{
 "schema_version": "controls_for_obligation_mapping_v1",
 "purpose": "Accepted CRA->OWASP controls (Compliance Execution Graph) for the Obligation Registry to propose the SEMANTIC control->obligation_id, replacing the coarse citation_unit interim join. Fill proposed_obligation_id per control, then we adopt it into control_mapping.obligation_id.",
 "source": "ai-compliance-sdk control_mappings, mapping_status=accepted, reviewed_by=benjamin 2026-06-25",
 "count": 7,
 "controls": [
  {
   "framework": "OWASP ASVS",
   "control": "V6.3.1",
   "source_norm": "CRA Annex I Part I (2)(c) — Schutz vor unbefugtem Zugriff",
   "citation_unit": "Annex I (2)(c)",
   "family": "auth",
   "mapping_type": "supports",
   "proposed_obligation_id": ""
  },
  {
   "framework": "OWASP ASVS",
   "control": "V6.1.1",
   "source_norm": "CRA Annex I Part I (2)(c) — Schutz vor unbefugtem Zugriff",
   "citation_unit": "Annex I (2)(c)",
   "family": "auth",
   "mapping_type": "supports",
   "proposed_obligation_id": ""
  },
  {
   "framework": "OWASP ASVS",
   "control": "V11.2.1",
   "source_norm": "CRA Annex I Part I (2)(d) — Vertraulichkeit / Verschluesselung",
   "citation_unit": "Annex I (2)(d)",
   "family": "crypto",
   "mapping_type": "supports",
   "proposed_obligation_id": ""
  },
  {
   "framework": "OWASP ASVS",
   "control": "V11.7.1",
   "source_norm": "CRA Annex I Part I (2)(d) — Vertraulichkeit / Verschluesselung",
   "citation_unit": "Annex I (2)(d)",
   "family": "crypto",
   "mapping_type": "supports",
   "proposed_obligation_id": ""
  },
  {
   "framework": "OWASP ASVS",
   "control": "V16.3.3",
   "source_norm": "CRA Annex I Part I (2)(k) — Sicherheitsrelevante Ereignisse / Logging",
   "citation_unit": "Annex I (2)(k)",
   "family": "logging",
   "mapping_type": "supports",
   "proposed_obligation_id": ""
  },
  {
   "framework": "OWASP ASVS",
   "control": "V16.3.4",
   "source_norm": "CRA Annex I Part I (2)(k) — Sicherheitsrelevante Ereignisse / Logging",
   "citation_unit": "Annex I (2)(k)",
   "family": "logging",
   "mapping_type": "supports",
   "proposed_obligation_id": ""
  },
  {
   "framework": "OWASP ASVS",
   "control": "V16.1.1",
   "source_norm": "CRA Annex I Part I (2)(k) — Sicherheitsrelevante Ereignisse / Logging",
   "citation_unit": "Annex I (2)(k)",
   "family": "logging",
   "mapping_type": "supports",
   "proposed_obligation_id": ""
  }
 ]
}