    "source_meta_cluster": "M38",
    "cluster_size": 85,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "centralized_log_management",
   "name": "Zentrales Log-Management und Korrelation",
   "description": "Logs werden in eine zentrale Log-Management-Loesung integriert, korreliert und auf separaten Systemen gespeichert.",
   "tier": "BEST_PRACTICE",
   "subdomain": "log_management",
   "applicability": "conditional:centralized_logging",
   "evidence_facets": {
    "governance": true,
    "capability": true,
    "evidence": false
   },
   "source_role": "GUIDANCE",
   "legal_basis": [],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "AU-6 Audit Record Review/SIEM",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M6",
    "M20",
    "M43",
    "M70",
    "M34",
    "M53",
    "M60",
    "M93"
   ],
   "member_controls": [
    "ACC-652-A03",
    "AUTH-1279-A01",
    "AUTH-1279-A05",
    "AUTH-1562-A01",
    "AUTH-1924-A01",
    "AUTH-2415-A06",
    "AUTH-2415-A12",
    "AUTH-2849-A10",
    "AUTH-2936-A02",
    "AUTH-2941-A12",
    "AUTH-3025-A07",
    "AUTH-3918-A02",
    "AUTH-973",
    "COMP-1455",
    "COMP-1789-A14",
    "COMP-2033-A08",
    "COMP-2724-A04",
    "COMP-2775-A06",
    "COMP-2928-A01",
    "COMP-3301-A07",
    "COMP-3324-A10",
    "COMP-3326-A09",
    "COMP-3327-A05",
    "COMP-3356-A02",
    "COMP-3356-A03",
    "COMP-3544-A05",
    "COMP-3658-A01",
    "COMP-3739-A02",
    "CRYP-1068-A08",
    "CRYP-1227-A05",
    "CRYP-1451-A01",
    "CRYP-1600-A11",
    "CRYP-1600-A12",
    "CRYP-2020-A06",
    "CRYP-2301",
    "CRYP-423",
    "CRYP-743-A06",
    "CRYP-805-A07",
    "CRYP-841-A07",
    "CRYP-845-A07",
    "DATA-1050-A11",
    "DATA-1732-A09",
    "DATA-1903-A04",
    "DATA-2309-A06",
    "DATA-2388-A10",
    "DATA-4300",
    "DATA-4670-A09",
    "GOV-1439-A08",
    "GOV-1443",
    "GOV-3504-A09",
    "GOV-3530-A02",
    "INC-1307-A06",
    "LOG-1041-A03",
    "LOG-1044-A01",
    "LOG-1044-A02",
    "LOG-1044-A03",
    "LOG-1045",
    "LOG-1045-A01",
    "LOG-1054-A10",
    "LOG-1058",
    "LOG-1058-A01",
    "LOG-1058-A09",
    "LOG-1063-A05",
    "LOG-1065-A02",
    "LOG-1066-A04",
    "LOG-1067",
    "LOG-1067-A04",
    "LOG-1069-A01",
    "LOG-1075",
    "LOG-1075-A01",
    "LOG-1075-A02",
    "LOG-1087",
    "LOG-1093",
    "LOG-1093-A01",
    "LOG-1251-A09",
    "LOG-1467",
    "LOG-1467-A02",
    "LOG-1475-A02",
    "LOG-1485-A05",
    "LOG-1511-A13",
    "LOG-1515-A01",
    "LOG-1545-A04",
    "LOG-1731-A02",
    "LOG-1733-A04",
    "LOG-1734-A04",
    "LOG-1736",
    "LOG-1751-A11",
    "LOG-1753",
    "LOG-1761",
    "LOG-1761-A01",
    "LOG-1767",
    "LOG-1767-A01",
    "LOG-1772",
    "LOG-1772-A01",
    "LOG-1776-A01",
    "LOG-1950",
    "LOG-1950-A01",
    "LOG-1953",
    "LOG-2037-A08",
    "LOG-2065-A08",
    "LOG-2067-A03",
    "LOG-2083-A01",
    "LOG-699",
    "LOG-710",
    "LOG-859",
    "LOG-900",
    "LOG-902-A09",
    "NET-048-A04",
    "NET-048-A05",
    "NET-048-A14",
    "NET-048-A15",
    "NET-1166-A11",
    "NET-1356-A12",
    "NET-1357-A08",
    "NET-1491-A03",
    "NET-1491-A09",
    "NET-1530-A07",
    "NET-1612-A05",
    "NET-1689-A01",
    "NET-1689-A06",
    "NET-1689-A07",
    "NET-1691",
    "NET-1691-A01",
    "NET-494-A12",
    "NET-504",
    "SEC-3904",
    "SEC-3920-A09",
    "SEC-3954",
    "SEC-3954-A03",
    "SEC-4009",
    "SEC-4009-A01",
    "SEC-5909-A09",
    "SEC-6153-A09",
    "SEC-6811-A07",
    "SEC-6831-A08",
    "SEC-7013-A05",
    "SEC-7013-A08",
    "SEC-7130",
    "SEC-7154",
    "SEC-7591-A04",
    "SEC-7971-A01",
    "SEC-8228-A03",
    "SEC-8869-A05",
    "SEC-8869-A06",
    "SEC-8869-A07",
    "SEC-980"
   ],
   "member_count": 146,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.84,
    "source_meta_cluster": "M6",
    "cluster_size": 64,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "log_monitoring_alerting",
   "name": "Monitoring, Anomalieerkennung und Alarmierung",
   "description": "Logs werden ueberwacht; bei Anomalien, Angriffsversuchen oder Sicherheitsvorfaellen wird alarmiert und ausgewertet.",
   "tier": "LEGAL_MINIMUM",
   "subdomain": "monitoring",
   "applicability": "universal",
   "evidence_facets": {
    "governance": true,
    "capability": true,
    "evidence": true
   },
   "source_role": "LEGAL_BASIS",
   "legal_basis": [
    {
     "source": "CRA",
     "anchor": "Annex I Part I (2)(k)",
     "citation": "monitor relevant internal activity"
    }
   ],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "AU-6/SI-4",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M18",
    "M26",
    "M30",
    "M87",
    "M96",
    "M90",
    "M9",
    "M20",
    "M79"
   ],
   "member_controls": [
    "AI-1254-A02",
    "AI-1434-A06",
    "AUTH-1279-A04",
    "AUTH-1312-A03",
    "AUTH-1443-A03",
    "AUTH-1563-A04",
    "AUTH-2415-A03",
    "AUTH-2798-A07",
    "AUTH-2798-A08",
    "AUTH-2798-A15",
    "AUTH-2840-A04",
    "AUTH-2849-A10",
    "AUTH-2949-A11",
    "AUTH-3005-A08",
    "AUTH-3025-A07",
    "AUTH-3473-A01",
    "AUTH-3473-A02",
    "AUTH-3644-A05",
    "AUTH-3712-A02",
    "AUTH-3712-A08",
    "AUTH-3887-A05",
    "AUTH-3894-A16",
    "AUTH-3894-A17",
    "AUTH-3895",
    "AUTH-3895-A03",
    "AUTH-3924",
    "AUTH-4045-A05",
    "AUTH-4052",
    "AUTH-535-A04",
    "AUTH-656-A23",
    "AUTH-660-A12",
    "CLG-001-A03",
    "CLG-001-A07",
    "COMP-1150",
    "COMP-196-A05",
    "COMP-2765-A10",
    "COMP-2775-A07",
    "COMP-2780-A06",
    "COMP-3324-A10",
    "COMP-3326-A04",
    "COMP-3326-A06",
    "COMP-3326-A09",
    "COMP-3327-A05",
    "COMP-3332-A10",
    "COMP-3356-A02",
    "COMP-3356-A03",
    "COMP-3739-A02",
    "COMP-4088-A03",
    "CRYP-1031-A03",
    "CRYP-1068-A08",
    "CRYP-1451-A01",
    "CRYP-1600-A01",
    "CRYP-1763-A02",
    "CRYP-1763-A08",
    "CRYP-1889-A09",
    "CRYP-2020-A06",
    "CRYP-415-A11",
    "CRYP-415-A34",
    "CRYP-630-A06",
    "CRYP-743-A06",
    "CRYP-805-A07",
    "CRYP-867-A09",
    "DATA-1257-A08",
    "DATA-1729-A01",
    "DATA-1729-A03",
    "DATA-2229",
    "DATA-2229-A01",
    "DATA-2309-A06",
    "DATA-2388-A10",
    "DATA-2417-A05",
    "DATA-2481-A08",
    "DATA-3369-A06",
    "DATA-4348",
    "DATA-4348-A04",
    "DATA-4353-A02",
    "DATA-4358-A05",
    "DATA-652-A07",
    "DATA-652-A17",
    "DATA-652-A30",
    "DATA-680-A02",
    "DATA-680-A06",
    "GLM-001-A06",
    "GOV-1439-A08",
    "GOV-3504-A09",
    "GOV-3868-A10",
    "HLT-262-A07",
    "INC-251-A03",
    "INC-251-A04",
    "INC-251-A18",
    "INC-251-A37",
    "INC-271",
    "INC-271-A01",
    "INC-271-A08",
    "LOG-009",
    "LOG-009-A01",
    "LOG-009-A02",
    "LOG-009-A03",
    "LOG-009-A05",
    "LOG-009-A06",
    "LOG-060-A03",
    "LOG-0862-A06",
    "LOG-0862-A07",
    "LOG-1030",
    "LOG-1030-A01",
    "LOG-1030-A04",
    "LOG-1039-A04",
    "LOG-1039-A06",
    "LOG-1040-A04",
    "LOG-1045-A03",
    "LOG-1045-A04",
    "LOG-1045-A05",
    "LOG-1046-A06",
    "LOG-1051-A01",
    "LOG-1054-A05",
    "LOG-1054-A10",
    "LOG-1055-A03",
    "LOG-1059-A08",
    "LOG-1069-A01",
    "LOG-1069-A04",
    "LOG-1071-A02",
    "LOG-1072-A01",
    "LOG-1090-A01",
    "LOG-1231-A06",
    "LOG-1467",
    "LOG-1475-A01",
    "LOG-1498",
    "LOG-1507",
    "LOG-1507-A01",
    "LOG-1507-A02",
    "LOG-1511-A13",
    "LOG-1515",
    "LOG-1515-A01",
    "LOG-1712-A01",
    "LOG-1729-A04",
    "LOG-1733-A01",
    "LOG-1736",
    "LOG-1743-A19",
    "LOG-1747-A02",
    "LOG-1751-A03",
    "LOG-1753-A10",
    "LOG-1768-A03",
    "LOG-1780-A02",
    "LOG-1780-A13",
    "LOG-1784-A04",
    "LOG-1825",
    "LOG-1825-A07",
    "LOG-1825-A12",
    "LOG-1900-A01",
    "LOG-1901",
    "LOG-1901-A11",
    "LOG-1950-A03",
    "LOG-1954-A03",
    "LOG-2029-A03",
    "LOG-2029-A04",
    "LOG-2029-A05",
    "LOG-2035-A01",
    "LOG-2039",
    "LOG-2039-A04",
    "LOG-2042",
    "LOG-2051-A04",
    "LOG-2053",
    "LOG-2059-A02",
    "LOG-2064-A03",
    "LOG-2064-A05",
    "LOG-2065-A08",
    "LOG-2067",
    "LOG-2067-A01",
    "LOG-2072",
    "LOG-2083-A01",
    "LOG-605",
    "LOG-615",
    "LOG-615-A03",
    "LOG-615-A06",
    "LOG-626-A05",
    "LOG-626-A07",
    "LOG-652",
    "LOG-652-A01",
    "LOG-657",
    "LOG-657-A01",
    "LOG-657-A02",
    "LOG-657-A03",
    "LOG-657-A04",
    "LOG-657-A05",
    "LOG-720",
    "LOG-762",
    "LOG-774",
    "LOG-792-A01",
    "LOG-792-A17",
    "LOG-792-A35",
    "LOG-856",
    "LOG-856-A01",
    "LOG-856-A02",
    "LOG-856-A06",
    "LOG-856-A09",
    "LOG-856-A10",
    "LOG-856-A11",
    "LOG-856-A12",
    "LOG-856-A16",
    "LOG-856-A19",
    "LOG-856-A20",
    "LOG-856-A21",
    "LOG-856-A22",
    "LOG-856-A26",
    "LOG-856-A28",
    "LOG-856-A29",
    "LOG-856-A33",
    "LOG-856-A34",
    "LOG-856-A39",
    "LOG-856-A40",
    "LOG-856-A41",
    "LOG-856-A46",
    "LOG-856-A51",
    "LOG-856-A52",
    "LOG-856-A56",
    "LOG-857-A03",
    "LOG-857-A23",
    "LOG-857-A32",
    "LOG-857-A48",
    "LOG-857-A56",
    "LOG-857-A76",
    "LOG-955-A01",
    "LOG-958",
    "LOG-958-A05",
    "LOG-965",
    "LOG-965-A01",
    "LOG-965-A02",
    "LOG-974",
    "MLS-001-A02",
    "MLS-001-A06",
    "NET-048",
    "NET-1137",
    "NET-1166-A11",
    "NET-1258",
    "NET-1356-A12",
    "NET-1360",
    "NET-1530-A07",
    "NET-1612-A05",
    "NET-1691-A09",
    "NET-1738",
    "NET-1778",
    "NET-1788-A03",
    "NET-1798-A06",
    "NET-525",
    "NET-525-A11",
    "NET-788-A12",
    "NET-959-A01",
    "NET-962-A03",
    "PIL-001-A03",
    "REL-001-A15",
    "SEC-1249-A13",
    "SEC-2870-A09",
    "SEC-3325",
    "SEC-3325-A10",
    "SEC-3332-A02",
    "SEC-3931-A12",
    "SEC-4009-A06",
    "SEC-4142-A08",
    "SEC-5180-A05",
    "SEC-5180-A09",
    "SEC-5909-A08",
    "SEC-5909-A09",
    "SEC-5965-A10",
    "SEC-6137",
    "SEC-6439-A02",
    "SEC-6724-A07",
    "SEC-6811-A07",
    "SEC-6831-A08",
    "SEC-6973-A05",
    "SEC-7013-A05",
    "SEC-7013-A08",
    "SEC-7130",
    "SEC-7154",
    "SEC-7452-A02",
    "SEC-7492-A08",
    "SEC-7705",
    "SEC-7839-A19",
    "SEC-8224-A03",
    "SEC-8305",
    "SEC-8787",
    "SEC-8869-A05",
    "SEC-8869-A06",
    "SEC-8869-A07",
    "TPM-004-A08"
   ],
   "member_count": 283,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.9,
    "source_meta_cluster": "M18",
    "cluster_size": 147,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "log_data_minimization_privacy",
   "name": "Datenminimierung und Datenschutz in Logs",
   "description": "Sensible/personenbezogene Daten werden vor der Protokollierung gefiltert, anonymisiert oder ausgeschlossen; Logging respektiert Datenschutzanforderungen.",
   "tier": "BEST_PRACTICE",
   "subdomain": "log_privacy",
   "applicability": "conditional:processes_personal_data",
   "evidence_facets": {
    "governance": true,
    "capability": true,
    "evidence": false
   },
   "source_role": "GUIDANCE",
   "legal_basis": [],
   "guidance_basis": [
    {
     "source": "OWASP",
     "anchor": "ASVS V7.1 Log Content",
     "role": "best_practice"
    },
    {
     "source": "ISO",
     "anchor": "ISO 27701",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M68",
    "M66",
    "M19",
    "M57",
    "M48",
    "M22",
    "M42",
    "M7"
   ],
   "member_controls": [
    "ACC-762-A04",
    "AUTH-1555-A04",
    "AUTH-1561-A01",
    "AUTH-1561-A02",
    "AUTH-2798",
    "AUTH-2840-A01",
    "AUTH-2840-A03",
    "AUTH-2840-A05",
    "AUTH-2840-A06",
    "AUTH-2905-A07",
    "AUTH-2950-A08",
    "AUTH-3686-A05",
    "AUTH-3918",
    "AUTH-535",
    "AUTH-663-A07",
    "CLG-001",
    "CLG-001-A02",
    "CLG-001-A06",
    "COMP-2752-A03",
    "COMP-2778-A02",
    "COMP-3362-A05",
    "CRYP-1111-A11",
    "CRYP-1308-A06",
    "CRYP-1338-A09",
    "CRYP-1794-A09",
    "CRYP-1855-A01",
    "DATA-1164-A10",
    "DATA-1191-A14",
    "DATA-1235-A05",
    "DATA-2213-A02",
    "DATA-2309",
    "DATA-2309-A01",
    "DATA-3961-A07",
    "DATA-4300-A02",
    "DATA-4300-A09",
    "DATA-4418-A12",
    "DATA-4633-A03",
    "DATA-4669",
    "DATA-4669-A01",
    "DATA-4669-A04",
    "DATA-827-A06",
    "DATA-852-A03",
    "DATA-852-A12",
    "DATA-947-A02",
    "DATA-947-A03",
    "DATA-947-A16",
    "DATA-947-A17",
    "GOV-3865-A03",
    "HLG-001",
    "HLT-197-A08",
    "INC-215-A06",
    "LGM-001",
    "LOG-001",
    "LOG-0879-A03",
    "LOG-1052-A05",
    "LOG-1058-A11",
    "LOG-1063",
    "LOG-1238-A10",
    "LOG-1475-A03",
    "LOG-1663-A02",
    "LOG-1663-A03",
    "LOG-1727",
    "LOG-1731-A01",
    "LOG-1733-A11",
    "LOG-1743-A15",
    "LOG-1749-A04",
    "LOG-1752",
    "LOG-1755-A09",
    "LOG-1776-A02",
    "LOG-1830-A15",
    "LOG-1956",
    "LOG-2051-A02",
    "LOG-2051-A03",
    "LOG-2057",
    "LOG-2057-A01",
    "LOG-2057-A03",
    "LOG-2057-A04",
    "LOG-2067-A04",
    "LOG-2072-A05",
    "LOG-595-A08",
    "LOG-626",
    "LOG-626-A01",
    "LOG-626-A02",
    "LOG-639",
    "LOG-641",
    "LOG-641-A02",
    "LOG-643",
    "LOG-643-A01",
    "LOG-643-A02",
    "LOG-672",
    "LOG-672-A01",
    "LOG-675-A03",
    "LOG-710-A04",
    "LOG-710-A05",
    "LOG-710-A07",
    "LOG-745",
    "LOG-900-A11",
    "LOG-900-A27",
    "LOG-900-A43",
    "LOG-900-A59",
    "LOG-900-A73",
    "LOG-958-A01",
    "LOG-971-A06",
    "NET-1445-A06",
    "NET-1690-A09",
    "NET-1691-A06",
    "NET-759-A03",
    "PLG-001",
    "RIL-001",
    "SEC-1226-A06",
    "SEC-2792",
    "SEC-2792-A01",
    "SEC-3193-A07",
    "SEC-3305",
    "SEC-3305-A01",
    "SEC-3305-A02",
    "SEC-3308-A04",
    "SEC-6728-A03",
    "SEC-7099-A09",
    "SEC-7119-A17"
   ],
   "member_count": 120,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.83,
    "source_meta_cluster": "M68",
    "cluster_size": 7,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "log_format_standardization",
   "name": "Standardisierte und strukturierte Log-Formate",
   "description": "Logs werden in standardisierten, strukturierten Formaten erzeugt (z.B. mit Trace/Span-Kontext) fuer Auswertbarkeit und Log-Management-Integration.",
   "tier": "BEST_PRACTICE",
   "subdomain": "log_format",
   "applicability": "conditional:structured_logging",
   "evidence_facets": {
    "governance": false,
    "capability": true,
    "evidence": false
   },
   "source_role": "GUIDANCE",
   "legal_basis": [],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "AU-3 Content of Audit Records",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M15",
    "M16",
    "M77",
    "M75",
    "M49"
   ],
   "member_controls": [
    "AUTH-2160-A02",
    "AUTH-2161",
    "AUTH-2785-A05",
    "AUTH-2919-A05",
    "AUTH-2919-A11",
    "COMP-3305",
    "COMP-3305-A01",
    "COMP-3305-A02",
    "COMP-3305-A04",
    "COMP-3429-A02",
    "CRYP-1600-A02",
    "CRYP-1600-A03",
    "CRYP-1600-A04",
    "CRYP-1600-A05",
    "CRYP-1600-A06",
    "CRYP-1600-A09",
    "CRYP-1600-A15",
    "CRYP-1936-A02",
    "CRYP-382-A01",
    "DATA-1735",
    "DATA-1735-A01",
    "GOV-2143",
    "GOV-2143-A01",
    "GOV-2143-A05",
    "GOV-2281-A07",
    "INC-991",
    "INC-991-A02",
    "LOG-001-A11",
    "LOG-1093-A02",
    "LOG-1235-A01",
    "LOG-1237",
    "LOG-1237-A02",
    "LOG-1237-A04",
    "LOG-1238",
    "LOG-1238-A01",
    "LOG-1238-A04",
    "LOG-1238-A05",
    "LOG-1238-A06",
    "LOG-1238-A07",
    "LOG-1238-A08",
    "LOG-1238-A09",
    "LOG-1246",
    "LOG-1251",
    "LOG-1251-A04",
    "LOG-1478-A03",
    "LOG-1478-A07",
    "LOG-1739-A04",
    "LOG-1780-A10",
    "LOG-1825-A06",
    "LOG-1941-A01",
    "LOG-2027-A01",
    "LOG-2055",
    "LOG-714-A14",
    "LOG-714-A27",
    "LOG-714-A28",
    "LOG-714-A33",
    "LOG-714-A40",
    "LOG-714-A41",
    "NET-1095-A02",
    "NET-1491",
    "NET-476-A02",
    "NET-476-A30",
    "NET-476-A43",
    "NET-476-A71",
    "SEC-5202",
    "SEC-8224-A08"
   ],
   "member_count": 66,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.8,
    "source_meta_cluster": "M15",
    "cluster_size": 22,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "log_timestamp_synchronization",
   "name": "Zeitstempel und Zeitsynchronisation der Logs",
   "description": "Logs enthalten verlaessliche Zeitstempel; Logging-Dienste werden auf eine gemeinsame Zeitquelle synchronisiert (ggf. zertifizierte Zeitstempel).",
   "tier": "BEST_PRACTICE",
   "subdomain": "log_time",
   "applicability": "universal",
   "evidence_facets": {
    "governance": false,
    "capability": true,
    "evidence": true
   },
   "source_role": "GUIDANCE",
   "legal_basis": [],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "AU-8 Time Stamps",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M37",
    "M85",
    "M51",
    "M64"
   ],
   "member_controls": [
    "COMP-2462-A05",
    "COMP-3351",
    "COMP-3351-A01",
    "COMP-3351-A02",
    "CRYP-1806-A12",
    "DATA-1186-A01",
    "DATA-2194",
    "GOV-3824",
    "LOG-1075-A06",
    "LOG-1075-A08",
    "LOG-1092-A01",
    "LOG-1484-A05",
    "LOG-1900",
    "LOG-2037",
    "LOG-2060",
    "LOG-2065",
    "LOG-2067-A06",
    "LOG-711",
    "LOG-711-A06",
    "LOG-711-A14",
    "LOG-711-A18",
    "LOG-857",
    "LOG-962-A06",
    "LOG-964-A03",
    "LOG-964-A04",
    "NET-058-A18",
    "NET-058-A36",
    "NET-1103-A08",
    "NET-1487-A12",
    "NET-1689-A10",
    "NET-980-A01",
    "SEC-2720-A07",
    "SEC-2836-A01",
    "SEC-3924-A05",
    "SEC-3937-A03",
    "SEC-5118-A04",
    "SEC-5136-A09",
    "SEC-6948-A10",
    "SEC-8035-A03",
    "SEC-8304-A01",
    "SEC-8998",
    "TSA-006-A01"
   ],
   "member_count": 42,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.82,
    "source_meta_cluster": "M37",
    "cluster_size": 12,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "logging_availability_resilience",
   "name": "Verfuegbarkeit und Resilienz der Protokollierung",
   "description": "Bei Ausfall oder Erschoepfung der Protokollierung greifen alternative Verfahren/Redundanz; das System reagiert definiert auf Logging-Fehler.",
   "tier": "BEST_PRACTICE",
   "subdomain": "log_resilience",
   "applicability": "conditional:logging_failure_handling",
   "evidence_facets": {
    "governance": true,
    "capability": true,
    "evidence": false
   },
   "source_role": "GUIDANCE",
   "legal_basis": [],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "AU-5 Response to Audit Logging Process Failures",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M69",
    "M32",
    "M50",
    "M65",
    "M14",
    "M67"
   ],
   "member_controls": [
    "AUTH-1555-A10",
    "AUTH-1565-A02",
    "AUTH-3680-A02",
    "AUTH-3680-A04",
    "AUTH-3686-A02",
    "AUTH-3686-A08",
    "AUTH-639-A06",
    "AUTH-852-A27",
    "AUTH-852-A43",
    "AUTH-852-A59",
    "AUTH-852-A75",
    "COMP-3429-A01",
    "COMP-3747-A05",
    "CRYP-1600-A08",
    "CRYP-1600-A13",
    "CRYP-1600-A14",
    "CRYP-1600-A16",
    "CRYP-1842-A05",
    "CRYP-2184-A05",
    "CRYP-2184-A07",
    "CRYP-2184-A10",
    "DATA-095-A13",
    "DATA-1349-A08",
    "DATA-3912",
    "DATA-4342-A03",
    "DATA-4355-A03",
    "FRD-006-A03",
    "INC-1307",
    "INC-188-A05",
    "INC-926-A06",
    "LOG-060-A13",
    "LOG-0863",
    "LOG-0863-A01",
    "LOG-1028-A03",
    "LOG-1036",
    "LOG-1036-A01",
    "LOG-1036-A05",
    "LOG-1044-A05",
    "LOG-1050",
    "LOG-1050-A01",
    "LOG-1053-A02",
    "LOG-1055-A04",
    "LOG-1056-A02",
    "LOG-1057",
    "LOG-1057-A09",
    "LOG-1062",
    "LOG-1062-A01",
    "LOG-1062-A02",
    "LOG-1066-A03",
    "LOG-1074-A03",
    "LOG-1087-A01",
    "LOG-1087-A13",
    "LOG-1100-A03",
    "LOG-1102-A03",
    "LOG-1235-A07",
    "LOG-1237-A03",
    "LOG-1237-A05",
    "LOG-1507-A03",
    "LOG-172-A05",
    "LOG-1764-A01",
    "LOG-1848-A13",
    "LOG-1901-A02",
    "LOG-1901-A08",
    "LOG-1901-A12",
    "LOG-2039-A03",
    "LOG-2051",
    "LOG-2055-A01",
    "LOG-2057-A05",
    "LOG-2064-A01",
    "LOG-615-A04",
    "LOG-615-A07",
    "LOG-955-A04",
    "LOG-962",
    "LOG-962-A01",
    "LOG-973-A03",
    "NET-1691-A02",
    "NET-1691-A03",
    "NET-1691-A04",
    "NET-959",
    "REL-001-A01",
    "REL-001-A07",
    "SEC-2019-A01",
    "SEC-3305-A03",
    "SEC-3305-A05",
    "SEC-4124",
    "SEC-5485",
    "SEC-5843-A05",
    "SEC-5852",
    "SEC-8295-A06",
    "SEC-8308-A04",
    "SEC-9020-A10"
   ],
   "member_count": 91,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.82,
    "source_meta_cluster": "M32",
    "cluster_size": 15,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "logging_thread_safety_correctness",
   "name": "Korrektheit und Threadsicherheit der Logging-Komponenten",
   "description": "Logging-Komponenten arbeiten threadsicher, ohne Ressourcenverluste/Livelocks; No-Op-Implementierungen verhalten sich definiert.",
   "tier": "BEST_PRACTICE",
   "subdomain": "log_implementation",
   "applicability": "conditional:implementation_level",
   "evidence_facets": {
    "governance": false,
    "capability": true,
    "evidence": false
   },
   "source_role": "IMPLEMENTATION",
   "legal_basis": [],
   "guidance_basis": [
    {
     "source": "OWASP",
     "anchor": "Secure Coding",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M49",
    "M75",
    "M50",
    "M32",
    "M97",
    "M78"
   ],
   "member_controls": [
    "AUTH-639-A06",
    "AUTH-852-A27",
    "AUTH-852-A43",
    "AUTH-852-A59",
    "AUTH-852-A75",
    "COMP-3429-A01",
    "CRYP-1600-A02",
    "CRYP-1600-A03",
    "CRYP-1600-A04",
    "CRYP-1600-A05",
    "CRYP-1600-A06",
    "CRYP-1600-A08",
    "CRYP-1600-A09",
    "CRYP-1600-A13",
    "CRYP-1600-A14",
    "CRYP-1600-A15",
    "CRYP-1600-A16",
    "DATA-095-A13",
    "FRD-006-A03",
    "GOV-2143-A05",
    "LOG-1055-A04",
    "LOG-1087-A13",
    "LOG-1093-A02",
    "LOG-1237",
    "LOG-1237-A02",
    "LOG-1237-A04",
    "LOG-1238",
    "LOG-1238-A01",
    "LOG-1238-A04",
    "LOG-1238-A05",
    "LOG-1238-A06",
    "LOG-1238-A07",
    "LOG-1238-A08",
    "LOG-1238-A09",
    "LOG-1251-A08",
    "LOG-1478-A03",
    "LOG-1478-A07",
    "LOG-1825-A06",
    "LOG-615-A04",
    "LOG-615-A07",
    "NET-1491",
    "SEC-5241",
    "SEC-8295-A06"
   ],
   "member_count": 43,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.78,
    "source_meta_cluster": "M49",
    "cluster_size": 13,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "logging_library_supply_chain",
   "name": "Sicherheit von Logging-Bibliotheken (Supply Chain)",
   "description": "Eingesetzte Logging-Bibliotheken werden auf Schwachstellen geprueft (SCA), gepatcht und gegen Log-Injection/JNDI-Lookups gehaertet.",
   "tier": "BEST_PRACTICE",
   "subdomain": "log_supply_chain",
   "applicability": "conditional:uses_third_party_logging",
   "evidence_facets": {
    "governance": true,
    "capability": true,
    "evidence": true
   },
   "source_role": "GUIDANCE",
   "legal_basis": [],
   "guidance_basis": [
    {
     "source": "OWASP",
     "anchor": "A06 Vulnerable Components / Log Injection",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M91",
    "M86",
    "M55",
    "M74"
   ],
   "member_controls": [
    "CRYP-415-A22",
    "CRYP-415-A51",
    "LOG-1232",
    "LOG-714-A08",
    "LOG-714-A16",
    "LOG-714-A25",
    "NET-476",
    "NET-476-A07",
    "NET-476-A09",
    "NET-476-A12",
    "NET-476-A14",
    "NET-476-A23",
    "NET-476-A53",
    "NET-476-A70",
    "NET-476-A72",
    "NET-476-A76",
    "NET-476-A78",
    "NET-476-A79",
    "NET-476-A81",
    "NET-476-A83",
    "SEC-7532-A06"
   ],
   "member_count": 21,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.85,
    "source_meta_cluster": "M91",
    "cluster_size": 8,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "logging_config_management",
   "name": "Konfiguration und Aktivierungsstatus der Protokollierung",
   "description": "Logging-Konfiguration und Aktivierungsstatus werden definiert, dokumentiert, dynamisch verifiziert und gegen unsichere Defaults geprueft.",
   "tier": "BEST_PRACTICE",
   "subdomain": "log_config",
   "applicability": "universal",
   "evidence_facets": {
    "governance": true,
    "capability": true,
    "evidence": true
   },
   "source_role": "GUIDANCE",
   "legal_basis": [],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "AU-1/CM-6",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M73",
    "M14",
    "M46",
    "M52",
    "M74",
    "M76",
    "M21",
    "M39"
   ],
   "member_controls": [
    "AUTH-1555-A10",
    "AUTH-1565-A02",
    "AUTH-2870-A08",
    "AUTH-2903-A01",
    "AUTH-3016-A10",
    "AUTH-3430-A12",
    "AUTH-3680-A02",
    "AUTH-3680-A04",
    "AUTH-3686-A02",
    "AUTH-3686-A08",
    "AUTH-3687-A07",
    "AUTH-3689",
    "AUTH-455",
    "COMP-2775-A01",
    "COMP-2778",
    "COMP-2778-A01",
    "COMP-2778-A05",
    "COMP-3322-A08",
    "COMP-3429",
    "COMP-3747-A05",
    "COMP-4088-A11",
    "COMP-801-A05",
    "COMP-805-A02",
    "COMP-805-A07",
    "CRYP-1842-A05",
    "CRYP-190-A11",
    "CRYP-193-A06",
    "CRYP-2184-A05",
    "CRYP-2184-A07",
    "CRYP-2184-A10",
    "CRYP-2330-A09",
    "DATA-099-A08",
    "DATA-1085-A08",
    "DATA-1349-A08",
    "DATA-1745",
    "DATA-2057-A19",
    "DATA-3402",
    "DATA-3912",
    "DATA-4300-A08",
    "DATA-4342-A03",
    "DATA-4355-A03",
    "DATA-735-A03",
    "DATA-735-A04",
    "DATA-969-A02",
    "DATA-969-A09",
    "GOV-1213-A09",
    "GOV-3833",
    "INC-1307",
    "LOG-053",
    "LOG-053-A03",
    "LOG-053-A09",
    "LOG-060",
    "LOG-060-A06",
    "LOG-060-A15",
    "LOG-1028-A03",
    "LOG-1036",
    "LOG-1036-A05",
    "LOG-1050",
    "LOG-1050-A01",
    "LOG-1055",
    "LOG-1055-A02",
    "LOG-1057-A09",
    "LOG-1066-A03",
    "LOG-1231",
    "LOG-1231-A03",
    "LOG-1231-A04",
    "LOG-1231-A05",
    "LOG-1231-A10",
    "LOG-1231-A11",
    "LOG-1231-A12",
    "LOG-1232",
    "LOG-1235-A05",
    "LOG-1237-A06",
    "LOG-1248-A05",
    "LOG-1513",
    "LOG-1513-A01",
    "LOG-1515-A03",
    "LOG-1695-A07",
    "LOG-1731-A04",
    "LOG-1739",
    "LOG-1762",
    "LOG-1848-A13",
    "LOG-1901-A12",
    "LOG-1947-A07",
    "LOG-1956-A02",
    "LOG-2026-A05",
    "LOG-2029",
    "LOG-2053-A10",
    "LOG-2065-A05",
    "LOG-708-A04",
    "LOG-709-A06",
    "LOG-709-A07",
    "LOG-709-A10",
    "LOG-709-A20",
    "LOG-709-A23",
    "LOG-709-A24",
    "LOG-714-A17",
    "LOG-762-A04",
    "LOG-762-A07",
    "LOG-762-A08",
    "LOG-762-A09",
    "LOG-762-A10",
    "LOG-762-A14",
    "LOG-762-A17",
    "LOG-762-A18",
    "LOG-762-A19",
    "LOG-762-A23",
    "LOG-762-A26",
    "LOG-774-A05",
    "LOG-774-A12",
    "LOG-774-A19",
    "LOG-774-A26",
    "LOG-774-A33",
    "LOG-901-A05",
    "LOG-961-A02",
    "LOG-964-A02",
    "NET-077-A11",
    "NET-077-A29",
    "NET-1005-A08",
    "NET-1233",
    "NET-1751",
    "NET-1761-A06",
    "NET-474-A11",
    "NET-474-A47",
    "NET-476-A07",
    "NET-476-A76",
    "NET-960-A02",
    "SEC-029-A14",
    "SEC-1657",
    "SEC-2661-A11",
    "SEC-2662-A13",
    "SEC-3217-A05",
    "SEC-3305-A05",
    "SEC-3330",
    "SEC-3954-A05",
    "SEC-3956-A07",
    "SEC-5190-A07",
    "SEC-5843-A05",
    "SEC-5852",
    "SEC-6319-A11",
    "SEC-6920",
    "SEC-7060-A04",
    "SEC-7080-A10"
   ],
   "member_count": 143,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.82,
    "source_meta_cluster": "M73",
    "cluster_size": 28,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "logging_governance_roles",
   "name": "Organisatorische Verankerung und Rollen fuer Logging",
   "description": "Verantwortlichkeiten, Stellvertretung, Schulung und organisatorische Prozesse fuer Protokollierung und Dokumentation werden etabliert.",
   "tier": "BEST_PRACTICE",
   "subdomain": "log_governance",
   "applicability": "universal",
   "evidence_facets": {
    "governance": true,
    "capability": false,
    "evidence": true
   },
   "source_role": "GUIDANCE",
   "legal_basis": [],
   "guidance_basis": [
    {
     "source": "ISO",
     "anchor": "ISO 27001 A.5.2/A.6.3",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M12",
    "M29",
    "M82",
    "M98",
    "M67",
    "M46"
   ],
   "member_controls": [
    "AUTH-1191-A01",
    "AUTH-1191-A02",
    "AUTH-1191-A05",
    "AUTH-1220-A01",
    "AUTH-1292",
    "AUTH-1292-A01",
    "AUTH-1562",
    "AUTH-1563",
    "AUTH-1563-A01",
    "AUTH-1563-A02",
    "AUTH-1563-A03",
    "AUTH-1924-A03",
    "AUTH-1924-A04",
    "AUTH-2757-A05",
    "AUTH-3034-A06",
    "AUTH-3034-A07",
    "AUTH-3563-A07",
    "AUTH-3678-A01",
    "AUTH-3678-A04",
    "AUTH-3678-A05",
    "AUTH-3678-A08",
    "AUTH-3680",
    "AUTH-3680-A01",
    "AUTH-3683-A04",
    "AUTH-3685",
    "AUTH-3685-A01",
    "AUTH-3686",
    "AUTH-3686-A04",
    "AUTH-3710-A04",
    "AUTH-3895-A02",
    "AUTH-3918-A01",
    "AUTH-3918-A04",
    "AUTH-3994",
    "COMP-1011-A04",
    "COMP-1150-A07",
    "COMP-1150-A10",
    "COMP-116-A08",
    "COMP-116-A17",
    "COMP-2054",
    "COMP-2928-A04",
    "COMP-3324-A05",
    "COMP-3326-A08",
    "COMP-3678",
    "COMP-801-A05",
    "COMP-805-A02",
    "COMP-805-A07",
    "CRYP-193-A06",
    "CRYP-376-A08",
    "DATA-1085-A04",
    "DATA-1085-A05",
    "DATA-1085-A08",
    "DATA-1349-A02",
    "DATA-2212",
    "DATA-2212-A01",
    "DATA-2212-A04",
    "DATA-2232-A01",
    "DATA-2266",
    "DATA-2266-A01",
    "DATA-2266-A02",
    "DATA-2535-A04",
    "DATA-3961",
    "DATA-3968-A02",
    "DATA-4345-A03",
    "DATA-4353-A01",
    "DATA-4355",
    "DATA-4355-A01",
    "DATA-4355-A04",
    "DATA-4358-A06",
    "DATA-4364-A03",
    "DATA-4366",
    "DATA-4634-A02",
    "FIN-1018",
    "FIN-1044",
    "GOV-3423-A02",
    "GOV-753-A05",
    "INC-151-A09",
    "INC-461-A01",
    "INC-462",
    "INC-462-A01",
    "INC-462-A02",
    "INC-496",
    "INC-698",
    "INC-698-A03",
    "INC-795-A04",
    "INC-926-A06",
    "LOG-060-A13",
    "LOG-1028",
    "LOG-1028-A01",
    "LOG-1028-A02",
    "LOG-1028-A04",
    "LOG-1029-A03",
    "LOG-1032-A01",
    "LOG-1033-A02",
    "LOG-1039",
    "LOG-1041",
    "LOG-1041-A01",
    "LOG-1046",
    "LOG-1046-A01",
    "LOG-1047-A03",
    "LOG-1054-A07",
    "LOG-1057",
    "LOG-1058-A05",
    "LOG-1063-A01",
    "LOG-1064",
    "LOG-1064-A01",
    "LOG-1074",
    "LOG-1102-A02",
    "LOG-1126-A03",
    "LOG-1126-A04",
    "LOG-1245",
    "LOG-1245-A02",
    "LOG-1245-A05",
    "LOG-1486-A02",
    "LOG-1507-A03",
    "LOG-1529-A02",
    "LOG-1662",
    "LOG-1663",
    "LOG-1695",
    "LOG-1712-A07",
    "LOG-172-A02",
    "LOG-1764-A01",
    "LOG-1784",
    "LOG-1947-A05",
    "LOG-1951-A05",
    "LOG-1953-A07",
    "LOG-1954",
    "LOG-1954-A01",
    "LOG-1955-A03",
    "LOG-2021-A08",
    "LOG-2021-A11",
    "LOG-2039-A03",
    "LOG-2051",
    "LOG-2055-A01",
    "LOG-2064-A01",
    "LOG-622-A01",
    "LOG-631-A04",
    "LOG-667-A01",
    "LOG-762-A04",
    "LOG-762-A09",
    "LOG-762-A10",
    "LOG-762-A14",
    "LOG-762-A19",
    "LOG-762-A23",
    "LOG-906",
    "LOG-910",
    "LOG-938",
    "LOG-940",
    "LOG-943",
    "LOG-943-A03",
    "LOG-948",
    "LOG-955-A04",
    "LOG-962",
    "LOG-962-A01",
    "LOG-973-A03",
    "LOG-975",
    "NET-077-A11",
    "NET-077-A29",
    "NET-1691-A02",
    "NET-1691-A03",
    "NET-1691-A04",
    "NET-1691-A08",
    "NET-1798",
    "NET-958-A02",
    "SEC-003-A07",
    "SEC-003-A08",
    "SEC-003-A15",
    "SEC-1617-A04",
    "SEC-1800-A03",
    "SEC-1813",
    "SEC-3330-A03",
    "SEC-3344-A05",
    "SEC-6712",
    "SEC-6712-A02",
    "SEC-7452-A06",
    "SEC-8033",
    "SEC-8113"
   ],
   "member_count": 176,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.8,
    "source_meta_cluster": "M12",
    "cluster_size": 130,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "incident_response_logging",
   "name": "Protokollierung im Incident-Response-Prozess",
   "description": "Vorfallreaktionen werden mit Root-Cause, Auswirkung, Kommunikation und beteiligten Ressourcen protokolliert und mit Logging-Daten verknuepft.",
   "tier": "BEST_PRACTICE",
   "subdomain": "incident_logging",
   "applicability": "conditional:incident_response",
   "evidence_facets": {
    "governance": true,
    "capability": true,
    "evidence": true
   },
   "source_role": "GUIDANCE",
   "legal_basis": [],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "IR-4/IR-5",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M31",
    "M67",
    "M88",
    "M89"
   ],
   "member_controls": [
    "AUTH-3927-A05",
    "AUTH-3927-A07",
    "AUTH-3927-A08",
    "AUTH-3979",
    "AUTH-947",
    "COMP-3327-A02",
    "INC-246",
    "INC-246-A03",
    "INC-926-A06",
    "LOG-060-A13",
    "LOG-1057",
    "LOG-1507-A03",
    "LOG-1764-A01",
    "LOG-1952",
    "LOG-2039-A03",
    "LOG-2051",
    "LOG-2055-A01",
    "LOG-2064-A01",
    "LOG-723-A07",
    "LOG-723-A22",
    "LOG-902",
    "LOG-938-A04",
    "LOG-955-A04",
    "LOG-962",
    "LOG-962-A01",
    "LOG-973-A03",
    "NET-1691-A02",
    "NET-1691-A03",
    "NET-1691-A04",
    "SEC-1226",
    "SEC-7485-A05"
   ],
   "member_count": 31,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.8,
    "source_meta_cluster": "M31",
    "cluster_size": 11,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "log_transmission_security",
   "name": "Sichere Uebertragung von Logs",
   "description": "Audit-Logs werden bei Uebertragung (z.B. zu zentralen Systemen) integritaetsgesichert und verschluesselt; gegenseitige Authentifizierung zwischen Logging-Systemen.",
   "tier": "BEST_PRACTICE",
   "subdomain": "log_transmission",
   "applicability": "conditional:transmits_logs",
   "evidence_facets": {
    "governance": false,
    "capability": true,
    "evidence": true
   },
   "source_role": "GUIDANCE",
   "legal_basis": [],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "AU-9/SC-8",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M13",
    "M20",
    "M23",
    "M60",
    "M72"
   ],
   "member_controls": [
    "AUTH-1306-A02",
    "AUTH-1306-A06",
    "AUTH-2849-A10",
    "AUTH-2928",
    "AUTH-3025-A07",
    "AUTH-3231-A09",
    "AUTH-506-A06",
    "COMP-3324-A10",
    "COMP-3326-A09",
    "COMP-3327-A05",
    "COMP-3356-A02",
    "COMP-3356-A03",
    "COMP-3362-A04",
    "COMP-3739-A02",
    "COMP-4059-A05",
    "CRYP-1068-A08",
    "CRYP-1451-A01",
    "CRYP-1530-A03",
    "CRYP-2020-A06",
    "CRYP-743-A06",
    "CRYP-805-A07",
    "DATA-1732-A09",
    "DATA-2309-A06",
    "DATA-2388-A10",
    "GOV-1439-A08",
    "GOV-3504-A09",
    "LOG-1053-A01",
    "LOG-1054-A10",
    "LOG-1058-A12",
    "LOG-1069-A01",
    "LOG-1100-A02",
    "LOG-1126-A05",
    "LOG-1126-A06",
    "LOG-1251-A09",
    "LOG-1467",
    "LOG-1511-A13",
    "LOG-1515-A01",
    "LOG-1736",
    "LOG-2026-A04",
    "LOG-2065-A04",
    "LOG-2065-A08",
    "LOG-2067-A02",
    "LOG-2083-A01",
    "LOG-792",
    "LOG-792-A09",
    "LOG-792-A25",
    "LOG-902-A09",
    "LOG-967",
    "LOG-967-A01",
    "NET-1166-A11",
    "NET-1356-A12",
    "NET-1530-A07",
    "NET-1612-A05",
    "NET-384",
    "NET-951",
    "NET-962",
    "SEC-3305-A04",
    "SEC-5909-A09",
    "SEC-6811-A07",
    "SEC-6831-A08",
    "SEC-7013-A05",
    "SEC-7013-A08",
    "SEC-7130",
    "SEC-7154",
    "SEC-8869-A05",
    "SEC-8869-A06",
    "SEC-8869-A07"
   ],
   "member_count": 67,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.8,
    "source_meta_cluster": "M13",
    "cluster_size": 16,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  },
  {
   "id": "network_traffic_logging",
   "name": "Protokollierung von Netzwerk- und Schnittstellenverkehr",
   "description": "Netzwerk- und Schnittstellenereignisse (Egress, Proxy, ZTA, ICS/SCADA, Cloud-Zugriffe) werden protokolliert und inspiziert.",
   "tier": "BEST_PRACTICE",
   "subdomain": "network_logging",
   "applicability": "domain:network",
   "evidence_facets": {
    "governance": false,
    "capability": true,
    "evidence": true
   },
   "source_role": "GUIDANCE",
   "legal_basis": [],
   "guidance_basis": [
    {
     "source": "NIST",
     "anchor": "AU-2/SC-7",
     "role": "best_practice"
    }
   ],
   "member_review_units": [
    "M72",
    "M87",
    "M92",
    "M94",
    "M34",
    "M6"
   ],
   "member_controls": [
    "ACC-652-A03",
    "AUTH-1279-A01",
    "AUTH-1279-A05",
    "AUTH-1562-A01",
    "AUTH-1924-A01",
    "AUTH-2415-A06",
    "AUTH-2415-A12",
    "AUTH-2936-A02",
    "AUTH-2941-A12",
    "AUTH-3918-A02",
    "AUTH-973",
    "COMP-1455",
    "COMP-1789-A14",
    "COMP-2033-A08",
    "COMP-2724-A04",
    "COMP-2775-A06",
    "COMP-2928-A01",
    "COMP-3301-A07",
    "COMP-3658-A01",
    "CRYP-1227-A05",
    "CRYP-1600-A11",
    "CRYP-1600-A12",
    "CRYP-423",
    "CRYP-841-A07",
    "CRYP-845-A07",
    "DATA-1050-A11",
    "DATA-4300",
    "DATA-4670-A09",
    "GOV-1443",
    "GOV-3530-A02",
    "LOG-1044-A03",
    "LOG-1093",
    "LOG-1093-A01",
    "LOG-1100-A02",
    "LOG-1126-A05",
    "LOG-1126-A06",
    "LOG-1475-A02",
    "LOG-1545-A04",
    "LOG-1731-A02",
    "LOG-1733-A04",
    "LOG-1734-A04",
    "LOG-1753",
    "LOG-1761",
    "LOG-1761-A01",
    "LOG-1767",
    "LOG-1767-A01",
    "LOG-1772",
    "LOG-1772-A01",
    "LOG-1776-A01",
    "LOG-1950",
    "LOG-1950-A01",
    "LOG-2067-A02",
    "LOG-699",
    "LOG-710",
    "LOG-720",
    "LOG-859",
    "LOG-900",
    "LOG-974",
    "NET-048-A04",
    "NET-048-A05",
    "NET-048-A14",
    "NET-048-A15",
    "NET-1357-A08",
    "NET-1491-A03",
    "NET-1491-A09",
    "NET-1691",
    "NET-1691-A01",
    "NET-1778",
    "NET-1788-A03",
    "NET-476-A75",
    "NET-476-A82",
    "NET-504",
    "NET-506-A68",
    "NET-525",
    "NET-525-A11",
    "NET-951",
    "NET-962",
    "SEC-2870-A09",
    "SEC-3305-A04",
    "SEC-3904",
    "SEC-3920-A09",
    "SEC-3954",
    "SEC-3954-A03",
    "SEC-4009",
    "SEC-4009-A01",
    "SEC-6153-A09",
    "SEC-7591-A04",
    "SEC-7971-A01",
    "SEC-7971-A02",
    "SEC-8228-A03",
    "SEC-980"
   ],
   "member_count": 91,
   "relationships": [],
   "citation_anchor_ids": [],
   "citation_status": "pending_span_anchor",
   "review_status": "draft",
   "provenance": {
    "discovery_confidence": 0.78,
    "source_meta_cluster": "M72",
    "cluster_size": 7,
    "llm_model": "claude-opus-4-8",
    "synthesis_version": "v1"
   },
   "family": "logging"
  }
 ],
 "relationships": [
  {
   "type": "supports",
   "from": "log_integrity_immutability",
   "to": "event_logging_security_events",
   "note": "Integritaetsschutz sichert Beweiswert der Protokolle"
  },
  {
   "type": "supports",
   "from": "log_access_control_protection",
   "to": "log_integrity_immutability",
   "note": "Zugriffsbeschraenkung schuetzt Logs vor Manipulation"
  },
  {
   "type": "depends_on",
   "from": "log_monitoring_alerting",
   "to": "event_logging_security_events",
   "note": "Monitoring setzt erzeugte Logs voraus"
  },
  {
   "type": "supports",
   "from": "log_timestamp_synchronization",
   "to": "log_integrity_immutability",
   "note": "Korrelierbare Zeitstempel staerken Nachvollziehbarkeit"
  },
  {
   "type": "supports",
   "from": "log_format_standardization",
   "to": "centralized_log_management",
   "note": "Standardformate ermoeglichen zentrale Auswertung"
  },
  {
   "type": "depends_on",
   "from": "centralized_log_management",
   "to": "event_logging_security_events",
   "note": "zentrale Aggregation setzt Logerzeugung voraus"
  },
  {
   "type": "implements",
   "from": "logging_thread_safety_correctness",
   "to": "event_logging_security_events",
   "note": "Implementierungsdetail zuverlaessiger Protokollierung"
  },
  {
   "type": "supports",
   "from": "logging_library_supply_chain",
   "to": "log_integrity_immutability",
   "note": "gehaertete Bibliotheken verhindern Log-Manipulation"
  },
  {
   "type": "supports",
   "from": "log_data_minimization_privacy",
   "to": "event_logging_security_events",
   "note": "Datenschutzfilter formen Loginhalt"
  },
  {
   "type": "produces_evidence_for",
   "from": "incident_response_logging",
   "to": "log_monitoring_alerting",
   "note": "IR-Protokolle dokumentieren Reaktion auf Alerts"
  },
  {
   "type": "supports",
   "from": "log_transmission_security",
   "to": "centralized_log_management",
   "note": "sichere Uebertragung speist zentrale Aggregation"
  },
  {
   "type": "supports",
   "from": "logging_config_management",
   "to": "event_logging_security_events",
   "note": "korrekte Konfiguration ermoeglicht vollstaendige Protokollierung"
  },
  {
   "type": "out_of_scope",
   "review_units": [
    "M8",
    "M59",
    "M58",
    "M71",
    "M56",
    "M5",
    "M81",
    "M63"
   ],
   "note": "M8/M5/M81 KI-/FRT- bzw. domaenenspezifische Trainings-/PIN-/Biometrie-Protokollierung (AI Act/sektorale Regulierung); M58/M59/M71/M56/M63 reine DSGVO-/datenschutzrechtliche bzw. nationale Verwaltungs-Protokollierungspflichten, nicht CRA Annex I (2)(k)"
  }
 ]
}