{ "schema": "payment_controls", "version": "1.0", "description": "Technische Pruefbibliothek fuer Payment-Terminal-Systeme. Eigene Controls, keine Normkopie.", "domains": [ { "id": "PAY", "name": "Payment Flow & Transaction Integrity", "description": "Zahlungsablauf, Zustandslogik, Idempotenz, Betragsvalidierung" }, { "id": "LOG", "name": "Logging & Audit", "description": "Protokollierung, Audit Trail, Datenmaskierung" }, { "id": "CRYPTO", "name": "Secrets & Cryptography", "description": "Schluesselmanagement, Verschluesselung, Secure Storage" }, { "id": "API", "name": "API & Backend Security", "description": "Authentifizierung, Autorisierung, Input Validation" }, { "id": "TERM", "name": "Terminal Communication", "description": "ZVT/OPI Protokolle, Sequenzen, Fehlercodes" }, { "id": "FW", "name": "Firmware & Device Integrity", "description": "Signierung, Update-Schutz, Manipulationserkennung" }, { "id": "REP", "name": "Reporting & Reconciliation", "description": "Transaktionsberichte, Abgleich, Exportdaten" }, { "id": "ACC", "name": "Access Control & Administration", "description": "Rollenkonzept, Privilegien, Session-Management" }, { "id": "ERR", "name": "Error Handling & Resilience", "description": "Fehlerbehandlung, Recovery, Offline-Szenarien" }, { "id": "BLD", "name": "Build, Deployment & Supply Chain", "description": "CI/CD Sicherheit, Abhaengigkeiten, Release-Integritaet" }, { "id": "AUTH", "name": "Authentication & Authorization", "description": "Authentifizierung, Autorisierung, Rollen, Privilegien" }, { "id": "SESSION", "name": "Session Management", "description": "Sitzungsverwaltung, Token, Cookies, Timeout" }, { "id": "KEYMGMT", "name": "Key Management", "description": "Schluessellebenszyklen, Rotation, Provisioning" }, { "id": "DEVICE", "name": "Device Identity & Integrity", "description": "Geraeteidentitaet, Provisioning, Tamper Detection" }, { "id": "TRANS", "name": "Transaction Integrity", "description": "Transaktionslogik, State Machine, Idempotenz" }, { "id": "DATA", "name": "Data Minimization & Protection", "description": "Datenminimierung, Maskierung, Klassifikation" }, { "id": "ERROR", "name": "Error Handling & Resilience", "description": "Fehlerbehandlung, Retry, Fallback, Monitoring" }, { "id": "REPORT", "name": "Reporting & Reconciliation", "description": "Berichte, Abgleich, Export, Audit Trail" }, { "id": "BUILD", "name": "Build Pipeline Security", "description": "CI/CD Sicherheit, Artefakt-Integritaet, Abhaengigkeiten" }, { "id": "DEPLOY", "name": "Deployment Security", "description": "Release-Management, Rollback, Umgebungstrennung" }, { "id": "QUEUE", "name": "Message Queue & Async", "description": "Warteschlangen, Idempotenz, Dead-Letter, Reihenfolge" }, { "id": "TENANT", "name": "Multi-Tenancy Isolation", "description": "Mandantentrennung, Cross-Tenant-Schutz, Cache-Isolation" }, { "id": "TELEMETRY", "name": "Telemetry & Observability", "description": "Metriken, Tracing, Datenmaskierung in Observability" }, { "id": "CONFIG", "name": "Configuration Security", "description": "Defaults, Validierung, Feature Flags, Laufzeitaenderungen" }, { "id": "NETWORK", "name": "Network Security", "description": "Segmentierung, Firewall, TLS, Egress-Kontrolle" }, { "id": "STORAGE", "name": "Data Storage Security", "description": "Persistenz, Backup, Schema-Integritaet, Zugriffskontrolle" }, { "id": "MONITOR", "name": "Monitoring & Alerting", "description": "Alarmierung, Heartbeats, Schwellwerte, Incident Detection" }, { "id": "OPS", "name": "Operations & Runbooks", "description": "Betriebsprozesse, Runbooks, Wartung, Recovery" }, { "id": "ZVTCORE", "name": "ZVT Core Protocol", "description": "ZVT-Rahmenstruktur, Parser, Feldvalidierung, Kodierung" }, { "id": "ZVTFLOW", "name": "ZVT Protocol Flow", "description": "ZVT-Kommandosequenzen, Zustandsuebergaenge, Sitzungslogik" }, { "id": "ZVTERROR", "name": "ZVT Error Handling", "description": "ZVT-Fehlercodes, Fehlerklassifikation, Eskalation" }, { "id": "ZVTTIME", "name": "ZVT Timing & Timeout", "description": "ZVT-Timeouts, Retry, Busy-States, Zeitsteuerung" }, { "id": "OPICORE", "name": "OPI Core Protocol", "description": "OPI-Nachrichtenstruktur, Schema, Validierung, Parser" }, { "id": "OPIFLOW", "name": "OPI Protocol Flow", "description": "OPI-Ablaufsteuerung, Korrelation, Storno, Recovery" }, { "id": "PROTOINT", "name": "Protocol Integration", "description": "Protokollkonverter, Mapping, Serialisierung, Adapter" }, { "id": "TERMSTATE", "name": "Terminal State Management", "description": "Terminalzustaende, Busy, Reconnect, Sicherheitsflags" }, { "id": "TERMREC", "name": "Terminal Receipt & Records", "description": "Belegdaten, Validierung, Zuordnung, Datenschutz" }, { "id": "TERMSYNC", "name": "Terminal Synchronization", "description": "Abgleich, Settlement, Offline-Sync, Konsistenz" }, { "id": "ZVT-CMD", "name": "ZVT Command Flow", "description": "ZVT-Kommandoreihenfolge, Parameter, Antwortverarbeitung" }, { "id": "ZVT-RT", "name": "ZVT Retry & Timeout", "description": "Timeout-Definitionen, Retry-Strategien, Backoff" }, { "id": "ZVT-STATE", "name": "ZVT State Machine", "description": "Zustandsmodell, Uebergaenge, Recovery, Deadlock-Vermeidung" }, { "id": "ZVT-COM", "name": "ZVT Communication Integrity", "description": "Nachrichtenlaenge, Checksummen, Encoding, Fragmentierung" }, { "id": "ZVT-REV", "name": "ZVT Reversal & Cancellation", "description": "Storno, Reversal, Zuordnung, Mehrfachschutz" }, { "id": "ZVT-RESP", "name": "ZVT Response Handling", "description": "Response-Codes, Fehlerinterpretation, Statusupdate" }, { "id": "ZVT-SESSION", "name": "ZVT Session Management", "description": "Session-Lifecycle, Timeout, Wiederaufnahme, Parallelitaet" } ], "controls": [ { "control_id": "PAY-001", "domain": "PAY", "title": "Eindeutige Transaktions-ID pro Zahlungsvorgang", "objective": "Verhindert Vermischung und Mehrfachverarbeitung", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "PAY-002", "domain": "PAY", "title": "Idempotente Verarbeitung wiederholter Zahlungsanfragen", "objective": "Verhindert doppelte Buchungen bei Retries", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "PAY-003", "domain": "PAY", "title": "Verhinderung doppelter Verbuchung bei Netzwerk-Retry", "objective": "Stellt konsistente Zahlungszustaende sicher", "check_target": "system", "evidence": [ "integration_test", "architecture_doc" ], "automation": "partial" }, { "control_id": "PAY-004", "domain": "PAY", "title": "Definierter Initialzustand jeder Transaktion", "objective": "Verhindert undefinierte Startbedingungen", "check_target": "code", "evidence": [ "source_code" ], "automation": "high" }, { "control_id": "PAY-005", "domain": "PAY", "title": "Definierte erlaubte Zustandsuebergaenge in der Transaktionslogik", "objective": "Verhindert ungueltige State Transitions", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "medium" }, { "control_id": "PAY-006", "domain": "PAY", "title": "Keine direkte Transition in terminalen Erfolgszustand ohne Autorisierung", "objective": "Verhindert vorzeitige Freigabe", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "medium" }, { "control_id": "PAY-007", "domain": "PAY", "title": "Abbruchpfade fuehren in definierten Endzustand", "objective": "Sichert sauberes Cancel-Handling", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "PAY-008", "domain": "PAY", "title": "Timeout fuehrt in nachvollziehbaren und sicheren Zustand", "objective": "Verhindert haengende Transaktionen", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "PAY-009", "domain": "PAY", "title": "Rollback oder Reversal-Handling bei Teilfehlschlag", "objective": "Reduziert Inkonsistenzen", "check_target": "system", "evidence": [ "integration_test", "architecture_doc" ], "automation": "partial" }, { "control_id": "PAY-010", "domain": "PAY", "title": "Fehlerhafte Antworten werden nicht als Erfolg interpretiert", "objective": "Verhindert False Positive bei Zahlungsstatus", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "high" }, { "control_id": "PAY-011", "domain": "PAY", "title": "Betragsvalidierung bei jeder Zahlungsanfrage", "objective": "Verhindert Betragmanipulation und negative Werte", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "high" }, { "control_id": "PAY-012", "domain": "PAY", "title": "Waehrungsfeld wird validiert und konsistent verarbeitet", "objective": "Verhindert Fehlverarbeitung bei Mehrwaehrung", "check_target": "code", "evidence": [ "source_code" ], "automation": "high" }, { "control_id": "PAY-013", "domain": "PAY", "title": "Betragsrundung erfolgt deterministisch und dokumentiert", "objective": "Verhindert Abweichungen Frontend/Terminal/Backend", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "medium" }, { "control_id": "PAY-014", "domain": "PAY", "title": "Keine lokale Manipulation des autorisierten Betrags nach Freigabe", "objective": "Schuetzt Integritaet der Zahlung", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "medium" }, { "control_id": "PAY-015", "domain": "PAY", "title": "Transaktionskontext bleibt ueber Retry-Versuche konsistent", "objective": "Verhindert Kontextverlust", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "PAY-016", "domain": "PAY", "title": "Antworten ohne Referenz-ID werden nicht akzeptiert", "objective": "Verhindert verwaiste Zuordnungen", "check_target": "code", "evidence": [ "source_code" ], "automation": "high" }, { "control_id": "PAY-017", "domain": "PAY", "title": "Doppelte Callback-Verarbeitung wird unterdrueckt", "objective": "Verhindert doppelte Statusupdates", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "PAY-018", "domain": "PAY", "title": "Asynchrone Statusmeldungen werden korreliert und sequenziell verarbeitet", "objective": "Sichert korrekte Reihenfolge", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "PAY-019", "domain": "PAY", "title": "Geschaeftsvorfall wird erst nach bestaetigtem Zahlungsstatus finalisiert", "objective": "Verhindert Business Success ohne Payment Success", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "PAY-020", "domain": "PAY", "title": "Offline-Zahlungen werden explizit gekennzeichnet", "objective": "Verhindert Verwechslung mit final autorisierten Zahlungen", "check_target": "code", "evidence": [ "source_code", "reporting_output" ], "automation": "medium" }, { "control_id": "LOG-001", "domain": "LOG", "title": "Keine sensitiven Zahlungsdaten im Anwendungslog", "objective": "Verhindert Offenlegung sensitiver Daten", "check_target": "code", "evidence": [ "source_code", "log_config" ], "automation": "high" }, { "control_id": "LOG-002", "domain": "LOG", "title": "PAN wird in Logs maskiert", "objective": "Reduziert Risiko bei Log-Einsicht", "check_target": "code", "evidence": [ "source_code", "log_output_sample" ], "automation": "high" }, { "control_id": "LOG-003", "domain": "LOG", "title": "CVV/CVC wird niemals geloggt", "objective": "Verhindert Protokollierung sensitiver Authentifizierungsdaten", "check_target": "code", "evidence": [ "source_code" ], "automation": "high" }, { "control_id": "LOG-004", "domain": "LOG", "title": "Kryptographische Schluessel werden nicht geloggt", "objective": "Verhindert Kompromittierung durch Logging", "check_target": "code", "evidence": [ "source_code", "log_output_sample" ], "automation": "high" }, { "control_id": "LOG-005", "domain": "LOG", "title": "Admin-Aktionen werden auditierbar protokolliert", "objective": "Ermoeglicht Nachvollziehbarkeit privilegierter Handlungen", "check_target": "system", "evidence": [ "source_code", "audit_log_sample" ], "automation": "partial" }, { "control_id": "LOG-006", "domain": "LOG", "title": "Konfigurationsaenderungen werden protokolliert", "objective": "Ermoeglicht Nachweis kritischer Aenderungen", "check_target": "system", "evidence": [ "source_code", "audit_log_sample" ], "automation": "partial" }, { "control_id": "LOG-007", "domain": "LOG", "title": "Fehlgeschlagene Authentifizierungsversuche werden geloggt", "objective": "Unterstuetzt Erkennung von Missbrauch", "check_target": "code", "evidence": [ "source_code", "audit_log_sample" ], "automation": "high" }, { "control_id": "LOG-008", "domain": "LOG", "title": "Sicherheitsrelevante Ereignisse erhalten eindeutige Event-Typen", "objective": "Erleichtert Korrelation und Monitoring", "check_target": "code", "evidence": [ "source_code", "log_schema" ], "automation": "medium" }, { "control_id": "LOG-009", "domain": "LOG", "title": "Audit-Events enthalten konsistenten Zeitstempel", "objective": "Ermoeglicht zeitliche Rekonstruktion", "check_target": "system", "evidence": [ "audit_log_sample", "config" ], "automation": "partial" }, { "control_id": "LOG-010", "domain": "LOG", "title": "Audit-Events enthalten eindeutige Terminalkennung", "objective": "Ermoeglicht Zuordnung zur Quelle", "check_target": "code", "evidence": [ "log_schema", "audit_log_sample" ], "automation": "medium" }, { "control_id": "LOG-011", "domain": "LOG", "title": "Debug-Logging in Produktion deaktiviert", "objective": "Verhindert Leaks in produktiven Systemen", "check_target": "config", "evidence": [ "deployment_config" ], "automation": "high" }, { "control_id": "LOG-012", "domain": "LOG", "title": "Manipulation von Audit-Logs technisch erschwert", "objective": "Schuetzt Integritaet des Audit Trails", "check_target": "system", "evidence": [ "architecture_doc", "storage_config" ], "automation": "low" }, { "control_id": "LOG-013", "domain": "LOG", "title": "Fehlermeldungen enthalten keine Stacktraces mit sensitiven Payloads", "objective": "Verhindert indirekten Datenabfluss", "check_target": "code", "evidence": [ "source_code", "log_output_sample" ], "automation": "medium" }, { "control_id": "LOG-014", "domain": "LOG", "title": "Jede Zahlungsentscheidung erzeugt Audit-Eintrag", "objective": "Verbindet Business Outcome mit technischer Evidenz", "check_target": "system", "evidence": [ "audit_log_sample", "integration_test" ], "automation": "partial" }, { "control_id": "LOG-015", "domain": "LOG", "title": "Log-Retention konfiguriert und dokumentiert", "objective": "Sichert Verfuegbarkeit relevanter Ereignishistorie", "check_target": "config", "evidence": [ "retention_policy", "deployment_config" ], "automation": "medium" }, { "control_id": "CRYPTO-001", "domain": "CRYPTO", "title": "Keine Secrets im Quellcode", "objective": "Verhindert Offenlegung im Repository", "check_target": "code", "evidence": [ "source_code", "secret_scan" ], "automation": "high" }, { "control_id": "CRYPTO-002", "domain": "CRYPTO", "title": "Keine Secrets in Commit-Historie", "objective": "Reduziert Leak-Risiko ueber Entwicklungsartefakte", "check_target": "repository", "evidence": [ "secret_scan", "build_scripts" ], "automation": "high" }, { "control_id": "CRYPTO-003", "domain": "CRYPTO", "title": "Keine Schluessel im Klartext in Konfigurationsdateien", "objective": "Schuetzt ruhende Geheimnisse", "check_target": "config", "evidence": [ "config", "secret_scan" ], "automation": "high" }, { "control_id": "CRYPTO-004", "domain": "CRYPTO", "title": "Secrets aus sicherem Secret Store bezogen", "objective": "Verhindert lokale Persistenz", "check_target": "system", "evidence": [ "architecture_doc", "deployment_config" ], "automation": "partial" }, { "control_id": "CRYPTO-005", "domain": "CRYPTO", "title": "Zugriff auf Secrets rollen-/servicebezogen eingeschraenkt", "objective": "Begrenzt Blast Radius", "check_target": "system", "evidence": [ "iam_config", "architecture_doc" ], "automation": "partial" }, { "control_id": "CRYPTO-006", "domain": "CRYPTO", "title": "Zentrale und freigegebene Krypto-Bibliotheken verwendet", "objective": "Verhindert unsichere Eigenimplementierungen", "check_target": "code", "evidence": [ "source_code", "dependency_list" ], "automation": "medium" }, { "control_id": "CRYPTO-007", "domain": "CRYPTO", "title": "Keine veralteten kryptographischen Primitive (MD5, SHA1, DES)", "objective": "Verhindert Einsatz schwacher Verfahren", "check_target": "code", "evidence": [ "source_code", "dependency_scan" ], "automation": "medium" }, { "control_id": "CRYPTO-008", "domain": "CRYPTO", "title": "TLS 1.2+ fuer alle externen Verbindungen", "objective": "Schuetzt Daten bei Uebertragung", "check_target": "config", "evidence": [ "config", "network_scan" ], "automation": "high" }, { "control_id": "CRYPTO-009", "domain": "CRYPTO", "title": "Schluesselrotation implementiert und dokumentiert", "objective": "Reduziert Kompromittierungszeitraum", "check_target": "process", "evidence": [ "key_mgmt_doc", "config" ], "automation": "low" }, { "control_id": "CRYPTO-010", "domain": "CRYPTO", "title": "HSM oder Secure Enclave fuer kryptographische Operationen", "objective": "Hardwarebasierter Schluesselschutz", "check_target": "system", "evidence": [ "architecture_doc" ], "automation": "low" }, { "control_id": "CRYPTO-011", "domain": "CRYPTO", "title": "Zertifikats-Pinning fuer kritische Verbindungen", "objective": "Schuetzt gegen MITM", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "medium" }, { "control_id": "CRYPTO-012", "domain": "CRYPTO", "title": "Kryptographische Zufallszahlen aus sicherem Generator", "objective": "Verhindert vorhersagbare Tokens/Nonces", "check_target": "code", "evidence": [ "source_code" ], "automation": "high" }, { "control_id": "CRYPTO-013", "domain": "CRYPTO", "title": "PIN-Eingabe nur ueber Secure PIN Entry Device", "objective": "Schuetzt PIN vor Abgriff", "check_target": "system", "evidence": [ "architecture_doc", "certification" ], "automation": "low" }, { "control_id": "CRYPTO-014", "domain": "CRYPTO", "title": "Kartendaten werden verschluesselt uebertragen (P2PE)", "objective": "End-to-End Schutz der Kartendaten", "check_target": "system", "evidence": [ "architecture_doc", "network_config" ], "automation": "partial" }, { "control_id": "CRYPTO-015", "domain": "CRYPTO", "title": "Keine persistente Speicherung vollstaendiger Kartendaten", "objective": "Minimiert Daten bei Kompromittierung", "check_target": "code", "evidence": [ "source_code", "db_schema" ], "automation": "high" }, { "control_id": "API-001", "domain": "API", "title": "Authentifizierung fuer alle Admin-Endpunkte", "objective": "Verhindert unautorisierten Zugriff", "check_target": "code", "evidence": [ "source_code", "api_spec" ], "automation": "high" }, { "control_id": "API-002", "domain": "API", "title": "Rollenbasierte Autorisierung", "objective": "Least-Privilege Prinzip", "check_target": "code", "evidence": [ "source_code", "rbac_config" ], "automation": "medium" }, { "control_id": "API-003", "domain": "API", "title": "Rate Limiting implementiert", "objective": "Schuetzt gegen Brute Force und DoS", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "medium" }, { "control_id": "API-004", "domain": "API", "title": "Keine sensiblen Daten in Fehlermeldungen", "objective": "Verhindert Information Leakage", "check_target": "code", "evidence": [ "source_code", "api_test" ], "automation": "high" }, { "control_id": "API-005", "domain": "API", "title": "Input Validation gegen Injection", "objective": "Schuetzt gegen SQL/Command Injection", "check_target": "code", "evidence": [ "source_code", "security_test" ], "automation": "high" }, { "control_id": "API-006", "domain": "API", "title": "CORS korrekt konfiguriert", "objective": "Verhindert Cross-Origin Angriffe", "check_target": "config", "evidence": [ "config", "security_test" ], "automation": "high" }, { "control_id": "API-007", "domain": "API", "title": "Session-Timeout fuer Admin-Sessions", "objective": "Reduziert Risiko bei verlassenen Sessions", "check_target": "config", "evidence": [ "config", "source_code" ], "automation": "medium" }, { "control_id": "API-008", "domain": "API", "title": "API-Versionierung implementiert", "objective": "Ermoeglicht kontrollierte Aenderungen", "check_target": "code", "evidence": [ "api_spec", "source_code" ], "automation": "medium" }, { "control_id": "API-009", "domain": "API", "title": "Webhook-Callbacks werden authentifiziert", "objective": "Verhindert gefaelschte Callbacks", "check_target": "code", "evidence": [ "source_code" ], "automation": "medium" }, { "control_id": "API-010", "domain": "API", "title": "Idempotenz-Keys fuer kritische POST-Operationen", "objective": "Verhindert doppelte Ausfuehrung", "check_target": "code", "evidence": [ "source_code", "api_spec" ], "automation": "medium" }, { "control_id": "API-011", "domain": "API", "title": "Request-Signierung fuer sicherheitskritische Operationen", "objective": "Integritaetsschutz der Anfrage", "check_target": "code", "evidence": [ "source_code", "api_spec" ], "automation": "medium" }, { "control_id": "API-012", "domain": "API", "title": "Keine sensiblen Daten in URL-Parametern", "objective": "Verhindert Leakage ueber Logs und Browser-History", "check_target": "code", "evidence": [ "source_code" ], "automation": "high" }, { "control_id": "API-013", "domain": "API", "title": "Content-Type Validierung bei allen Endpunkten", "objective": "Verhindert Content-Type Confusion", "check_target": "code", "evidence": [ "source_code" ], "automation": "high" }, { "control_id": "API-014", "domain": "API", "title": "Health- und Status-Endpunkte exponieren keine sensitiven Details", "objective": "Verhindert Reconnaissance", "check_target": "code", "evidence": [ "source_code", "api_test" ], "automation": "high" }, { "control_id": "API-015", "domain": "API", "title": "Batch-Operationen sind groessenbeschraenkt", "objective": "Verhindert Ressourcenerschoepfung", "check_target": "code", "evidence": [ "source_code" ], "automation": "medium" }, { "control_id": "TERM-001", "domain": "TERM", "title": "Korrekte Sequenz von Zahlungsbefehlen", "objective": "Protokollkonformitaet", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "TERM-002", "domain": "TERM", "title": "Retry-Mechanismus bei Verbindungsabbruch", "objective": "Sichert Transaktionsabschluss", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "TERM-003", "domain": "TERM", "title": "Timeout Handling Terminal-Backend", "objective": "Verhindert Blockierung", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "medium" }, { "control_id": "TERM-004", "domain": "TERM", "title": "Fehlercodes korrekt interpretiert", "objective": "Verhindert Fehlinterpretation", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "medium" }, { "control_id": "TERM-005", "domain": "TERM", "title": "Status-Synchronisation zwischen Terminal und Backend", "objective": "Konsistente Zustaende", "check_target": "system", "evidence": [ "integration_test", "architecture_doc" ], "automation": "partial" }, { "control_id": "TERM-006", "domain": "TERM", "title": "Verbindungsaufbau zum Terminal authentifiziert", "objective": "Verhindert Rogue-Terminal", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "medium" }, { "control_id": "TERM-007", "domain": "TERM", "title": "Terminal-Registrierung mit eindeutiger Kennung", "objective": "Ermoeglicht Asset-Tracking", "check_target": "system", "evidence": [ "db_schema", "admin_ui" ], "automation": "partial" }, { "control_id": "TERM-008", "domain": "TERM", "title": "Heartbeat / Keep-Alive fuer Terminal-Verbindung", "objective": "Erkennt Verbindungsabbruch frueh", "check_target": "code", "evidence": [ "source_code" ], "automation": "medium" }, { "control_id": "TERM-009", "domain": "TERM", "title": "Protokollversion wird geprueft und erzwungen", "objective": "Verhindert Downgrade-Angriffe", "check_target": "code", "evidence": [ "source_code" ], "automation": "medium" }, { "control_id": "TERM-010", "domain": "TERM", "title": "Kontaktlos-Transaktionen nur ueber zugelassene Kernel", "objective": "Sichert NFC-Konformitaet", "check_target": "system", "evidence": [ "certification", "config" ], "automation": "low" }, { "control_id": "TERM-011", "domain": "TERM", "title": "Terminal meldet Tamper-Events an Backend", "objective": "Zentrales Monitoring von Manipulationsversuchen", "check_target": "system", "evidence": [ "integration_test", "architecture_doc" ], "automation": "partial" }, { "control_id": "TERM-012", "domain": "TERM", "title": "Offline-Queue bei Verbindungsunterbrechung", "objective": "Sichert Transaktionsdaten bei Netzausfall", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "TERM-013", "domain": "TERM", "title": "Maximale Queue-Groesse definiert", "objective": "Verhindert unkontrollierten Speicherverbrauch", "check_target": "config", "evidence": [ "config", "source_code" ], "automation": "medium" }, { "control_id": "TERM-014", "domain": "TERM", "title": "End-of-Day / Settlement-Prozess implementiert", "objective": "Sichert taeglichen Transaktionsabschluss", "check_target": "system", "evidence": [ "source_code", "integration_test" ], "automation": "partial" }, { "control_id": "TERM-015", "domain": "TERM", "title": "Terminal-Display zeigt korrekten Zahlungsstatus", "objective": "Verhindert Fehlkommunikation an Nutzer", "check_target": "system", "evidence": [ "integration_test" ], "automation": "low" }, { "control_id": "FW-001", "domain": "FW", "title": "Firmware signiert", "objective": "Verhindert Installation manipulierter Firmware", "check_target": "system", "evidence": [ "build_pipeline", "signing_config" ], "automation": "low" }, { "control_id": "FW-002", "domain": "FW", "title": "Signaturpruefung vor Firmware-Update", "objective": "Blockiert unsignierte Updates", "check_target": "code", "evidence": [ "source_code", "update_process" ], "automation": "medium" }, { "control_id": "FW-003", "domain": "FW", "title": "Rollback-Mechanismus vorhanden", "objective": "Ermoeglicht Recovery nach fehlerhaftem Update", "check_target": "system", "evidence": [ "architecture_doc", "test_report" ], "automation": "low" }, { "control_id": "FW-004", "domain": "FW", "title": "Debug-Interfaces in Produktion deaktiviert", "objective": "Verhindert unautorisierten Zugriff", "check_target": "config", "evidence": [ "deployment_config", "security_test" ], "automation": "medium" }, { "control_id": "FW-005", "domain": "FW", "title": "Manipulationserkennung loest Alarm/Sperre aus", "objective": "Reaktion auf physische Angriffe", "check_target": "system", "evidence": [ "architecture_doc", "test_report" ], "automation": "low" }, { "control_id": "FW-006", "domain": "FW", "title": "Secure Boot implementiert", "objective": "Verhindert Ausfuehrung manipulierter Boot-Images", "check_target": "system", "evidence": [ "architecture_doc" ], "automation": "low" }, { "control_id": "FW-007", "domain": "FW", "title": "Firmware-Version ist remote abfragbar", "objective": "Ermoeglicht Fleet-Management und Compliance-Nachweis", "check_target": "system", "evidence": [ "api_spec", "admin_ui" ], "automation": "partial" }, { "control_id": "FW-008", "domain": "FW", "title": "Automatische Update-Benachrichtigung bei kritischen Patches", "objective": "Sichert zeitnahe Reaktion auf Schwachstellen", "check_target": "system", "evidence": [ "architecture_doc" ], "automation": "partial" }, { "control_id": "FW-009", "domain": "FW", "title": "Keine Persistenz von Zahlungsdaten ueber Neustart hinaus", "objective": "Schuetzt Daten bei physischem Zugriff", "check_target": "code", "evidence": [ "source_code", "architecture_doc" ], "automation": "medium" }, { "control_id": "FW-010", "domain": "FW", "title": "Physischer Speicher wird bei Tamper-Detection geloescht", "objective": "Zerstoert Schluessel bei Manipulation", "check_target": "system", "evidence": [ "architecture_doc", "certification" ], "automation": "low" }, { "control_id": "REP-001", "domain": "REP", "title": "Transaktionsstatus vollstaendig dokumentiert", "objective": "Ermoeglicht Nachvollziehbarkeit jeder Zahlung", "check_target": "system", "evidence": [ "reporting_output", "db_schema" ], "automation": "medium" }, { "control_id": "REP-002", "domain": "REP", "title": "Audit-Trail verknuepft mit Transaktionen", "objective": "Sichert End-to-End Traceability", "check_target": "system", "evidence": [ "reporting_output", "audit_log_sample" ], "automation": "medium" }, { "control_id": "REP-003", "domain": "REP", "title": "Exportdaten plausibel und vollstaendig", "objective": "Sichert korrekte Weitergabe", "check_target": "system", "evidence": [ "export_sample", "integration_test" ], "automation": "partial" }, { "control_id": "REP-004", "domain": "REP", "title": "Fehlercodes nachvollziehbar dokumentiert", "objective": "Ermoeglicht Fehleranalyse", "check_target": "code", "evidence": [ "source_code", "documentation" ], "automation": "medium" }, { "control_id": "REP-005", "domain": "REP", "title": "Revisionssichere Speicherung von Transaktionsdaten", "objective": "GoBD/GDPdU-konforme Aufbewahrung", "check_target": "system", "evidence": [ "architecture_doc", "storage_config" ], "automation": "low" }, { "control_id": "REP-006", "domain": "REP", "title": "Tagesabschluss-Report vollstaendig und konsistent", "objective": "Sichert taeglichen Abgleich", "check_target": "system", "evidence": [ "reporting_output", "integration_test" ], "automation": "partial" }, { "control_id": "REP-007", "domain": "REP", "title": "Summenabgleich Terminal vs. Backend", "objective": "Erkennt Differenzen", "check_target": "system", "evidence": [ "reconciliation_report", "integration_test" ], "automation": "partial" }, { "control_id": "REP-008", "domain": "REP", "title": "Stornierte Transaktionen korrekt ausgewiesen", "objective": "Sichert korrekte Buchhaltungsgrundlage", "check_target": "system", "evidence": [ "reporting_output" ], "automation": "medium" }, { "control_id": "REP-009", "domain": "REP", "title": "Historische Reports nicht nachtraeglich aenderbar", "objective": "Schuetzt Integritaet der Berichterstattung", "check_target": "system", "evidence": [ "architecture_doc", "db_config" ], "automation": "low" }, { "control_id": "REP-010", "domain": "REP", "title": "Abrechnungsdaten enthalten keine vollstaendigen Kartennummern", "objective": "Minimiert Datenexposition in Reports", "check_target": "code", "evidence": [ "source_code", "export_sample" ], "automation": "high" }, { "control_id": "ACC-001", "domain": "ACC", "title": "Individuelle Benutzerkonten fuer alle Administratoren", "objective": "Verhindert geteilte Accounts", "check_target": "system", "evidence": [ "admin_ui", "iam_config" ], "automation": "partial" }, { "control_id": "ACC-002", "domain": "ACC", "title": "Standard-Passwoerter werden bei Ersteinrichtung erzwungen zu aendern", "objective": "Verhindert Default-Credential-Angriffe", "check_target": "code", "evidence": [ "source_code", "deployment_doc" ], "automation": "medium" }, { "control_id": "ACC-003", "domain": "ACC", "title": "Multi-Faktor-Authentifizierung fuer Admin-Zugang", "objective": "Erhoehter Schutz privilegierter Konten", "check_target": "system", "evidence": [ "iam_config", "admin_ui" ], "automation": "partial" }, { "control_id": "ACC-004", "domain": "ACC", "title": "Passwort-Komplexitaetsanforderungen implementiert", "objective": "Verhindert schwache Passwoerter", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "high" }, { "control_id": "ACC-005", "domain": "ACC", "title": "Account-Sperrung nach fehlgeschlagenen Anmeldeversuchen", "objective": "Schuetzt gegen Brute Force", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "high" }, { "control_id": "ACC-006", "domain": "ACC", "title": "Privilegierte Aktionen erfordern erneute Authentifizierung", "objective": "Step-Up Authentication", "check_target": "code", "evidence": [ "source_code" ], "automation": "medium" }, { "control_id": "ACC-007", "domain": "ACC", "title": "Inaktive Sessions werden automatisch beendet", "objective": "Reduziert Angriffsflaeche bei verlassenen Sessions", "check_target": "config", "evidence": [ "config", "source_code" ], "automation": "high" }, { "control_id": "ACC-008", "domain": "ACC", "title": "Berechtigungsaenderungen werden auditiert", "objective": "Nachvollziehbarkeit von Rechteaenderungen", "check_target": "system", "evidence": [ "audit_log_sample", "source_code" ], "automation": "partial" }, { "control_id": "ACC-009", "domain": "ACC", "title": "Least-Privilege Prinzip fuer alle Rollen", "objective": "Minimiert Rechte auf das Notwendige", "check_target": "system", "evidence": [ "rbac_config", "architecture_doc" ], "automation": "partial" }, { "control_id": "ACC-010", "domain": "ACC", "title": "Service-Accounts haben keine interaktive Login-Moeglichkeit", "objective": "Verhindert Missbrauch technischer Konten", "check_target": "config", "evidence": [ "iam_config" ], "automation": "medium" }, { "control_id": "ERR-001", "domain": "ERR", "title": "Definierte Fehlerbehandlung fuer alle externen Aufrufe", "objective": "Verhindert unkontrollierte Abbrueche", "check_target": "code", "evidence": [ "source_code" ], "automation": "medium" }, { "control_id": "ERR-002", "domain": "ERR", "title": "Graceful Degradation bei Teilausfall", "objective": "Sichert Basisfunktionalitaet", "check_target": "system", "evidence": [ "architecture_doc", "integration_test" ], "automation": "partial" }, { "control_id": "ERR-003", "domain": "ERR", "title": "Recovery nach Stromausfall ohne Datenverlust", "objective": "Transaktionskonsistenz bei Hardwareausfall", "check_target": "system", "evidence": [ "integration_test", "architecture_doc" ], "automation": "low" }, { "control_id": "ERR-004", "domain": "ERR", "title": "Offline-Modus mit definiertem Funktionsumfang", "objective": "Klare Grenzen bei fehlender Konnektivitaet", "check_target": "code", "evidence": [ "source_code", "documentation" ], "automation": "medium" }, { "control_id": "ERR-005", "domain": "ERR", "title": "Automatische Wiederverbindung nach Netzwerkunterbrechung", "objective": "Minimiert manuelle Intervention", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "ERR-006", "domain": "ERR", "title": "Circuit Breaker bei Backend-Ueberlast", "objective": "Verhindert Kaskadenausfall", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "medium" }, { "control_id": "ERR-007", "domain": "ERR", "title": "Fehlerhafte Datenpakete werden verworfen, nicht verarbeitet", "objective": "Verhindert Fehlverarbeitung korrupter Daten", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "high" }, { "control_id": "ERR-008", "domain": "ERR", "title": "Health-Check-Endpunkt fuer Terminal-Monitoring", "objective": "Ermoeglicht proaktive Fehlererkennung", "check_target": "code", "evidence": [ "source_code", "api_spec" ], "automation": "high" }, { "control_id": "ERR-009", "domain": "ERR", "title": "Eskalationsprozess bei kritischen Fehlern definiert", "objective": "Sichert schnelle Reaktion bei Systemausfall", "check_target": "process", "evidence": [ "documentation", "runbook" ], "automation": "low" }, { "control_id": "ERR-010", "domain": "ERR", "title": "Wartungsmodus ohne Transaktionsverlust aktivierbar", "objective": "Ermoeglicht geplante Wartung ohne Datenverlust", "check_target": "system", "evidence": [ "admin_ui", "integration_test" ], "automation": "partial" }, { "control_id": "BLD-001", "domain": "BLD", "title": "Build-Pipeline reproduzierbar", "objective": "Sichert Nachvollziehbarkeit der Artefakte", "check_target": "system", "evidence": [ "ci_config", "build_log" ], "automation": "medium" }, { "control_id": "BLD-002", "domain": "BLD", "title": "Abhaengigkeiten werden auf bekannte Schwachstellen geprueft", "objective": "Verhindert vulnerable Dependencies", "check_target": "system", "evidence": [ "dependency_scan", "ci_config" ], "automation": "high" }, { "control_id": "BLD-003", "domain": "BLD", "title": "Release-Artefakte sind signiert", "objective": "Integritaetsschutz der Auslieferung", "check_target": "system", "evidence": [ "signing_config", "release_process" ], "automation": "medium" }, { "control_id": "BLD-004", "domain": "BLD", "title": "Keine Test-Credentials in Release-Konfiguration", "objective": "Verhindert Produktions-Leaks", "check_target": "config", "evidence": [ "deployment_config", "secret_scan" ], "automation": "high" }, { "control_id": "BLD-005", "domain": "BLD", "title": "Container-Images werden auf Schwachstellen gescannt", "objective": "Sichert Basis-Image Integritaet", "check_target": "system", "evidence": [ "container_scan", "ci_config" ], "automation": "high" }, { "control_id": "BLD-006", "domain": "BLD", "title": "SBOM (Software Bill of Materials) wird generiert", "objective": "Transparenz ueber verwendete Komponenten", "check_target": "system", "evidence": [ "sbom_output", "ci_config" ], "automation": "medium" }, { "control_id": "BLD-007", "domain": "BLD", "title": "Deployment nur ueber autorisierte Pipeline", "objective": "Verhindert manuelle, unkontrollierte Deployments", "check_target": "system", "evidence": [ "ci_config", "access_control" ], "automation": "medium" }, { "control_id": "BLD-008", "domain": "BLD", "title": "Rollback-Prozedur fuer Deployments definiert und getestet", "objective": "Ermoeglicht schnelle Recovery", "check_target": "process", "evidence": [ "runbook", "deployment_doc" ], "automation": "low" }, { "control_id": "BLD-009", "domain": "BLD", "title": "Code-Review vor Merge in Release-Branch", "objective": "Vier-Augen-Prinzip", "check_target": "process", "evidence": [ "git_config", "pr_policy" ], "automation": "medium" }, { "control_id": "BLD-010", "domain": "BLD", "title": "Automatisierte Tests vor jedem Release", "objective": "Sichert Qualitaet vor Auslieferung", "check_target": "system", "evidence": [ "ci_config", "test_results" ], "automation": "high" }, { "control_id": "CRYPTO-016", "domain": "CRYPTO", "title": "Unsichere Betriebsmodi wie ECB werden nicht verwendet", "objective": "Verhindert Musterlecks und schwache Verschluesselung", "check_target": "code", "evidence": [ "source_code", "crypto_config" ], "automation": "medium" }, { "control_id": "CRYPTO-017", "domain": "CRYPTO", "title": "Feste IVs oder Nonces werden nicht wiederverwendet", "objective": "Verhindert kryptographische Schwaechung", "check_target": "code", "evidence": [ "source_code", "unit_tests" ], "automation": "medium" }, { "control_id": "CRYPTO-018", "domain": "CRYPTO", "title": "Klartextvergleich geheimer Werte ohne Timing-sichere Funktion", "objective": "Verhindert Timing-Angriffe", "check_target": "code", "evidence": [ "source_code" ], "automation": "low" }, { "control_id": "CRYPTO-019", "domain": "CRYPTO", "title": "Schluessel im Speicher nur so lange wie erforderlich", "objective": "Reduziert Exposition im Prozessspeicher", "check_target": "code", "evidence": [ "source_code", "code_review" ], "automation": "low" }, { "control_id": "CRYPTO-020", "domain": "CRYPTO", "title": "Kryptographische Fehler fuehren nicht zu stillen Fallbacks", "objective": "Verhindert unbemerkte Deaktivierung von Sicherheit", "check_target": "code", "evidence": [ "source_code", "unit_tests" ], "automation": "medium" }, { "control_id": "AUTH-001", "domain": "AUTH", "title": "Admin-Schnittstellen erfordern starke Authentifizierung", "objective": "Verhindert unbefugten Zugriff", "check_target": "code", "evidence": [ "source_code", "route_config" ], "automation": "high" }, { "control_id": "AUTH-002", "domain": "AUTH", "title": "Standardpasswoerter in Produktivpfaden ausgeschlossen", "objective": "Verhindert triviale Kompromittierung", "check_target": "code", "evidence": [ "source_code", "secret_scan" ], "automation": "high" }, { "control_id": "AUTH-003", "domain": "AUTH", "title": "Fehlgeschlagene Anmeldeversuche begrenzt oder verzoegert", "objective": "Erschwert Brute-Force", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "AUTH-004", "domain": "AUTH", "title": "Rollen explizit modelliert, nicht aus UI abgeleitet", "objective": "Verhindert Autorisierungsfehler", "check_target": "code", "evidence": [ "source_code", "policy_definitions" ], "automation": "medium" }, { "control_id": "AUTH-005", "domain": "AUTH", "title": "Privilegierte Aktionen erfordern serverseitige Pruefung", "objective": "Verhindert Umgehung clientseitiger Schutz", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "AUTH-006", "domain": "AUTH", "title": "Autorisierung zentral implementiert", "objective": "Reduziert Inkonsistenzen", "check_target": "code", "evidence": [ "source_code", "architecture_doc" ], "automation": "medium" }, { "control_id": "AUTH-007", "domain": "AUTH", "title": "Service-zu-Service Auth ohne eingebettete Credentials", "objective": "Verhindert Missbrauch statischer Geheimnisse", "check_target": "code", "evidence": [ "source_code", "secret_scan" ], "automation": "high" }, { "control_id": "AUTH-008", "domain": "AUTH", "title": "Deaktivierte Nutzer/Geraete koennen nicht mehr authentifizieren", "objective": "Wirksame Entzug von Zugriffsrechten", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "AUTH-009", "domain": "AUTH", "title": "MFA fuer besonders privilegierte Zugaenge", "objective": "Erhoehter Schutz Hochrisiko-Funktionen", "check_target": "code", "evidence": [ "source_code", "auth_config" ], "automation": "medium" }, { "control_id": "AUTH-010", "domain": "AUTH", "title": "Token auf Ablauf und Integritaet geprueft", "objective": "Verhindert manipuliertes Auth-Material", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "AUTH-011", "domain": "AUTH", "title": "Autorisierung basiert auf Serverzustand, nicht Client-Rollen", "objective": "Verhindert Privilege Escalation", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "AUTH-012", "domain": "AUTH", "title": "Admin-Funktionen logisch von Transaktionsfunktionen getrennt", "objective": "Reduziert Angriffsflaeche", "check_target": "architecture", "evidence": [ "source_code", "route_maps" ], "automation": "medium" }, { "control_id": "AUTH-013", "domain": "AUTH", "title": "Authentifizierungsereignisse werden protokolliert", "objective": "Nachvollziehbarkeit", "check_target": "code", "evidence": [ "source_code", "audit_log_sample" ], "automation": "medium" }, { "control_id": "AUTH-014", "domain": "AUTH", "title": "Passwort-Reset umgeht keine Autorisierungsschranken", "objective": "Verhindert Missbrauch Recovery-Flows", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "AUTH-015", "domain": "AUTH", "title": "Maschinen- und Personenidentitaeten getrennt verwaltet", "objective": "Verhindert Vermischung", "check_target": "config", "evidence": [ "iam_config", "architecture_doc" ], "automation": "low" }, { "control_id": "AUTH-016", "domain": "AUTH", "title": "Cross-Tenant-Zugriffe geschuetzt", "objective": "Verhindert Zugriff auf fremde Mandanten", "check_target": "code", "evidence": [ "source_code", "tenant_tests" ], "automation": "medium" }, { "control_id": "AUTH-017", "domain": "AUTH", "title": "Berechtigungsfehler liefern generische Meldungen", "objective": "Reduziert Informationsleckage", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "AUTH-018", "domain": "AUTH", "title": "Autorisierungsregeln durch Tests abgedeckt", "objective": "Beweisbarkeit der Zugriffskontrollen", "check_target": "test", "evidence": [ "unit_test", "integration_test" ], "automation": "medium" }, { "control_id": "AUTH-019", "domain": "AUTH", "title": "Fallback-Modi umgehen keine Authentifizierung", "objective": "Verhindert Sicherheitsverlust in Ausnahmezustaenden", "check_target": "code", "evidence": [ "source_code", "error_mode_tests" ], "automation": "low" }, { "control_id": "AUTH-020", "domain": "AUTH", "title": "Temporaere Berechtigungen verfallen automatisch", "objective": "Reduziert dauerhafte Ueberprivilegierung", "check_target": "code", "evidence": [ "source_code", "policy_definitions" ], "automation": "low" }, { "control_id": "SESSION-001", "domain": "SESSION", "title": "Sitzungstoken werden nicht im Klartext geloggt", "objective": "Verhindert Missbrauch gestohlener Sitzungen", "check_target": "code", "evidence": [ "source_code", "log_output" ], "automation": "high" }, { "control_id": "SESSION-002", "domain": "SESSION", "title": "Sitzungs-IDs ausreichend zufaellig", "objective": "Verhindert Session Guessing", "check_target": "code", "evidence": [ "source_code", "auth_config" ], "automation": "medium" }, { "control_id": "SESSION-003", "domain": "SESSION", "title": "Sessions verfallen nach Inaktivitaet", "objective": "Begrenzt Missbrauch", "check_target": "config", "evidence": [ "session_config", "source_code" ], "automation": "medium" }, { "control_id": "SESSION-004", "domain": "SESSION", "title": "Sessions nach Rollenwechsel rotiert", "objective": "Verhindert Session Fixation", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "SESSION-005", "domain": "SESSION", "title": "Logout invalidiert serverseitig alle Token", "objective": "Verhindert weitere Nutzung nach Logout", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "SESSION-006", "domain": "SESSION", "title": "Cookies mit Secure und HttpOnly Attributen", "objective": "Reduziert Diebstahl ueber unsichere Kanaele", "check_target": "config", "evidence": [ "http_config", "integration_test" ], "automation": "high" }, { "control_id": "SESSION-007", "domain": "SESSION", "title": "SameSite-Richtlinien explizit gesetzt", "objective": "Reduziert CSRF-Angriffe", "check_target": "config", "evidence": [ "http_config", "integration_test" ], "automation": "high" }, { "control_id": "SESSION-008", "domain": "SESSION", "title": "Token-Pruefung validiert Audience, Issuer, Gueltigkeit", "objective": "Verhindert Akzeptanz fremder Token", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "SESSION-009", "domain": "SESSION", "title": "Geraete-Sessions eindeutig einer Instanz zugeordnet", "objective": "Verhindert Sitzungsuebernahme", "check_target": "code", "evidence": [ "source_code", "device_registry" ], "automation": "medium" }, { "control_id": "SESSION-010", "domain": "SESSION", "title": "Sitzungsspeicher trennt Mandanten zuverlaessig", "objective": "Verhindert Cross-Tenant Missbrauch", "check_target": "architecture", "evidence": [ "session_config", "architecture_doc" ], "automation": "low" }, { "control_id": "KEYMGMT-001", "domain": "KEYMGMT", "title": "Schluessel ausserhalb des Quellcodes erzeugt und verwaltet", "objective": "Verhindert Offenlegung durch Codezugriff", "check_target": "code", "evidence": [ "source_code", "secret_scan" ], "automation": "high" }, { "control_id": "KEYMGMT-002", "domain": "KEYMGMT", "title": "Produktions- und Testschluessel strikt getrennt", "objective": "Verhindert unsichere Testkonfigurationen in Produktion", "check_target": "config", "evidence": [ "config", "deployment_config" ], "automation": "medium" }, { "control_id": "KEYMGMT-003", "domain": "KEYMGMT", "title": "Schluesselrotation technisch vorgesehen", "objective": "Begrenzt Auswirkungen kompromittierter Schluessel", "check_target": "system", "evidence": [ "key_rotation_jobs", "source_code" ], "automation": "low" }, { "control_id": "KEYMGMT-004", "domain": "KEYMGMT", "title": "Abgelaufene Schluessel werden nicht mehr akzeptiert", "objective": "Verhindert Nutzung veralteten Materials", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "KEYMGMT-005", "domain": "KEYMGMT", "title": "Schluesselzugriffe rollenbasiert und protokolliert", "objective": "Nachvollziehbarkeit", "check_target": "system", "evidence": [ "iam_config", "audit_log_sample" ], "automation": "low" }, { "control_id": "KEYMGMT-006", "domain": "KEYMGMT", "title": "Schluessel nicht zwischen Komponenten unnoetig repliziert", "objective": "Reduziert Verbreitung", "check_target": "architecture", "evidence": [ "architecture_doc", "source_code" ], "automation": "low" }, { "control_id": "KEYMGMT-007", "domain": "KEYMGMT", "title": "Kompromittierte Schluessel koennen deaktiviert werden", "objective": "Wirksame Reaktion auf Vorfaelle", "check_target": "system", "evidence": [ "key_registry", "incident_runbook" ], "automation": "low" }, { "control_id": "KEYMGMT-008", "domain": "KEYMGMT", "title": "Terminal-Geraete nutzen eindeutiges Schluesselmaterial", "objective": "Verhindert laterale Ausbreitung", "check_target": "architecture", "evidence": [ "provisioning_docs", "device_inventory" ], "automation": "low" }, { "control_id": "KEYMGMT-009", "domain": "KEYMGMT", "title": "Schluessel nicht in Client-/Frontend-Artefakte eingebettet", "objective": "Verhindert Extraktion", "check_target": "build", "evidence": [ "artifact_scan", "secret_scan" ], "automation": "high" }, { "control_id": "KEYMGMT-010", "domain": "KEYMGMT", "title": "Schluessellebenszyklen versioniert und dokumentiert", "objective": "Belastbare Pruef- und Rotationsnachweise", "check_target": "process", "evidence": [ "key_registry", "audit_log_sample" ], "automation": "low" }, { "control_id": "DEVICE-001", "domain": "DEVICE", "title": "Geraeteidentitaeten eindeutig und nicht wiederverwendbar", "objective": "Klare Zuordnung", "check_target": "system", "evidence": [ "device_registry", "provisioning_logic" ], "automation": "medium" }, { "control_id": "DEVICE-002", "domain": "DEVICE", "title": "Unregistrierte Geraete koennen keine Verbindung aufbauen", "objective": "Verhindert unautorisierte Hardware", "check_target": "code", "evidence": [ "source_code", "device_registry" ], "automation": "medium" }, { "control_id": "DEVICE-003", "domain": "DEVICE", "title": "Provisioning prueft Identitaet und Sicherheitszustand", "objective": "Verhindert Aufnahme kompromittierter Geraete", "check_target": "system", "evidence": [ "provisioning_workflows", "source_code" ], "automation": "low" }, { "control_id": "DEVICE-004", "domain": "DEVICE", "title": "Geraetekonfigurationen versioniert und geschuetzt", "objective": "Integritaet betrieblicher Einstellungen", "check_target": "system", "evidence": [ "config_registry", "audit_log_sample" ], "automation": "low" }, { "control_id": "DEVICE-005", "domain": "DEVICE", "title": "Geraete-IDs serverseitig validiert", "objective": "Verhindert Spoofing", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "DEVICE-006", "domain": "DEVICE", "title": "Tamper-Events systemseitig ausgewertet", "objective": "Reaktion auf physische Eingriffe", "check_target": "system", "evidence": [ "event_handlers", "monitoring_rules" ], "automation": "low" }, { "control_id": "DEVICE-007", "domain": "DEVICE", "title": "Geraetewechsel fuehrt zu Neuvalidierung", "objective": "Verhindert Uebernahme alter Vertrauensstellungen", "check_target": "process", "evidence": [ "provisioning_docs", "device_registry" ], "automation": "low" }, { "control_id": "DEVICE-008", "domain": "DEVICE", "title": "Geraete melden Zustandsaenderungen an Backend", "objective": "Zentrale Sichtbarkeit", "check_target": "system", "evidence": [ "source_code", "message_schema" ], "automation": "medium" }, { "control_id": "DEVICE-009", "domain": "DEVICE", "title": "Nicht vertrauenswuerdiger Zustand blockiert Kommunikation", "objective": "Verhindert Betrieb kompromittierter Geraete", "check_target": "code", "evidence": [ "source_code", "tamper_tests" ], "automation": "low" }, { "control_id": "DEVICE-010", "domain": "DEVICE", "title": "Zustandsuebergaenge explizit modelliert und getestet", "objective": "Verhindert inkonsistente Betriebszustaende", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "DEVICE-011", "domain": "DEVICE", "title": "Fehlzustaende fuehren zu definierten Safe States", "objective": "Verhindert unsicheren Weiterbetrieb", "check_target": "code", "evidence": [ "source_code", "error_mode_tests" ], "automation": "medium" }, { "control_id": "DEVICE-012", "domain": "DEVICE", "title": "Diagnose-/Wartungsmodi getrennt und zugriffsbeschraenkt", "objective": "Reduziert Missbrauch", "check_target": "code", "evidence": [ "source_code", "auth_config" ], "automation": "low" }, { "control_id": "DEVICE-013", "domain": "DEVICE", "title": "Sicherheitsflags nicht unautorisiert ruecksetzbar", "objective": "Verhindert Umgehung kritischer Schutzmechanismen", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "low" }, { "control_id": "DEVICE-014", "domain": "DEVICE", "title": "Geraete-Registrierung und -Deregistrierung auditierbar", "objective": "Nachvollziehbarkeit Geraetebestand", "check_target": "system", "evidence": [ "audit_log_sample", "device_registry" ], "automation": "low" }, { "control_id": "DEVICE-015", "domain": "DEVICE", "title": "Offlinemodus funktional und sicherheitlich klar begrenzt", "objective": "Verhindert unkontrollierte Zustaende", "check_target": "code", "evidence": [ "source_code", "offline_tests" ], "automation": "low" }, { "control_id": "TRANS-001", "domain": "TRANS", "title": "Transaktionsstatus als explizite Zustandsmaschine modelliert", "objective": "Verhindert ungueltige Statusuebergaenge", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "TRANS-002", "domain": "TRANS", "title": "Nur definierte Statusuebergaenge technisch zulaessig", "objective": "Verhindert inkonsistente Verlaeufe", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "TRANS-003", "domain": "TRANS", "title": "Abgebrochene Transaktionen konsistent zurueckgerollt", "objective": "Verhindert schwebende Zustaende", "check_target": "system", "evidence": [ "integration_test", "error_mode_tests" ], "automation": "medium" }, { "control_id": "TRANS-004", "domain": "TRANS", "title": "Asynchrone Rueckmeldungen korrekt zugeordnet", "objective": "Verhindert Vermischung paralleler Ablaeufe", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "TRANS-005", "domain": "TRANS", "title": "Doppelte Nachrichten erkannt und sicher behandelt", "objective": "Verhindert Mehrfachverarbeitung", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "TRANS-006", "domain": "TRANS", "title": "Unvollstaendige Transaktionen periodisch erkannt", "objective": "Kontrollierte Bereinigung", "check_target": "system", "evidence": [ "scheduler_jobs", "source_code" ], "automation": "low" }, { "control_id": "TRANS-007", "domain": "TRANS", "title": "Fehlende Antworten erzeugen keinen stillen Erfolg", "objective": "Verhindert irreführende Erfolgsmeldungen", "check_target": "code", "evidence": [ "source_code", "timeout_tests" ], "automation": "high" }, { "control_id": "TRANS-008", "domain": "TRANS", "title": "Stornierungen an berechtigte Rollen gebunden", "objective": "Verhindert unautorisierte Manipulation", "check_target": "code", "evidence": [ "source_code", "authorization_tests" ], "automation": "medium" }, { "control_id": "TRANS-009", "domain": "TRANS", "title": "Race Conditions durch Sperrmechanismen reduziert", "objective": "Verhindert konkurrierende Verarbeitung", "check_target": "code", "evidence": [ "source_code", "concurrency_tests" ], "automation": "low" }, { "control_id": "TRANS-010", "domain": "TRANS", "title": "Betragsrelevante Felder gegen Rundungsfehler abgesichert", "objective": "Verhindert finanzielle Abweichungen", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "medium" }, { "control_id": "DATA-001", "domain": "DATA", "title": "Sensitive Daten nur bei fachlicher Erforderlichkeit verarbeitet", "objective": "Reduziert unnoetige Exposition", "check_target": "architecture", "evidence": [ "data_flow_docs", "source_code" ], "automation": "low" }, { "control_id": "DATA-002", "domain": "DATA", "title": "Felder mit erhoehtem Schutzbedarf im Code identifizierbar", "objective": "Erleichtert gezielte Schutzmassnahmen", "check_target": "code", "evidence": [ "source_code", "data_catalog" ], "automation": "medium" }, { "control_id": "DATA-003", "domain": "DATA", "title": "Persistierte Daten auf notwendige Felder minimiert", "objective": "Verhindert unnoetige Speicherung", "check_target": "database", "evidence": [ "db_schema", "source_code" ], "automation": "medium" }, { "control_id": "DATA-004", "domain": "DATA", "title": "Testdaten enthalten keine produktiven Zahlungsdaten", "objective": "Verhindert Offenlegung in Testumgebungen", "check_target": "process", "evidence": [ "test_fixtures", "secret_scan" ], "automation": "medium" }, { "control_id": "DATA-005", "domain": "DATA", "title": "Sensitive Daten in Telemetrie/Tracing nicht offengelegt", "objective": "Verhindert Abfluss ueber Observability", "check_target": "code", "evidence": [ "source_code", "telemetry_config" ], "automation": "medium" }, { "control_id": "DATA-006", "domain": "DATA", "title": "Export-/Reporting-Pfade geben Daten nur maskiert aus", "objective": "Verhindert Abfluss ueber Nebenausgaben", "check_target": "code", "evidence": [ "source_code", "report_samples" ], "automation": "medium" }, { "control_id": "DATA-007", "domain": "DATA", "title": "Datentypen fuer zahlungsrelevante Felder begrenzt", "objective": "Verhindert fehlerhafte Eingaben", "check_target": "code", "evidence": [ "source_code", "db_schema" ], "automation": "high" }, { "control_id": "DATA-008", "domain": "DATA", "title": "Datei-Uploads vor Verarbeitung validiert", "objective": "Verhindert Einschleusen manipulierten Inhalts", "check_target": "code", "evidence": [ "source_code", "validation_tests" ], "automation": "high" }, { "control_id": "ERROR-001", "domain": "ERR", "title": "Sicherheitsrelevante Fehler nicht stillschweigend unterdrueckt", "objective": "Verhindert verdeckte Sicherheitsverluste", "check_target": "code", "evidence": [ "source_code", "error_paths" ], "automation": "medium" }, { "control_id": "ERROR-002", "domain": "ERR", "title": "Retry unterscheidet transiente von fachlichen Fehlern", "objective": "Verhindert falsche Wiederholungen", "check_target": "code", "evidence": [ "source_code", "retry_logic" ], "automation": "medium" }, { "control_id": "ERROR-003", "domain": "ERR", "title": "Fehlercodes konsistent gemappt und dokumentiert", "objective": "Verbessert Diagnose und Audit", "check_target": "system", "evidence": [ "error_mapping", "source_code" ], "automation": "medium" }, { "control_id": "ERROR-004", "domain": "ERR", "title": "Fehlerbehandlung durch Negativtests abgedeckt", "objective": "Beweisbarkeit robuster Fehlerpfade", "check_target": "test", "evidence": [ "negative_tests", "coverage_reports" ], "automation": "medium" }, { "control_id": "ERROR-005", "domain": "ERR", "title": "Dead-letter-Queues fuer asynchrone Fehlerfaelle", "objective": "Verhindert Verlust problematischer Nachrichten", "check_target": "system", "evidence": [ "queue_config", "ops_docs" ], "automation": "low" }, { "control_id": "REPORT-001", "domain": "REP", "title": "Ablehnungen und Fehler nachvollziehbar im Reporting", "objective": "Verhindert beschoenigte Sicht", "check_target": "system", "evidence": [ "report_samples", "error_mapping" ], "automation": "medium" }, { "control_id": "REPORT-002", "domain": "REP", "title": "Reportgenerierung veraendert keine Ursprungsdaten", "objective": "Schuetzt primaeren Datenbestand", "check_target": "code", "evidence": [ "source_code", "db_permissions" ], "automation": "low" }, { "control_id": "REPORT-003", "domain": "REP", "title": "Reports offenbaren nur rollenerforderliche Daten", "objective": "Reduziert Datenabfluss", "check_target": "code", "evidence": [ "authorization_tests", "report_samples" ], "automation": "medium" }, { "control_id": "REPORT-004", "domain": "REP", "title": "Reconciliation-Reports determininstisch reproduzierbar", "objective": "Belastbare Nachweise bei Abweichungen", "check_target": "process", "evidence": [ "reporting_docs", "integration_test" ], "automation": "low" }, { "control_id": "REPORT-005", "domain": "REP", "title": "Berichte beruecksichtigen Zeitzonen konsistent", "objective": "Verhindert Abstimmungsfehler", "check_target": "code", "evidence": [ "source_code", "report_samples" ], "automation": "medium" }, { "control_id": "BUILD-001", "domain": "BUILD", "title": "Build-Pipelines versioniert und nachvollziehbar", "objective": "Auditierbarkeit des Entstehungsprozesses", "check_target": "build", "evidence": [ "pipeline_config", "version_control" ], "automation": "medium" }, { "control_id": "BUILD-002", "domain": "BUILD", "title": "Build-Artefakte reproduzierbar erzeugt", "objective": "Reduziert Risiko unerkannter Unterschiede", "check_target": "build", "evidence": [ "build_pipeline", "artifact_hashes" ], "automation": "low" }, { "control_id": "BUILD-003", "domain": "BUILD", "title": "Abhaengigkeiten auf bekannte Schwachstellen geprueft", "objective": "Reduziert verwundbare Komponenten", "check_target": "dependency", "evidence": [ "dependency_scan", "sbom" ], "automation": "high" }, { "control_id": "BUILD-004", "domain": "BUILD", "title": "Keine nicht freigegebenen externen Quellen eingebunden", "objective": "Reduziert Supply-Chain-Risiken", "check_target": "build", "evidence": [ "pipeline_config", "dependency_policy" ], "automation": "medium" }, { "control_id": "BUILD-005", "domain": "BUILD", "title": "Kein Klartextzugriff auf produktive Geheimnisse in CI/CD", "objective": "Verhindert Offenlegung im Build-Prozess", "check_target": "build", "evidence": [ "pipeline_config", "secret_scan" ], "automation": "high" }, { "control_id": "BUILD-006", "domain": "BUILD", "title": "Build-Trigger fuer Produktionsartefakte autorisiert", "objective": "Verhindert unautorisierte Releases", "check_target": "build", "evidence": [ "pipeline_permissions", "iam_config" ], "automation": "medium" }, { "control_id": "BUILD-007", "domain": "BUILD", "title": "Signierte Artefakte eindeutig gekennzeichnet", "objective": "Erleichtert Zuordnung gepruefter Artefakte", "check_target": "build", "evidence": [ "artifact_metadata", "release_docs" ], "automation": "medium" }, { "control_id": "BUILD-008", "domain": "BUILD", "title": "Sicherheitstests zwingend im Release-Build", "objective": "Erhoet Wahrscheinlichkeit dass Pruefungen nicht umgangen werden", "check_target": "build", "evidence": [ "pipeline_config", "quality_gates" ], "automation": "high" }, { "control_id": "BUILD-009", "domain": "BUILD", "title": "Artefakte auf Konfigurationsfehler geprueft vor Veroeffentlichung", "objective": "Verhindert Auslieferung unsicherer Defaults", "check_target": "build", "evidence": [ "artifact_scan", "config_scan" ], "automation": "high" }, { "control_id": "BUILD-010", "domain": "BUILD", "title": "Sicherheitskritische Build-Schritte getrennt und nachvollziehbar", "objective": "Erhoeht Transparenz bei sensitiven Artefakten", "check_target": "build", "evidence": [ "pipeline_config", "release_docs" ], "automation": "low" }, { "control_id": "DEPLOY-001", "domain": "DEPLOY", "title": "Deployment-Konfigurationen versioniert", "objective": "Auditierbarkeit produktiver Aenderungen", "check_target": "config", "evidence": [ "deployment_manifests", "version_control" ], "automation": "medium" }, { "control_id": "DEPLOY-002", "domain": "DEPLOY", "title": "Produktionsdeployments erfordern Freigaben", "objective": "Verhindert unautorisierte Aenderungen", "check_target": "process", "evidence": [ "pipeline_permissions", "release_workflows" ], "automation": "low" }, { "control_id": "DEPLOY-003", "domain": "DEPLOY", "title": "Produktive und nichtproduktive Ziele strikt getrennt", "objective": "Verhindert Umgebungsvermischung", "check_target": "config", "evidence": [ "deployment_manifests", "environment_config" ], "automation": "medium" }, { "control_id": "DEPLOY-004", "domain": "DEPLOY", "title": "Secrets beim Deployment sicher injiziert", "objective": "Verhindert Offenlegung in Images/Paketen", "check_target": "config", "evidence": [ "deployment_manifests", "secret_store_config" ], "automation": "high" }, { "control_id": "DEPLOY-005", "domain": "DEPLOY", "title": "Rollback-Verfahren definiert und getestet", "objective": "Kontrollierte Wiederherstellung", "check_target": "process", "evidence": [ "release_docs", "ops_runbooks" ], "automation": "low" }, { "control_id": "DEPLOY-006", "domain": "DEPLOY", "title": "Konfigurationsaenderungen auditierbar", "objective": "Nachvollziehbarkeit von Schutzwirkungsaenderungen", "check_target": "system", "evidence": [ "audit_log_sample", "config_registry" ], "automation": "medium" }, { "control_id": "DEPLOY-007", "domain": "DEPLOY", "title": "Kompatibilitaet mit abhaengigen Schnittstellen validiert", "objective": "Verhindert Betriebsstoerungen", "check_target": "system", "evidence": [ "integration_test", "contract_tests" ], "automation": "medium" }, { "control_id": "DEPLOY-008", "domain": "DEPLOY", "title": "Zahlungsparameter vor Aktivierung plausibilisiert", "objective": "Verhindert fehlerhafte produktive Einstellungen", "check_target": "config", "evidence": [ "config_validation", "deployment_checks" ], "automation": "medium" }, { "control_id": "DEPLOY-009", "domain": "DEPLOY", "title": "Post-Deployment Smoke-Checks", "objective": "Erkennt Fehlzustaende nach Inbetriebnahme", "check_target": "system", "evidence": [ "smoke_tests", "pipeline_config" ], "automation": "medium" }, { "control_id": "DEPLOY-010", "domain": "DEPLOY", "title": "Canary/gestufte Rollouts fuer risikoreiche Aenderungen", "objective": "Reduziert grossflaechige Auswirkungen", "check_target": "process", "evidence": [ "deployment_strategy", "ops_docs" ], "automation": "low" }, { "control_id": "QUEUE-001", "domain": "QUEUE", "title": "Nachrichten in Warteschlangen eindeutig identifizierbar", "objective": "Nachverfolgung und Duplikaterkennung", "check_target": "code", "evidence": [ "source_code", "message_schema" ], "automation": "medium" }, { "control_id": "QUEUE-002", "domain": "QUEUE", "title": "Nachrichtenverarbeitung idempotent", "objective": "Verhindert Mehrfachverarbeitung", "check_target": "code", "evidence": [ "source_code", "queue_tests" ], "automation": "medium" }, { "control_id": "QUEUE-003", "domain": "QUEUE", "title": "Fehlerhafte Nachrichten kontrolliert isoliert (Dead Letter)", "objective": "Verhindert Stau durch Poison Messages", "check_target": "system", "evidence": [ "queue_config", "dead_letter_config" ], "automation": "medium" }, { "control_id": "QUEUE-004", "domain": "QUEUE", "title": "Nachrichten enthalten keine unnoetig sensitiven Daten", "objective": "Reduziert Exposition in async Pfaden", "check_target": "code", "evidence": [ "message_schema", "source_code" ], "automation": "medium" }, { "control_id": "QUEUE-005", "domain": "QUEUE", "title": "Nachrichtenreihenfolge fuer kritische Ablaeufe beruecksichtigt", "objective": "Verhindert inkonsistente Zustaende", "check_target": "architecture", "evidence": [ "design_docs", "source_code" ], "automation": "low" }, { "control_id": "QUEUE-006", "domain": "QUEUE", "title": "Veraltete Nachrichten nicht unkontrolliert verarbeitet", "objective": "Verhindert spaete Ausfuehrung ueberholter Aktionen", "check_target": "code", "evidence": [ "message_schema", "source_code" ], "automation": "medium" }, { "control_id": "QUEUE-007", "domain": "QUEUE", "title": "Consumer validieren Schema und Pflichtfelder", "objective": "Verhindert Verarbeitung manipulierten Inhalts", "check_target": "code", "evidence": [ "source_code", "schema_tests" ], "automation": "high" }, { "control_id": "QUEUE-008", "domain": "QUEUE", "title": "Mandantenbezug in async Pfaden erhalten", "objective": "Verhindert Cross-Tenant-Verarbeitung", "check_target": "code", "evidence": [ "message_schema", "tenant_tests" ], "automation": "medium" }, { "control_id": "QUEUE-009", "domain": "QUEUE", "title": "Queue-Berechtigungen auf notwendige Rollen beschraenkt", "objective": "Reduziert Missbrauch", "check_target": "config", "evidence": [ "iam_config", "queue_config" ], "automation": "low" }, { "control_id": "QUEUE-010", "domain": "QUEUE", "title": "Retry unterscheidet technische von fachlichen Fehlern", "objective": "Verhindert Wiederholung irreversibler Vorgaenge", "check_target": "code", "evidence": [ "source_code", "retry_logic" ], "automation": "medium" }, { "control_id": "TENANT-001", "domain": "TENANT", "title": "Mandantenkontext serverseitig gesetzt und validiert", "objective": "Verhindert Client-seitige Manipulation", "check_target": "code", "evidence": [ "source_code", "tenant_tests" ], "automation": "high" }, { "control_id": "TENANT-002", "domain": "TENANT", "title": "Datenabfragen mandantenbeschraenkt und gefiltert", "objective": "Verhindert Cross-Tenant-Datenzugriff", "check_target": "code", "evidence": [ "source_code", "tenant_tests" ], "automation": "medium" }, { "control_id": "TENANT-003", "domain": "TENANT", "title": "Mandantenuebergreifende Verwaltung besonders geschuetzt", "objective": "Reduziert Risiko privilegierter Fehlzugriffe", "check_target": "code", "evidence": [ "source_code", "authorization_tests" ], "automation": "medium" }, { "control_id": "TENANT-004", "domain": "TENANT", "title": "Mandantenkontext in Logs und Queues konsistent", "objective": "Belastbare Zuordnung", "check_target": "system", "evidence": [ "log_samples", "queue_samples" ], "automation": "medium" }, { "control_id": "TENANT-005", "domain": "TENANT", "title": "Mandanten-Konfigurationen gegenseitig geschuetzt", "objective": "Verhindert Ueberschreibungen", "check_target": "code", "evidence": [ "source_code", "tenant_tests" ], "automation": "medium" }, { "control_id": "TENANT-006", "domain": "TENANT", "title": "Caching beruecksichtigt Mandantenkontext", "objective": "Verhindert Datenlecks durch geteilte Caches", "check_target": "code", "evidence": [ "source_code", "cache_config" ], "automation": "medium" }, { "control_id": "TENANT-007", "domain": "TENANT", "title": "Mandantenbezogene Schluessel logisch getrennt", "objective": "Reduziert laterale Auswirkungen", "check_target": "architecture", "evidence": [ "key_registry", "architecture_doc" ], "automation": "low" }, { "control_id": "TENANT-008", "domain": "TENANT", "title": "Datenexporte erzwingen Mandantenisolation", "objective": "Verhindert Cross-Tenant-Exporte", "check_target": "code", "evidence": [ "source_code", "tenant_tests" ], "automation": "medium" }, { "control_id": "TENANT-009", "domain": "TENANT", "title": "Loeschvorgaenge ohne Seiteneffekte auf andere Mandanten", "objective": "Verhindert Fremdbeeintraechtigung", "check_target": "code", "evidence": [ "source_code", "tenant_tests" ], "automation": "low" }, { "control_id": "TENANT-010", "domain": "TENANT", "title": "Isolationstests automatisiert abgedeckt", "objective": "Beweisbarkeit korrekter Trennung", "check_target": "test", "evidence": [ "tenant_tests", "coverage_reports" ], "automation": "medium" }, { "control_id": "TELEMETRY-001", "domain": "TELEMETRY", "title": "Telemetriedaten ohne sensitive Zahlungsdaten", "objective": "Verhindert Abfluss ueber Monitoring", "check_target": "code", "evidence": [ "source_code", "telemetry_samples" ], "automation": "medium" }, { "control_id": "TELEMETRY-002", "domain": "TELEMETRY", "title": "Tracing maskiert identifizierende Felder", "objective": "Beobachtbarkeit ohne Offenlegung", "check_target": "code", "evidence": [ "trace_config", "trace_samples" ], "automation": "medium" }, { "control_id": "TELEMETRY-003", "domain": "TELEMETRY", "title": "Metriken ohne hochkartesische sensitive Labels", "objective": "Verhindert indirekte Offenlegung", "check_target": "code", "evidence": [ "source_code", "metrics_config" ], "automation": "medium" }, { "control_id": "TELEMETRY-004", "domain": "TELEMETRY", "title": "Telemetrie-Endpunkte abgesichert", "objective": "Reduziert Angriffsflaeche", "check_target": "config", "evidence": [ "gateway_config", "auth_config" ], "automation": "medium" }, { "control_id": "TELEMETRY-005", "domain": "TELEMETRY", "title": "Debug-Telemetrie in Produktion begrenzt", "objective": "Verhindert exzessive Datenerhebung", "check_target": "config", "evidence": [ "telemetry_config", "ops_docs" ], "automation": "medium" }, { "control_id": "TELEMETRY-006", "domain": "TELEMETRY", "title": "Fehlertelemetrie nach Prioritaet klassifiziert", "objective": "Zielgerichtete Reaktion", "check_target": "code", "evidence": [ "source_code", "alert_rules" ], "automation": "low" }, { "control_id": "TELEMETRY-007", "domain": "TELEMETRY", "title": "Export externer Telemetrie explizit freigegeben", "objective": "Verhindert unbeabsichtigten Abfluss", "check_target": "process", "evidence": [ "ops_docs", "telemetry_config" ], "automation": "low" }, { "control_id": "TELEMETRY-008", "domain": "TELEMETRY", "title": "Telemetrie-Pipelines gegen Manipulation geschuetzt", "objective": "Vertrauenswuerdigkeit operativer Signale", "check_target": "system", "evidence": [ "iam_config", "pipeline_config" ], "automation": "low" }, { "control_id": "TELEMETRY-009", "domain": "TELEMETRY", "title": "Telemetrie-Ausfall beeintraechtigt Zahlungsbetrieb nicht", "objective": "Verhindert uebermaessige Kopplung", "check_target": "architecture", "evidence": [ "design_docs", "chaos_tests" ], "automation": "low" }, { "control_id": "TELEMETRY-010", "domain": "TELEMETRY", "title": "Kontextanreicherung nur soweit erforderlich", "objective": "Reduziert unnoetige Anreicherung sensitiver Systeme", "check_target": "architecture", "evidence": [ "telemetry_schema", "data_flow_docs" ], "automation": "low" }, { "control_id": "CONFIG-001", "domain": "CONFIG", "title": "Sichere Standardwerte fuer sicherheitsrelevante Konfigurationen", "objective": "Reduziert unsichere Default-Betriebsmodi", "check_target": "config", "evidence": [ "config", "source_code" ], "automation": "medium" }, { "control_id": "CONFIG-002", "domain": "CONFIG", "title": "Konfigurationswerte auf Typ und Plausibilitaet geprueft", "objective": "Verhindert Fehlverhalten durch ungueltige Einstellungen", "check_target": "code", "evidence": [ "source_code", "config_validation" ], "automation": "high" }, { "control_id": "CONFIG-003", "domain": "CONFIG", "title": "Unbekannte Konfigurationsschluessel nicht stillschweigend ignoriert", "objective": "Verhindert Fehlannahmen", "check_target": "code", "evidence": [ "source_code", "config_validation" ], "automation": "medium" }, { "control_id": "CONFIG-004", "domain": "CONFIG", "title": "Keine Test-/Demoendpunkte in Produktionskonfiguration", "objective": "Verhindert versehentliche Kommunikation", "check_target": "config", "evidence": [ "config", "deployment_manifests" ], "automation": "high" }, { "control_id": "CONFIG-005", "domain": "CONFIG", "title": "Dynamische Aenderungen autorisiert und auditierbar", "objective": "Kontrolle ueber Laufzeitaenderungen", "check_target": "system", "evidence": [ "audit_log_sample", "config_registry" ], "automation": "medium" }, { "control_id": "CONFIG-006", "domain": "CONFIG", "title": "Sicherheitsconfig nicht ueber APIs ueberschreibbar", "objective": "Verhindert Manipulation ueber Verwaltungspfade", "check_target": "code", "evidence": [ "source_code", "authorization_tests" ], "automation": "medium" }, { "control_id": "CONFIG-007", "domain": "CONFIG", "title": "Feature-Flags fuer Sicherheit restriktiv verwaltet", "objective": "Verhindert unbeabsichtigte Deaktivierung", "check_target": "process", "evidence": [ "feature_flag_config", "ops_docs" ], "automation": "low" }, { "control_id": "CONFIG-008", "domain": "CONFIG", "title": "Konfigurationsquellen und Prioritaeten eindeutig", "objective": "Verhindert unerwartete Ueberschreibungen", "check_target": "architecture", "evidence": [ "design_docs", "config_docs" ], "automation": "low" }, { "control_id": "CONFIG-009", "domain": "CONFIG", "title": "Schwellwerte und Timeouts explizit konfiguriert", "objective": "Nachvollziehbare Parametrisierung", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "medium" }, { "control_id": "CONFIG-010", "domain": "CONFIG", "title": "Zahlungslogik-Config vor Aktivierung fachlich validiert", "objective": "Verhindert betriebsgefaehrdende Einstellungen", "check_target": "system", "evidence": [ "validation_rules", "ops_docs" ], "automation": "low" }, { "control_id": "NETWORK-001", "domain": "NETWORK", "title": "Netzwerkverbindungen auf notwendige Ziele begrenzt", "objective": "Reduziert Angriffsflaeche", "check_target": "network", "evidence": [ "network_policies", "firewall_rules" ], "automation": "medium" }, { "control_id": "NETWORK-002", "domain": "NETWORK", "title": "Ausgehende Verbindungen auf erlaubte Protokolle beschraenkt", "objective": "Verhindert Datenabfluss", "check_target": "network", "evidence": [ "firewall_rules", "egress_policies" ], "automation": "medium" }, { "control_id": "NETWORK-003", "domain": "NETWORK", "title": "Verwaltungsdienste nicht ungeschuetzt aus Produktivnetzen erreichbar", "objective": "Reduziert seitliche Bewegungen", "check_target": "network", "evidence": [ "network_policies", "gateway_config" ], "automation": "low" }, { "control_id": "NETWORK-004", "domain": "NETWORK", "title": "Kein stiller Fallback auf unverschluesselte Pfade", "objective": "Verhindert Schutzverlust", "check_target": "code", "evidence": [ "source_code", "network_config" ], "automation": "medium" }, { "control_id": "NETWORK-005", "domain": "NETWORK", "title": "Timeouts fuer kritische Kommunikationspfade definiert", "objective": "Verhindert unklare Zustaende", "check_target": "config", "evidence": [ "network_config", "source_code" ], "automation": "medium" }, { "control_id": "NETWORK-006", "domain": "NETWORK", "title": "Vertrauensanker konfigurierbar, nicht hartkodiert", "objective": "Kontrollierte Vertrauensverwaltung", "check_target": "code", "evidence": [ "source_code", "tls_config" ], "automation": "medium" }, { "control_id": "NETWORK-007", "domain": "NETWORK", "title": "Interne Ports minimiert und dokumentiert", "objective": "Reduziert unnoetige Offenheit", "check_target": "network", "evidence": [ "network_policies", "port_inventory" ], "automation": "low" }, { "control_id": "NETWORK-008", "domain": "NETWORK", "title": "Netzwerksegmente logisch getrennt", "objective": "Reduziert seitliche Ausbreitung", "check_target": "architecture", "evidence": [ "network_diagrams", "firewall_rules" ], "automation": "low" }, { "control_id": "NETWORK-009", "domain": "NETWORK", "title": "Kritische Netzwerkfehler an Monitoring weitergegeben", "objective": "Schnelle Reaktion auf Kommunikationsprobleme", "check_target": "system", "evidence": [ "alert_rules", "log_samples" ], "automation": "medium" }, { "control_id": "NETWORK-010", "domain": "NETWORK", "title": "DNS/Service Discovery fuer kritische Komponenten kontrolliert", "objective": "Verhindert Fehlroutung", "check_target": "system", "evidence": [ "dns_config", "service_registry" ], "automation": "low" }, { "control_id": "STORAGE-001", "domain": "STORAGE", "title": "Persistente Speicherorte dokumentiert", "objective": "Gezielte Schutz- und Pruefmassnahmen", "check_target": "architecture", "evidence": [ "data_flow_docs", "storage_inventory" ], "automation": "low" }, { "control_id": "STORAGE-002", "domain": "STORAGE", "title": "Schreibzugriffe rollenbasiert begrenzt", "objective": "Reduziert unautorisierte Manipulation", "check_target": "config", "evidence": [ "iam_config", "db_permissions" ], "automation": "medium" }, { "control_id": "STORAGE-003", "domain": "STORAGE", "title": "Temporaere Dateien ohne sensitive Daten", "objective": "Verhindert Schattenpersistenz", "check_target": "code", "evidence": [ "source_code", "artifact_scan" ], "automation": "medium" }, { "control_id": "STORAGE-004", "domain": "STORAGE", "title": "Datenbankschemata erzwingen Integritaetsbedingungen", "objective": "Reduziert inkonsistente Datensaetze", "check_target": "database", "evidence": [ "db_schema", "migration_scripts" ], "automation": "medium" }, { "control_id": "STORAGE-005", "domain": "STORAGE", "title": "Aenderungen an Zahlungszustaenden nachvollziehbar", "objective": "Auditierbarkeit", "check_target": "system", "evidence": [ "audit_log_sample", "db_schema" ], "automation": "low" }, { "control_id": "STORAGE-006", "domain": "STORAGE", "title": "Backups folgen selben Schutzanforderungen wie Primaerdaten", "objective": "Verhindert Schutzluecken in Sekundaerspeichern", "check_target": "process", "evidence": [ "backup_config", "storage_policy" ], "automation": "low" }, { "control_id": "STORAGE-007", "domain": "STORAGE", "title": "Persistenzlogik behandelt Teilfehler kontrolliert", "objective": "Robustheit bei DB-Fehlern", "check_target": "code", "evidence": [ "source_code", "error_mode_tests" ], "automation": "medium" }, { "control_id": "STORAGE-008", "domain": "STORAGE", "title": "Storage-Migrationen getestet und reversibel bewertet", "objective": "Reduziert fehlerhafte Schemaenderungen", "check_target": "database", "evidence": [ "migration_scripts", "test_reports" ], "automation": "medium" }, { "control_id": "STORAGE-009", "domain": "STORAGE", "title": "Lesezugriffe fuer Reporting umgehen keine Filterlogik", "objective": "Verhindert Datenabfluss ueber Sekundaerzugriffe", "check_target": "code", "evidence": [ "source_code", "authorization_tests" ], "automation": "medium" }, { "control_id": "STORAGE-010", "domain": "STORAGE", "title": "Dateibasierte Speicher gegen unautorisierte Aenderung geschuetzt", "objective": "Reduziert Manipulationsrisiko", "check_target": "system", "evidence": [ "filesystem_permissions", "integrity_checks" ], "automation": "low" }, { "control_id": "MONITOR-001", "domain": "MONITOR", "title": "Sicherheitskritische Ereignisse haben Alarmierungsregeln", "objective": "Zeitnahe Reaktion auf Vorfaelle", "check_target": "system", "evidence": [ "alert_rules", "monitoring_config" ], "automation": "medium" }, { "control_id": "MONITOR-002", "domain": "MONITOR", "title": "Ausfaelle von Zahlungspfaden werden entdeckt", "objective": "Reduziert unbemerkte Stoerungen", "check_target": "system", "evidence": [ "monitoring_config", "synthetic_checks" ], "automation": "medium" }, { "control_id": "MONITOR-003", "domain": "MONITOR", "title": "Monitoring differenziert Verfuegbarkeit/Sicherheit/Fachfehler", "objective": "Bessere Priorisierung", "check_target": "system", "evidence": [ "alert_rules", "metric_samples" ], "automation": "low" }, { "control_id": "MONITOR-004", "domain": "MONITOR", "title": "Schwellenwerte fuer kritische Funktionen definiert", "objective": "Verhindert ad-hoc Ereigniserkennung", "check_target": "process", "evidence": [ "ops_docs", "monitoring_config" ], "automation": "low" }, { "control_id": "MONITOR-005", "domain": "MONITOR", "title": "Alarmierungswege dokumentiert und wirksam", "objective": "Reaktionsfaehigkeit im Vorfall", "check_target": "process", "evidence": [ "incident_docs", "alert_config" ], "automation": "low" }, { "control_id": "MONITOR-006", "domain": "MONITOR", "title": "Wiederkehrende Fehler aggregiert und als Muster erkennbar", "objective": "Fruehwarnung bei systemischen Problemen", "check_target": "system", "evidence": [ "monitoring_dashboards", "alert_rules" ], "automation": "low" }, { "control_id": "MONITOR-007", "domain": "MONITOR", "title": "Queue-Monitoring erfasst Stau, Alter, Fehlerquoten", "objective": "Kontrolle verteilter Verarbeitungswege", "check_target": "system", "evidence": [ "queue_metrics", "monitoring_dashboards" ], "automation": "medium" }, { "control_id": "MONITOR-008", "domain": "MONITOR", "title": "Monitoring gegen triviale Deaktivierung geschuetzt", "objective": "Vertrauenswuerdigkeit betrieblicher Kontrollen", "check_target": "system", "evidence": [ "iam_config", "audit_log_sample" ], "automation": "low" }, { "control_id": "MONITOR-009", "domain": "MONITOR", "title": "Stille Fehlzustaende durch Heartbeats/Synthetic Checks adressiert", "objective": "Verhindert truegerischen Anschein", "check_target": "system", "evidence": [ "synthetic_checks", "heartbeat_config" ], "automation": "medium" }, { "control_id": "MONITOR-010", "domain": "MONITOR", "title": "Monitoring-Nachweise reproduzierbar abrufbar", "objective": "Belastbare Betriebsnachweise", "check_target": "process", "evidence": [ "dashboard_exports", "ops_docs" ], "automation": "low" }, { "control_id": "OPS-001", "domain": "OPS", "title": "Betriebsrollen und Verantwortlichkeiten dokumentiert", "objective": "Klare Zustaendigkeit", "check_target": "process", "evidence": [ "ops_docs", "role_model" ], "automation": "low" }, { "control_id": "OPS-002", "domain": "OPS", "title": "Runbooks fuer typische Stoerungen vorhanden", "objective": "Reaktionsgeschwindigkeit und Konsistenz", "check_target": "process", "evidence": [ "runbooks", "incident_docs" ], "automation": "low" }, { "control_id": "OPS-003", "domain": "OPS", "title": "Sicherheitsmassnahmen nicht an Einzelpersonen gebunden", "objective": "Reduziert Abhaengigkeit von implizitem Wissen", "check_target": "process", "evidence": [ "ops_docs", "training_records" ], "automation": "low" }, { "control_id": "OPS-004", "domain": "OPS", "title": "Notfallzugriffe zeitlich begrenzt und auditierbar", "objective": "Reduziert Missbrauch von Sonderzugaengen", "check_target": "system", "evidence": [ "audit_log_sample", "iam_config" ], "automation": "low" }, { "control_id": "OPS-005", "domain": "OPS", "title": "Schluessel-/Zertifikats-/Geraetewechsel-Prozesse definiert", "objective": "Verhindert ungeordnete Sicherheitsuebergaenge", "check_target": "process", "evidence": [ "ops_docs", "runbooks" ], "automation": "low" }, { "control_id": "OPS-006", "domain": "OPS", "title": "Wartungsfenster fachlich und technisch abgestimmt", "objective": "Verhindert ueberraschende Auswirkungen", "check_target": "process", "evidence": [ "ops_docs", "change_docs" ], "automation": "low" }, { "control_id": "OPS-007", "domain": "OPS", "title": "Betriebsparameter regelmaessig auf Sollzustand geprueft", "objective": "Erkennt schleichende Drift", "check_target": "system", "evidence": [ "ops_checks", "config_registry" ], "automation": "medium" }, { "control_id": "OPS-008", "domain": "OPS", "title": "Wiederanlauf nach Ausfall folgt definierten Prioritaeten", "objective": "Verhindert ungeordnete Recovery", "check_target": "process", "evidence": [ "runbooks", "recovery_tests" ], "automation": "low" }, { "control_id": "OPS-009", "domain": "OPS", "title": "Drittabhaengigkeiten dokumentiert und ueberwacht", "objective": "Transparenz ueber externe Ausfallrisiken", "check_target": "process", "evidence": [ "vendor_inventory", "monitoring_docs" ], "automation": "low" }, { "control_id": "OPS-010", "domain": "OPS", "title": "Betriebsnachweise fuer Ausschreibungen strukturiert abrufbar", "objective": "Belastbare Compliance-Antworten", "check_target": "process", "evidence": [ "evidence_registry", "reporting_docs" ], "automation": "low" }, { "control_id": "ZVTCORE-001", "domain": "ZVTCORE", "title": "ZVT-Nachrichten auf vollstaendige Rahmenstruktur geprueft", "objective": "Verhindert Verarbeitung beschaedigter Frames", "check_target": "code", "evidence": [ "source_code", "protocol_tests" ], "automation": "high" }, { "control_id": "ZVTCORE-002", "domain": "ZVTCORE", "title": "Unbekannte ZVT-Kommandos definiert abgewiesen", "objective": "Verhindert undefiniertes Verhalten", "check_target": "code", "evidence": [ "source_code", "protocol_tests" ], "automation": "high" }, { "control_id": "ZVTCORE-003", "domain": "ZVTCORE", "title": "ZVT-Nachrichtenlaengen vor Verarbeitung validiert", "objective": "Verhindert Parser-Ueberlaeufe", "check_target": "code", "evidence": [ "source_code", "fuzz_tests" ], "automation": "high" }, { "control_id": "ZVTCORE-004", "domain": "ZVTCORE", "title": "Feldgrenzen in ZVT-Datenstrukturen strikt eingehalten", "objective": "Verhindert Fehlinterpretation", "check_target": "code", "evidence": [ "source_code", "schema_tests" ], "automation": "high" }, { "control_id": "ZVTCORE-005", "domain": "ZVTCORE", "title": "Optionale ZVT-Felder nur bei formaler Korrektheit verarbeitet", "objective": "Verhindert Fehlannahmen", "check_target": "code", "evidence": [ "source_code", "negative_tests" ], "automation": "medium" }, { "control_id": "ZVTCORE-006", "domain": "ZVTCORE", "title": "Unerwartete Feldreihenfolgen kontrolliert behandelt", "objective": "Verhindert Parserdrift", "check_target": "code", "evidence": [ "source_code", "protocol_tests" ], "automation": "medium" }, { "control_id": "ZVTCORE-007", "domain": "ZVTCORE", "title": "Parser trennt Transport- von fachlichen Zahlungsfehlern", "objective": "Korrekte Fehlerbehandlung und Retry", "check_target": "code", "evidence": [ "source_code", "error_mapping" ], "automation": "medium" }, { "control_id": "ZVTCORE-008", "domain": "ZVTCORE", "title": "Reservierte/verbotene Werte in ZVT-Frames erkannt", "objective": "Verhindert unsaubere Verarbeitung", "check_target": "code", "evidence": [ "source_code", "negative_tests" ], "automation": "medium" }, { "control_id": "ZVTCORE-009", "domain": "ZVTCORE", "title": "Definierte Zeichensaetze und Kodierungen verwendet", "objective": "Verhindert Fehlinterpretation von Belegdaten", "check_target": "code", "evidence": [ "source_code", "protocol_docs" ], "automation": "medium" }, { "control_id": "ZVTCORE-010", "domain": "ZVTCORE", "title": "ZVT-Nachrichten vor Fachlogik normalisiert und typisiert", "objective": "Reduziert Parserkomplexitaet", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "medium" }, { "control_id": "ZVTFLOW-001", "domain": "ZVTFLOW", "title": "Zahlung erst nach Protokollinitialisierung gesendet", "objective": "Verhindert fehlerhafte Sequenzen", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "ZVTFLOW-002", "domain": "ZVTFLOW", "title": "Kommandos nur in zulaessigen Zustaenden ausgeloest", "objective": "Verhindert ungueltige Kommandofolgen", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "ZVTFLOW-003", "domain": "ZVTFLOW", "title": "Parallele Zahlungen auf gleicher Verbindung serialisiert", "objective": "Verhindert kollidierende Ablaeufe", "check_target": "code", "evidence": [ "source_code", "concurrency_tests" ], "automation": "medium" }, { "control_id": "ZVTFLOW-004", "domain": "ZVTFLOW", "title": "Statusabfragen veraendern Zahlungszustand nicht", "objective": "Verhindert Seiteneffekte diagnostischer Ops", "check_target": "code", "evidence": [ "source_code", "protocol_tests" ], "automation": "medium" }, { "control_id": "ZVTFLOW-005", "domain": "ZVTFLOW", "title": "Abbruchkommandos nur in zulaessigen Phasen", "objective": "Verhindert inkonsistente Abbruchzustaende", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "ZVTFLOW-006", "domain": "ZVTFLOW", "title": "Storno referenziert eindeutig Ursprungstransaktion", "objective": "Verhindert falsche Zuordnung", "check_target": "code", "evidence": [ "source_code", "db_schema" ], "automation": "medium" }, { "control_id": "ZVTFLOW-007", "domain": "ZVTFLOW", "title": "Wiederanlauf nur mit eindeutigem Transaktionskontext", "objective": "Verhindert doppelte Fortsetzung", "check_target": "code", "evidence": [ "source_code", "reconnect_tests" ], "automation": "low" }, { "control_id": "ZVTFLOW-008", "domain": "ZVTFLOW", "title": "Terminalseitige Zwischenzustaende vor Folgebefehlen beruecksichtigt", "objective": "Verhindert vorschnelle Kommandos", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "ZVTFLOW-009", "domain": "ZVTFLOW", "title": "Async Rueckmeldungen korrekt zugeordnet", "objective": "Verhindert Vermischung paralleler Sitzungen", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "ZVTFLOW-010", "domain": "ZVTFLOW", "title": "Nach Transaktionsende expliziter Idle-Zustand", "objective": "Verhindert haengende Sitzungskontexte", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "ZVTERROR-001", "domain": "ZVTERROR", "title": "ZVT-Fehlercodes vollstaendig auf interne Klassen gemappt", "objective": "Konsistente Fehlerbehandlung", "check_target": "code", "evidence": [ "source_code", "error_mapping" ], "automation": "medium" }, { "control_id": "ZVTERROR-002", "domain": "ZVTERROR", "title": "Unbekannte Fehlercodes fuehren nicht zu Erfolgsbewertung", "objective": "Verhindert False Positives", "check_target": "code", "evidence": [ "source_code", "negative_tests" ], "automation": "high" }, { "control_id": "ZVTERROR-003", "domain": "ZVTERROR", "title": "Transport- und Terminalablehnungen erzeugen unterschiedliche Folgeaktionen", "objective": "Korrekte Retry-Entscheidungen", "check_target": "code", "evidence": [ "source_code", "error_mode_tests" ], "automation": "medium" }, { "control_id": "ZVTERROR-004", "domain": "ZVTERROR", "title": "Fehler ohne Transaktionskontext als unvollstaendig markiert", "objective": "Verhindert unpruefbare Abschluesse", "check_target": "code", "evidence": [ "source_code", "db_schema" ], "automation": "medium" }, { "control_id": "ZVTERROR-005", "domain": "ZVTERROR", "title": "Wiederholte Protokollfehler fuehren zu Eskalation/Reset", "objective": "Verhindert korrupte Kommunikation", "check_target": "code", "evidence": [ "source_code", "reliability_tests" ], "automation": "low" }, { "control_id": "ZVTERROR-006", "domain": "ZVTERROR", "title": "Belegdruckfehler ueberschreiben nicht Zahlungsstatus", "objective": "Trennt Zahlungs- von Nebenfehlern", "check_target": "code", "evidence": [ "source_code", "protocol_tests" ], "automation": "low" }, { "control_id": "ZVTERROR-007", "domain": "ZVTERROR", "title": "Bediener- und technischer Abbruch getrennt ausgewiesen", "objective": "Aussagekraft im Audit/Support", "check_target": "code", "evidence": [ "source_code", "error_mapping" ], "automation": "medium" }, { "control_id": "ZVTERROR-008", "domain": "ZVTERROR", "title": "Fehler in optionalen Erweiterungen beeintraechtigen Kernablauf nicht", "objective": "Begrenzt Seiteneffekte", "check_target": "code", "evidence": [ "source_code", "negative_tests" ], "automation": "low" }, { "control_id": "ZVTERROR-009", "domain": "ZVTERROR", "title": "Mehrdeutige Antworten als inkonsistenter Fehlerzustand behandelt", "objective": "Verhindert unsichere Interpretation", "check_target": "code", "evidence": [ "source_code", "negative_tests" ], "automation": "low" }, { "control_id": "ZVTERROR-010", "domain": "ZVTERROR", "title": "Fehlerzustaende erzeugen auditierbare Ereignisse", "objective": "Nachvollziehbarkeit bei Protokollproblemen", "check_target": "system", "evidence": [ "audit_log_sample", "source_code" ], "automation": "medium" }, { "control_id": "ZVTTIME-001", "domain": "ZVTTIME", "title": "Antwort-Timeouts je ZVT-Kommando explizit definiert", "objective": "Verhindert unkontrollierte Haenger", "check_target": "config", "evidence": [ "source_code", "config" ], "automation": "medium" }, { "control_id": "ZVTTIME-002", "domain": "ZVTTIME", "title": "Timeouts differenziert nach Protokollphase", "objective": "Realistische Zeitsteuerung", "check_target": "code", "evidence": [ "source_code", "timeout_tests" ], "automation": "medium" }, { "control_id": "ZVTTIME-003", "domain": "ZVTTIME", "title": "Nach Timeout Protokollzustand explizit bereinigt", "objective": "Verhindert haengende Sitzungen", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "ZVTTIME-004", "domain": "ZVTTIME", "title": "Zeitkritische Nachrichten nicht durch Anwendungslogik verzoegert", "objective": "Verhindert selbstverursachte Abbrueche", "check_target": "code", "evidence": [ "source_code", "performance_tests" ], "automation": "low" }, { "control_id": "ZVTTIME-005", "domain": "ZVTTIME", "title": "Retry-Intervalle definiert und begrenzt", "objective": "Verhindert aggressives Wiederholen", "check_target": "code", "evidence": [ "source_code", "retry_logic" ], "automation": "medium" }, { "control_id": "ZVTTIME-006", "domain": "ZVTTIME", "title": "Verspaetete Antworten nach Timeout nicht als aktuell akzeptiert", "objective": "Verhindert Fehlzuordnung", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "ZVTTIME-007", "domain": "ZVTTIME", "title": "Konfigurierbare Zeitwerte mit Mindest-/Hoechstgrenzen", "objective": "Verhindert riskante Einstellungen", "check_target": "config", "evidence": [ "config_validation", "source_code" ], "automation": "medium" }, { "control_id": "ZVTTIME-008", "domain": "ZVTTIME", "title": "Busy-Zustaende zeitlich ueberwacht", "objective": "Verhindert endloses Warten", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "low" }, { "control_id": "ZVTTIME-009", "domain": "ZVTTIME", "title": "Zeitbezogene Events mit korrelierbarem Zeitstempel", "objective": "Diagnose von Latenzproblemen", "check_target": "system", "evidence": [ "log_samples", "source_code" ], "automation": "medium" }, { "control_id": "ZVTTIME-010", "domain": "ZVTTIME", "title": "Timeout-Abbrueche fuehren nicht automatisch zu Stornierung", "objective": "Verhindert falsche Schlussfolgerungen", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "low" }, { "control_id": "OPICORE-001", "domain": "OPICORE", "title": "OPI-Nachrichten auf Schema- und Pflichtfeldkonformitaet geprueft", "objective": "Verhindert ungueltige Anfragen/Antworten", "check_target": "code", "evidence": [ "source_code", "schema_tests" ], "automation": "high" }, { "control_id": "OPICORE-002", "domain": "OPICORE", "title": "OPI-Nachrichtentypen eindeutig klassifiziert und geroutet", "objective": "Verhindert Fehlbehandlung", "check_target": "code", "evidence": [ "source_code", "protocol_tests" ], "automation": "medium" }, { "control_id": "OPICORE-003", "domain": "OPICORE", "title": "Unbekannte OPI-Felder/Erweiterungen kontrolliert behandelt", "objective": "Robustheit gegenueber Versionen", "check_target": "code", "evidence": [ "source_code", "compatibility_tests" ], "automation": "medium" }, { "control_id": "OPICORE-004", "domain": "OPICORE", "title": "OPI-Korrelationskennungen strikt validiert", "objective": "Verhindert Kontextvermischung", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "OPICORE-005", "domain": "OPICORE", "title": "Widerspruechliche Pflichtinfos abgewiesen", "objective": "Verhindert inkonsistente Verarbeitung", "check_target": "code", "evidence": [ "source_code", "negative_tests" ], "automation": "high" }, { "control_id": "OPICORE-006", "domain": "OPICORE", "title": "Datum/Betrag/Waehrung typisiert und semantisch validiert", "objective": "Verhindert manipulative Nutzlasten", "check_target": "code", "evidence": [ "source_code", "validation_tests" ], "automation": "high" }, { "control_id": "OPICORE-007", "domain": "OPICORE", "title": "Protokollfehler und Geschaeftsantworten sauber getrennt", "objective": "Korrekte Folgeentscheidungen", "check_target": "code", "evidence": [ "source_code", "error_mapping" ], "automation": "medium" }, { "control_id": "OPICORE-008", "domain": "OPICORE", "title": "OPI-Payloads vor Logging/Persistenz maskiert", "objective": "Verhindert Datenabfluss aus Nachrichten", "check_target": "code", "evidence": [ "source_code", "log_samples" ], "automation": "medium" }, { "control_id": "OPICORE-009", "domain": "OPICORE", "title": "Protokollversion und Kompatibilitaet explizit geprueft", "objective": "Verhindert verdeckte Inkompatibilitaeten", "check_target": "code", "evidence": [ "source_code", "compatibility_tests" ], "automation": "medium" }, { "control_id": "OPICORE-010", "domain": "OPICORE", "title": "Parser schuetzt gegen uebergrosse/verschachtelte Nutzlasten", "objective": "Reduziert DoS-Risiko", "check_target": "code", "evidence": [ "source_code", "fuzz_tests" ], "automation": "medium" }, { "control_id": "OPIFLOW-001", "domain": "OPIFLOW", "title": "OPI-Anfragen nur in zulaessiger Reihenfolge gesendet", "objective": "Verhindert Protokollverletzungen", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "OPIFLOW-002", "domain": "OPIFLOW", "title": "Antworten eindeutig der Anforderung zugeordnet", "objective": "Verhindert Vermischung", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "OPIFLOW-003", "domain": "OPIFLOW", "title": "Doppelte Responses dedupliziert", "objective": "Verhindert Mehrfachverarbeitung", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "OPIFLOW-004", "domain": "OPIFLOW", "title": "Stornierungen referenzieren korrekte Ursprungstransaktion", "objective": "Verhindert falsche Folgeaktionen", "check_target": "code", "evidence": [ "source_code", "db_schema" ], "automation": "medium" }, { "control_id": "OPIFLOW-005", "domain": "OPIFLOW", "title": "Async Events nur ueber definierte Zustandsuebergaenge", "objective": "Verhindert inkonsistente Statusspruenge", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "OPIFLOW-006", "domain": "OPIFLOW", "title": "OPI-Timeouts fuehren zu expliziten Pending/Fehler-Zustaenden", "objective": "Verhindert unklare Bewertung", "check_target": "code", "evidence": [ "source_code", "timeout_tests" ], "automation": "medium" }, { "control_id": "OPIFLOW-007", "domain": "OPIFLOW", "title": "Keine Folgeanfragen auf Basis unvollstaendiger Antworten", "objective": "Verhindert Kettenfehler", "check_target": "code", "evidence": [ "source_code", "validation_tests" ], "automation": "medium" }, { "control_id": "OPIFLOW-008", "domain": "OPIFLOW", "title": "Wiederanlaeufe unterscheiden idempotente von nicht-idempotenten Aktionen", "objective": "Verhindert doppelte Wirkung", "check_target": "code", "evidence": [ "source_code", "retry_logic" ], "automation": "medium" }, { "control_id": "OPIFLOW-009", "domain": "OPIFLOW", "title": "Dialogbeendigung hinterlaesst keinen offenen fachlichen Status", "objective": "Verhindert haengende Kontexte", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "OPIFLOW-010", "domain": "OPIFLOW", "title": "Workflows gegen parallele Statusaenderungen abgesichert", "objective": "Verhindert Race Conditions", "check_target": "code", "evidence": [ "source_code", "concurrency_tests" ], "automation": "low" }, { "control_id": "PROTOINT-001", "domain": "PROTOINT", "title": "Protokollkonverter erhalten alle Informationen verlustfrei", "objective": "Verhindert semantischen Informationsverlust", "check_target": "code", "evidence": [ "source_code", "mapping_tests" ], "automation": "medium" }, { "control_id": "PROTOINT-002", "domain": "PROTOINT", "title": "Keine unmoeglichen Mischzustaende aus verschiedenen Protokollen", "objective": "Verhindert inkonsistente Aggregation", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "low" }, { "control_id": "PROTOINT-003", "domain": "PROTOINT", "title": "Korrelationskennungen beim Protokolluebergang erhalten", "objective": "End-to-End Nachverfolgung", "check_target": "code", "evidence": [ "source_code", "message_schema" ], "automation": "medium" }, { "control_id": "PROTOINT-004", "domain": "PROTOINT", "title": "Protokollfehler in normierte interne Semantik ueberfuehrt", "objective": "Konsistente Behandlung", "check_target": "code", "evidence": [ "source_code", "error_mapping" ], "automation": "medium" }, { "control_id": "PROTOINT-005", "domain": "PROTOINT", "title": "Nicht mappbare Infos explizit kenntlich, nicht still verworfen", "objective": "Verhindert unsichtbaren Informationsverlust", "check_target": "code", "evidence": [ "source_code", "mapping_tests" ], "automation": "low" }, { "control_id": "PROTOINT-006", "domain": "PROTOINT", "title": "Interne Modelle erzwingen zulaessige Wertebereiche vor Serialisierung", "objective": "Verhindert ungueltige Protokollnachrichten", "check_target": "code", "evidence": [ "source_code", "validation_tests" ], "automation": "high" }, { "control_id": "PROTOINT-007", "domain": "PROTOINT", "title": "Serialisierung deterministisch und testbar", "objective": "Reproduzierbarkeit", "check_target": "code", "evidence": [ "source_code", "golden_tests" ], "automation": "medium" }, { "control_id": "PROTOINT-008", "domain": "PROTOINT", "title": "Parser und Serializer verwenden gleiche Feldsemantik", "objective": "Verhindert Drift", "check_target": "code", "evidence": [ "source_code", "roundtrip_tests" ], "automation": "medium" }, { "control_id": "PROTOINT-009", "domain": "PROTOINT", "title": "Protokolladapter logisch von Geschaeftsregeln getrennt", "objective": "Reduziert Seiteneffekte", "check_target": "architecture", "evidence": [ "source_code", "design_docs" ], "automation": "low" }, { "control_id": "PROTOINT-010", "domain": "PROTOINT", "title": "Protokollmapping-Aenderungen durch Regressionstests abgesichert", "objective": "Verhindert Integrationsbrueche", "check_target": "test", "evidence": [ "regression_tests", "protocol_tests" ], "automation": "medium" }, { "control_id": "TERMSTATE-001", "domain": "TERMSTATE", "title": "Terminalzustaende als explizites Modell repraesentiert", "objective": "Klarheit und Pruefbarkeit", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "TERMSTATE-002", "domain": "TERMSTATE", "title": "Busy-Status blockiert unzulaessige Folgekommandos", "objective": "Verhindert Kollisionen", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "TERMSTATE-003", "domain": "TERMSTATE", "title": "Nach Reconnect aktive Neusynchronisation", "objective": "Verhindert veraltetes Verbindungswissen", "check_target": "code", "evidence": [ "source_code", "reconnect_tests" ], "automation": "low" }, { "control_id": "TERMSTATE-004", "domain": "TERMSTATE", "title": "Ungueltige Terminal+Transaktionsstatus-Kombinationen erkannt", "objective": "Verhindert widerspruechliche Entscheidungen", "check_target": "code", "evidence": [ "source_code", "negative_tests" ], "automation": "medium" }, { "control_id": "TERMSTATE-005", "domain": "TERMSTATE", "title": "Service-/Wartungszustaende vom Zahlungsbetrieb getrennt", "objective": "Reduziert Seiteneffekte", "check_target": "code", "evidence": [ "source_code", "auth_tests" ], "automation": "low" }, { "control_id": "TERMSTATE-006", "domain": "TERMSTATE", "title": "Statusaenderungen erzeugen nachvollziehbare Backend-Events", "objective": "Sichtbarkeit kritischer Aenderungen", "check_target": "system", "evidence": [ "audit_log_sample", "source_code" ], "automation": "medium" }, { "control_id": "TERMSTATE-007", "domain": "TERMSTATE", "title": "Unklare Zustaende fuehren zu konservativem Verhalten", "objective": "Verhindert unsichere Annahmen", "check_target": "code", "evidence": [ "source_code", "error_mode_tests" ], "automation": "medium" }, { "control_id": "TERMSTATE-008", "domain": "TERMSTATE", "title": "Verfuegbarkeit nicht mit fachlichem Zahlungserfolg verwechselt", "objective": "Verhindert falsche Geschaeftsentscheidungen", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "TERMSTATE-009", "domain": "TERMSTATE", "title": "Lokale Statuscaches verfallen kontrolliert", "objective": "Verhindert veraltete Zustandsinformationen", "check_target": "code", "evidence": [ "source_code", "cache_tests" ], "automation": "low" }, { "control_id": "TERMSTATE-010", "domain": "TERMSTATE", "title": "Sicherheitszustaende nicht durch Nutzeraktionen ruecksetzbar", "objective": "Schuetzt kritische Geraetezustaende", "check_target": "code", "evidence": [ "source_code", "authorization_tests" ], "automation": "low" }, { "control_id": "TERMREC-001", "domain": "TERMREC", "title": "Belegdaten vor Persistenz/Ausgabe formal validiert", "objective": "Verhindert fehlerhafte Belegverarbeitung", "check_target": "code", "evidence": [ "source_code", "validation_tests" ], "automation": "medium" }, { "control_id": "TERMREC-002", "domain": "TERMREC", "title": "Doppelte Belegmeldungen erkannt und nicht mehrfach verarbeitet", "objective": "Verhindert Mehrfachablage", "check_target": "code", "evidence": [ "source_code", "dedup_tests" ], "automation": "medium" }, { "control_id": "TERMREC-003", "domain": "TERMREC", "title": "Belegdaten dem korrekten Transaktionskontext zugeordnet", "objective": "Verhindert Vermischung", "check_target": "code", "evidence": [ "source_code", "db_schema" ], "automation": "medium" }, { "control_id": "TERMREC-004", "domain": "TERMREC", "title": "Fehlgeschlagener Belegdruck veraendert nicht Zahlungsstatus", "objective": "Trennt Zahlungsabschluss von Druckproblemen", "check_target": "code", "evidence": [ "source_code", "protocol_tests" ], "automation": "low" }, { "control_id": "TERMREC-005", "domain": "TERMREC", "title": "Belegtexte vor Logging auf sensitive Inhalte geprueft", "objective": "Verhindert Datenabfluss ueber Ausgabepfade", "check_target": "code", "evidence": [ "source_code", "log_samples" ], "automation": "medium" }, { "control_id": "TERMREC-006", "domain": "TERMREC", "title": "Belegereignisse auditierbar und zeitlich korrelierbar", "objective": "Nachweis ueber Ausgabeverhalten", "check_target": "system", "evidence": [ "audit_log_sample", "report_samples" ], "automation": "medium" }, { "control_id": "TERMREC-007", "domain": "TERMREC", "title": "Mehrteilige Belegdaten vollstaendig und korrekt zusammengefuehrt", "objective": "Verhindert Datenverlust", "check_target": "code", "evidence": [ "source_code", "golden_tests" ], "automation": "medium" }, { "control_id": "TERMREC-008", "domain": "TERMREC", "title": "Beschaedigte Belegsegmente als unvollstaendig markiert", "objective": "Verhindert Nutzung defekter Daten", "check_target": "code", "evidence": [ "source_code", "negative_tests" ], "automation": "medium" }, { "control_id": "TERMREC-009", "domain": "TERMREC", "title": "Belegformate zwischen Terminal und Backend kompatibel", "objective": "Verhindert Zeichensatz-/Layoutfehler", "check_target": "code", "evidence": [ "source_code", "compatibility_tests" ], "automation": "low" }, { "control_id": "TERMREC-010", "domain": "TERMREC", "title": "Belegdaten auf erforderliche Inhalte minimiert", "objective": "Reduziert unnoetige Speicherung", "check_target": "architecture", "evidence": [ "data_flow_docs", "db_schema" ], "automation": "low" }, { "control_id": "TERMSYNC-009", "domain": "TERMSYNC", "title": "Sync unterscheidet fachliche Klaerung von technischer Wiederholung", "objective": "Verhindert Wiederholung finaler Zustaende", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "TERMSYNC-010", "domain": "TERMSYNC", "title": "Terminal/Backend-Zustaende regelmaessig auf Divergenzen geprueft", "objective": "Erkennt Inkonsistenzen fruehzeitig", "check_target": "system", "evidence": [ "reconciliation_jobs", "audit_log_sample" ], "automation": "medium" }, { "control_id": "ZVT-CMD-001", "domain": "ZVT-CMD", "title": "ZVT-Kommandos nur in zulaessiger Reihenfolge", "objective": "Verhindert Protokollverletzungen", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "high" }, { "control_id": "ZVT-CMD-002", "domain": "ZVT-CMD", "title": "Ungueltige Kommandos sicher zurueckgewiesen", "objective": "Verhindert undefined behavior", "check_target": "code", "evidence": [ "source_code", "negative_tests" ], "automation": "high" }, { "control_id": "ZVT-CMD-003", "domain": "ZVT-CMD", "title": "Verpflichtende Parameter vorhanden", "objective": "Sichert korrekte Kommunikation", "check_target": "code", "evidence": [ "source_code", "protocol_tests" ], "automation": "high" }, { "control_id": "ZVT-CMD-004", "domain": "ZVT-CMD", "title": "Optionalfelder korrekt interpretiert und validiert", "objective": "Verhindert Fehlinterpretation", "check_target": "code", "evidence": [ "source_code", "protocol_tests" ], "automation": "medium" }, { "control_id": "ZVT-CMD-005", "domain": "ZVT-CMD", "title": "Terminalantworten vollstaendig gelesen und verarbeitet", "objective": "Verhindert Zustandsverlust", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "ZVT-RT-001", "domain": "ZVT-RT", "title": "Timeouts fuer Terminalkommunikation definiert", "objective": "Verhindert blockierende Prozesse", "check_target": "config", "evidence": [ "config", "source_code" ], "automation": "high" }, { "control_id": "ZVT-RT-002", "domain": "ZVT-RT", "title": "Retries unterscheiden idempotent/nicht-idempotent", "objective": "Verhindert doppelte Buchungen", "check_target": "code", "evidence": [ "source_code", "retry_logic" ], "automation": "medium" }, { "control_id": "ZVT-RT-003", "domain": "ZVT-RT", "title": "Retry-Anzahl begrenzt", "objective": "Verhindert Endlosschleifen", "check_target": "config", "evidence": [ "config", "source_code" ], "automation": "high" }, { "control_id": "ZVT-RT-004", "domain": "ZVT-RT", "title": "Backoff-Strategien implementiert", "objective": "Verhindert Ueberlastung", "check_target": "code", "evidence": [ "source_code", "retry_logic" ], "automation": "medium" }, { "control_id": "ZVT-RT-005", "domain": "ZVT-RT", "title": "Abgebrochene Transaktionen eindeutig markiert", "objective": "Erleichtert Recovery", "check_target": "system", "evidence": [ "db_schema", "source_code" ], "automation": "medium" }, { "control_id": "ZVT-STATE-001", "domain": "ZVT-STATE", "title": "Zahlungszustaende als explizite State Machine", "objective": "Verhindert implizite Zustaende", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "ZVT-STATE-002", "domain": "ZVT-STATE", "title": "Ungueltige Zustandsuebergaenge nicht moeglich", "objective": "Verhindert inkonsistente Zustaende", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "high" }, { "control_id": "ZVT-STATE-003", "domain": "ZVT-STATE", "title": "Jeder Zustand hat definierten Exit-Pfad", "objective": "Verhindert Deadlocks", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "ZVT-STATE-004", "domain": "ZVT-STATE", "title": "Terminal- und Backendzustand abgeglichen", "objective": "Verhindert Divergenzen", "check_target": "system", "evidence": [ "integration_test", "reconciliation_jobs" ], "automation": "medium" }, { "control_id": "ZVT-STATE-005", "domain": "ZVT-STATE", "title": "Recovery-Zustaende explizit modelliert", "objective": "Erhoeht Robustheit", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "ZVT-COM-001", "domain": "ZVT-COM", "title": "Nachrichtenlaengen validiert", "objective": "Verhindert Parsing-Fehler", "check_target": "code", "evidence": [ "source_code", "protocol_tests" ], "automation": "high" }, { "control_id": "ZVT-COM-002", "domain": "ZVT-COM", "title": "Checksummen/Integritaet geprueft", "objective": "Verhindert manipulierte Daten", "check_target": "code", "evidence": [ "source_code", "protocol_tests" ], "automation": "medium" }, { "control_id": "ZVT-COM-003", "domain": "ZVT-COM", "title": "Teilweise empfangene Nachrichten nicht verarbeitet", "objective": "Verhindert inkonsistente Verarbeitung", "check_target": "code", "evidence": [ "source_code", "negative_tests" ], "automation": "high" }, { "control_id": "ZVT-COM-004", "domain": "ZVT-COM", "title": "Nachrichten in korrektem Encoding interpretiert", "objective": "Verhindert Datenfehler", "check_target": "code", "evidence": [ "source_code", "protocol_tests" ], "automation": "medium" }, { "control_id": "ZVT-COM-005", "domain": "ZVT-COM", "title": "Protokollverletzungen erkannt und geloggt", "objective": "Erhoeht Diagnosefaehigkeit", "check_target": "system", "evidence": [ "source_code", "log_samples" ], "automation": "medium" }, { "control_id": "ZVT-REV-001", "domain": "ZVT-REV", "title": "Reversal nur fuer geeignete Transaktionen", "objective": "Verhindert unzulaessige Rueckabwicklung", "check_target": "code", "evidence": [ "source_code", "authorization_tests" ], "automation": "medium" }, { "control_id": "ZVT-REV-002", "domain": "ZVT-REV", "title": "Reversal eindeutig einer Transaktion zugeordnet", "objective": "Verhindert falsche Zuordnung", "check_target": "code", "evidence": [ "source_code", "db_schema" ], "automation": "high" }, { "control_id": "ZVT-REV-003", "domain": "ZVT-REV", "title": "Mehrfach-Reversal verhindert", "objective": "Verhindert doppelte Rueckbuchung", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "ZVT-REV-004", "domain": "ZVT-REV", "title": "Reversal vollstaendig dokumentiert", "objective": "Ermoeglicht Audit", "check_target": "system", "evidence": [ "audit_log_sample", "db_schema" ], "automation": "medium" }, { "control_id": "ZVT-REV-005", "domain": "ZVT-REV", "title": "Fehlgeschlagene Reversals erneut geprueft oder eskaliert", "objective": "Verhindert offene Transaktionen", "check_target": "system", "evidence": [ "source_code", "ops_docs" ], "automation": "low" }, { "control_id": "ZVT-RESP-001", "domain": "ZVT-RESP", "title": "Alle Terminal-Response-Codes vollstaendig abgedeckt", "objective": "Verhindert unhandled states", "check_target": "code", "evidence": [ "source_code", "error_mapping" ], "automation": "high" }, { "control_id": "ZVT-RESP-002", "domain": "ZVT-RESP", "title": "Fehlercodes korrekt interpretiert", "objective": "Verhindert falsche Verarbeitung", "check_target": "code", "evidence": [ "source_code", "protocol_tests" ], "automation": "medium" }, { "control_id": "ZVT-RESP-003", "domain": "ZVT-RESP", "title": "Unbekannte Response-Codes sicher behandelt", "objective": "Erhoeht Robustheit", "check_target": "code", "evidence": [ "source_code", "negative_tests" ], "automation": "medium" }, { "control_id": "ZVT-RESP-004", "domain": "ZVT-RESP", "title": "Response-Daten validiert", "objective": "Verhindert Inkonsistenzen", "check_target": "code", "evidence": [ "source_code", "validation_tests" ], "automation": "high" }, { "control_id": "ZVT-RESP-005", "domain": "ZVT-RESP", "title": "Terminalstatus nach Response aktualisiert", "objective": "Synchronisiert Zustaende", "check_target": "system", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "ZVT-SESSION-001", "domain": "ZVT-SESSION", "title": "Terminal-Sessions explizit geoeffnet und geschlossen", "objective": "Verhindert Zombie-Sessions", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "ZVT-SESSION-002", "domain": "ZVT-SESSION", "title": "Session-Timeouts definiert", "objective": "Verhindert haengende Sessions", "check_target": "config", "evidence": [ "config", "source_code" ], "automation": "high" }, { "control_id": "ZVT-SESSION-003", "domain": "ZVT-SESSION", "title": "Session-Abbrueche erkannt", "objective": "Erhoeht Stabilitaet", "check_target": "system", "evidence": [ "source_code", "monitoring_config" ], "automation": "medium" }, { "control_id": "ZVT-SESSION-004", "domain": "ZVT-SESSION", "title": "Session-Wiederaufnahme kontrolliert", "objective": "Verhindert Inkonsistenzen", "check_target": "code", "evidence": [ "source_code", "reconnect_tests" ], "automation": "medium" }, { "control_id": "ZVT-SESSION-005", "domain": "ZVT-SESSION", "title": "Parallele Sessions kontrolliert", "objective": "Verhindert Race Conditions", "check_target": "code", "evidence": [ "source_code", "concurrency_tests" ], "automation": "medium" } ] }