{ "schema": "payment_controls", "version": "1.0", "description": "Technische Pruefbibliothek fuer Payment-Terminal-Systeme. Eigene Controls, keine Normkopie.", "domains": [ { "id": "PAY", "name": "Payment Flow & Transaction Integrity", "description": "Zahlungsablauf, Zustandslogik, Idempotenz, Betragsvalidierung" }, { "id": "LOG", "name": "Logging & Audit", "description": "Protokollierung, Audit Trail, Datenmaskierung" }, { "id": "CRYPTO", "name": "Secrets & Cryptography", "description": "Schluesselmanagement, Verschluesselung, Secure Storage" }, { "id": "API", "name": "API & Backend Security", "description": "Authentifizierung, Autorisierung, Input Validation" }, { "id": "TERM", "name": "Terminal Communication", "description": "ZVT/OPI Protokolle, Sequenzen, Fehlercodes" }, { "id": "FW", "name": "Firmware & Device Integrity", "description": "Signierung, Update-Schutz, Manipulationserkennung" }, { "id": "REP", "name": "Reporting & Reconciliation", "description": "Transaktionsberichte, Abgleich, Exportdaten" }, { "id": "ACC", "name": "Access Control & Administration", "description": "Rollenkonzept, Privilegien, Session-Management" }, { "id": "ERR", "name": "Error Handling & Resilience", "description": "Fehlerbehandlung, Recovery, Offline-Szenarien" }, { "id": "BLD", "name": "Build, Deployment & Supply Chain", "description": "CI/CD Sicherheit, Abhaengigkeiten, Release-Integritaet" }, { "id": "AUTH", "name": "Authentication & Authorization", "description": "Authentifizierung, Autorisierung, Rollen, Privilegien" }, { "id": "SESSION", "name": "Session Management", "description": "Sitzungsverwaltung, Token, Cookies, Timeout" }, { "id": "KEYMGMT", "name": "Key Management", "description": "Schluessellebenszyklen, Rotation, Provisioning" }, { "id": "DEVICE", "name": "Device Identity & Integrity", "description": "Geraeteidentitaet, Provisioning, Tamper Detection" }, { "id": "TRANS", "name": "Transaction Integrity", "description": "Transaktionslogik, State Machine, Idempotenz" }, { "id": "DATA", "name": "Data Minimization & Protection", "description": "Datenminimierung, Maskierung, Klassifikation" }, { "id": "ERROR", "name": "Error Handling & Resilience", "description": "Fehlerbehandlung, Retry, Fallback, Monitoring" }, { "id": "REPORT", "name": "Reporting & Reconciliation", "description": "Berichte, Abgleich, Export, Audit Trail" } ], "controls": [ { "control_id": "PAY-001", "domain": "PAY", "title": "Eindeutige Transaktions-ID pro Zahlungsvorgang", "objective": "Verhindert Vermischung und Mehrfachverarbeitung", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "PAY-002", "domain": "PAY", "title": "Idempotente Verarbeitung wiederholter Zahlungsanfragen", "objective": "Verhindert doppelte Buchungen bei Retries", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "PAY-003", "domain": "PAY", "title": "Verhinderung doppelter Verbuchung bei Netzwerk-Retry", "objective": "Stellt konsistente Zahlungszustaende sicher", "check_target": "system", "evidence": [ "integration_test", "architecture_doc" ], "automation": "partial" }, { "control_id": "PAY-004", "domain": "PAY", "title": "Definierter Initialzustand jeder Transaktion", "objective": "Verhindert undefinierte Startbedingungen", "check_target": "code", "evidence": [ "source_code" ], "automation": "high" }, { "control_id": "PAY-005", "domain": "PAY", "title": "Definierte erlaubte Zustandsuebergaenge in der Transaktionslogik", "objective": "Verhindert ungueltige State Transitions", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "medium" }, { "control_id": "PAY-006", "domain": "PAY", "title": "Keine direkte Transition in terminalen Erfolgszustand ohne Autorisierung", "objective": "Verhindert vorzeitige Freigabe", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "medium" }, { "control_id": "PAY-007", "domain": "PAY", "title": "Abbruchpfade fuehren in definierten Endzustand", "objective": "Sichert sauberes Cancel-Handling", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "PAY-008", "domain": "PAY", "title": "Timeout fuehrt in nachvollziehbaren und sicheren Zustand", "objective": "Verhindert haengende Transaktionen", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "PAY-009", "domain": "PAY", "title": "Rollback oder Reversal-Handling bei Teilfehlschlag", "objective": "Reduziert Inkonsistenzen", "check_target": "system", "evidence": [ "integration_test", "architecture_doc" ], "automation": "partial" }, { "control_id": "PAY-010", "domain": "PAY", "title": "Fehlerhafte Antworten werden nicht als Erfolg interpretiert", "objective": "Verhindert False Positive bei Zahlungsstatus", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "high" }, { "control_id": "PAY-011", "domain": "PAY", "title": "Betragsvalidierung bei jeder Zahlungsanfrage", "objective": "Verhindert Betragmanipulation und negative Werte", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "high" }, { "control_id": "PAY-012", "domain": "PAY", "title": "Waehrungsfeld wird validiert und konsistent verarbeitet", "objective": "Verhindert Fehlverarbeitung bei Mehrwaehrung", "check_target": "code", "evidence": [ "source_code" ], "automation": "high" }, { "control_id": "PAY-013", "domain": "PAY", "title": "Betragsrundung erfolgt deterministisch und dokumentiert", "objective": "Verhindert Abweichungen Frontend/Terminal/Backend", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "medium" }, { "control_id": "PAY-014", "domain": "PAY", "title": "Keine lokale Manipulation des autorisierten Betrags nach Freigabe", "objective": "Schuetzt Integritaet der Zahlung", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "medium" }, { "control_id": "PAY-015", "domain": "PAY", "title": "Transaktionskontext bleibt ueber Retry-Versuche konsistent", "objective": "Verhindert Kontextverlust", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "PAY-016", "domain": "PAY", "title": "Antworten ohne Referenz-ID werden nicht akzeptiert", "objective": "Verhindert verwaiste Zuordnungen", "check_target": "code", "evidence": [ "source_code" ], "automation": "high" }, { "control_id": "PAY-017", "domain": "PAY", "title": "Doppelte Callback-Verarbeitung wird unterdrueckt", "objective": "Verhindert doppelte Statusupdates", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "PAY-018", "domain": "PAY", "title": "Asynchrone Statusmeldungen werden korreliert und sequenziell verarbeitet", "objective": "Sichert korrekte Reihenfolge", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "PAY-019", "domain": "PAY", "title": "Geschaeftsvorfall wird erst nach bestaetigtem Zahlungsstatus finalisiert", "objective": "Verhindert Business Success ohne Payment Success", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "PAY-020", "domain": "PAY", "title": "Offline-Zahlungen werden explizit gekennzeichnet", "objective": "Verhindert Verwechslung mit final autorisierten Zahlungen", "check_target": "code", "evidence": [ "source_code", "reporting_output" ], "automation": "medium" }, { "control_id": "LOG-001", "domain": "LOG", "title": "Keine sensitiven Zahlungsdaten im Anwendungslog", "objective": "Verhindert Offenlegung sensitiver Daten", "check_target": "code", "evidence": [ "source_code", "log_config" ], "automation": "high" }, { "control_id": "LOG-002", "domain": "LOG", "title": "PAN wird in Logs maskiert", "objective": "Reduziert Risiko bei Log-Einsicht", "check_target": "code", "evidence": [ "source_code", "log_output_sample" ], "automation": "high" }, { "control_id": "LOG-003", "domain": "LOG", "title": "CVV/CVC wird niemals geloggt", "objective": "Verhindert Protokollierung sensitiver Authentifizierungsdaten", "check_target": "code", "evidence": [ "source_code" ], "automation": "high" }, { "control_id": "LOG-004", "domain": "LOG", "title": "Kryptographische Schluessel werden nicht geloggt", "objective": "Verhindert Kompromittierung durch Logging", "check_target": "code", "evidence": [ "source_code", "log_output_sample" ], "automation": "high" }, { "control_id": "LOG-005", "domain": "LOG", "title": "Admin-Aktionen werden auditierbar protokolliert", "objective": "Ermoeglicht Nachvollziehbarkeit privilegierter Handlungen", "check_target": "system", "evidence": [ "source_code", "audit_log_sample" ], "automation": "partial" }, { "control_id": "LOG-006", "domain": "LOG", "title": "Konfigurationsaenderungen werden protokolliert", "objective": "Ermoeglicht Nachweis kritischer Aenderungen", "check_target": "system", "evidence": [ "source_code", "audit_log_sample" ], "automation": "partial" }, { "control_id": "LOG-007", "domain": "LOG", "title": "Fehlgeschlagene Authentifizierungsversuche werden geloggt", "objective": "Unterstuetzt Erkennung von Missbrauch", "check_target": "code", "evidence": [ "source_code", "audit_log_sample" ], "automation": "high" }, { "control_id": "LOG-008", "domain": "LOG", "title": "Sicherheitsrelevante Ereignisse erhalten eindeutige Event-Typen", "objective": "Erleichtert Korrelation und Monitoring", "check_target": "code", "evidence": [ "source_code", "log_schema" ], "automation": "medium" }, { "control_id": "LOG-009", "domain": "LOG", "title": "Audit-Events enthalten konsistenten Zeitstempel", "objective": "Ermoeglicht zeitliche Rekonstruktion", "check_target": "system", "evidence": [ "audit_log_sample", "config" ], "automation": "partial" }, { "control_id": "LOG-010", "domain": "LOG", "title": "Audit-Events enthalten eindeutige Terminalkennung", "objective": "Ermoeglicht Zuordnung zur Quelle", "check_target": "code", "evidence": [ "log_schema", "audit_log_sample" ], "automation": "medium" }, { "control_id": "LOG-011", "domain": "LOG", "title": "Debug-Logging in Produktion deaktiviert", "objective": "Verhindert Leaks in produktiven Systemen", "check_target": "config", "evidence": [ "deployment_config" ], "automation": "high" }, { "control_id": "LOG-012", "domain": "LOG", "title": "Manipulation von Audit-Logs technisch erschwert", "objective": "Schuetzt Integritaet des Audit Trails", "check_target": "system", "evidence": [ "architecture_doc", "storage_config" ], "automation": "low" }, { "control_id": "LOG-013", "domain": "LOG", "title": "Fehlermeldungen enthalten keine Stacktraces mit sensitiven Payloads", "objective": "Verhindert indirekten Datenabfluss", "check_target": "code", "evidence": [ "source_code", "log_output_sample" ], "automation": "medium" }, { "control_id": "LOG-014", "domain": "LOG", "title": "Jede Zahlungsentscheidung erzeugt Audit-Eintrag", "objective": "Verbindet Business Outcome mit technischer Evidenz", "check_target": "system", "evidence": [ "audit_log_sample", "integration_test" ], "automation": "partial" }, { "control_id": "LOG-015", "domain": "LOG", "title": "Log-Retention konfiguriert und dokumentiert", "objective": "Sichert Verfuegbarkeit relevanter Ereignishistorie", "check_target": "config", "evidence": [ "retention_policy", "deployment_config" ], "automation": "medium" }, { "control_id": "CRYPTO-001", "domain": "CRYPTO", "title": "Keine Secrets im Quellcode", "objective": "Verhindert Offenlegung im Repository", "check_target": "code", "evidence": [ "source_code", "secret_scan" ], "automation": "high" }, { "control_id": "CRYPTO-002", "domain": "CRYPTO", "title": "Keine Secrets in Commit-Historie", "objective": "Reduziert Leak-Risiko ueber Entwicklungsartefakte", "check_target": "repository", "evidence": [ "secret_scan", "build_scripts" ], "automation": "high" }, { "control_id": "CRYPTO-003", "domain": "CRYPTO", "title": "Keine Schluessel im Klartext in Konfigurationsdateien", "objective": "Schuetzt ruhende Geheimnisse", "check_target": "config", "evidence": [ "config", "secret_scan" ], "automation": "high" }, { "control_id": "CRYPTO-004", "domain": "CRYPTO", "title": "Secrets aus sicherem Secret Store bezogen", "objective": "Verhindert lokale Persistenz", "check_target": "system", "evidence": [ "architecture_doc", "deployment_config" ], "automation": "partial" }, { "control_id": "CRYPTO-005", "domain": "CRYPTO", "title": "Zugriff auf Secrets rollen-/servicebezogen eingeschraenkt", "objective": "Begrenzt Blast Radius", "check_target": "system", "evidence": [ "iam_config", "architecture_doc" ], "automation": "partial" }, { "control_id": "CRYPTO-006", "domain": "CRYPTO", "title": "Zentrale und freigegebene Krypto-Bibliotheken verwendet", "objective": "Verhindert unsichere Eigenimplementierungen", "check_target": "code", "evidence": [ "source_code", "dependency_list" ], "automation": "medium" }, { "control_id": "CRYPTO-007", "domain": "CRYPTO", "title": "Keine veralteten kryptographischen Primitive (MD5, SHA1, DES)", "objective": "Verhindert Einsatz schwacher Verfahren", "check_target": "code", "evidence": [ "source_code", "dependency_scan" ], "automation": "medium" }, { "control_id": "CRYPTO-008", "domain": "CRYPTO", "title": "TLS 1.2+ fuer alle externen Verbindungen", "objective": "Schuetzt Daten bei Uebertragung", "check_target": "config", "evidence": [ "config", "network_scan" ], "automation": "high" }, { "control_id": "CRYPTO-009", "domain": "CRYPTO", "title": "Schluesselrotation implementiert und dokumentiert", "objective": "Reduziert Kompromittierungszeitraum", "check_target": "process", "evidence": [ "key_mgmt_doc", "config" ], "automation": "low" }, { "control_id": "CRYPTO-010", "domain": "CRYPTO", "title": "HSM oder Secure Enclave fuer kryptographische Operationen", "objective": "Hardwarebasierter Schluesselschutz", "check_target": "system", "evidence": [ "architecture_doc" ], "automation": "low" }, { "control_id": "CRYPTO-011", "domain": "CRYPTO", "title": "Zertifikats-Pinning fuer kritische Verbindungen", "objective": "Schuetzt gegen MITM", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "medium" }, { "control_id": "CRYPTO-012", "domain": "CRYPTO", "title": "Kryptographische Zufallszahlen aus sicherem Generator", "objective": "Verhindert vorhersagbare Tokens/Nonces", "check_target": "code", "evidence": [ "source_code" ], "automation": "high" }, { "control_id": "CRYPTO-013", "domain": "CRYPTO", "title": "PIN-Eingabe nur ueber Secure PIN Entry Device", "objective": "Schuetzt PIN vor Abgriff", "check_target": "system", "evidence": [ "architecture_doc", "certification" ], "automation": "low" }, { "control_id": "CRYPTO-014", "domain": "CRYPTO", "title": "Kartendaten werden verschluesselt uebertragen (P2PE)", "objective": "End-to-End Schutz der Kartendaten", "check_target": "system", "evidence": [ "architecture_doc", "network_config" ], "automation": "partial" }, { "control_id": "CRYPTO-015", "domain": "CRYPTO", "title": "Keine persistente Speicherung vollstaendiger Kartendaten", "objective": "Minimiert Daten bei Kompromittierung", "check_target": "code", "evidence": [ "source_code", "db_schema" ], "automation": "high" }, { "control_id": "API-001", "domain": "API", "title": "Authentifizierung fuer alle Admin-Endpunkte", "objective": "Verhindert unautorisierten Zugriff", "check_target": "code", "evidence": [ "source_code", "api_spec" ], "automation": "high" }, { "control_id": "API-002", "domain": "API", "title": "Rollenbasierte Autorisierung", "objective": "Least-Privilege Prinzip", "check_target": "code", "evidence": [ "source_code", "rbac_config" ], "automation": "medium" }, { "control_id": "API-003", "domain": "API", "title": "Rate Limiting implementiert", "objective": "Schuetzt gegen Brute Force und DoS", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "medium" }, { "control_id": "API-004", "domain": "API", "title": "Keine sensiblen Daten in Fehlermeldungen", "objective": "Verhindert Information Leakage", "check_target": "code", "evidence": [ "source_code", "api_test" ], "automation": "high" }, { "control_id": "API-005", "domain": "API", "title": "Input Validation gegen Injection", "objective": "Schuetzt gegen SQL/Command Injection", "check_target": "code", "evidence": [ "source_code", "security_test" ], "automation": "high" }, { "control_id": "API-006", "domain": "API", "title": "CORS korrekt konfiguriert", "objective": "Verhindert Cross-Origin Angriffe", "check_target": "config", "evidence": [ "config", "security_test" ], "automation": "high" }, { "control_id": "API-007", "domain": "API", "title": "Session-Timeout fuer Admin-Sessions", "objective": "Reduziert Risiko bei verlassenen Sessions", "check_target": "config", "evidence": [ "config", "source_code" ], "automation": "medium" }, { "control_id": "API-008", "domain": "API", "title": "API-Versionierung implementiert", "objective": "Ermoeglicht kontrollierte Aenderungen", "check_target": "code", "evidence": [ "api_spec", "source_code" ], "automation": "medium" }, { "control_id": "API-009", "domain": "API", "title": "Webhook-Callbacks werden authentifiziert", "objective": "Verhindert gefaelschte Callbacks", "check_target": "code", "evidence": [ "source_code" ], "automation": "medium" }, { "control_id": "API-010", "domain": "API", "title": "Idempotenz-Keys fuer kritische POST-Operationen", "objective": "Verhindert doppelte Ausfuehrung", "check_target": "code", "evidence": [ "source_code", "api_spec" ], "automation": "medium" }, { "control_id": "API-011", "domain": "API", "title": "Request-Signierung fuer sicherheitskritische Operationen", "objective": "Integritaetsschutz der Anfrage", "check_target": "code", "evidence": [ "source_code", "api_spec" ], "automation": "medium" }, { "control_id": "API-012", "domain": "API", "title": "Keine sensiblen Daten in URL-Parametern", "objective": "Verhindert Leakage ueber Logs und Browser-History", "check_target": "code", "evidence": [ "source_code" ], "automation": "high" }, { "control_id": "API-013", "domain": "API", "title": "Content-Type Validierung bei allen Endpunkten", "objective": "Verhindert Content-Type Confusion", "check_target": "code", "evidence": [ "source_code" ], "automation": "high" }, { "control_id": "API-014", "domain": "API", "title": "Health- und Status-Endpunkte exponieren keine sensitiven Details", "objective": "Verhindert Reconnaissance", "check_target": "code", "evidence": [ "source_code", "api_test" ], "automation": "high" }, { "control_id": "API-015", "domain": "API", "title": "Batch-Operationen sind groessenbeschraenkt", "objective": "Verhindert Ressourcenerschoepfung", "check_target": "code", "evidence": [ "source_code" ], "automation": "medium" }, { "control_id": "TERM-001", "domain": "TERM", "title": "Korrekte Sequenz von Zahlungsbefehlen", "objective": "Protokollkonformitaet", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "TERM-002", "domain": "TERM", "title": "Retry-Mechanismus bei Verbindungsabbruch", "objective": "Sichert Transaktionsabschluss", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "TERM-003", "domain": "TERM", "title": "Timeout Handling Terminal-Backend", "objective": "Verhindert Blockierung", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "medium" }, { "control_id": "TERM-004", "domain": "TERM", "title": "Fehlercodes korrekt interpretiert", "objective": "Verhindert Fehlinterpretation", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "medium" }, { "control_id": "TERM-005", "domain": "TERM", "title": "Status-Synchronisation zwischen Terminal und Backend", "objective": "Konsistente Zustaende", "check_target": "system", "evidence": [ "integration_test", "architecture_doc" ], "automation": "partial" }, { "control_id": "TERM-006", "domain": "TERM", "title": "Verbindungsaufbau zum Terminal authentifiziert", "objective": "Verhindert Rogue-Terminal", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "medium" }, { "control_id": "TERM-007", "domain": "TERM", "title": "Terminal-Registrierung mit eindeutiger Kennung", "objective": "Ermoeglicht Asset-Tracking", "check_target": "system", "evidence": [ "db_schema", "admin_ui" ], "automation": "partial" }, { "control_id": "TERM-008", "domain": "TERM", "title": "Heartbeat / Keep-Alive fuer Terminal-Verbindung", "objective": "Erkennt Verbindungsabbruch frueh", "check_target": "code", "evidence": [ "source_code" ], "automation": "medium" }, { "control_id": "TERM-009", "domain": "TERM", "title": "Protokollversion wird geprueft und erzwungen", "objective": "Verhindert Downgrade-Angriffe", "check_target": "code", "evidence": [ "source_code" ], "automation": "medium" }, { "control_id": "TERM-010", "domain": "TERM", "title": "Kontaktlos-Transaktionen nur ueber zugelassene Kernel", "objective": "Sichert NFC-Konformitaet", "check_target": "system", "evidence": [ "certification", "config" ], "automation": "low" }, { "control_id": "TERM-011", "domain": "TERM", "title": "Terminal meldet Tamper-Events an Backend", "objective": "Zentrales Monitoring von Manipulationsversuchen", "check_target": "system", "evidence": [ "integration_test", "architecture_doc" ], "automation": "partial" }, { "control_id": "TERM-012", "domain": "TERM", "title": "Offline-Queue bei Verbindungsunterbrechung", "objective": "Sichert Transaktionsdaten bei Netzausfall", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "TERM-013", "domain": "TERM", "title": "Maximale Queue-Groesse definiert", "objective": "Verhindert unkontrollierten Speicherverbrauch", "check_target": "config", "evidence": [ "config", "source_code" ], "automation": "medium" }, { "control_id": "TERM-014", "domain": "TERM", "title": "End-of-Day / Settlement-Prozess implementiert", "objective": "Sichert taeglichen Transaktionsabschluss", "check_target": "system", "evidence": [ "source_code", "integration_test" ], "automation": "partial" }, { "control_id": "TERM-015", "domain": "TERM", "title": "Terminal-Display zeigt korrekten Zahlungsstatus", "objective": "Verhindert Fehlkommunikation an Nutzer", "check_target": "system", "evidence": [ "integration_test" ], "automation": "low" }, { "control_id": "FW-001", "domain": "FW", "title": "Firmware signiert", "objective": "Verhindert Installation manipulierter Firmware", "check_target": "system", "evidence": [ "build_pipeline", "signing_config" ], "automation": "low" }, { "control_id": "FW-002", "domain": "FW", "title": "Signaturpruefung vor Firmware-Update", "objective": "Blockiert unsignierte Updates", "check_target": "code", "evidence": [ "source_code", "update_process" ], "automation": "medium" }, { "control_id": "FW-003", "domain": "FW", "title": "Rollback-Mechanismus vorhanden", "objective": "Ermoeglicht Recovery nach fehlerhaftem Update", "check_target": "system", "evidence": [ "architecture_doc", "test_report" ], "automation": "low" }, { "control_id": "FW-004", "domain": "FW", "title": "Debug-Interfaces in Produktion deaktiviert", "objective": "Verhindert unautorisierten Zugriff", "check_target": "config", "evidence": [ "deployment_config", "security_test" ], "automation": "medium" }, { "control_id": "FW-005", "domain": "FW", "title": "Manipulationserkennung loest Alarm/Sperre aus", "objective": "Reaktion auf physische Angriffe", "check_target": "system", "evidence": [ "architecture_doc", "test_report" ], "automation": "low" }, { "control_id": "FW-006", "domain": "FW", "title": "Secure Boot implementiert", "objective": "Verhindert Ausfuehrung manipulierter Boot-Images", "check_target": "system", "evidence": [ "architecture_doc" ], "automation": "low" }, { "control_id": "FW-007", "domain": "FW", "title": "Firmware-Version ist remote abfragbar", "objective": "Ermoeglicht Fleet-Management und Compliance-Nachweis", "check_target": "system", "evidence": [ "api_spec", "admin_ui" ], "automation": "partial" }, { "control_id": "FW-008", "domain": "FW", "title": "Automatische Update-Benachrichtigung bei kritischen Patches", "objective": "Sichert zeitnahe Reaktion auf Schwachstellen", "check_target": "system", "evidence": [ "architecture_doc" ], "automation": "partial" }, { "control_id": "FW-009", "domain": "FW", "title": "Keine Persistenz von Zahlungsdaten ueber Neustart hinaus", "objective": "Schuetzt Daten bei physischem Zugriff", "check_target": "code", "evidence": [ "source_code", "architecture_doc" ], "automation": "medium" }, { "control_id": "FW-010", "domain": "FW", "title": "Physischer Speicher wird bei Tamper-Detection geloescht", "objective": "Zerstoert Schluessel bei Manipulation", "check_target": "system", "evidence": [ "architecture_doc", "certification" ], "automation": "low" }, { "control_id": "REP-001", "domain": "REP", "title": "Transaktionsstatus vollstaendig dokumentiert", "objective": "Ermoeglicht Nachvollziehbarkeit jeder Zahlung", "check_target": "system", "evidence": [ "reporting_output", "db_schema" ], "automation": "medium" }, { "control_id": "REP-002", "domain": "REP", "title": "Audit-Trail verknuepft mit Transaktionen", "objective": "Sichert End-to-End Traceability", "check_target": "system", "evidence": [ "reporting_output", "audit_log_sample" ], "automation": "medium" }, { "control_id": "REP-003", "domain": "REP", "title": "Exportdaten plausibel und vollstaendig", "objective": "Sichert korrekte Weitergabe", "check_target": "system", "evidence": [ "export_sample", "integration_test" ], "automation": "partial" }, { "control_id": "REP-004", "domain": "REP", "title": "Fehlercodes nachvollziehbar dokumentiert", "objective": "Ermoeglicht Fehleranalyse", "check_target": "code", "evidence": [ "source_code", "documentation" ], "automation": "medium" }, { "control_id": "REP-005", "domain": "REP", "title": "Revisionssichere Speicherung von Transaktionsdaten", "objective": "GoBD/GDPdU-konforme Aufbewahrung", "check_target": "system", "evidence": [ "architecture_doc", "storage_config" ], "automation": "low" }, { "control_id": "REP-006", "domain": "REP", "title": "Tagesabschluss-Report vollstaendig und konsistent", "objective": "Sichert taeglichen Abgleich", "check_target": "system", "evidence": [ "reporting_output", "integration_test" ], "automation": "partial" }, { "control_id": "REP-007", "domain": "REP", "title": "Summenabgleich Terminal vs. Backend", "objective": "Erkennt Differenzen", "check_target": "system", "evidence": [ "reconciliation_report", "integration_test" ], "automation": "partial" }, { "control_id": "REP-008", "domain": "REP", "title": "Stornierte Transaktionen korrekt ausgewiesen", "objective": "Sichert korrekte Buchhaltungsgrundlage", "check_target": "system", "evidence": [ "reporting_output" ], "automation": "medium" }, { "control_id": "REP-009", "domain": "REP", "title": "Historische Reports nicht nachtraeglich aenderbar", "objective": "Schuetzt Integritaet der Berichterstattung", "check_target": "system", "evidence": [ "architecture_doc", "db_config" ], "automation": "low" }, { "control_id": "REP-010", "domain": "REP", "title": "Abrechnungsdaten enthalten keine vollstaendigen Kartennummern", "objective": "Minimiert Datenexposition in Reports", "check_target": "code", "evidence": [ "source_code", "export_sample" ], "automation": "high" }, { "control_id": "ACC-001", "domain": "ACC", "title": "Individuelle Benutzerkonten fuer alle Administratoren", "objective": "Verhindert geteilte Accounts", "check_target": "system", "evidence": [ "admin_ui", "iam_config" ], "automation": "partial" }, { "control_id": "ACC-002", "domain": "ACC", "title": "Standard-Passwoerter werden bei Ersteinrichtung erzwungen zu aendern", "objective": "Verhindert Default-Credential-Angriffe", "check_target": "code", "evidence": [ "source_code", "deployment_doc" ], "automation": "medium" }, { "control_id": "ACC-003", "domain": "ACC", "title": "Multi-Faktor-Authentifizierung fuer Admin-Zugang", "objective": "Erhoehter Schutz privilegierter Konten", "check_target": "system", "evidence": [ "iam_config", "admin_ui" ], "automation": "partial" }, { "control_id": "ACC-004", "domain": "ACC", "title": "Passwort-Komplexitaetsanforderungen implementiert", "objective": "Verhindert schwache Passwoerter", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "high" }, { "control_id": "ACC-005", "domain": "ACC", "title": "Account-Sperrung nach fehlgeschlagenen Anmeldeversuchen", "objective": "Schuetzt gegen Brute Force", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "high" }, { "control_id": "ACC-006", "domain": "ACC", "title": "Privilegierte Aktionen erfordern erneute Authentifizierung", "objective": "Step-Up Authentication", "check_target": "code", "evidence": [ "source_code" ], "automation": "medium" }, { "control_id": "ACC-007", "domain": "ACC", "title": "Inaktive Sessions werden automatisch beendet", "objective": "Reduziert Angriffsflaeche bei verlassenen Sessions", "check_target": "config", "evidence": [ "config", "source_code" ], "automation": "high" }, { "control_id": "ACC-008", "domain": "ACC", "title": "Berechtigungsaenderungen werden auditiert", "objective": "Nachvollziehbarkeit von Rechteaenderungen", "check_target": "system", "evidence": [ "audit_log_sample", "source_code" ], "automation": "partial" }, { "control_id": "ACC-009", "domain": "ACC", "title": "Least-Privilege Prinzip fuer alle Rollen", "objective": "Minimiert Rechte auf das Notwendige", "check_target": "system", "evidence": [ "rbac_config", "architecture_doc" ], "automation": "partial" }, { "control_id": "ACC-010", "domain": "ACC", "title": "Service-Accounts haben keine interaktive Login-Moeglichkeit", "objective": "Verhindert Missbrauch technischer Konten", "check_target": "config", "evidence": [ "iam_config" ], "automation": "medium" }, { "control_id": "ERR-001", "domain": "ERR", "title": "Definierte Fehlerbehandlung fuer alle externen Aufrufe", "objective": "Verhindert unkontrollierte Abbrueche", "check_target": "code", "evidence": [ "source_code" ], "automation": "medium" }, { "control_id": "ERR-002", "domain": "ERR", "title": "Graceful Degradation bei Teilausfall", "objective": "Sichert Basisfunktionalitaet", "check_target": "system", "evidence": [ "architecture_doc", "integration_test" ], "automation": "partial" }, { "control_id": "ERR-003", "domain": "ERR", "title": "Recovery nach Stromausfall ohne Datenverlust", "objective": "Transaktionskonsistenz bei Hardwareausfall", "check_target": "system", "evidence": [ "integration_test", "architecture_doc" ], "automation": "low" }, { "control_id": "ERR-004", "domain": "ERR", "title": "Offline-Modus mit definiertem Funktionsumfang", "objective": "Klare Grenzen bei fehlender Konnektivitaet", "check_target": "code", "evidence": [ "source_code", "documentation" ], "automation": "medium" }, { "control_id": "ERR-005", "domain": "ERR", "title": "Automatische Wiederverbindung nach Netzwerkunterbrechung", "objective": "Minimiert manuelle Intervention", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "ERR-006", "domain": "ERR", "title": "Circuit Breaker bei Backend-Ueberlast", "objective": "Verhindert Kaskadenausfall", "check_target": "code", "evidence": [ "source_code", "config" ], "automation": "medium" }, { "control_id": "ERR-007", "domain": "ERR", "title": "Fehlerhafte Datenpakete werden verworfen, nicht verarbeitet", "objective": "Verhindert Fehlverarbeitung korrupter Daten", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "high" }, { "control_id": "ERR-008", "domain": "ERR", "title": "Health-Check-Endpunkt fuer Terminal-Monitoring", "objective": "Ermoeglicht proaktive Fehlererkennung", "check_target": "code", "evidence": [ "source_code", "api_spec" ], "automation": "high" }, { "control_id": "ERR-009", "domain": "ERR", "title": "Eskalationsprozess bei kritischen Fehlern definiert", "objective": "Sichert schnelle Reaktion bei Systemausfall", "check_target": "process", "evidence": [ "documentation", "runbook" ], "automation": "low" }, { "control_id": "ERR-010", "domain": "ERR", "title": "Wartungsmodus ohne Transaktionsverlust aktivierbar", "objective": "Ermoeglicht geplante Wartung ohne Datenverlust", "check_target": "system", "evidence": [ "admin_ui", "integration_test" ], "automation": "partial" }, { "control_id": "BLD-001", "domain": "BLD", "title": "Build-Pipeline reproduzierbar", "objective": "Sichert Nachvollziehbarkeit der Artefakte", "check_target": "system", "evidence": [ "ci_config", "build_log" ], "automation": "medium" }, { "control_id": "BLD-002", "domain": "BLD", "title": "Abhaengigkeiten werden auf bekannte Schwachstellen geprueft", "objective": "Verhindert vulnerable Dependencies", "check_target": "system", "evidence": [ "dependency_scan", "ci_config" ], "automation": "high" }, { "control_id": "BLD-003", "domain": "BLD", "title": "Release-Artefakte sind signiert", "objective": "Integritaetsschutz der Auslieferung", "check_target": "system", "evidence": [ "signing_config", "release_process" ], "automation": "medium" }, { "control_id": "BLD-004", "domain": "BLD", "title": "Keine Test-Credentials in Release-Konfiguration", "objective": "Verhindert Produktions-Leaks", "check_target": "config", "evidence": [ "deployment_config", "secret_scan" ], "automation": "high" }, { "control_id": "BLD-005", "domain": "BLD", "title": "Container-Images werden auf Schwachstellen gescannt", "objective": "Sichert Basis-Image Integritaet", "check_target": "system", "evidence": [ "container_scan", "ci_config" ], "automation": "high" }, { "control_id": "BLD-006", "domain": "BLD", "title": "SBOM (Software Bill of Materials) wird generiert", "objective": "Transparenz ueber verwendete Komponenten", "check_target": "system", "evidence": [ "sbom_output", "ci_config" ], "automation": "medium" }, { "control_id": "BLD-007", "domain": "BLD", "title": "Deployment nur ueber autorisierte Pipeline", "objective": "Verhindert manuelle, unkontrollierte Deployments", "check_target": "system", "evidence": [ "ci_config", "access_control" ], "automation": "medium" }, { "control_id": "BLD-008", "domain": "BLD", "title": "Rollback-Prozedur fuer Deployments definiert und getestet", "objective": "Ermoeglicht schnelle Recovery", "check_target": "process", "evidence": [ "runbook", "deployment_doc" ], "automation": "low" }, { "control_id": "BLD-009", "domain": "BLD", "title": "Code-Review vor Merge in Release-Branch", "objective": "Vier-Augen-Prinzip", "check_target": "process", "evidence": [ "git_config", "pr_policy" ], "automation": "medium" }, { "control_id": "BLD-010", "domain": "BLD", "title": "Automatisierte Tests vor jedem Release", "objective": "Sichert Qualitaet vor Auslieferung", "check_target": "system", "evidence": [ "ci_config", "test_results" ], "automation": "high" }, { "control_id": "CRYPTO-016", "domain": "CRYPTO", "title": "Unsichere Betriebsmodi wie ECB werden nicht verwendet", "objective": "Verhindert Musterlecks und schwache Verschluesselung", "check_target": "code", "evidence": [ "source_code", "crypto_config" ], "automation": "medium" }, { "control_id": "CRYPTO-017", "domain": "CRYPTO", "title": "Feste IVs oder Nonces werden nicht wiederverwendet", "objective": "Verhindert kryptographische Schwaechung", "check_target": "code", "evidence": [ "source_code", "unit_tests" ], "automation": "medium" }, { "control_id": "CRYPTO-018", "domain": "CRYPTO", "title": "Klartextvergleich geheimer Werte ohne Timing-sichere Funktion", "objective": "Verhindert Timing-Angriffe", "check_target": "code", "evidence": [ "source_code" ], "automation": "low" }, { "control_id": "CRYPTO-019", "domain": "CRYPTO", "title": "Schluessel im Speicher nur so lange wie erforderlich", "objective": "Reduziert Exposition im Prozessspeicher", "check_target": "code", "evidence": [ "source_code", "code_review" ], "automation": "low" }, { "control_id": "CRYPTO-020", "domain": "CRYPTO", "title": "Kryptographische Fehler fuehren nicht zu stillen Fallbacks", "objective": "Verhindert unbemerkte Deaktivierung von Sicherheit", "check_target": "code", "evidence": [ "source_code", "unit_tests" ], "automation": "medium" }, { "control_id": "AUTH-001", "domain": "AUTH", "title": "Admin-Schnittstellen erfordern starke Authentifizierung", "objective": "Verhindert unbefugten Zugriff", "check_target": "code", "evidence": [ "source_code", "route_config" ], "automation": "high" }, { "control_id": "AUTH-002", "domain": "AUTH", "title": "Standardpasswoerter in Produktivpfaden ausgeschlossen", "objective": "Verhindert triviale Kompromittierung", "check_target": "code", "evidence": [ "source_code", "secret_scan" ], "automation": "high" }, { "control_id": "AUTH-003", "domain": "AUTH", "title": "Fehlgeschlagene Anmeldeversuche begrenzt oder verzoegert", "objective": "Erschwert Brute-Force", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "AUTH-004", "domain": "AUTH", "title": "Rollen explizit modelliert, nicht aus UI abgeleitet", "objective": "Verhindert Autorisierungsfehler", "check_target": "code", "evidence": [ "source_code", "policy_definitions" ], "automation": "medium" }, { "control_id": "AUTH-005", "domain": "AUTH", "title": "Privilegierte Aktionen erfordern serverseitige Pruefung", "objective": "Verhindert Umgehung clientseitiger Schutz", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "AUTH-006", "domain": "AUTH", "title": "Autorisierung zentral implementiert", "objective": "Reduziert Inkonsistenzen", "check_target": "code", "evidence": [ "source_code", "architecture_doc" ], "automation": "medium" }, { "control_id": "AUTH-007", "domain": "AUTH", "title": "Service-zu-Service Auth ohne eingebettete Credentials", "objective": "Verhindert Missbrauch statischer Geheimnisse", "check_target": "code", "evidence": [ "source_code", "secret_scan" ], "automation": "high" }, { "control_id": "AUTH-008", "domain": "AUTH", "title": "Deaktivierte Nutzer/Geraete koennen nicht mehr authentifizieren", "objective": "Wirksame Entzug von Zugriffsrechten", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "AUTH-009", "domain": "AUTH", "title": "MFA fuer besonders privilegierte Zugaenge", "objective": "Erhoehter Schutz Hochrisiko-Funktionen", "check_target": "code", "evidence": [ "source_code", "auth_config" ], "automation": "medium" }, { "control_id": "AUTH-010", "domain": "AUTH", "title": "Token auf Ablauf und Integritaet geprueft", "objective": "Verhindert manipuliertes Auth-Material", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "AUTH-011", "domain": "AUTH", "title": "Autorisierung basiert auf Serverzustand, nicht Client-Rollen", "objective": "Verhindert Privilege Escalation", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "AUTH-012", "domain": "AUTH", "title": "Admin-Funktionen logisch von Transaktionsfunktionen getrennt", "objective": "Reduziert Angriffsflaeche", "check_target": "architecture", "evidence": [ "source_code", "route_maps" ], "automation": "medium" }, { "control_id": "AUTH-013", "domain": "AUTH", "title": "Authentifizierungsereignisse werden protokolliert", "objective": "Nachvollziehbarkeit", "check_target": "code", "evidence": [ "source_code", "audit_log_sample" ], "automation": "medium" }, { "control_id": "AUTH-014", "domain": "AUTH", "title": "Passwort-Reset umgeht keine Autorisierungsschranken", "objective": "Verhindert Missbrauch Recovery-Flows", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "AUTH-015", "domain": "AUTH", "title": "Maschinen- und Personenidentitaeten getrennt verwaltet", "objective": "Verhindert Vermischung", "check_target": "config", "evidence": [ "iam_config", "architecture_doc" ], "automation": "low" }, { "control_id": "AUTH-016", "domain": "AUTH", "title": "Cross-Tenant-Zugriffe geschuetzt", "objective": "Verhindert Zugriff auf fremde Mandanten", "check_target": "code", "evidence": [ "source_code", "tenant_tests" ], "automation": "medium" }, { "control_id": "AUTH-017", "domain": "AUTH", "title": "Berechtigungsfehler liefern generische Meldungen", "objective": "Reduziert Informationsleckage", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "AUTH-018", "domain": "AUTH", "title": "Autorisierungsregeln durch Tests abgedeckt", "objective": "Beweisbarkeit der Zugriffskontrollen", "check_target": "test", "evidence": [ "unit_test", "integration_test" ], "automation": "medium" }, { "control_id": "AUTH-019", "domain": "AUTH", "title": "Fallback-Modi umgehen keine Authentifizierung", "objective": "Verhindert Sicherheitsverlust in Ausnahmezustaenden", "check_target": "code", "evidence": [ "source_code", "error_mode_tests" ], "automation": "low" }, { "control_id": "AUTH-020", "domain": "AUTH", "title": "Temporaere Berechtigungen verfallen automatisch", "objective": "Reduziert dauerhafte Ueberprivilegierung", "check_target": "code", "evidence": [ "source_code", "policy_definitions" ], "automation": "low" }, { "control_id": "SESSION-001", "domain": "SESSION", "title": "Sitzungstoken werden nicht im Klartext geloggt", "objective": "Verhindert Missbrauch gestohlener Sitzungen", "check_target": "code", "evidence": [ "source_code", "log_output" ], "automation": "high" }, { "control_id": "SESSION-002", "domain": "SESSION", "title": "Sitzungs-IDs ausreichend zufaellig", "objective": "Verhindert Session Guessing", "check_target": "code", "evidence": [ "source_code", "auth_config" ], "automation": "medium" }, { "control_id": "SESSION-003", "domain": "SESSION", "title": "Sessions verfallen nach Inaktivitaet", "objective": "Begrenzt Missbrauch", "check_target": "config", "evidence": [ "session_config", "source_code" ], "automation": "medium" }, { "control_id": "SESSION-004", "domain": "SESSION", "title": "Sessions nach Rollenwechsel rotiert", "objective": "Verhindert Session Fixation", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "SESSION-005", "domain": "SESSION", "title": "Logout invalidiert serverseitig alle Token", "objective": "Verhindert weitere Nutzung nach Logout", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "SESSION-006", "domain": "SESSION", "title": "Cookies mit Secure und HttpOnly Attributen", "objective": "Reduziert Diebstahl ueber unsichere Kanaele", "check_target": "config", "evidence": [ "http_config", "integration_test" ], "automation": "high" }, { "control_id": "SESSION-007", "domain": "SESSION", "title": "SameSite-Richtlinien explizit gesetzt", "objective": "Reduziert CSRF-Angriffe", "check_target": "config", "evidence": [ "http_config", "integration_test" ], "automation": "high" }, { "control_id": "SESSION-008", "domain": "SESSION", "title": "Token-Pruefung validiert Audience, Issuer, Gueltigkeit", "objective": "Verhindert Akzeptanz fremder Token", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "high" }, { "control_id": "SESSION-009", "domain": "SESSION", "title": "Geraete-Sessions eindeutig einer Instanz zugeordnet", "objective": "Verhindert Sitzungsuebernahme", "check_target": "code", "evidence": [ "source_code", "device_registry" ], "automation": "medium" }, { "control_id": "SESSION-010", "domain": "SESSION", "title": "Sitzungsspeicher trennt Mandanten zuverlaessig", "objective": "Verhindert Cross-Tenant Missbrauch", "check_target": "architecture", "evidence": [ "session_config", "architecture_doc" ], "automation": "low" }, { "control_id": "KEYMGMT-001", "domain": "KEYMGMT", "title": "Schluessel ausserhalb des Quellcodes erzeugt und verwaltet", "objective": "Verhindert Offenlegung durch Codezugriff", "check_target": "code", "evidence": [ "source_code", "secret_scan" ], "automation": "high" }, { "control_id": "KEYMGMT-002", "domain": "KEYMGMT", "title": "Produktions- und Testschluessel strikt getrennt", "objective": "Verhindert unsichere Testkonfigurationen in Produktion", "check_target": "config", "evidence": [ "config", "deployment_config" ], "automation": "medium" }, { "control_id": "KEYMGMT-003", "domain": "KEYMGMT", "title": "Schluesselrotation technisch vorgesehen", "objective": "Begrenzt Auswirkungen kompromittierter Schluessel", "check_target": "system", "evidence": [ "key_rotation_jobs", "source_code" ], "automation": "low" }, { "control_id": "KEYMGMT-004", "domain": "KEYMGMT", "title": "Abgelaufene Schluessel werden nicht mehr akzeptiert", "objective": "Verhindert Nutzung veralteten Materials", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "KEYMGMT-005", "domain": "KEYMGMT", "title": "Schluesselzugriffe rollenbasiert und protokolliert", "objective": "Nachvollziehbarkeit", "check_target": "system", "evidence": [ "iam_config", "audit_log_sample" ], "automation": "low" }, { "control_id": "KEYMGMT-006", "domain": "KEYMGMT", "title": "Schluessel nicht zwischen Komponenten unnoetig repliziert", "objective": "Reduziert Verbreitung", "check_target": "architecture", "evidence": [ "architecture_doc", "source_code" ], "automation": "low" }, { "control_id": "KEYMGMT-007", "domain": "KEYMGMT", "title": "Kompromittierte Schluessel koennen deaktiviert werden", "objective": "Wirksame Reaktion auf Vorfaelle", "check_target": "system", "evidence": [ "key_registry", "incident_runbook" ], "automation": "low" }, { "control_id": "KEYMGMT-008", "domain": "KEYMGMT", "title": "Terminal-Geraete nutzen eindeutiges Schluesselmaterial", "objective": "Verhindert laterale Ausbreitung", "check_target": "architecture", "evidence": [ "provisioning_docs", "device_inventory" ], "automation": "low" }, { "control_id": "KEYMGMT-009", "domain": "KEYMGMT", "title": "Schluessel nicht in Client-/Frontend-Artefakte eingebettet", "objective": "Verhindert Extraktion", "check_target": "build", "evidence": [ "artifact_scan", "secret_scan" ], "automation": "high" }, { "control_id": "KEYMGMT-010", "domain": "KEYMGMT", "title": "Schluessellebenszyklen versioniert und dokumentiert", "objective": "Belastbare Pruef- und Rotationsnachweise", "check_target": "process", "evidence": [ "key_registry", "audit_log_sample" ], "automation": "low" }, { "control_id": "DEVICE-001", "domain": "DEVICE", "title": "Geraeteidentitaeten eindeutig und nicht wiederverwendbar", "objective": "Klare Zuordnung", "check_target": "system", "evidence": [ "device_registry", "provisioning_logic" ], "automation": "medium" }, { "control_id": "DEVICE-002", "domain": "DEVICE", "title": "Unregistrierte Geraete koennen keine Verbindung aufbauen", "objective": "Verhindert unautorisierte Hardware", "check_target": "code", "evidence": [ "source_code", "device_registry" ], "automation": "medium" }, { "control_id": "DEVICE-003", "domain": "DEVICE", "title": "Provisioning prueft Identitaet und Sicherheitszustand", "objective": "Verhindert Aufnahme kompromittierter Geraete", "check_target": "system", "evidence": [ "provisioning_workflows", "source_code" ], "automation": "low" }, { "control_id": "DEVICE-004", "domain": "DEVICE", "title": "Geraetekonfigurationen versioniert und geschuetzt", "objective": "Integritaet betrieblicher Einstellungen", "check_target": "system", "evidence": [ "config_registry", "audit_log_sample" ], "automation": "low" }, { "control_id": "DEVICE-005", "domain": "DEVICE", "title": "Geraete-IDs serverseitig validiert", "objective": "Verhindert Spoofing", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "DEVICE-006", "domain": "DEVICE", "title": "Tamper-Events systemseitig ausgewertet", "objective": "Reaktion auf physische Eingriffe", "check_target": "system", "evidence": [ "event_handlers", "monitoring_rules" ], "automation": "low" }, { "control_id": "DEVICE-007", "domain": "DEVICE", "title": "Geraetewechsel fuehrt zu Neuvalidierung", "objective": "Verhindert Uebernahme alter Vertrauensstellungen", "check_target": "process", "evidence": [ "provisioning_docs", "device_registry" ], "automation": "low" }, { "control_id": "DEVICE-008", "domain": "DEVICE", "title": "Geraete melden Zustandsaenderungen an Backend", "objective": "Zentrale Sichtbarkeit", "check_target": "system", "evidence": [ "source_code", "message_schema" ], "automation": "medium" }, { "control_id": "DEVICE-009", "domain": "DEVICE", "title": "Nicht vertrauenswuerdiger Zustand blockiert Kommunikation", "objective": "Verhindert Betrieb kompromittierter Geraete", "check_target": "code", "evidence": [ "source_code", "tamper_tests" ], "automation": "low" }, { "control_id": "DEVICE-010", "domain": "DEVICE", "title": "Zustandsuebergaenge explizit modelliert und getestet", "objective": "Verhindert inkonsistente Betriebszustaende", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "DEVICE-011", "domain": "DEVICE", "title": "Fehlzustaende fuehren zu definierten Safe States", "objective": "Verhindert unsicheren Weiterbetrieb", "check_target": "code", "evidence": [ "source_code", "error_mode_tests" ], "automation": "medium" }, { "control_id": "DEVICE-012", "domain": "DEVICE", "title": "Diagnose-/Wartungsmodi getrennt und zugriffsbeschraenkt", "objective": "Reduziert Missbrauch", "check_target": "code", "evidence": [ "source_code", "auth_config" ], "automation": "low" }, { "control_id": "DEVICE-013", "domain": "DEVICE", "title": "Sicherheitsflags nicht unautorisiert ruecksetzbar", "objective": "Verhindert Umgehung kritischer Schutzmechanismen", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "low" }, { "control_id": "DEVICE-014", "domain": "DEVICE", "title": "Geraete-Registrierung und -Deregistrierung auditierbar", "objective": "Nachvollziehbarkeit Geraetebestand", "check_target": "system", "evidence": [ "audit_log_sample", "device_registry" ], "automation": "low" }, { "control_id": "DEVICE-015", "domain": "DEVICE", "title": "Offlinemodus funktional und sicherheitlich klar begrenzt", "objective": "Verhindert unkontrollierte Zustaende", "check_target": "code", "evidence": [ "source_code", "offline_tests" ], "automation": "low" }, { "control_id": "TRANS-001", "domain": "TRANS", "title": "Transaktionsstatus als explizite Zustandsmaschine modelliert", "objective": "Verhindert ungueltige Statusuebergaenge", "check_target": "code", "evidence": [ "source_code", "state_machine_tests" ], "automation": "medium" }, { "control_id": "TRANS-002", "domain": "TRANS", "title": "Nur definierte Statusuebergaenge technisch zulaessig", "objective": "Verhindert inkonsistente Verlaeufe", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "TRANS-003", "domain": "TRANS", "title": "Abgebrochene Transaktionen konsistent zurueckgerollt", "objective": "Verhindert schwebende Zustaende", "check_target": "system", "evidence": [ "integration_test", "error_mode_tests" ], "automation": "medium" }, { "control_id": "TRANS-004", "domain": "TRANS", "title": "Asynchrone Rueckmeldungen korrekt zugeordnet", "objective": "Verhindert Vermischung paralleler Ablaeufe", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "TRANS-005", "domain": "TRANS", "title": "Doppelte Nachrichten erkannt und sicher behandelt", "objective": "Verhindert Mehrfachverarbeitung", "check_target": "code", "evidence": [ "source_code", "integration_test" ], "automation": "medium" }, { "control_id": "TRANS-006", "domain": "TRANS", "title": "Unvollstaendige Transaktionen periodisch erkannt", "objective": "Kontrollierte Bereinigung", "check_target": "system", "evidence": [ "scheduler_jobs", "source_code" ], "automation": "low" }, { "control_id": "TRANS-007", "domain": "TRANS", "title": "Fehlende Antworten erzeugen keinen stillen Erfolg", "objective": "Verhindert irreführende Erfolgsmeldungen", "check_target": "code", "evidence": [ "source_code", "timeout_tests" ], "automation": "high" }, { "control_id": "TRANS-008", "domain": "TRANS", "title": "Stornierungen an berechtigte Rollen gebunden", "objective": "Verhindert unautorisierte Manipulation", "check_target": "code", "evidence": [ "source_code", "authorization_tests" ], "automation": "medium" }, { "control_id": "TRANS-009", "domain": "TRANS", "title": "Race Conditions durch Sperrmechanismen reduziert", "objective": "Verhindert konkurrierende Verarbeitung", "check_target": "code", "evidence": [ "source_code", "concurrency_tests" ], "automation": "low" }, { "control_id": "TRANS-010", "domain": "TRANS", "title": "Betragsrelevante Felder gegen Rundungsfehler abgesichert", "objective": "Verhindert finanzielle Abweichungen", "check_target": "code", "evidence": [ "source_code", "unit_test" ], "automation": "medium" }, { "control_id": "DATA-001", "domain": "DATA", "title": "Sensitive Daten nur bei fachlicher Erforderlichkeit verarbeitet", "objective": "Reduziert unnoetige Exposition", "check_target": "architecture", "evidence": [ "data_flow_docs", "source_code" ], "automation": "low" }, { "control_id": "DATA-002", "domain": "DATA", "title": "Felder mit erhoehtem Schutzbedarf im Code identifizierbar", "objective": "Erleichtert gezielte Schutzmassnahmen", "check_target": "code", "evidence": [ "source_code", "data_catalog" ], "automation": "medium" }, { "control_id": "DATA-003", "domain": "DATA", "title": "Persistierte Daten auf notwendige Felder minimiert", "objective": "Verhindert unnoetige Speicherung", "check_target": "database", "evidence": [ "db_schema", "source_code" ], "automation": "medium" }, { "control_id": "DATA-004", "domain": "DATA", "title": "Testdaten enthalten keine produktiven Zahlungsdaten", "objective": "Verhindert Offenlegung in Testumgebungen", "check_target": "process", "evidence": [ "test_fixtures", "secret_scan" ], "automation": "medium" }, { "control_id": "DATA-005", "domain": "DATA", "title": "Sensitive Daten in Telemetrie/Tracing nicht offengelegt", "objective": "Verhindert Abfluss ueber Observability", "check_target": "code", "evidence": [ "source_code", "telemetry_config" ], "automation": "medium" }, { "control_id": "DATA-006", "domain": "DATA", "title": "Export-/Reporting-Pfade geben Daten nur maskiert aus", "objective": "Verhindert Abfluss ueber Nebenausgaben", "check_target": "code", "evidence": [ "source_code", "report_samples" ], "automation": "medium" }, { "control_id": "DATA-007", "domain": "DATA", "title": "Datentypen fuer zahlungsrelevante Felder begrenzt", "objective": "Verhindert fehlerhafte Eingaben", "check_target": "code", "evidence": [ "source_code", "db_schema" ], "automation": "high" }, { "control_id": "DATA-008", "domain": "DATA", "title": "Datei-Uploads vor Verarbeitung validiert", "objective": "Verhindert Einschleusen manipulierten Inhalts", "check_target": "code", "evidence": [ "source_code", "validation_tests" ], "automation": "high" }, { "control_id": "ERROR-001", "domain": "ERR", "title": "Sicherheitsrelevante Fehler nicht stillschweigend unterdrueckt", "objective": "Verhindert verdeckte Sicherheitsverluste", "check_target": "code", "evidence": [ "source_code", "error_paths" ], "automation": "medium" }, { "control_id": "ERROR-002", "domain": "ERR", "title": "Retry unterscheidet transiente von fachlichen Fehlern", "objective": "Verhindert falsche Wiederholungen", "check_target": "code", "evidence": [ "source_code", "retry_logic" ], "automation": "medium" }, { "control_id": "ERROR-003", "domain": "ERR", "title": "Fehlercodes konsistent gemappt und dokumentiert", "objective": "Verbessert Diagnose und Audit", "check_target": "system", "evidence": [ "error_mapping", "source_code" ], "automation": "medium" }, { "control_id": "ERROR-004", "domain": "ERR", "title": "Fehlerbehandlung durch Negativtests abgedeckt", "objective": "Beweisbarkeit robuster Fehlerpfade", "check_target": "test", "evidence": [ "negative_tests", "coverage_reports" ], "automation": "medium" }, { "control_id": "ERROR-005", "domain": "ERR", "title": "Dead-letter-Queues fuer asynchrone Fehlerfaelle", "objective": "Verhindert Verlust problematischer Nachrichten", "check_target": "system", "evidence": [ "queue_config", "ops_docs" ], "automation": "low" }, { "control_id": "REPORT-001", "domain": "REP", "title": "Ablehnungen und Fehler nachvollziehbar im Reporting", "objective": "Verhindert beschoenigte Sicht", "check_target": "system", "evidence": [ "report_samples", "error_mapping" ], "automation": "medium" }, { "control_id": "REPORT-002", "domain": "REP", "title": "Reportgenerierung veraendert keine Ursprungsdaten", "objective": "Schuetzt primaeren Datenbestand", "check_target": "code", "evidence": [ "source_code", "db_permissions" ], "automation": "low" }, { "control_id": "REPORT-003", "domain": "REP", "title": "Reports offenbaren nur rollenerforderliche Daten", "objective": "Reduziert Datenabfluss", "check_target": "code", "evidence": [ "authorization_tests", "report_samples" ], "automation": "medium" }, { "control_id": "REPORT-004", "domain": "REP", "title": "Reconciliation-Reports determininstisch reproduzierbar", "objective": "Belastbare Nachweise bei Abweichungen", "check_target": "process", "evidence": [ "reporting_docs", "integration_test" ], "automation": "low" }, { "control_id": "REPORT-005", "domain": "REP", "title": "Berichte beruecksichtigen Zeitzonen konsistent", "objective": "Verhindert Abstimmungsfehler", "check_target": "code", "evidence": [ "source_code", "report_samples" ], "automation": "medium" } ] }