{ "schema_version": "cross_domain_relationships_v1", "generated_by": "cross_domain_pairs.py + classify_relationships.py (claude-opus-4-8)", "scope": "6 CRA-P1-Familien, 93 Obligations, 101 cross-family Kandidatenpaare (BGE-M3 top-8 >=0.60)", "method": "User-Schaerfung: nicht Aehnlichkeit sondern STRUKTURELLE Beziehung (8 Kategorien, genau eine je Paar).", "distribution": { "SHARED_CAPABILITY": 16, "SAME_OBLIGATION": 1, "OVERLAP_ONLY": 42, "SUPPORTED_BY": 23, "SHARED_EVIDENCE": 7, "SHARED_PROCEDURE": 5, "UNRELATED": 7 }, "capability_layer_draft": [ { "capability": "mfa", "n_pairs": 5, "fulfills_obligations": [ "authentication/mfa_required", "authentication/privileged_op_reauth", "authentication/remote_access_authentication", "authentication/supplier_access_auth", "remote_access/remote_access_mfa", "remote_access/remote_access_user_validation_ot" ], "domains": [ "authentication", "remote_access" ] }, { "capability": "session_management", "n_pairs": 3, "fulfills_obligations": [ "authentication/reauth_after_inactivity", "authentication/session_binding_management", "remote_access/remote_session_management", "remote_access/temporary_remote_access_mgmt" ], "domains": [ "authentication", "remote_access" ] }, { "capability": "tls_encryption", "n_pairs": 2, "fulfills_obligations": [ "authentication/encrypted_auth_channel", "remote_access/reject_insecure_remote_protocols", "remote_access/remote_access_encryption" ], "domains": [ "authentication", "remote_access" ] }, { "capability": "mutual_tls", "n_pairs": 2, "fulfills_obligations": [ "authentication/mutual_authentication", "authentication/service_to_service_auth", "remote_access/remote_access_confidentiality_integrity", "remote_access/remote_access_encryption" ], "domains": [ "authentication", "remote_access" ] }, { "capability": "code_signing", "n_pairs": 1, "fulfills_obligations": [ "authentication/firmware_software_authentication", "updates/signed_update_integrity" ], "domains": [ "authentication", "updates" ] }, { "capability": "access_control", "n_pairs": 1, "fulfills_obligations": [ "authentication/credential_confidentiality_protection", "sbom/sbom_confidentiality" ], "domains": [ "authentication", "sbom" ] }, { "capability": "anomaly_detection", "n_pairs": 1, "fulfills_obligations": [ "logging/log_monitoring_alerting", "remote_access/remote_access_threat_detection" ], "domains": [ "logging", "remote_access" ] }, { "capability": "tls_certificate_auth", "n_pairs": 1, "fulfills_obligations": [ "authentication/tls_certificate_auth", "remote_access/remote_access_encryption" ], "domains": [ "authentication", "remote_access" ] } ], "consolidation_suggestions": [ "tls_encryption + mutual_tls + tls_certificate_auth -> EINE Capability 'transport_encryption' (TLS-Varianten, vom Klassifikator fein gesplittet).", "access_control-Cluster (credential_confidentiality_protection <-> sbom_confidentiality) ist SCHWACH -> eher OVERLAP_ONLY." ], "merge_candidates": [ { "a": "vuln/vuln_remediation_patching", "b": "updates/provide_security_updates", "reason": "Beide fordern Schwachstellenbehebung via Patches im Support-Zeitraum, deckungsgleich." } ], "supported_by_hierarchy": [ { "child": "vuln/vuln_remediation_patching", "parent": "remote_access/remote_access_vuln_patch_mgmt", "reason": "Fernwartungs-Patching ist domaenenspezifischer Teilfall der allgemeinen Schwachstellenbehebung." }, { "child": "updates/trusted_update_source", "parent": "authentication/firmware_software_authentication", "reason": "Vertrauenswuerdige Quelle ergaenzt Signaturpflicht der Update-Authentifizierung." }, { "child": "sbom/sbom_completeness_verification", "parent": "vuln/vuln_identification_inventory", "reason": "SBOM-Vollstaendigkeitspruefung traegt zur Schwachstellen-Identifikation bei." }, { "child": "remote_access/remote_access_vuln_patch_mgmt", "parent": "updates/provide_security_updates", "reason": "Fernwartungs-Patching ist Teilfall der allgemeinen Update-Bereitstellung." }, { "child": "remote_access/remote_access_logging_audit", "parent": "logging/event_logging_security_events", "reason": "Fernwartungsprotokollierung ist Teilfall des allgemeinen Security-Event-Loggings." }, { "child": "vuln/vuln_info_dissemination_users", "parent": "updates/provide_security_updates", "reason": "Nutzerinformation ergaenzt die Update-Bereitstellungspflicht." }, { "child": "remote_access/remote_access_architecture_design", "parent": "authentication/remote_access_authentication", "reason": "Sichere Fernzugriffsarchitektur unterstuetzt Gateway-basierte Authentifizierung." }, { "child": "sbom/sbom_creation", "parent": "vuln/vuln_identification_inventory", "reason": "SBOM-Erstellung liefert das Inventar fuer Schwachstellen-Identifikation." }, { "child": "updates/update_risk_assessment", "parent": "vuln/vuln_remediation_patching", "reason": "Update-Risikobeurteilung speist die risikobasierte Schwachstellenbehebung." }, { "child": "remote_access/remote_access_vuln_patch_mgmt", "parent": "vuln/vuln_assessment_prioritization", "reason": "Fernwartungs-Patching bewertet/priorisiert Schwachstellen wie allgemeine Bewertungspflicht." }, { "child": "updates/update_testing_validation", "parent": "vuln/vuln_remediation_patching", "reason": "Update-Testen unterstuetzt zuverlaessige Schwachstellenbehebung via Patches." }, { "child": "remote_access/remote_access_user_validation_ot", "parent": "authentication/remote_access_authentication", "reason": "OT-Nutzervalidierung ist domaenenspezifische Auspraegung der Remote-Authentifizierung." }, { "child": "sbom/sbom_maintenance_update", "parent": "vuln/vuln_identification_inventory", "reason": "Aktualisierte SBOM unterstuetzt kontinuierliche Schwachstellen-Identifikation." }, { "child": "remote_access/remote_access_vuln_patch_mgmt", "parent": "vuln/vuln_handling_process", "reason": "Fernwartungs-Patching ist Teilfall des allgemeinen Vuln-Handling-Prozesses." }, { "child": "sbom/sbom_tooling_automation", "parent": "vuln/vuln_identification_inventory", "reason": "Automatisierte SBOM-Generierung unterstuetzt Schwachstellen-Identifikation." }, { "child": "updates/support_period_maintenance", "parent": "vuln/vuln_remediation_patching", "reason": "Wartung im Support-Zeitraum unterstuetzt fristgerechte Schwachstellenbehebung." }, { "child": "updates/automatic_updates_optout", "parent": "vuln/vuln_remediation_patching", "reason": "Automatische Updates unterstuetzen zeitnahe Schwachstellenbehebung." }, { "child": "updates/update_risk_assessment", "parent": "vuln/vuln_assessment_prioritization", "reason": "Update-Risikobeurteilung speist standardisierte Schwachstellen-Priorisierung." }, { "child": "updates/update_rollback", "parent": "vuln/vuln_remediation_patching", "reason": "Rollback unterstuetzt sichere Behebung fehlerhafter Patches." }, { "child": "sbom/sbom_dependency_coverage", "parent": "vuln/vuln_identification_inventory", "reason": "Dependency-Dokumentation unterstuetzt Schwachstellen-Identifikation in Komponenten." }, { "child": "remote_access/remote_access_vuln_patch_mgmt", "parent": "updates/support_period_maintenance", "reason": "Fernwartungs-Patching ist Teilfall der Support-Wartungsmassnahmen." }, { "child": "logging/logging_library_supply_chain", "parent": "remote_access/remote_access_vuln_patch_mgmt", "reason": "Logging-Library-Patching ist domaenenspezifischer Teilfall des Vuln-Patch-Managements." }, { "child": "vuln/vuln_info_dissemination_users", "parent": "updates/automatic_updates_optout", "reason": "Nutzerinformation ergaenzt automatische Update-Bereitstellung." } ], "hierarchy_hubs": { "vuln/vuln_identification_inventory": 5, "vuln/vuln_remediation_patching": 5, "remote_access/remote_access_vuln_patch_mgmt": 2, "updates/provide_security_updates": 2, "authentication/remote_access_authentication": 2, "vuln/vuln_assessment_prioritization": 2, "authentication/firmware_software_authentication": 1, "logging/event_logging_security_events": 1, "vuln/vuln_handling_process": 1, "updates/support_period_maintenance": 1, "updates/automatic_updates_optout": 1 }, "shared_evidence": [ { "a": "logging/log_retention_archival", "b": "remote_access/remote_access_logging_audit", "evidence": "audit_log", "reason": "Beide nutzen Audit-Logs zur Aufbewahrung/Auswertung." }, { "a": "logging/access_control_event_logging", "b": "remote_access/remote_access_logging_audit", "evidence": "audit_log", "reason": "Beide protokollieren Zugriffsereignisse in Audit-Logs." }, { "a": "logging/log_timestamp_synchronization", "b": "remote_access/remote_access_logging_audit", "evidence": "audit_log", "reason": "Beide nutzen zeitgestempelte Audit-Logs." }, { "a": "logging/log_transmission_security", "b": "remote_access/remote_access_logging_audit", "evidence": "audit_log", "reason": "Beide betreffen Audit-Logs, Transport bzw. Erfassung." }, { "a": "logging/log_monitoring_alerting", "b": "remote_access/remote_access_logging_audit", "evidence": "audit_log", "reason": "Beide nutzen Logs zur Ueberwachung/Auswertung." }, { "a": "logging/network_traffic_logging", "b": "remote_access/remote_access_logging_audit", "evidence": "audit_log", "reason": "Beide protokollieren Netzwerk-/Fernzugriffsereignisse." }, { "a": "logging/incident_response_logging", "b": "remote_access/remote_access_logging_audit", "evidence": "audit_log", "reason": "Beide verknuepfen Aktivitaeten mit Audit-Logs." } ], "shared_procedure": [ { "a": "vuln/vuln_handling_process", "b": "logging/logging_governance_roles", "reason": "Beide ueber Governance-Prozesse mit Rollen/Verantwortlichkeiten erfuellt." }, { "a": "vuln/vuln_handling_process", "b": "authentication/authentication_policy_documented", "reason": "Beide ueber dokumentierte, gepflegte Richtlinien/Prozesse erfuellt." }, { "a": "logging/logging_availability_resilience", "b": "remote_access/remote_access_fallback_concept", "reason": "Beide ueber Fallback-/Redundanzkonzepte bei Ausfaellen erfuellt." }, { "a": "sbom/sbom_access_provision", "b": "vuln/coordinated_vulnerability_disclosure", "reason": "Beide ueber definierte externe Kommunikations-/Meldekanaele erfuellt." }, { "a": "vuln/vuln_handling_process", "b": "updates/support_period_maintenance", "reason": "Beide ueber definierte Prozesse/Zeithorizonte im Support-Zeitraum erfuellt." } ], "noise_counts": { "OVERLAP_ONLY": 42, "UNRELATED": 7 }, "raw_results": [ { "a": "mfa_required", "fa": "authentication", "b": "remote_access_mfa", "fb": "remote_access", "sim": 0.791, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "mfa", "evidence_name": "", "reason": "Beide durch MFA-Faehigkeit erfuellt, unterschiedlicher Geltungsbereich." }, { "a": "vuln_remediation_patching", "fa": "vuln", "b": "provide_security_updates", "fb": "updates", "sim": 0.774, "relation": "SAME_OBLIGATION", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Beide fordern Schwachstellenbehebung via Patches im Support-Zeitraum, deckungsgleich." }, { "a": "firmware_software_authentication", "fa": "authentication", "b": "signed_update_integrity", "fb": "updates", "sim": 0.75, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "code_signing", "evidence_name": "", "reason": "Beide durch kryptografische Signatur/Verifikation von Updates erfuellt." }, { "a": "credential_confidentiality_protection", "fa": "authentication", "b": "log_transmission_security", "fb": "logging", "sim": 0.739, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Credential-Schutz vs. Log-Transportsicherheit, nur thematische Naehe." }, { "a": "supplier_access_auth", "fa": "authentication", "b": "remote_access_mfa", "fb": "remote_access", "sim": 0.727, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "mfa", "evidence_name": "", "reason": "Beide ueber starke Multi-Faktor-Authentifizierung erfuellt." }, { "a": "encrypted_auth_channel", "fa": "authentication", "b": "remote_access_encryption", "fb": "remote_access", "sim": 0.724, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "tls_encryption", "evidence_name": "", "reason": "Beide durch verschluesselte Kanaele/TLS erfuellt." }, { "a": "credential_confidentiality_protection", "fa": "authentication", "b": "log_data_minimization_privacy", "fb": "logging", "sim": 0.72, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Beide betreffen sensible Daten in Logs, distinkte Pflichten." }, { "a": "vuln_remediation_patching", "fa": "vuln", "b": "remote_access_vuln_patch_mgmt", "fb": "remote_access", "sim": 0.709, "relation": "SUPPORTED_BY", "direction": "a->b", "capability_name": "", "evidence_name": "", "reason": "Fernwartungs-Patching ist domaenenspezifischer Teilfall der allgemeinen Schwachstellenbehebung." }, { "a": "sbom_confidentiality", "fa": "sbom", "b": "credential_confidentiality_protection", "fb": "authentication", "sim": 0.706, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "access_control", "evidence_name": "", "reason": "Beide ueber Zugriffskontrolle vertraulicher Daten erfuellt." }, { "a": "credential_confidentiality_protection", "fa": "authentication", "b": "log_integrity_immutability", "fb": "logging", "sim": 0.698, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Credential-Schutz vs. Log-Integritaet, distinkt." }, { "a": "log_retention_archival", "fa": "logging", "b": "remote_access_logging_audit", "fb": "remote_access", "sim": 0.696, "relation": "SHARED_EVIDENCE", "direction": "none", "capability_name": "", "evidence_name": "audit_log", "reason": "Beide nutzen Audit-Logs zur Aufbewahrung/Auswertung." }, { "a": "access_control_event_logging", "fa": "logging", "b": "remote_access_logging_audit", "fb": "remote_access", "sim": 0.688, "relation": "SHARED_EVIDENCE", "direction": "none", "capability_name": "", "evidence_name": "audit_log", "reason": "Beide protokollieren Zugriffsereignisse in Audit-Logs." }, { "a": "session_binding_management", "fa": "authentication", "b": "remote_session_management", "fb": "remote_access", "sim": 0.688, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "session_management", "evidence_name": "", "reason": "Beide ueber sicheres Session-Management erfuellt." }, { "a": "firmware_software_authentication", "fa": "authentication", "b": "trusted_update_source", "fb": "updates", "sim": 0.687, "relation": "SUPPORTED_BY", "direction": "b->a", "capability_name": "", "evidence_name": "", "reason": "Vertrauenswuerdige Quelle ergaenzt Signaturpflicht der Update-Authentifizierung." }, { "a": "log_timestamp_synchronization", "fa": "logging", "b": "remote_access_logging_audit", "fb": "remote_access", "sim": 0.687, "relation": "SHARED_EVIDENCE", "direction": "none", "capability_name": "", "evidence_name": "audit_log", "reason": "Beide nutzen zeitgestempelte Audit-Logs." }, { "a": "sbom_completeness_verification", "fa": "sbom", "b": "vuln_identification_inventory", "fb": "vuln", "sim": 0.685, "relation": "SUPPORTED_BY", "direction": "a->b", "capability_name": "", "evidence_name": "", "reason": "SBOM-Vollstaendigkeitspruefung traegt zur Schwachstellen-Identifikation bei." }, { "a": "remote_access_authentication", "fa": "authentication", "b": "remote_access_confidentiality_integrity", "fb": "remote_access", "sim": 0.684, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Authentifizierung vs. Vertraulichkeit/Integritaet der Verbindung, distinkt." }, { "a": "privileged_op_reauth", "fa": "authentication", "b": "remote_access_mfa", "fb": "remote_access", "sim": 0.684, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "mfa", "evidence_name": "", "reason": "Beide ueber zusaetzliche Authentifizierung privilegierter Operationen erfuellt." }, { "a": "log_transmission_security", "fa": "logging", "b": "remote_access_logging_audit", "fb": "remote_access", "sim": 0.682, "relation": "SHARED_EVIDENCE", "direction": "none", "capability_name": "", "evidence_name": "audit_log", "reason": "Beide betreffen Audit-Logs, Transport bzw. Erfassung." }, { "a": "firmware_software_authentication", "fa": "authentication", "b": "component_remote_interface_security", "fb": "remote_access", "sim": 0.681, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Code-Signing vs. Schnittstellensicherheit, nur lose Verbindung." }, { "a": "credential_confidentiality_protection", "fa": "authentication", "b": "remote_access_confidentiality_integrity", "fb": "remote_access", "sim": 0.678, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Credential-Schutz vs. Remote-Verbindungsschutz, distinkt." }, { "a": "log_access_control_protection", "fa": "logging", "b": "remote_access_logging_audit", "fb": "remote_access", "sim": 0.675, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Log-Zugriffskontrolle vs. Fernwartungsprotokollierung, distinkt." }, { "a": "remote_access_vuln_patch_mgmt", "fa": "remote_access", "b": "provide_security_updates", "fb": "updates", "sim": 0.674, "relation": "SUPPORTED_BY", "direction": "a->b", "capability_name": "", "evidence_name": "", "reason": "Fernwartungs-Patching ist Teilfall der allgemeinen Update-Bereitstellung." }, { "a": "sbom_confidentiality", "fa": "sbom", "b": "remote_access_confidentiality_integrity", "fb": "remote_access", "sim": 0.672, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "SBOM-Vertraulichkeit vs. Remote-Verbindungsschutz, distinkt." }, { "a": "log_monitoring_alerting", "fa": "logging", "b": "remote_access_logging_audit", "fb": "remote_access", "sim": 0.672, "relation": "SHARED_EVIDENCE", "direction": "none", "capability_name": "", "evidence_name": "audit_log", "reason": "Beide nutzen Logs zur Ueberwachung/Auswertung." }, { "a": "access_control_event_logging", "fa": "logging", "b": "reject_insecure_remote_protocols", "fb": "remote_access", "sim": 0.671, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Logging abgewiesener Zugriffe vs. Protokollblockade, distinkt." }, { "a": "vuln_handling_process", "fa": "vuln", "b": "logging_governance_roles", "fb": "logging", "sim": 0.664, "relation": "SHARED_PROCEDURE", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Beide ueber Governance-Prozesse mit Rollen/Verantwortlichkeiten erfuellt." }, { "a": "logging_config_management", "fa": "logging", "b": "remote_access_logging_audit", "fb": "remote_access", "sim": 0.662, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Logging-Konfiguration vs. Fernwartungsprotokollierung, nur thematische Naehe." }, { "a": "sbom_completeness_verification", "fa": "sbom", "b": "firmware_software_authentication", "fb": "authentication", "sim": 0.659, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "SBOM-Pruefung vs. Code-Signing, distinkt." }, { "a": "remote_access_authentication", "fa": "authentication", "b": "remote_access_mfa", "fb": "remote_access", "sim": 0.659, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "mfa", "evidence_name": "", "reason": "Beide ueber starke/Multi-Faktor-Authentifizierung des Remote-Zugriffs erfuellt." }, { "a": "sbom_confidentiality", "fa": "sbom", "b": "log_data_minimization_privacy", "fb": "logging", "sim": 0.658, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "SBOM-Vertraulichkeit vs. Log-Datenschutz, distinkt." }, { "a": "firmware_software_authentication", "fa": "authentication", "b": "update_testing_validation", "fb": "updates", "sim": 0.658, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Signatur-Authentifizierung vs. Update-Testen, distinkt." }, { "a": "remote_access_authentication", "fa": "authentication", "b": "remote_access_encryption", "fb": "remote_access", "sim": 0.658, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Authentifizierung vs. Verschluesselung des Remote-Zugriffs, distinkt." }, { "a": "event_logging_security_events", "fa": "logging", "b": "remote_access_logging_audit", "fb": "remote_access", "sim": 0.658, "relation": "SUPPORTED_BY", "direction": "b->a", "capability_name": "", "evidence_name": "", "reason": "Fernwartungsprotokollierung ist Teilfall des allgemeinen Security-Event-Loggings." }, { "a": "firmware_software_authentication", "fa": "authentication", "b": "automatic_updates_optout", "fb": "updates", "sim": 0.657, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Update-Signatur vs. Auto-Update-Konfiguration, distinkt." }, { "a": "remote_maintenance_governance", "fa": "remote_access", "b": "support_period_maintenance", "fb": "updates", "sim": 0.657, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Fernwartungs-Governance vs. Support-Wartung, nur thematische Naehe." }, { "a": "vuln_info_dissemination_users", "fa": "vuln", "b": "provide_security_updates", "fb": "updates", "sim": 0.656, "relation": "SUPPORTED_BY", "direction": "a->b", "capability_name": "", "evidence_name": "", "reason": "Nutzerinformation ergaenzt die Update-Bereitstellungspflicht." }, { "a": "remote_access_authentication", "fa": "authentication", "b": "remote_access_architecture_design", "fb": "remote_access", "sim": 0.656, "relation": "SUPPORTED_BY", "direction": "b->a", "capability_name": "", "evidence_name": "", "reason": "Sichere Fernzugriffsarchitektur unterstuetzt Gateway-basierte Authentifizierung." }, { "a": "user_authentication_required", "fa": "authentication", "b": "remote_access_training", "fb": "remote_access", "sim": 0.656, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Authentifizierung vs. Nutzerschulung, distinkt." }, { "a": "sbom_completeness_verification", "fa": "sbom", "b": "update_testing_validation", "fb": "updates", "sim": 0.656, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "SBOM-Pruefung vs. Update-Testen, distinkt." }, { "a": "sbom_creation", "fa": "sbom", "b": "vuln_identification_inventory", "fb": "vuln", "sim": 0.655, "relation": "SUPPORTED_BY", "direction": "a->b", "capability_name": "", "evidence_name": "", "reason": "SBOM-Erstellung liefert das Inventar fuer Schwachstellen-Identifikation." }, { "a": "vuln_remediation_patching", "fa": "vuln", "b": "update_risk_assessment", "fb": "updates", "sim": 0.653, "relation": "SUPPORTED_BY", "direction": "b->a", "capability_name": "", "evidence_name": "", "reason": "Update-Risikobeurteilung speist die risikobasierte Schwachstellenbehebung." }, { "a": "network_traffic_logging", "fa": "logging", "b": "remote_access_logging_audit", "fb": "remote_access", "sim": 0.653, "relation": "SHARED_EVIDENCE", "direction": "none", "capability_name": "", "evidence_name": "audit_log", "reason": "Beide protokollieren Netzwerk-/Fernzugriffsereignisse." }, { "a": "session_binding_management", "fa": "authentication", "b": "log_transmission_security", "fb": "logging", "sim": 0.653, "relation": "UNRELATED", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Session-Binding vs. Log-Transport, keine echte Beziehung." }, { "a": "vuln_assessment_prioritization", "fa": "vuln", "b": "remote_access_vuln_patch_mgmt", "fb": "remote_access", "sim": 0.652, "relation": "SUPPORTED_BY", "direction": "b->a", "capability_name": "", "evidence_name": "", "reason": "Fernwartungs-Patching bewertet/priorisiert Schwachstellen wie allgemeine Bewertungspflicht." }, { "a": "credential_confidentiality_protection", "fa": "authentication", "b": "log_retention_archival", "fb": "logging", "sim": 0.652, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Credential-Schutz vs. Log-Aufbewahrung, distinkt." }, { "a": "encrypted_auth_channel", "fa": "authentication", "b": "reject_insecure_remote_protocols", "fb": "remote_access", "sim": 0.651, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "tls_encryption", "evidence_name": "", "reason": "Beide deaktivieren/blockieren unverschluesselte Kanaele." }, { "a": "mutual_authentication", "fa": "authentication", "b": "remote_access_confidentiality_integrity", "fb": "remote_access", "sim": 0.649, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "mutual_tls", "evidence_name": "", "reason": "Beide ueber gegenseitige Authentifizierung/Verbindungssicherung erfuellt." }, { "a": "token_validation_lifecycle", "fa": "authentication", "b": "update_testing_validation", "fb": "updates", "sim": 0.649, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Token-Validierung vs. Update-Validierung, nur Wortueberlappung." }, { "a": "remote_access_authentication", "fa": "authentication", "b": "remote_access_training", "fb": "remote_access", "sim": 0.648, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Authentifizierung vs. Schulung, distinkt." }, { "a": "remote_access_vuln_patch_mgmt", "fa": "remote_access", "b": "update_testing_validation", "fb": "updates", "sim": 0.648, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Fernwartungs-Patching vs. Update-Testen, distinkt." }, { "a": "vuln_remediation_patching", "fa": "vuln", "b": "update_testing_validation", "fb": "updates", "sim": 0.646, "relation": "SUPPORTED_BY", "direction": "b->a", "capability_name": "", "evidence_name": "", "reason": "Update-Testen unterstuetzt zuverlaessige Schwachstellenbehebung via Patches." }, { "a": "logging_config_management", "fa": "logging", "b": "automatic_updates_optout", "fb": "updates", "sim": 0.646, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Logging-Default vs. Update-Default-Konfiguration, nur Themenueberlappung." }, { "a": "access_control_event_logging", "fa": "logging", "b": "remote_access_control_least_privilege", "fb": "remote_access", "sim": 0.644, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Zugriffsprotokollierung vs. Least-Privilege-Fernzugriff, distinkt." }, { "a": "service_to_service_auth", "fa": "authentication", "b": "remote_access_encryption", "fb": "remote_access", "sim": 0.644, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "mutual_tls", "evidence_name": "", "reason": "Beide ueber TLS/mTLS-basierte Authentifizierung/Verschluesselung erfuellt." }, { "a": "personal_admin_accounts", "fa": "authentication", "b": "remote_access_mfa", "fb": "remote_access", "sim": 0.643, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Persoenliche Admin-Konten vs. Remote-MFA, distinkt." }, { "a": "incident_response_logging", "fa": "logging", "b": "remote_access_logging_audit", "fb": "remote_access", "sim": 0.642, "relation": "SHARED_EVIDENCE", "direction": "none", "capability_name": "", "evidence_name": "audit_log", "reason": "Beide verknuepfen Aktivitaeten mit Audit-Logs." }, { "a": "mfa_required", "fa": "authentication", "b": "remote_access_training", "fb": "remote_access", "sim": 0.641, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "MFA vs. Schulung, distinkt." }, { "a": "session_binding_management", "fa": "authentication", "b": "temporary_remote_access_mgmt", "fb": "remote_access", "sim": 0.639, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "session_management", "evidence_name": "", "reason": "Beide ueber sicheres, zeitbegrenztes Session-Management erfuellt." }, { "a": "remote_access_authentication", "fa": "authentication", "b": "remote_access_user_validation_ot", "fb": "remote_access", "sim": 0.638, "relation": "SUPPORTED_BY", "direction": "b->a", "capability_name": "", "evidence_name": "", "reason": "OT-Nutzervalidierung ist domaenenspezifische Auspraegung der Remote-Authentifizierung." }, { "a": "sbom_completeness_verification", "fa": "sbom", "b": "log_integrity_immutability", "fb": "logging", "sim": 0.638, "relation": "UNRELATED", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "SBOM-Pruefung vs. Log-Integritaet, keine Beziehung." }, { "a": "sbom_maintenance_update", "fa": "sbom", "b": "vuln_identification_inventory", "fb": "vuln", "sim": 0.636, "relation": "SUPPORTED_BY", "direction": "a->b", "capability_name": "", "evidence_name": "", "reason": "Aktualisierte SBOM unterstuetzt kontinuierliche Schwachstellen-Identifikation." }, { "a": "vuln_handling_process", "fa": "vuln", "b": "authentication_policy_documented", "fb": "authentication", "sim": 0.635, "relation": "SHARED_PROCEDURE", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Beide ueber dokumentierte, gepflegte Richtlinien/Prozesse erfuellt." }, { "a": "remote_access_authentication", "fa": "authentication", "b": "remote_access_threat_detection", "fb": "remote_access", "sim": 0.634, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Authentifizierung vs. Threat-Detection, distinkt." }, { "a": "vuln_info_dissemination_users", "fa": "vuln", "b": "update_testing_validation", "fb": "updates", "sim": 0.632, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Nutzerinformation vs. Update-Testen, distinkt." }, { "a": "user_authentication_required", "fa": "authentication", "b": "signed_update_integrity", "fb": "updates", "sim": 0.632, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Nutzer-Authentifizierung vs. Update-Signatur, nur Wortueberlappung." }, { "a": "log_monitoring_alerting", "fa": "logging", "b": "remote_access_threat_detection", "fb": "remote_access", "sim": 0.632, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "anomaly_detection", "evidence_name": "", "reason": "Beide ueber Anomalie-/Bedrohungserkennung erfuellt." }, { "a": "no_default_credentials", "fa": "authentication", "b": "automatic_updates_optout", "fb": "updates", "sim": 0.632, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Default-Credentials vs. Auto-Update-Default, nur Default-Thema." }, { "a": "tls_certificate_auth", "fa": "authentication", "b": "remote_access_encryption", "fb": "remote_access", "sim": 0.631, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "tls_certificate_auth", "evidence_name": "", "reason": "Beide ueber TLS/Client-Zertifikate erfuellt." }, { "a": "reauth_after_inactivity", "fa": "authentication", "b": "remote_session_management", "fb": "remote_access", "sim": 0.63, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "session_management", "evidence_name": "", "reason": "Beide ueber Inaktivitaets-Timeout/Reauth des Session-Managements erfuellt." }, { "a": "vuln_handling_process", "fa": "vuln", "b": "logging_config_management", "fb": "logging", "sim": 0.629, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Vuln-Prozess vs. Logging-Konfiguration, nur Dokumentationsbezug." }, { "a": "sbom_access_provision", "fa": "sbom", "b": "vuln_identification_inventory", "fb": "vuln", "sim": 0.628, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "SBOM-Bereitstellung vs. Schwachstellen-Inventar, distinkt." }, { "a": "vuln_handling_process", "fa": "vuln", "b": "remote_access_vuln_patch_mgmt", "fb": "remote_access", "sim": 0.627, "relation": "SUPPORTED_BY", "direction": "b->a", "capability_name": "", "evidence_name": "", "reason": "Fernwartungs-Patching ist Teilfall des allgemeinen Vuln-Handling-Prozesses." }, { "a": "logging_availability_resilience", "fa": "logging", "b": "remote_access_fallback_concept", "fb": "remote_access", "sim": 0.626, "relation": "SHARED_PROCEDURE", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Beide ueber Fallback-/Redundanzkonzepte bei Ausfaellen erfuellt." }, { "a": "remote_access_authentication", "fa": "authentication", "b": "remote_maintenance_governance", "fb": "remote_access", "sim": 0.625, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Authentifizierung vs. Fernwartungs-Governance, distinkt." }, { "a": "vuln_assessment_prioritization", "fa": "vuln", "b": "update_testing_validation", "fb": "updates", "sim": 0.625, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Schwachstellenbewertung vs. Update-Testen, distinkt." }, { "a": "sbom_tooling_automation", "fa": "sbom", "b": "vuln_identification_inventory", "fb": "vuln", "sim": 0.624, "relation": "SUPPORTED_BY", "direction": "a->b", "capability_name": "", "evidence_name": "", "reason": "Automatisierte SBOM-Generierung unterstuetzt Schwachstellen-Identifikation." }, { "a": "vuln_remediation_patching", "fa": "vuln", "b": "support_period_maintenance", "fb": "updates", "sim": 0.624, "relation": "SUPPORTED_BY", "direction": "b->a", "capability_name": "", "evidence_name": "", "reason": "Wartung im Support-Zeitraum unterstuetzt fristgerechte Schwachstellenbehebung." }, { "a": "network_traffic_logging", "fa": "logging", "b": "component_remote_interface_security", "fb": "remote_access", "sim": 0.621, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Netzwerk-Logging vs. Schnittstellensicherheit, distinkt." }, { "a": "sbom_completeness_verification", "fa": "sbom", "b": "signed_update_integrity", "fb": "updates", "sim": 0.621, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "SBOM-Pruefung vs. Update-Signatur, distinkt." }, { "a": "vuln_assessment_prioritization", "fa": "vuln", "b": "password_policy", "fb": "authentication", "sim": 0.62, "relation": "UNRELATED", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Schwachstellenbewertung vs. Passwortrichtlinie, Falsch-Positiv." }, { "a": "session_binding_management", "fa": "authentication", "b": "remote_access_training", "fb": "remote_access", "sim": 0.62, "relation": "UNRELATED", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Session-Management vs. Schulung, keine Beziehung." }, { "a": "vuln_remediation_patching", "fa": "vuln", "b": "automatic_updates_optout", "fb": "updates", "sim": 0.619, "relation": "SUPPORTED_BY", "direction": "b->a", "capability_name": "", "evidence_name": "", "reason": "Automatische Updates unterstuetzen zeitnahe Schwachstellenbehebung." }, { "a": "vuln_handling_process", "fa": "vuln", "b": "remote_access_logging_audit", "fb": "remote_access", "sim": 0.619, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Vuln-Prozess vs. Fernwartungsprotokollierung, distinkt." }, { "a": "credential_confidentiality_protection", "fa": "authentication", "b": "log_timestamp_synchronization", "fb": "logging", "sim": 0.617, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Credential-Schutz vs. Log-Zeitstempel, nur Logbezug." }, { "a": "vuln_assessment_prioritization", "fa": "vuln", "b": "update_risk_assessment", "fb": "updates", "sim": 0.617, "relation": "SUPPORTED_BY", "direction": "b->a", "capability_name": "", "evidence_name": "", "reason": "Update-Risikobeurteilung speist standardisierte Schwachstellen-Priorisierung." }, { "a": "vuln_handling_process", "fa": "vuln", "b": "update_rollback", "fb": "updates", "sim": 0.617, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Vuln-Prozess vs. Update-Rollback, distinkt." }, { "a": "vuln_remediation_patching", "fa": "vuln", "b": "update_rollback", "fb": "updates", "sim": 0.616, "relation": "SUPPORTED_BY", "direction": "b->a", "capability_name": "", "evidence_name": "", "reason": "Rollback unterstuetzt sichere Behebung fehlerhafter Patches." }, { "a": "supplier_access_auth", "fa": "authentication", "b": "remote_access_user_validation_ot", "fb": "remote_access", "sim": 0.613, "relation": "SHARED_CAPABILITY", "direction": "none", "capability_name": "mfa", "evidence_name": "", "reason": "Beide ueber starke Authentifizierung/Validierung externer Fernzugriffe erfuellt." }, { "a": "vuln_info_dissemination_users", "fa": "vuln", "b": "remote_access_vuln_patch_mgmt", "fb": "remote_access", "sim": 0.612, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Nutzerinformation vs. Fernwartungs-Patching, distinkt." }, { "a": "remote_access_vuln_patch_mgmt", "fa": "remote_access", "b": "update_rollback", "fb": "updates", "sim": 0.61, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Fernwartungs-Patching vs. Rollback, distinkt." }, { "a": "vuln_info_dissemination_users", "fa": "vuln", "b": "log_monitoring_alerting", "fb": "logging", "sim": 0.609, "relation": "UNRELATED", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Nutzerinformation vs. Log-Monitoring, Falsch-Positiv." }, { "a": "sbom_dependency_coverage", "fa": "sbom", "b": "vuln_identification_inventory", "fb": "vuln", "sim": 0.608, "relation": "SUPPORTED_BY", "direction": "a->b", "capability_name": "", "evidence_name": "", "reason": "Dependency-Dokumentation unterstuetzt Schwachstellen-Identifikation in Komponenten." }, { "a": "remote_access_vuln_patch_mgmt", "fa": "remote_access", "b": "support_period_maintenance", "fb": "updates", "sim": 0.608, "relation": "SUPPORTED_BY", "direction": "a->b", "capability_name": "", "evidence_name": "", "reason": "Fernwartungs-Patching ist Teilfall der Support-Wartungsmassnahmen." }, { "a": "logging_config_management", "fa": "logging", "b": "support_period_maintenance", "fb": "updates", "sim": 0.608, "relation": "UNRELATED", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Logging-Konfiguration vs. Support-Wartung, keine Beziehung." }, { "a": "sbom_format_standard", "fa": "sbom", "b": "log_format_standardization", "fb": "logging", "sim": 0.606, "relation": "OVERLAP_ONLY", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "SBOM-Format vs. Log-Format, nur Standardisierungsthema, distinkt." }, { "a": "logging_library_supply_chain", "fa": "logging", "b": "remote_access_vuln_patch_mgmt", "fb": "remote_access", "sim": 0.606, "relation": "SUPPORTED_BY", "direction": "a->b", "capability_name": "", "evidence_name": "", "reason": "Logging-Library-Patching ist domaenenspezifischer Teilfall des Vuln-Patch-Managements." }, { "a": "remote_access_authentication", "fa": "authentication", "b": "support_period_maintenance", "fb": "updates", "sim": 0.605, "relation": "UNRELATED", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Remote-Authentifizierung vs. Support-Wartung, Falsch-Positiv." }, { "a": "sbom_access_provision", "fa": "sbom", "b": "coordinated_vulnerability_disclosure", "fb": "vuln", "sim": 0.604, "relation": "SHARED_PROCEDURE", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Beide ueber definierte externe Kommunikations-/Meldekanaele erfuellt." }, { "a": "vuln_handling_process", "fa": "vuln", "b": "support_period_maintenance", "fb": "updates", "sim": 0.602, "relation": "SHARED_PROCEDURE", "direction": "none", "capability_name": "", "evidence_name": "", "reason": "Beide ueber definierte Prozesse/Zeithorizonte im Support-Zeitraum erfuellt." }, { "a": "vuln_info_dissemination_users", "fa": "vuln", "b": "automatic_updates_optout", "fb": "updates", "sim": 0.601, "relation": "SUPPORTED_BY", "direction": "a->b", "capability_name": "", "evidence_name": "", "reason": "Nutzerinformation ergaenzt automatische Update-Bereitstellung." } ] }