Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2301fb21223600577cf3d6e1bbe6cfe76b969f09
breakpilot-compliance/obligations/cra_logging.json
T
Benjamin Admin a53d67a35a feat(bridge): logging/audit obligation cut (CRA Annex I (2)(k)) + 7/7 control mapping 
- obligations/cra_logging.json: 19 obligations (6 LEGAL_MINIMUM auf (2)(k) korrekt
  verankert, 13 BEST_PRACTICE), 13 Beziehungen; out_of_scope M8/M5/M81 (AI-Act/FRT/PIN).
  Two-stage clustering (2601->1361 micro->100 review-units) -> Opus-Synthese -> Kuration.
- controls_for_obligation_mapping.json: V16.1.1/V16.3.3/V16.3.4 -> event_logging_security_events
  (Umbrella-LM; spezifische Alternativen via ASVS-Control-Text). Jetzt 7/7 gefuellt.
- obligation_join_keys.json: 47->66 obligation_ids (logging family).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-25 11:57:16 +02:00

4741 lines
97 KiB
JSON
Raw Blame History

{
"schema_version": "obligation_registry_v1",
"regulation": "CRA",
"regulation_code": "CRA",
"family": "logging",
"theme": "Logging/Audit (CRA Annex I Part I (2)(k))",
"generated_by": "obligation_discovery/claude-opus-4-8",
"synthesis_version": "v1",
"citation_status": "pending_span_anchor",
"curation": {
"curated_by": "obligation-registry-session 2026-06-25",
"method": "two-stage clustering (micro 0.78 -> meta 0.62) -> Opus synthesis -> key-free review",
"scope_controls": 2601,
"micro_clusters": 1361,
"review_units": 100,
"obligations": 19,
"tier_split": {
"LEGAL_MINIMUM": 6,
"BEST_PRACTICE": 13
},
"out_of_scope": [
"M8 (AI-Act Hochrisiko-Ausnahmen)",
"M5 (FRT/Domaenen-Training)",
"M81 (PIN/domaenenspezifisch)"
],
"anchor_quality": "LEGAL_MINIMUM korrekt auf CRA Annex I Part I (2)(k) verankert (echte Logging-Subsektion, mit CRA-Originalzitat) — KEIN Fehl-Anker wie im Auth-Cut. Span-genaue Anker folgen mit Re-Ingest.",
"join_note": "ASVS V16.1.1/V16.3.3/V16.3.4 (SDK-Store, anderer Namespace als member_controls) -> event_logging_security_events (Umbrella-LM). Spezifischere Alternativen via Control-Text durch die Engine-Session."
},
"obligations": [
{
"id": "event_logging_security_events",
"name": "Protokollierung sicherheitsrelevanter Ereignisse",
"description": "Das Produkt protokolliert sicherheitsrelevante Ereignisse und Aktivitaeten (Zugriffe, Aenderungen, sicherheitsrelevante interne Aktivitaeten), um Nachvollziehbarkeit und Erkennung von Vorfaellen zu ermoeglichen.",
"tier": "LEGAL_MINIMUM",
"subdomain": "event_logging",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "LEGAL_BASIS",
"legal_basis": [
{
"source": "CRA",
"anchor": "Annex I Part I (2)(k)",
"citation": "monitor relevant internal activity, including the access to or modification of data, services or functions, where applicable, through recording and monitoring"
}
],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AU-2 Event Logging",
"role": "best_practice"
},
{
"source": "OWASP",
"anchor": "ASVS V7 Logging",
"role": "best_practice"
}
],
"member_review_units": [
"M1",
"M0",
"M19",
"M9",
"M7",
"M24",
"M21",
"M45",
"M33",
"M99",
"M62"
],
"member_controls": [
"ACC-005",
"ACC-0320-A14",
"ACC-0320-A15",
"ACC-086",
"ACC-086-A03",
"ACC-086-A04",
"ACC-086-A05",
"ACC-086-A07",
"ACC-086-A11",
"ACC-086-A16",
"ACC-086-A17",
"ACC-086-A19",
"ACC-086-A23",
"ACC-086-A24",
"ACC-089-A09",
"ACC-089-A16",
"ACC-175-A06",
"ACC-175-A15",
"ACC-188-A11",
"ACC-188-A22",
"ACC-188-A41",
"ACC-188-A54",
"ACC-189-A11",
"ACC-189-A24",
"ACC-189-A50",
"ACC-189-A63",
"ACC-195-A09",
"ACC-195-A19",
"ACC-195-A31",
"ACC-195-A41",
"ACC-195-A50",
"ACC-199-A11",
"ACC-199-A22",
"ACC-199-A44",
"ACC-199-A55",
"ACC-210-A13",
"ACC-210-A20",
"ACC-210-A27",
"ACC-210-A34",
"ACC-470-A15",
"ACC-474-A11",
"ACC-476-A08",
"ACC-487-A01",
"ACC-499-A07",
"ACC-512-A10",
"ACC-533-A10",
"ACC-578-A08",
"ACC-584-A06",
"ACC-584-A12",
"ACC-598-A05",
"ACC-612-A08",
"ACC-623-A09",
"ACC-631-A09",
"ACC-642-A06",
"ACC-642-A07",
"ACC-659",
"ACC-686-A03",
"ACC-686-A06",
"ACC-686-A07",
"ACC-695-A05",
"ACC-734",
"ACC-735",
"ACC-746-A07",
"ACC-757-A01",
"ACC-762-A04",
"ACL-002-A02",
"ACL-002-A04",
"ACL-002-A06",
"ACL-002-A08",
"AI-031-A19",
"AI-099-A29",
"AI-1241-A10",
"AI-1254-A02",
"AI-1389-A08",
"AI-1390-A05",
"AI-1392-A07",
"AI-1434-A06",
"AI-1559-A08",
"AI-1597-A01",
"AI-1602-A02",
"AI-1602-A05",
"AI-1624-A04",
"AI-594-A11",
"AI-648-A09",
"AI-684-A12",
"AI-760-A40",
"AI-942-A56",
"AI-942-A68",
"AI-951-A37",
"API-005",
"AUD-001",
"AUTH-079-A28",
"AUTH-1048-A71",
"AUTH-1061-A19",
"AUTH-1061-A77",
"AUTH-1102-A14",
"AUTH-1279-A04",
"AUTH-1290",
"AUTH-1303-A08",
"AUTH-1312-A03",
"AUTH-1441-A12",
"AUTH-1443-A03",
"AUTH-1443-A07",
"AUTH-1448-A01",
"AUTH-1455",
"AUTH-1455-A07",
"AUTH-1466-A09",
"AUTH-148-A05",
"AUTH-1514-A12",
"AUTH-1525-A04",
"AUTH-1530-A07",
"AUTH-1538",
"AUTH-1538-A10",
"AUTH-1555-A04",
"AUTH-1559",
"AUTH-1561-A01",
"AUTH-1561-A02",
"AUTH-1563-A04",
"AUTH-1589-A10",
"AUTH-1668-A09",
"AUTH-1669-A10",
"AUTH-1682-A08",
"AUTH-1699-A07",
"AUTH-1705-A12",
"AUTH-1723-A01",
"AUTH-1723-A09",
"AUTH-1818-A11",
"AUTH-1834-A06",
"AUTH-1862-A09",
"AUTH-1886-A09",
"AUTH-2406",
"AUTH-2415",
"AUTH-2415-A03",
"AUTH-2415-A07",
"AUTH-2415-A08",
"AUTH-2415-A13",
"AUTH-2419-A06",
"AUTH-2448-A10",
"AUTH-2466-A04",
"AUTH-2544-A05",
"AUTH-2544-A10",
"AUTH-2546-A03",
"AUTH-2547",
"AUTH-2547-A02",
"AUTH-2550-A13",
"AUTH-2593-A08",
"AUTH-2650-A05",
"AUTH-2650-A11",
"AUTH-2734-A07",
"AUTH-2784-A06",
"AUTH-2785-A04",
"AUTH-2798",
"AUTH-2798-A07",
"AUTH-2809-A08",
"AUTH-2830-A07",
"AUTH-2836-A07",
"AUTH-2840-A01",
"AUTH-2840-A03",
"AUTH-2840-A05",
"AUTH-2840-A06",
"AUTH-2855-A06",
"AUTH-2870-A08",
"AUTH-2879-A06",
"AUTH-2879-A11",
"AUTH-2881-A07",
"AUTH-2903-A01",
"AUTH-2903-A10",
"AUTH-2905-A05",
"AUTH-2919",
"AUTH-2919-A08",
"AUTH-2919-A09",
"AUTH-2919-A10",
"AUTH-2941-A01",
"AUTH-2941-A02",
"AUTH-2941-A03",
"AUTH-2947-A01",
"AUTH-2950-A08",
"AUTH-2965-A03",
"AUTH-2970-A06",
"AUTH-3016-A10",
"AUTH-3025",
"AUTH-3025-A13",
"AUTH-3089-A08",
"AUTH-3171-A10",
"AUTH-3199-A04",
"AUTH-3228-A04",
"AUTH-3246-A03",
"AUTH-3246-A11",
"AUTH-3252-A04",
"AUTH-3252-A07",
"AUTH-3296-A01",
"AUTH-3338-A17",
"AUTH-3430-A12",
"AUTH-3452-A07",
"AUTH-3478-A08",
"AUTH-3595-A05",
"AUTH-3595-A11",
"AUTH-3665-A01",
"AUTH-3683",
"AUTH-3686-A05",
"AUTH-3687-A02",
"AUTH-3687-A07",
"AUTH-3689",
"AUTH-3715-A11",
"AUTH-3887-A05",
"AUTH-3904",
"AUTH-3917-A09",
"AUTH-3917-A13",
"AUTH-3918",
"AUTH-3930-A11",
"AUTH-3936-A17",
"AUTH-4032-A07",
"AUTH-4045",
"AUTH-4045-A01",
"AUTH-4045-A04",
"AUTH-4049-A02",
"AUTH-4075-A03",
"AUTH-4095-A05",
"AUTH-4095-A09",
"AUTH-455",
"AUTH-523",
"AUTH-523-A04",
"AUTH-535",
"AUTH-535-A04",
"AUTH-552",
"AUTH-552-A01",
"AUTH-552-A03",
"AUTH-552-A04",
"AUTH-552-A07",
"AUTH-552-A08",
"AUTH-552-A09",
"AUTH-552-A13",
"AUTH-595-A09",
"AUTH-616-A08",
"AUTH-633-A11",
"AUTH-639-A07",
"AUTH-656",
"AUTH-656-A01",
"AUTH-656-A02",
"AUTH-656-A03",
"AUTH-656-A04",
"AUTH-656-A05",
"AUTH-656-A06",
"AUTH-656-A07",
"AUTH-656-A08",
"AUTH-656-A09",
"AUTH-656-A10",
"AUTH-656-A12",
"AUTH-656-A13",
"AUTH-656-A14",
"AUTH-656-A15",
"AUTH-656-A16",
"AUTH-656-A17",
"AUTH-656-A18",
"AUTH-656-A23",
"AUTH-656-A24",
"AUTH-656-A26",
"AUTH-656-A27",
"AUTH-660-A12",
"AUTH-663",
"AUTH-663-A01",
"AUTH-663-A07",
"AUTH-678-A06",
"AUTH-734-A04",
"AUTH-760-A03",
"AUTH-785",
"AUTH-856-A04",
"AUTH-856-A15",
"AUTH-856-A26",
"AUTH-856-A37",
"AUTH-856-A48",
"AUTH-902-A03",
"AUTH-947-A38",
"BIO-009-A03",
"CLG-001",
"CLG-001-A02",
"CLG-001-A06",
"COMP-1053-A04",
"COMP-1053-A08",
"COMP-1103-A05",
"COMP-1103-A09",
"COMP-1103-A14",
"COMP-1150-A05",
"COMP-1150-A08",
"COMP-1150-A11",
"COMP-116-A09",
"COMP-116-A18",
"COMP-1231-A28",
"COMP-1247-A02",
"COMP-1247-A10",
"COMP-1247-A18",
"COMP-1247-A26",
"COMP-1247-A34",
"COMP-1247-A42",
"COMP-1249-A04",
"COMP-1249-A11",
"COMP-1249-A24",
"COMP-1249-A29",
"COMP-1249-A37",
"COMP-1249-A47",
"COMP-1249-A52",
"COMP-1249-A64",
"COMP-1249-A71",
"COMP-178-A08",
"COMP-178-A19",
"COMP-1891-A04",
"COMP-1891-A08",
"COMP-1919-A13",
"COMP-1936-A07",
"COMP-196-A05",
"COMP-2128",
"COMP-2128-A06",
"COMP-2724-A03",
"COMP-2734",
"COMP-2734-A04",
"COMP-2734-A05",
"COMP-2734-A09",
"COMP-2734-A11",
"COMP-2752",
"COMP-2752-A01",
"COMP-2752-A02",
"COMP-2752-A03",
"COMP-2752-A04",
"COMP-2765-A10",
"COMP-2775",
"COMP-2775-A05",
"COMP-2778-A02",
"COMP-2780-A05",
"COMP-2780-A14",
"COMP-3280-A01",
"COMP-3292-A02",
"COMP-3297-A04",
"COMP-3301-A08",
"COMP-3304",
"COMP-3306",
"COMP-3306-A07",
"COMP-3306-A08",
"COMP-3309",
"COMP-3309-A04",
"COMP-3309-A07",
"COMP-3312-A05",
"COMP-3318",
"COMP-3322-A01",
"COMP-3322-A02",
"COMP-3322-A08",
"COMP-3322-A10",
"COMP-3324-A06",
"COMP-3326-A01",
"COMP-3326-A05",
"COMP-3326-A06",
"COMP-3326-A07",
"COMP-3326-A12",
"COMP-3326-A14",
"COMP-3327",
"COMP-3327-A03",
"COMP-3327-A06",
"COMP-3332",
"COMP-3339",
"COMP-3339-A03",
"COMP-3339-A06",
"COMP-3339-A08",
"COMP-3343-A01",
"COMP-3362",
"COMP-3362-A01",
"COMP-3378-A08",
"COMP-3429",
"COMP-3436-A09",
"COMP-3449-A01",
"COMP-3521-A05",
"COMP-356-A06",
"COMP-3696-A06",
"COMP-3733",
"COMP-3733-A08",
"COMP-3733-A09",
"COMP-3739-A03",
"COMP-3983-A05",
"COMP-4009-A03",
"COMP-4058",
"COMP-4058-A07",
"COMP-4059",
"COMP-4059-A01",
"COMP-4059-A02",
"COMP-4059-A11",
"COMP-4088",
"COMP-4088-A11",
"COMP-4088-A12",
"COMP-714-A06",
"COMP-786-A06",
"COMP-786-A11",
"COMP-786-A20",
"COMP-786-A25",
"COMP-911",
"COMP-911-A02",
"COMP-911-A04",
"CRA-006",
"CRA-006-A03",
"CRA-006-A04",
"CRYP-1014-A07",
"CRYP-1043-A09",
"CRYP-1044-A13",
"CRYP-1063-A10",
"CRYP-1079-A10",
"CRYP-1106-A11",
"CRYP-1111-A11",
"CRYP-1160-A05",
"CRYP-1179-A05",
"CRYP-118-A11",
"CRYP-1247",
"CRYP-1247-A01",
"CRYP-1252-A06",
"CRYP-1451-A05",
"CRYP-1477-A09",
"CRYP-1725-A04",
"CRYP-1787-A06",
"CRYP-1814-A14",
"CRYP-1855",
"CRYP-1855-A01",
"CRYP-186-A10",
"CRYP-186-A21",
"CRYP-1881-A04",
"CRYP-1881-A12",
"CRYP-1889-A09",
"CRYP-1892-A11",
"CRYP-190-A10",
"CRYP-1907-A05",
"CRYP-1907-A09",
"CRYP-1910-A10",
"CRYP-1968-A18",
"CRYP-2036-A11",
"CRYP-2158-A11",
"CRYP-2168-A08",
"CRYP-225-A06",
"CRYP-2282-A06",
"CRYP-2330-A04",
"CRYP-2330-A09",
"CRYP-285-A03",
"CRYP-376-A09",
"CRYP-389-A13",
"CRYP-630-A06",
"CRYP-781-A07",
"CRYP-827-A08",
"CRYP-867-A09",
"CRYP-957-A11",
"DATA-002-A09",
"DATA-099-A08",
"DATA-1135-A08",
"DATA-1163-A11",
"DATA-1191-A14",
"DATA-1230-A08",
"DATA-1235-A11",
"DATA-1237-A05",
"DATA-1240-A13",
"DATA-1247-A07",
"DATA-1253-A08",
"DATA-1257",
"DATA-1273-A02",
"DATA-1273-A10",
"DATA-137-A21",
"DATA-1461",
"DATA-1490-A06",
"DATA-1517-A06",
"DATA-1745",
"DATA-1851-A05",
"DATA-1945-A17",
"DATA-2014-A10",
"DATA-2017-A04",
"DATA-2057-A09",
"DATA-2057-A19",
"DATA-2190-A08",
"DATA-2223-A01",
"DATA-2309-A05",
"DATA-2430-A06",
"DATA-2516-A05",
"DATA-2585-A08",
"DATA-2695-A02",
"DATA-2703-A06",
"DATA-2724-A08",
"DATA-3026-A05",
"DATA-3026-A10",
"DATA-3034-A08",
"DATA-3240-A11",
"DATA-3250-A06",
"DATA-3326-A14",
"DATA-3402",
"DATA-3437-A12",
"DATA-3556-A09",
"DATA-3961-A07",
"DATA-4138-A11",
"DATA-4242-A07",
"DATA-4277-A07",
"DATA-4294-A10",
"DATA-4300-A02",
"DATA-4300-A09",
"DATA-4303-A10",
"DATA-4335-A05",
"DATA-4418-A12",
"DATA-4633-A07",
"DATA-4669",
"DATA-4669-A01",
"DATA-4669-A04",
"DATA-4683-A05",
"DATA-4689-A02",
"DATA-652",
"DATA-652-A06",
"DATA-652-A16",
"DATA-680",
"DATA-716-A01",
"DATA-716-A02",
"DATA-716-A03",
"DATA-716-A04",
"DATA-735-A03",
"DATA-735-A04",
"DATA-827-A04",
"DATA-827-A05",
"DATA-852-A03",
"DATA-852-A12",
"DATA-917-A02",
"DATA-917-A03",
"DATA-917-A05",
"DATA-917-A06",
"DATA-917-A08",
"DATA-917-A10",
"DATA-917-A11",
"DATA-947-A06",
"DATA-947-A11",
"DATA-947-A15",
"DATA-947-A20",
"DATA-969-A02",
"DATA-969-A09",
"DOC-010-A01",
"DOC-010-A03",
"DOC-010-A07",
"FIN-1094-A01",
"FIN-298-A21",
"FIN-696-A11",
"FRD-006",
"GLM-001",
"GLM-001-A02",
"GLM-001-A04",
"GLM-001-A06",
"GOV-0683-A04",
"GOV-0683-A10",
"GOV-0686-A04",
"GOV-0686-A10",
"GOV-0697-A01",
"GOV-0697-A03",
"GOV-1045-A04",
"GOV-1195-A02",
"GOV-1213-A09",
"GOV-1398-A12",
"GOV-1439-A10",
"GOV-2435-A10",
"GOV-2868-A12",
"GOV-3061-A09",
"GOV-3175-A03",
"GOV-3175-A04",
"GOV-3179-A07",
"GOV-3191-A09",
"GOV-3208-A09",
"GOV-322-A11",
"GOV-3500-A02",
"GOV-3805-A01",
"GOV-3805-A07",
"GOV-3805-A08",
"GOV-3805-A09",
"GOV-3846-A05",
"GOV-3853",
"GOV-3853-A03",
"GOV-3865-A03",
"GOV-445-A13",
"GOV-462-A13",
"GOV-640-A30",
"GOV-741-A05",
"GOV-982-A03",
"HLG-001",
"HLT-120-A09",
"HLT-125-A07",
"HLT-181-A08",
"HLT-197-A08",
"HLT-514-A08",
"HLT-528-A02",
"HLT-532-A08",
"HLT-533-A10",
"HLT-558-A07",
"HLT-560-A09",
"HLT-560-A10",
"HLT-560-A18",
"HSM-005",
"IAM-009-A07",
"IAM-009-A10",
"IDA-008",
"IDF-010",
"IDF-010-A02",
"INC-0358-A29",
"INC-091",
"INC-091-A05",
"INC-091-A07",
"INC-091-A08",
"INC-091-A09",
"INC-091-A10",
"INC-1104-A04",
"INC-1153-A05",
"INC-1159-A12",
"INC-1173-A13",
"INC-151-A10",
"INC-205-A02",
"ISS-003-A02",
"KMG-002-A04",
"KST-003-A01",
"KYS-006",
"KYS-006-A08",
"LAB-557-A10",
"LAB-610-A05",
"LOG-045-A17",
"LOG-060-A07",
"LOG-0861-A01",
"LOG-0861-A07",
"LOG-0861-A13",
"LOG-0862-A01",
"LOG-0862-A02",
"LOG-0862-A04",
"LOG-0867-A04",
"LOG-0868-A04",
"LOG-0869-A07",
"LOG-0885-A04",
"LOG-0885-A05",
"LOG-0886-A01",
"LOG-1048-A05",
"LOG-1055",
"LOG-1055-A02",
"LOG-1058-A10",
"LOG-1058-A11",
"LOG-1059-A05",
"LOG-1060",
"LOG-1063",
"LOG-1066-A02",
"LOG-107-A05",
"LOG-1071-A01",
"LOG-1071-A02",
"LOG-1072-A01",
"LOG-1074-A05",
"LOG-1088-A01",
"LOG-1088-A04",
"LOG-1126",
"LOG-1239-A07",
"LOG-1475-A03",
"LOG-1478-A06",
"LOG-1480",
"LOG-1480-A01",
"LOG-1480-A10",
"LOG-1481-A10",
"LOG-1491",
"LOG-1493-A07",
"LOG-1507-A04",
"LOG-1512-A05",
"LOG-1546-A02",
"LOG-1663-A01",
"LOG-1663-A02",
"LOG-1663-A03",
"LOG-1695-A07",
"LOG-1695-A11",
"LOG-1705-A04",
"LOG-1706-A09",
"LOG-1728",
"LOG-1728-A15",
"LOG-1728-A16",
"LOG-1728-A17",
"LOG-1729",
"LOG-1729-A04",
"LOG-1731-A01",
"LOG-1733",
"LOG-1733-A01",
"LOG-1733-A05",
"LOG-1733-A08",
"LOG-1733-A11",
"LOG-1733-A12",
"LOG-1734-A03",
"LOG-1737-A01",
"LOG-1739",
"LOG-1743-A15",
"LOG-1746",
"LOG-1746-A11",
"LOG-1747",
"LOG-1747-A05",
"LOG-1749-A04",
"LOG-1751",
"LOG-1753-A10",
"LOG-1755",
"LOG-1755-A09",
"LOG-1762",
"LOG-1763",
"LOG-1764",
"LOG-1764-A03",
"LOG-1775",
"LOG-1776-A02",
"LOG-1780",
"LOG-1780-A13",
"LOG-1781",
"LOG-1783-A08",
"LOG-1825",
"LOG-1825-A03",
"LOG-1830-A15",
"LOG-1830-A20",
"LOG-1848-A05",
"LOG-1859-A11",
"LOG-1892-A01",
"LOG-1947",
"LOG-1947-A01",
"LOG-1950-A03",
"LOG-1956-A02",
"LOG-1959",
"LOG-1959-A10",
"LOG-2033-A03",
"LOG-2051-A02",
"LOG-2051-A03",
"LOG-2054-A06",
"LOG-2057-A01",
"LOG-2057-A03",
"LOG-2072-A05",
"LOG-2073-A05",
"LOG-2082-A01",
"LOG-2082-A08",
"LOG-407-A18",
"LOG-410-A11",
"LOG-596",
"LOG-596-A01",
"LOG-599",
"LOG-599-A01",
"LOG-605-A05",
"LOG-622",
"LOG-622-A12",
"LOG-622-A13",
"LOG-626",
"LOG-626-A01",
"LOG-626-A02",
"LOG-626-A04",
"LOG-631",
"LOG-633-A07",
"LOG-639",
"LOG-641",
"LOG-641-A02",
"LOG-643-A03",
"LOG-652-A03",
"LOG-652-A07",
"LOG-652-A08",
"LOG-657-A06",
"LOG-667",
"LOG-667-A04",
"LOG-667-A06",
"LOG-667-A07",
"LOG-672",
"LOG-672-A01",
"LOG-675-A03",
"LOG-684-A06",
"LOG-686",
"LOG-686-A01",
"LOG-686-A09",
"LOG-705",
"LOG-706-A10",
"LOG-706-A11",
"LOG-745-A08",
"LOG-745-A09",
"LOG-745-A18",
"LOG-745-A28",
"LOG-745-A29",
"LOG-745-A38",
"LOG-745-A39",
"LOG-745-A49",
"LOG-745-A50",
"LOG-745-A59",
"LOG-774",
"LOG-855",
"LOG-856-A07",
"LOG-856-A17",
"LOG-856-A27",
"LOG-856-A42",
"LOG-856-A47",
"LOG-856-A57",
"LOG-857-A05",
"LOG-857-A25",
"LOG-857-A34",
"LOG-857-A50",
"LOG-857-A58",
"LOG-857-A78",
"LOG-858",
"LOG-899",
"LOG-900-A60",
"LOG-901",
"LOG-901-A05",
"LOG-901-A06",
"LOG-901-A08",
"LOG-910-A06",
"LOG-958-A01",
"LOG-964-A02",
"LOG-966",
"LOG-971-A06",
"LOG-974-A01",
"MBT-003",
"NET-029-A07",
"NET-029-A20",
"NET-1005-A08",
"NET-1143",
"NET-1233",
"NET-1349-A02",
"NET-1445-A06",
"NET-1459-A03",
"NET-1461-A03",
"NET-1613-A12",
"NET-1639-A03",
"NET-1639-A09",
"NET-1689-A11",
"NET-1690-A09",
"NET-1691-A06",
"NET-1751",
"NET-1761-A06",
"NET-374-A04",
"NET-374-A15",
"NET-377",
"NET-798-A04",
"NET-855-A01",
"NET-860-A09",
"NET-959-A01",
"NET-981-A06",
"NET-981-A12",
"PDT-004",
"PHY-003-A04",
"PHY-003-A09",
"PIL-001",
"PLG-001",
"PLG-006-A02",
"RIL-001",
"SEC-029-A14",
"SEC-1044-A03",
"SEC-1045-A09",
"SEC-1144-A14",
"SEC-1144-A25",
"SEC-1144-A39",
"SEC-1144-A53",
"SEC-1144-A67",
"SEC-1226-A06",
"SEC-2118-A08",
"SEC-2172-A08",
"SEC-2623-A07",
"SEC-264-A08",
"SEC-264-A13",
"SEC-264-A18",
"SEC-264-A29",
"SEC-2643-A13",
"SEC-2654-A09",
"SEC-2661-A11",
"SEC-2662-A13",
"SEC-2721-A09",
"SEC-2729-A13",
"SEC-2751-A09",
"SEC-2766-A04",
"SEC-2766-A05",
"SEC-2789-A10",
"SEC-2792-A03",
"SEC-2792-A08",
"SEC-2795-A08",
"SEC-2838-A01",
"SEC-2850-A07",
"SEC-2889-A11",
"SEC-2927-A06",
"SEC-3161-A08",
"SEC-3174-A04",
"SEC-3175-A10",
"SEC-3184-A11",
"SEC-3193-A07",
"SEC-3305",
"SEC-3305-A01",
"SEC-3305-A02",
"SEC-3330",
"SEC-3374-A08",
"SEC-3389-A09",
"SEC-362-A09",
"SEC-362-A11",
"SEC-362-A20",
"SEC-362-A22",
"SEC-3635-A07",
"SEC-3672-A10",
"SEC-3678-A07",
"SEC-383-A09",
"SEC-383-A18",
"SEC-3843-A09",
"SEC-3858-A08",
"SEC-3866",
"SEC-3904-A04",
"SEC-3904-A05",
"SEC-3933-A10",
"SEC-3945-A09",
"SEC-3946-A05",
"SEC-3971-A09",
"SEC-3973-A16",
"SEC-3974-A19",
"SEC-3982-A01",
"SEC-4013-A04",
"SEC-4223-A08",
"SEC-4359-A06",
"SEC-4427-A10",
"SEC-4522-A08",
"SEC-5190-A07",
"SEC-5570-A05",
"SEC-5782-A07",
"SEC-5807-A04",
"SEC-5915-A04",
"SEC-5917-A12",
"SEC-5925-A05",
"SEC-6320-A08",
"SEC-6394-A07",
"SEC-6515-A08",
"SEC-6728-A03",
"SEC-6818-A08",
"SEC-6830-A10",
"SEC-6876-A10",
"SEC-6894",
"SEC-6919-A09",
"SEC-6920",
"SEC-6927-A05",
"SEC-6938-A13",
"SEC-6993-A11",
"SEC-7169-A05",
"SEC-7436-A04",
"SEC-7436-A11",
"SEC-7480-A09",
"SEC-7595-A05",
"SEC-7595-A10",
"SEC-7705",
"SEC-7705-A01",
"SEC-7971-A04",
"SEC-8002-A10",
"SEC-8014-A12",
"SEC-8015-A08",
"SEC-8051-A06",
"SEC-8062-A04",
"SEC-8106-A07",
"SEC-8226-A09",
"SEC-8246-A03",
"SEC-8257-A06",
"SEC-8257-A13",
"SEC-8286-A09",
"SEC-8295",
"SEC-830-A12",
"SEC-834-A24",
"SEC-836-A02",
"SEC-836-A18",
"SEC-8363-A06",
"SEC-8874-A02",
"SEC-8911-A13",
"SEC-9001-A03",
"SEC-9065-A16",
"SEC-9068-A05",
"SEC-9096-A07",
"SEC-9134",
"SEC-9197-A13",
"SIG-008",
"TPM-004",
"TPM-004-A07",
"TRD-532-A07",
"TSA-006-A02",
"TSA-006-A04"
],
"member_count": 961,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.95,
"source_meta_cluster": "M1",
"cluster_size": 412,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "access_control_event_logging",
"name": "Protokollierung von Zugriffskontrollentscheidungen",
"description": "Erlaubte und abgewiesene Zugriffsentscheidungen, insbesondere fuer privilegierte/administrative Konten und unberechtigte Zugriffsversuche, werden protokolliert.",
"tier": "LEGAL_MINIMUM",
"subdomain": "access_logging",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "LEGAL_BASIS",
"legal_basis": [
{
"source": "CRA",
"anchor": "Annex I Part I (2)(k)",
"citation": "recording and monitoring access to or modification of data, services or functions"
}
],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AC-2/AU-12",
"role": "best_practice"
},
{
"source": "OWASP",
"anchor": "API1 BOLA",
"role": "best_practice"
}
],
"member_review_units": [
"M0",
"M2",
"M3",
"M27",
"M36",
"M80",
"M84",
"M95"
],
"member_controls": [
"ACC-005",
"ACC-188-A11",
"ACC-188-A22",
"ACC-188-A41",
"ACC-188-A54",
"ACC-189-A11",
"ACC-189-A24",
"ACC-189-A50",
"ACC-189-A63",
"ACC-195-A09",
"ACC-195-A19",
"ACC-195-A31",
"ACC-195-A41",
"ACC-195-A50",
"ACC-199-A11",
"ACC-199-A22",
"ACC-199-A44",
"ACC-199-A55",
"ACC-449",
"ACC-470-A15",
"ACC-474-A11",
"ACC-476-A05",
"ACC-484-A05",
"ACC-487-A01",
"ACC-512-A10",
"ACC-533-A10",
"ACC-578-A08",
"ACC-584-A06",
"ACC-584-A12",
"ACC-598-A05",
"ACC-612-A08",
"ACC-631-A09",
"ACC-642-A06",
"ACC-659",
"ACC-686-A03",
"ACC-695",
"ACC-695-A05",
"ACC-703",
"ACC-717",
"ACC-734",
"ACC-735",
"ACC-757-A01",
"AI-1131-A07",
"AI-1241-A10",
"AI-1389-A08",
"AI-1390-A05",
"AI-1392-A07",
"AI-1559-A08",
"AI-1602-A02",
"AI-1602-A05",
"AI-1624-A04",
"API-005",
"AUD-001",
"AUTH-1061-A19",
"AUTH-1061-A77",
"AUTH-1102-A14",
"AUTH-112",
"AUTH-112-A11",
"AUTH-112-A24",
"AUTH-1290",
"AUTH-1292-A02",
"AUTH-1303-A08",
"AUTH-1443-A07",
"AUTH-1448-A01",
"AUTH-1455",
"AUTH-1455-A07",
"AUTH-1459-A09",
"AUTH-1466-A09",
"AUTH-148-A05",
"AUTH-1525-A04",
"AUTH-1530-A07",
"AUTH-1538",
"AUTH-1538-A10",
"AUTH-1559",
"AUTH-1589-A10",
"AUTH-1668-A09",
"AUTH-1682-A08",
"AUTH-1699-A07",
"AUTH-1705-A12",
"AUTH-1716-A03",
"AUTH-1818-A11",
"AUTH-1834-A06",
"AUTH-1862-A09",
"AUTH-1886-A09",
"AUTH-2406",
"AUTH-2411",
"AUTH-2419-A06",
"AUTH-2461-A04",
"AUTH-2466-A04",
"AUTH-2544-A05",
"AUTH-2544-A10",
"AUTH-2546-A03",
"AUTH-2547",
"AUTH-2547-A02",
"AUTH-2550-A13",
"AUTH-2650-A05",
"AUTH-2785-A04",
"AUTH-2809-A08",
"AUTH-2830-A07",
"AUTH-2855-A06",
"AUTH-2879-A06",
"AUTH-2879-A11",
"AUTH-2919",
"AUTH-2919-A08",
"AUTH-2919-A09",
"AUTH-2919-A10",
"AUTH-2941-A01",
"AUTH-2941-A02",
"AUTH-2947-A01",
"AUTH-2965-A03",
"AUTH-2970-A06",
"AUTH-3025",
"AUTH-3082-A09",
"AUTH-3089-A08",
"AUTH-3171-A10",
"AUTH-3228-A04",
"AUTH-3246-A11",
"AUTH-3252-A04",
"AUTH-3252-A07",
"AUTH-3296-A01",
"AUTH-3350-A01",
"AUTH-3452-A07",
"AUTH-3478-A08",
"AUTH-3591-A05",
"AUTH-3592-A05",
"AUTH-3595-A05",
"AUTH-3595-A11",
"AUTH-3633-A07",
"AUTH-3665-A01",
"AUTH-3680-A03",
"AUTH-3683",
"AUTH-3686-A09",
"AUTH-3687-A01",
"AUTH-3687-A02",
"AUTH-3687-A06",
"AUTH-3688",
"AUTH-3894",
"AUTH-3917-A09",
"AUTH-3917-A13",
"AUTH-3930-A11",
"AUTH-4045",
"AUTH-4045-A01",
"AUTH-4045-A04",
"AUTH-4049-A02",
"AUTH-4075-A03",
"AUTH-4095-A05",
"AUTH-4095-A09",
"AUTH-639-A07",
"AUTH-785",
"AUTH-857-A03",
"COMP-1625-A08",
"COMP-1639-A04",
"COMP-1891-A04",
"COMP-1891-A08",
"COMP-1919-A10",
"COMP-1936-A07",
"COMP-2128",
"COMP-2128-A06",
"COMP-2428-A08",
"COMP-2724",
"COMP-2724-A03",
"COMP-2734-A09",
"COMP-2780-A05",
"COMP-2780-A14",
"COMP-2928-A02",
"COMP-3297-A04",
"COMP-3309-A05",
"COMP-3309-A10",
"COMP-3322-A01",
"COMP-3322-A02",
"COMP-3322-A06",
"COMP-3322-A10",
"COMP-3326-A01",
"COMP-3326-A14",
"COMP-3327-A06",
"COMP-3339-A10",
"COMP-3378-A08",
"COMP-3436-A09",
"COMP-3449-A01",
"COMP-3521-A05",
"COMP-3658",
"COMP-3733-A08",
"COMP-3733-A09",
"COMP-3739-A03",
"COMP-3983-A04",
"COMP-3983-A05",
"COMP-4009-A03",
"COMP-4059",
"COMP-4059-A01",
"COMP-4059-A02",
"CRA-006",
"CRYP-1043-A09",
"CRYP-1063-A10",
"CRYP-1079-A10",
"CRYP-1106-A11",
"CRYP-1160-A05",
"CRYP-1179-A05",
"CRYP-1252-A06",
"CRYP-1720-A08",
"CRYP-1725-A04",
"CRYP-1751-A07",
"CRYP-1787-A06",
"CRYP-1814-A14",
"CRYP-1881-A04",
"CRYP-190-A10",
"CRYP-1907-A05",
"CRYP-1907-A09",
"CRYP-2028-A01",
"CRYP-2036-A11",
"CRYP-2158-A11",
"CRYP-2184-A08",
"CRYP-2282-A06",
"CRYP-2330-A04",
"CRYP-348-A02",
"CRYP-781-A07",
"CRYP-827-A08",
"CRYP-957-A11",
"DATA-1065",
"DATA-1163-A11",
"DATA-1167",
"DATA-1228-A10",
"DATA-1230-A08",
"DATA-1240-A13",
"DATA-1247-A07",
"DATA-1253-A08",
"DATA-1257",
"DATA-1267",
"DATA-1273-A02",
"DATA-1273-A10",
"DATA-1349",
"DATA-1349-A03",
"DATA-1461",
"DATA-1490-A06",
"DATA-1517-A06",
"DATA-1730-A06",
"DATA-1732-A10",
"DATA-1851-A05",
"DATA-1945-A17",
"DATA-2014-A10",
"DATA-202",
"DATA-202-A01",
"DATA-202-A02",
"DATA-2057-A09",
"DATA-2190-A08",
"DATA-2223-A01",
"DATA-2430-A06",
"DATA-2516-A05",
"DATA-2585-A08",
"DATA-2703-A06",
"DATA-3026-A05",
"DATA-3034-A08",
"DATA-3240-A11",
"DATA-3250-A06",
"DATA-3326-A14",
"DATA-3367-A04",
"DATA-3556-A09",
"DATA-4138-A11",
"DATA-4335-A05",
"DATA-4345-A05",
"DATA-4364",
"DATA-4633-A07",
"DATA-4634-A01",
"DATA-4670-A08",
"DATA-4683-A05",
"DATA-4689-A02",
"FIN-1094-A01",
"FIN-696-A11",
"FRD-006",
"GLM-001",
"GOV-1398-A12",
"GOV-1439-A10",
"GOV-2868-A12",
"GOV-3179-A07",
"GOV-3191-A09",
"GOV-3208-A09",
"GOV-3256-A12",
"GOV-3500-A02",
"GOV-3805-A01",
"GOV-3805-A07",
"GOV-3805-A08",
"GOV-3805-A09",
"GOV-3846-A05",
"GOV-485-A07",
"GOV-485-A18",
"GOV-982-A03",
"HLT-125-A07",
"HLT-181-A08",
"HLT-262-A02",
"HLT-514-A08",
"HLT-515-A03",
"HLT-528-A02",
"HLT-532-A08",
"HLT-533-A10",
"HLT-558-A07",
"HLT-560-A09",
"HLT-560-A10",
"HSM-005",
"IDA-008",
"IDF-010",
"INC-1104-A04",
"INC-1153-A05",
"INC-1159-A12",
"INC-1173-A13",
"INC-1230-A04",
"INC-917",
"KST-003-A01",
"KYS-006",
"LAB-557-A10",
"LAB-610-A05",
"LOG-001-A01",
"LOG-001-A02",
"LOG-0860-A05",
"LOG-1019",
"LOG-1019-A01",
"LOG-1019-A02",
"LOG-1019-A03",
"LOG-1032",
"LOG-1032-A03",
"LOG-1041-A02",
"LOG-1042-A01",
"LOG-1046-A07",
"LOG-1052-A08",
"LOG-1054-A02",
"LOG-1054-A03",
"LOG-1054-A04",
"LOG-1054-A09",
"LOG-1058-A03",
"LOG-1058-A06",
"LOG-1059-A06",
"LOG-1060",
"LOG-1066",
"LOG-1066-A01",
"LOG-1071-A01",
"LOG-1074-A05",
"LOG-1087-A12",
"LOG-1126",
"LOG-1126-A02",
"LOG-1239-A07",
"LOG-1478-A08",
"LOG-1480-A10",
"LOG-1491",
"LOG-1493-A07",
"LOG-1507-A04",
"LOG-1546-A02",
"LOG-1546-A09",
"LOG-1549-A02",
"LOG-1664",
"LOG-1664-A01",
"LOG-1679-A06",
"LOG-1705-A04",
"LOG-1706-A09",
"LOG-1728",
"LOG-1728-A15",
"LOG-1728-A16",
"LOG-1729",
"LOG-1733",
"LOG-1733-A05",
"LOG-1733-A08",
"LOG-1733-A12",
"LOG-1734-A03",
"LOG-1737-A01",
"LOG-1746",
"LOG-1746-A11",
"LOG-1747",
"LOG-1747-A05",
"LOG-1751",
"LOG-1755",
"LOG-1763",
"LOG-1764",
"LOG-1764-A03",
"LOG-1775",
"LOG-1780",
"LOG-1781",
"LOG-1783-A08",
"LOG-1825-A03",
"LOG-1830-A18",
"LOG-1848-A05",
"LOG-1945-A05",
"LOG-1947",
"LOG-1947-A01",
"LOG-1951-A04",
"LOG-1954-A04",
"LOG-1959",
"LOG-1959-A02",
"LOG-2021-A05",
"LOG-2021-A09",
"LOG-2021-A10",
"LOG-2023",
"LOG-2033-A03",
"LOG-2073-A05",
"LOG-2082-A01",
"LOG-2082-A08",
"LOG-641-A04",
"LOG-641-A05",
"LOG-641-A06",
"LOG-657-A06",
"LOG-667-A07",
"LOG-745-A10",
"LOG-745-A19",
"LOG-745-A20",
"LOG-745-A30",
"LOG-745-A40",
"LOG-745-A41",
"LOG-745-A51",
"LOG-745-A60",
"LOG-857-A05",
"LOG-857-A25",
"LOG-857-A34",
"LOG-857-A50",
"LOG-857-A58",
"LOG-857-A78",
"LOG-901",
"LOG-901-A06",
"LOG-910-A06",
"LOG-964",
"LOG-964-A01",
"LOG-967-A02",
"LOG-974-A04",
"MBT-003",
"NET-1347-A05",
"NET-1349-A02",
"NET-1459-A03",
"NET-1461-A03",
"NET-1612-A04",
"NET-1613-A12",
"NET-1639-A03",
"NET-1639-A09",
"NET-1689-A12",
"NET-1691-A07",
"NET-546-A45",
"NET-855-A01",
"NET-860-A09",
"NET-981-A06",
"PDT-004",
"PIL-001",
"SEC-1045-A09",
"SEC-2028",
"SEC-2118-A08",
"SEC-2180",
"SEC-2643-A13",
"SEC-2654-A09",
"SEC-2721-A09",
"SEC-2729-A13",
"SEC-2766-A04",
"SEC-2766-A05",
"SEC-2795-A08",
"SEC-2837-A05",
"SEC-2837-A10",
"SEC-2850-A07",
"SEC-2889-A11",
"SEC-2927-A06",
"SEC-3374-A08",
"SEC-3635-A07",
"SEC-3672-A10",
"SEC-3678-A07",
"SEC-383-A09",
"SEC-383-A18",
"SEC-3843-A09",
"SEC-3858-A08",
"SEC-3904-A05",
"SEC-3971-A09",
"SEC-3973-A16",
"SEC-4013-A04",
"SEC-4223-A08",
"SEC-4359-A06",
"SEC-4427-A10",
"SEC-450",
"SEC-4522-A08",
"SEC-5122-A09",
"SEC-5570-A05",
"SEC-5807-A04",
"SEC-5915-A04",
"SEC-5925-A05",
"SEC-6394-A07",
"SEC-6818-A08",
"SEC-6876-A10",
"SEC-6919-A09",
"SEC-6927-A05",
"SEC-6993-A11",
"SEC-7169-A05",
"SEC-7398-A04",
"SEC-7436-A04",
"SEC-7436-A11",
"SEC-7480-A09",
"SEC-7532-A09",
"SEC-7595-A05",
"SEC-7971-A04",
"SEC-7971-A06",
"SEC-8015-A08",
"SEC-8051-A06",
"SEC-8128",
"SEC-8226-A09",
"SEC-8246-A03",
"SEC-8257-A06",
"SEC-8295",
"SEC-8295-A07",
"SEC-8363-A06",
"SEC-8874",
"SEC-8874-A02",
"SEC-8911-A13",
"SEC-8930",
"SEC-9001-A03",
"SEC-9065-A16",
"SEC-9134-A08",
"SIG-008"
],
"member_count": 505,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.92,
"source_meta_cluster": "M0",
"cluster_size": 365,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "audit_trail_admin_actions",
"name": "Audit-Trail administrativer und genehmigungspflichtiger Aktionen",
"description": "Administrative Aktionen, Genehmigungsentscheidungen und temporaere Befugnisse werden nachvollziehbar im Audit-Trail erfasst.",
"tier": "LEGAL_MINIMUM",
"subdomain": "admin_audit",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "LEGAL_BASIS",
"legal_basis": [
{
"source": "CRA",
"anchor": "Annex I Part I (2)(k)",
"citation": "monitor relevant internal activity including access to or modification of functions"
}
],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AU-2/AC-6",
"role": "best_practice"
}
],
"member_review_units": [
"M4",
"M5",
"M61",
"M40",
"M53",
"M45"
],
"member_controls": [
"ACC-483-A03",
"ACC-524-A06",
"ACC-534-A09",
"ACC-576-A10",
"ACC-576-A11",
"ACC-576-A17",
"ACC-686",
"ACC-734-A08",
"AI-1003-A05",
"AI-1003-A09",
"AI-1013-A05",
"AI-1387-A05",
"AI-1387-A10",
"AI-1389-A04",
"AI-1625-A06",
"AI-1625-A07",
"AI-1625-A08",
"AI-1701-A03",
"AUTH-1275-A05",
"AUTH-1444-A08",
"AUTH-1553-A02",
"AUTH-1553-A06",
"AUTH-1605-A02",
"AUTH-1605-A03",
"AUTH-1725-A04",
"AUTH-1886-A04",
"AUTH-2785-A02",
"AUTH-3034-A04",
"AUTH-3200-A03",
"AUTH-3200-A10",
"AUTH-3307-A09",
"AUTH-3338-A03",
"AUTH-3338-A16",
"AUTH-3473-A10",
"AUTH-3479-A01",
"AUTH-3510-A09",
"AUTH-3526-A02",
"AUTH-3667-A01",
"AUTH-3678",
"AUTH-3710",
"AUTH-3994-A11",
"AUTH-4115-A13",
"AUTH-663-A03",
"BIO-009-A02",
"COMP-1272-A10",
"COMP-1423-A06",
"COMP-1442-A12",
"COMP-2031-A06",
"COMP-2084-A05",
"COMP-2434",
"COMP-2726-A08",
"COMP-2734-A02",
"COMP-3305-A03",
"COMP-3309-A02",
"COMP-3309-A03",
"COMP-3309-A08",
"COMP-3313",
"COMP-3317-A04",
"COMP-3328-A01",
"COMP-3330",
"COMP-3330-A01",
"COMP-3330-A02",
"COMP-3351-A03",
"COMP-3514-A03",
"COMP-3514-A06",
"COMP-3634-A05",
"COMP-3696-A01",
"COMP-3981-A02",
"COMP-3981-A03",
"COMP-4000-A07",
"COMP-4058",
"COMP-4058-A07",
"COMP-4088",
"CRYP-1094-A04",
"CRYP-1210-A08",
"CRYP-1238-A05",
"CRYP-1641-A08",
"CRYP-1803-A01",
"CRYP-1861-A09",
"CRYP-2027-A08",
"CRYP-2184-A03",
"CRYP-2301",
"CRYP-389-A04",
"CRYP-867-A04",
"DATA-1164-A07",
"DATA-1289-A12",
"DATA-1348-A01",
"DATA-1745-A02",
"DATA-1745-A06",
"DATA-1769-A03",
"DATA-2309-A03",
"DATA-2373-A01",
"DATA-2533-A03",
"DATA-2533-A08",
"DATA-2695-A09",
"DATA-2988-A08",
"DATA-3272-A01",
"DATA-3278-A02",
"DATA-3438-A04",
"DATA-3477-A06",
"DATA-3698-A16",
"DATA-3968-A03",
"DATA-4025-A03",
"DATA-4198-A04",
"DATA-4327-A04",
"DATA-4364-A04",
"DATA-4633-A08",
"GOV-1195",
"GOV-1206-A03",
"GOV-1206-A08",
"GOV-1404-A09",
"GOV-1438-A04",
"GOV-1438-A08",
"GOV-1751-A01",
"GOV-2302-A03",
"GOV-2444-A08",
"GOV-2791-A04",
"GOV-3005-A08",
"GOV-3052-A05",
"GOV-3134-A08",
"GOV-3134-A13",
"GOV-3173-A09",
"GOV-3175-A02",
"GOV-3191-A05",
"GOV-3220",
"GOV-3258-A03",
"GOV-3258-A08",
"GOV-3426-A03",
"GOV-3427-A12",
"GOV-3805",
"GOV-3805-A04",
"GOV-3805-A05",
"GOV-3805-A06",
"GOV-3821-A10",
"GOV-3849-A01",
"GOV-3853",
"GOV-3853-A03",
"GOV-771-A06",
"INC-1150-A14",
"INC-1299-A06",
"INC-1334-A04",
"INC-364-A08",
"INC-434",
"INC-881-A12",
"INC-892-A05",
"INC-892-A11",
"LAB-452-A06",
"LOG-0862-A01",
"LOG-0862-A02",
"LOG-0862-A04",
"LOG-0887-A04",
"LOG-0887-A05",
"LOG-0887-A06",
"LOG-1046-A05",
"LOG-1058-A10",
"LOG-1059-A05",
"LOG-1088",
"LOG-1475",
"LOG-1475-A05",
"LOG-1511-A05",
"LOG-1511-A06",
"LOG-1663-A01",
"LOG-1700-A03",
"LOG-1743-A12",
"LOG-1762-A02",
"LOG-1777",
"LOG-1784-A05",
"LOG-1946-A09",
"LOG-2033-A04",
"LOG-2037-A08",
"LOG-2064-A07",
"LOG-631",
"LOG-899-A05",
"LOG-899-A18",
"LOG-899-A28",
"LOG-899-A38",
"NET-1449-A08",
"NET-1487-A08",
"NET-1689-A01",
"NET-1760-A05",
"NET-975-A04",
"NET-983-A08",
"SEC-2710-A06",
"SEC-2740-A11",
"SEC-2753-A08",
"SEC-2754-A09",
"SEC-2787-A04",
"SEC-2792-A07",
"SEC-2876-A09",
"SEC-2886-A03",
"SEC-2983-A05",
"SEC-3175-A04",
"SEC-3176-A05",
"SEC-3176-A12",
"SEC-3412-A12",
"SEC-362-A04",
"SEC-362-A16",
"SEC-3859-A03",
"SEC-3894-A06",
"SEC-3946",
"SEC-3946-A05",
"SEC-3982-A05",
"SEC-4013",
"SEC-5227-A08",
"SEC-5308-A10",
"SEC-5645-A05",
"SEC-5656-A04",
"SEC-5794-A10",
"SEC-5843",
"SEC-6137-A05",
"SEC-6570-A06",
"SEC-6847-A05",
"SEC-6856-A04",
"SEC-6929-A04",
"SEC-6929-A08",
"SEC-7452-A05",
"SEC-7590-A01",
"SEC-7617-A05",
"SEC-7675-A02",
"SEC-7945-A04",
"SEC-7959-A08",
"SEC-8187-A04",
"SEC-8200-A07",
"SEC-8284-A05",
"SEC-8801-A05",
"SEC-9134"
],
"member_count": 226,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.9,
"source_meta_cluster": "M4",
"cluster_size": 75,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "log_integrity_immutability",
"name": "Integritaet und Unveraenderbarkeit der Logs",
"description": "Audit-Logs werden gegen unbefugte Aenderung oder Loeschung geschuetzt (WORM/Append-Only, Integritaetssicherung, revisionssichere Speicherung).",
"tier": "LEGAL_MINIMUM",
"subdomain": "log_integrity",
"applicability": "universal",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": true
},
"source_role": "LEGAL_BASIS",
"legal_basis": [
{
"source": "CRA",
"anchor": "Annex I Part I (2)(k)",
"citation": "recording and monitoring ... in a secure manner"
}
],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AU-9 Protection of Audit Information",
"role": "best_practice"
},
{
"source": "ISO",
"anchor": "ISO 27001 A.8.15",
"role": "best_practice"
}
],
"member_review_units": [
"M1",
"M41",
"M57",
"M17",
"M28",
"M83",
"M65",
"M37",
"M24"
],
"member_controls": [
"ACC-0320-A14",
"ACC-0320-A15",
"ACC-086",
"ACC-086-A03",
"ACC-086-A04",
"ACC-086-A05",
"ACC-086-A07",
"ACC-086-A11",
"ACC-086-A16",
"ACC-086-A17",
"ACC-086-A19",
"ACC-086-A23",
"ACC-086-A24",
"ACC-089-A09",
"ACC-089-A16",
"ACC-175-A06",
"ACC-175-A15",
"ACC-210-A13",
"ACC-210-A20",
"ACC-210-A27",
"ACC-210-A34",
"ACC-476-A08",
"ACC-499-A07",
"ACC-623-A09",
"ACC-642-A07",
"ACC-686-A06",
"ACC-686-A07",
"ACC-746-A07",
"ACL-002-A02",
"ACL-002-A04",
"ACL-002-A06",
"ACL-002-A08",
"AI-031-A19",
"AI-099-A29",
"AI-1597-A01",
"AI-594-A11",
"AI-648-A09",
"AI-684-A12",
"AI-760-A40",
"AI-942-A56",
"AI-942-A68",
"AI-951-A37",
"AUTH-079-A28",
"AUTH-1048-A71",
"AUTH-1441-A12",
"AUTH-1514-A12",
"AUTH-1669-A10",
"AUTH-1723-A01",
"AUTH-1723-A09",
"AUTH-2415",
"AUTH-2415-A07",
"AUTH-2415-A08",
"AUTH-2415-A13",
"AUTH-2448-A10",
"AUTH-2593-A03",
"AUTH-2593-A08",
"AUTH-2650-A11",
"AUTH-2734-A07",
"AUTH-2784-A06",
"AUTH-2836-A07",
"AUTH-2881-A07",
"AUTH-2903-A10",
"AUTH-2905-A05",
"AUTH-2941-A03",
"AUTH-3025-A13",
"AUTH-3199-A04",
"AUTH-3246-A03",
"AUTH-3338-A17",
"AUTH-3667",
"AUTH-3715-A11",
"AUTH-3904",
"AUTH-3936-A17",
"AUTH-4032-A07",
"AUTH-523",
"AUTH-523-A04",
"AUTH-552",
"AUTH-552-A01",
"AUTH-552-A03",
"AUTH-552-A04",
"AUTH-552-A07",
"AUTH-552-A08",
"AUTH-552-A09",
"AUTH-552-A13",
"AUTH-595-A09",
"AUTH-616-A08",
"AUTH-633-A11",
"AUTH-656",
"AUTH-656-A01",
"AUTH-656-A02",
"AUTH-656-A03",
"AUTH-656-A04",
"AUTH-656-A05",
"AUTH-656-A06",
"AUTH-656-A07",
"AUTH-656-A08",
"AUTH-656-A09",
"AUTH-656-A10",
"AUTH-656-A12",
"AUTH-656-A13",
"AUTH-656-A14",
"AUTH-656-A15",
"AUTH-656-A16",
"AUTH-656-A17",
"AUTH-656-A18",
"AUTH-656-A24",
"AUTH-656-A26",
"AUTH-656-A27",
"AUTH-663",
"AUTH-663-A01",
"AUTH-678-A06",
"AUTH-734-A04",
"AUTH-760-A03",
"AUTH-856-A04",
"AUTH-856-A15",
"AUTH-856-A26",
"AUTH-856-A37",
"AUTH-856-A48",
"AUTH-902-A03",
"BIO-009-A03",
"COMP-1053-A04",
"COMP-1053-A08",
"COMP-1103-A05",
"COMP-1103-A09",
"COMP-1103-A14",
"COMP-1150-A05",
"COMP-1150-A08",
"COMP-1150-A11",
"COMP-116-A09",
"COMP-116-A18",
"COMP-1231-A28",
"COMP-1247-A02",
"COMP-1247-A10",
"COMP-1247-A18",
"COMP-1247-A26",
"COMP-1247-A34",
"COMP-1247-A42",
"COMP-1249-A04",
"COMP-1249-A11",
"COMP-1249-A24",
"COMP-1249-A29",
"COMP-1249-A37",
"COMP-1249-A47",
"COMP-1249-A52",
"COMP-1249-A64",
"COMP-1249-A71",
"COMP-178-A08",
"COMP-178-A19",
"COMP-1919-A13",
"COMP-2462-A05",
"COMP-2734",
"COMP-2734-A04",
"COMP-2734-A05",
"COMP-2734-A11",
"COMP-2752",
"COMP-2752-A01",
"COMP-2752-A02",
"COMP-2752-A04",
"COMP-2768",
"COMP-2775",
"COMP-2775-A05",
"COMP-3280-A01",
"COMP-3292-A02",
"COMP-3301-A08",
"COMP-3304",
"COMP-3306",
"COMP-3306-A07",
"COMP-3306-A08",
"COMP-3309",
"COMP-3309-A04",
"COMP-3309-A07",
"COMP-3312-A05",
"COMP-3318",
"COMP-3324-A06",
"COMP-3326-A05",
"COMP-3326-A07",
"COMP-3326-A12",
"COMP-3327",
"COMP-3327-A03",
"COMP-3332",
"COMP-3339",
"COMP-3339-A03",
"COMP-3339-A06",
"COMP-3339-A08",
"COMP-3343-A01",
"COMP-3351",
"COMP-3351-A01",
"COMP-3351-A02",
"COMP-3351-A04",
"COMP-3351-A07",
"COMP-3362",
"COMP-3362-A01",
"COMP-3442-A15",
"COMP-356-A06",
"COMP-3696-A06",
"COMP-3733",
"COMP-4059-A11",
"COMP-4088-A12",
"COMP-498-A03",
"COMP-498-A04",
"COMP-714-A06",
"COMP-786-A06",
"COMP-786-A11",
"COMP-786-A20",
"COMP-786-A25",
"COMP-911",
"COMP-911-A02",
"COMP-911-A04",
"CRA-006-A03",
"CRA-006-A04",
"CRYP-1014-A07",
"CRYP-1044-A13",
"CRYP-118-A11",
"CRYP-1247",
"CRYP-1247-A01",
"CRYP-1451-A05",
"CRYP-1477-A09",
"CRYP-1855",
"CRYP-186-A10",
"CRYP-186-A21",
"CRYP-1881-A12",
"CRYP-1892-A11",
"CRYP-1910-A10",
"CRYP-1968-A18",
"CRYP-2027-A10",
"CRYP-2168-A08",
"CRYP-225-A06",
"CRYP-285-A03",
"CRYP-376-A09",
"CRYP-389-A13",
"DATA-002-A09",
"DATA-1135-A08",
"DATA-1164-A10",
"DATA-1235-A05",
"DATA-1235-A11",
"DATA-1237-A05",
"DATA-137-A21",
"DATA-2017-A04",
"DATA-2213-A02",
"DATA-2309",
"DATA-2309-A01",
"DATA-2309-A05",
"DATA-2309-A07",
"DATA-2695-A02",
"DATA-2724-A08",
"DATA-3026-A10",
"DATA-3437-A12",
"DATA-4242-A07",
"DATA-4277-A07",
"DATA-4294-A10",
"DATA-4303-A10",
"DATA-4556-A04",
"DATA-4633-A03",
"DATA-716-A01",
"DATA-716-A02",
"DATA-716-A03",
"DATA-716-A04",
"DATA-827-A04",
"DATA-827-A05",
"DATA-827-A06",
"DATA-917-A02",
"DATA-917-A03",
"DATA-917-A05",
"DATA-917-A06",
"DATA-917-A08",
"DATA-917-A10",
"DATA-917-A11",
"DATA-947-A02",
"DATA-947-A03",
"DATA-947-A06",
"DATA-947-A11",
"DATA-947-A15",
"DATA-947-A16",
"DATA-947-A17",
"DATA-947-A20",
"DOC-010-A01",
"DOC-010-A03",
"DOC-010-A07",
"FIN-298-A21",
"GLM-001-A02",
"GLM-001-A04",
"GOV-0683-A04",
"GOV-0683-A10",
"GOV-0686-A04",
"GOV-0686-A10",
"GOV-0697-A01",
"GOV-0697-A03",
"GOV-1045-A04",
"GOV-1195-A02",
"GOV-1540",
"GOV-1540-A01",
"GOV-2435-A10",
"GOV-3061-A09",
"GOV-3175-A03",
"GOV-3175-A04",
"GOV-322-A11",
"GOV-445-A13",
"GOV-462-A13",
"GOV-640-A30",
"GOV-741-A05",
"HLT-120-A09",
"HLT-148-A03",
"HLT-148-A07",
"HLT-560-A18",
"IAM-009-A07",
"IAM-009-A10",
"IDF-010-A02",
"INC-0358-A29",
"INC-091",
"INC-091-A05",
"INC-091-A07",
"INC-091-A08",
"INC-091-A09",
"INC-091-A10",
"INC-151-A10",
"INC-188-A05",
"INC-205-A02",
"ISS-003-A02",
"KMG-002-A04",
"KYS-006-A08",
"LOG-045-A17",
"LOG-060-A07",
"LOG-0861-A01",
"LOG-0861-A07",
"LOG-0861-A13",
"LOG-0863",
"LOG-0863-A01",
"LOG-0867-A04",
"LOG-0868-A04",
"LOG-0869-A07",
"LOG-0874-A01",
"LOG-0874-A02",
"LOG-0874-A04",
"LOG-0874-A06",
"LOG-0879-A03",
"LOG-0885-A04",
"LOG-0885-A05",
"LOG-0886-A01",
"LOG-1048-A05",
"LOG-1066-A02",
"LOG-107-A05",
"LOG-1088-A01",
"LOG-1088-A04",
"LOG-1478-A06",
"LOG-1480",
"LOG-1480-A01",
"LOG-1481-A10",
"LOG-1512-A05",
"LOG-1695-A11",
"LOG-1728-A17",
"LOG-1762-A03",
"LOG-1830-A20",
"LOG-1859-A11",
"LOG-1892-A01",
"LOG-1959-A10",
"LOG-2028-A05",
"LOG-2037",
"LOG-2054-A06",
"LOG-2065",
"LOG-2067-A05",
"LOG-341",
"LOG-407-A18",
"LOG-410-A11",
"LOG-595-A08",
"LOG-596",
"LOG-596-A01",
"LOG-599",
"LOG-599-A01",
"LOG-605-A05",
"LOG-622",
"LOG-622-A12",
"LOG-622-A13",
"LOG-626-A04",
"LOG-633-A07",
"LOG-643",
"LOG-643-A01",
"LOG-643-A02",
"LOG-643-A03",
"LOG-652-A03",
"LOG-652-A07",
"LOG-652-A08",
"LOG-667",
"LOG-667-A04",
"LOG-667-A06",
"LOG-684-A06",
"LOG-686",
"LOG-686-A01",
"LOG-686-A09",
"LOG-705",
"LOG-706-A10",
"LOG-706-A11",
"LOG-711",
"LOG-711-A18",
"LOG-745-A08",
"LOG-745-A09",
"LOG-745-A18",
"LOG-745-A28",
"LOG-745-A29",
"LOG-745-A38",
"LOG-745-A39",
"LOG-745-A49",
"LOG-745-A50",
"LOG-745-A59",
"LOG-855",
"LOG-856-A07",
"LOG-856-A17",
"LOG-856-A27",
"LOG-856-A42",
"LOG-856-A47",
"LOG-856-A57",
"LOG-857",
"LOG-858",
"LOG-899",
"LOG-900-A60",
"LOG-901-A08",
"LOG-962-A06",
"LOG-966",
"LOG-974-A01",
"NET-029-A07",
"NET-029-A20",
"NET-1143",
"NET-1689-A11",
"NET-374-A04",
"NET-374-A15",
"NET-377",
"NET-798-A04",
"NET-981-A12",
"PHY-003-A04",
"PHY-003-A09",
"PLG-006-A02",
"REL-001-A01",
"REL-001-A07",
"SEC-038-A07",
"SEC-038-A08",
"SEC-1044-A03",
"SEC-1144-A14",
"SEC-1144-A25",
"SEC-1144-A39",
"SEC-1144-A53",
"SEC-1144-A67",
"SEC-2172-A08",
"SEC-2392-A10",
"SEC-2623-A07",
"SEC-264-A08",
"SEC-264-A13",
"SEC-264-A18",
"SEC-264-A29",
"SEC-2645-A02",
"SEC-2751-A09",
"SEC-2789-A10",
"SEC-2792",
"SEC-2792-A01",
"SEC-2792-A03",
"SEC-2792-A08",
"SEC-2792-A09",
"SEC-2838-A01",
"SEC-3161-A08",
"SEC-3174-A04",
"SEC-3175-A10",
"SEC-3184-A11",
"SEC-3389-A09",
"SEC-362-A09",
"SEC-362-A11",
"SEC-362-A20",
"SEC-362-A22",
"SEC-3866",
"SEC-3895-A09",
"SEC-3904-A04",
"SEC-3915-A05",
"SEC-3933-A05",
"SEC-3933-A10",
"SEC-3937-A03",
"SEC-3945-A09",
"SEC-3974-A19",
"SEC-3982-A01",
"SEC-5136-A09",
"SEC-5782-A07",
"SEC-5917-A12",
"SEC-6320-A08",
"SEC-6515-A08",
"SEC-6830-A10",
"SEC-6894",
"SEC-6938-A13",
"SEC-7562-A03",
"SEC-7595-A10",
"SEC-7705-A01",
"SEC-8002-A10",
"SEC-8014-A12",
"SEC-8062-A04",
"SEC-8106-A07",
"SEC-8208-A08",
"SEC-8257-A13",
"SEC-8286-A09",
"SEC-830-A12",
"SEC-8303",
"SEC-834-A24",
"SEC-836-A02",
"SEC-836-A18",
"SEC-9020-A10",
"SEC-9068-A05",
"SEC-9197-A13",
"TPM-004",
"TPM-004-A07",
"TRD-532-A07",
"TSA-006-A02",
"TSA-006-A04"
],
"member_count": 505,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.93,
"source_meta_cluster": "M41",
"cluster_size": 21,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "log_access_control_protection",
"name": "Zugriffsschutz auf Protokollierungssysteme",
"description": "Der Zugriff auf Audit-Logs und Protokollierungssysteme wird eingeschraenkt und kontrolliert; nur autorisierte Rollen duerfen Logs einsehen oder konfigurieren.",
"tier": "LEGAL_MINIMUM",
"subdomain": "log_access",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "LEGAL_BASIS",
"legal_basis": [
{
"source": "CRA",
"anchor": "Annex I Part I (2)(k)",
"citation": "in a secure manner"
}
],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AU-9(4) Access by Subset of Privileged Users",
"role": "best_practice"
}
],
"member_review_units": [
"M57",
"M27",
"M39",
"M84"
],
"member_controls": [
"AUTH-3591-A05",
"AUTH-3687-A01",
"COMP-2775-A01",
"COMP-2778",
"COMP-2778-A01",
"COMP-2778-A05",
"CRYP-2028-A01",
"DATA-1164-A10",
"DATA-1235-A05",
"DATA-1732-A10",
"DATA-2213-A02",
"DATA-2309",
"DATA-2309-A01",
"DATA-3367-A04",
"DATA-4300-A08",
"DATA-4633-A03",
"DATA-827-A06",
"DATA-947-A02",
"DATA-947-A03",
"DATA-947-A16",
"DATA-947-A17",
"GOV-3833",
"LOG-053",
"LOG-053-A03",
"LOG-053-A09",
"LOG-060",
"LOG-060-A06",
"LOG-060-A15",
"LOG-0860-A05",
"LOG-0879-A03",
"LOG-1041-A02",
"LOG-1054-A02",
"LOG-1058-A03",
"LOG-1237-A06",
"LOG-1513",
"LOG-1513-A01",
"LOG-1515-A03",
"LOG-1664",
"LOG-1664-A01",
"LOG-1731-A04",
"LOG-1830-A18",
"LOG-1947-A07",
"LOG-2026-A05",
"LOG-2065-A05",
"LOG-595-A08",
"LOG-641-A04",
"LOG-641-A05",
"LOG-641-A06",
"LOG-643",
"LOG-643-A01",
"LOG-643-A02",
"LOG-967-A02",
"LOG-974-A04",
"NET-1691-A07",
"SEC-2792",
"SEC-2792-A01",
"SEC-6319-A11",
"SEC-7060-A04",
"SEC-7080-A10"
],
"member_count": 59,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.88,
"source_meta_cluster": "M57",
"cluster_size": 18,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "log_retention_archival",
"name": "Aufbewahrung und Archivierung von Audit-Logs",
"description": "Audit-Logs werden fuer definierte Aufbewahrungszeitraeume gespeichert, archiviert und bei Bedarf uebertragen, inkl. Speicherkapazitaetsplanung.",
"tier": "BEST_PRACTICE",
"subdomain": "log_retention",
"applicability": "conditional:retention_required",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AU-11 Audit Record Retention",
"role": "best_practice"
},
{
"source": "ISO",
"anchor": "ISO 27001 A.8.15",
"role": "best_practice"
}
],
"member_review_units": [
"M38",
"M69",
"M44",
"M22"
],
"member_controls": [
"AUTH-2905-A07",
"COMP-2734-A07",
"COMP-2752-A09",
"COMP-2928",
"COMP-3299-A04",
"COMP-3312-A06",
"COMP-3324",
"COMP-3324-A01",
"COMP-3324-A02",
"COMP-3324-A03",
"COMP-3324-A04",
"COMP-3326-A11",
"COMP-3339-A02",
"COMP-3340",
"COMP-3347",
"COMP-3363",
"COMP-3363-A03",
"COMP-3441-A09",
"COMP-3521-A03",
"COMP-3521-A04",
"COMP-3617-A12",
"COMP-4059-A12",
"COMP-4113-A05",
"COMP-911-A03",
"COMP-911-A09",
"CRYP-1103-A08",
"CRYP-1156-A10",
"CRYP-1244-A10",
"CRYP-1688-A15",
"CRYP-1839-A03",
"CRYP-1936",
"CRYP-244",
"CRYP-807-A08",
"CRYP-911-A09",
"DATA-1164-A06",
"DATA-1230",
"DATA-1235-A04",
"DATA-2017-A02",
"DATA-2429-A11",
"DATA-3222-A12",
"DATA-3278-A06",
"GOV-1414-A07",
"GOV-1420-A11",
"GOV-1562-A09",
"GOV-1664-A08",
"GOV-2495-A08",
"GOV-2596-A06",
"GOV-3494-A13",
"INC-1334-A02",
"LOG-0860-A01",
"LOG-1036-A01",
"LOG-1044-A05",
"LOG-1052-A05",
"LOG-1053-A02",
"LOG-1056-A02",
"LOG-1057-A06",
"LOG-1062",
"LOG-1062-A01",
"LOG-1062-A02",
"LOG-1074-A03",
"LOG-1087-A01",
"LOG-1100-A03",
"LOG-1102-A03",
"LOG-1235-A07",
"LOG-1237-A03",
"LOG-1237-A05",
"LOG-1465-A01",
"LOG-1465-A02",
"LOG-1480-A08",
"LOG-1494",
"LOG-1515-A04",
"LOG-172-A05",
"LOG-1830-A21",
"LOG-1901-A02",
"LOG-1901-A08",
"LOG-1901-A09",
"LOG-1956",
"LOG-1959-A08",
"LOG-2057-A05",
"LOG-595",
"LOG-595-A01",
"LOG-616",
"LOG-616-A01",
"LOG-667-A05",
"LOG-667-A09",
"LOG-667-A10",
"LOG-667-A14",
"LOG-688",
"LOG-688-A01",
"LOG-688-A04",
"LOG-688-A05",
"LOG-688-A07",
"NET-1088-A06",
"NET-1751-A12",
"NET-959",
"SEC-2007-A05",
"SEC-2019-A01",
"SEC-2697-A08",
"SEC-2746-A09",
"SEC-2792-A02",
"SEC-2827-A10",
"SEC-2835-A08",
"SEC-3159-A11",
"SEC-3305-A03",
"SEC-3379-A10",
"SEC-3436-A12",
"SEC-3718-A01",
"SEC-3726-A09",
"SEC-3904-A03",
"SEC-3983",
"SEC-4016-A11",
"SEC-4124",
"SEC-5134-A06",
"SEC-5485",
"SEC-6194-A08",
"SEC-6232-A13",
"SEC-7482-A08",
"SEC-7726-A11",
"SEC-7932-A08",
"SEC-8015-A05",
"SEC-8308-A04",
"SEC-8993-A02",
"SEC-9134-A01"
],
"member_count": 123,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.85,
"source_meta_cluster": "M38",
"cluster_size": 85,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "centralized_log_management",
"name": "Zentrales Log-Management und Korrelation",
"description": "Logs werden in eine zentrale Log-Management-Loesung integriert, korreliert und auf separaten Systemen gespeichert.",
"tier": "BEST_PRACTICE",
"subdomain": "log_management",
"applicability": "conditional:centralized_logging",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": false
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AU-6 Audit Record Review/SIEM",
"role": "best_practice"
}
],
"member_review_units": [
"M6",
"M20",
"M43",
"M70",
"M34",
"M53",
"M60",
"M93"
],
"member_controls": [
"ACC-652-A03",
"AUTH-1279-A01",
"AUTH-1279-A05",
"AUTH-1562-A01",
"AUTH-1924-A01",
"AUTH-2415-A06",
"AUTH-2415-A12",
"AUTH-2849-A10",
"AUTH-2936-A02",
"AUTH-2941-A12",
"AUTH-3025-A07",
"AUTH-3918-A02",
"AUTH-973",
"COMP-1455",
"COMP-1789-A14",
"COMP-2033-A08",
"COMP-2724-A04",
"COMP-2775-A06",
"COMP-2928-A01",
"COMP-3301-A07",
"COMP-3324-A10",
"COMP-3326-A09",
"COMP-3327-A05",
"COMP-3356-A02",
"COMP-3356-A03",
"COMP-3544-A05",
"COMP-3658-A01",
"COMP-3739-A02",
"CRYP-1068-A08",
"CRYP-1227-A05",
"CRYP-1451-A01",
"CRYP-1600-A11",
"CRYP-1600-A12",
"CRYP-2020-A06",
"CRYP-2301",
"CRYP-423",
"CRYP-743-A06",
"CRYP-805-A07",
"CRYP-841-A07",
"CRYP-845-A07",
"DATA-1050-A11",
"DATA-1732-A09",
"DATA-1903-A04",
"DATA-2309-A06",
"DATA-2388-A10",
"DATA-4300",
"DATA-4670-A09",
"GOV-1439-A08",
"GOV-1443",
"GOV-3504-A09",
"GOV-3530-A02",
"INC-1307-A06",
"LOG-1041-A03",
"LOG-1044-A01",
"LOG-1044-A02",
"LOG-1044-A03",
"LOG-1045",
"LOG-1045-A01",
"LOG-1054-A10",
"LOG-1058",
"LOG-1058-A01",
"LOG-1058-A09",
"LOG-1063-A05",
"LOG-1065-A02",
"LOG-1066-A04",
"LOG-1067",
"LOG-1067-A04",
"LOG-1069-A01",
"LOG-1075",
"LOG-1075-A01",
"LOG-1075-A02",
"LOG-1087",
"LOG-1093",
"LOG-1093-A01",
"LOG-1251-A09",
"LOG-1467",
"LOG-1467-A02",
"LOG-1475-A02",
"LOG-1485-A05",
"LOG-1511-A13",
"LOG-1515-A01",
"LOG-1545-A04",
"LOG-1731-A02",
"LOG-1733-A04",
"LOG-1734-A04",
"LOG-1736",
"LOG-1751-A11",
"LOG-1753",
"LOG-1761",
"LOG-1761-A01",
"LOG-1767",
"LOG-1767-A01",
"LOG-1772",
"LOG-1772-A01",
"LOG-1776-A01",
"LOG-1950",
"LOG-1950-A01",
"LOG-1953",
"LOG-2037-A08",
"LOG-2065-A08",
"LOG-2067-A03",
"LOG-2083-A01",
"LOG-699",
"LOG-710",
"LOG-859",
"LOG-900",
"LOG-902-A09",
"NET-048-A04",
"NET-048-A05",
"NET-048-A14",
"NET-048-A15",
"NET-1166-A11",
"NET-1356-A12",
"NET-1357-A08",
"NET-1491-A03",
"NET-1491-A09",
"NET-1530-A07",
"NET-1612-A05",
"NET-1689-A01",
"NET-1689-A06",
"NET-1689-A07",
"NET-1691",
"NET-1691-A01",
"NET-494-A12",
"NET-504",
"SEC-3904",
"SEC-3920-A09",
"SEC-3954",
"SEC-3954-A03",
"SEC-4009",
"SEC-4009-A01",
"SEC-5909-A09",
"SEC-6153-A09",
"SEC-6811-A07",
"SEC-6831-A08",
"SEC-7013-A05",
"SEC-7013-A08",
"SEC-7130",
"SEC-7154",
"SEC-7591-A04",
"SEC-7971-A01",
"SEC-8228-A03",
"SEC-8869-A05",
"SEC-8869-A06",
"SEC-8869-A07",
"SEC-980"
],
"member_count": 146,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.84,
"source_meta_cluster": "M6",
"cluster_size": 64,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "log_monitoring_alerting",
"name": "Monitoring, Anomalieerkennung und Alarmierung",
"description": "Logs werden ueberwacht; bei Anomalien, Angriffsversuchen oder Sicherheitsvorfaellen wird alarmiert und ausgewertet.",
"tier": "LEGAL_MINIMUM",
"subdomain": "monitoring",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "LEGAL_BASIS",
"legal_basis": [
{
"source": "CRA",
"anchor": "Annex I Part I (2)(k)",
"citation": "monitor relevant internal activity"
}
],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AU-6/SI-4",
"role": "best_practice"
}
],
"member_review_units": [
"M18",
"M26",
"M30",
"M87",
"M96",
"M90",
"M9",
"M20",
"M79"
],
"member_controls": [
"AI-1254-A02",
"AI-1434-A06",
"AUTH-1279-A04",
"AUTH-1312-A03",
"AUTH-1443-A03",
"AUTH-1563-A04",
"AUTH-2415-A03",
"AUTH-2798-A07",
"AUTH-2798-A08",
"AUTH-2798-A15",
"AUTH-2840-A04",
"AUTH-2849-A10",
"AUTH-2949-A11",
"AUTH-3005-A08",
"AUTH-3025-A07",
"AUTH-3473-A01",
"AUTH-3473-A02",
"AUTH-3644-A05",
"AUTH-3712-A02",
"AUTH-3712-A08",
"AUTH-3887-A05",
"AUTH-3894-A16",
"AUTH-3894-A17",
"AUTH-3895",
"AUTH-3895-A03",
"AUTH-3924",
"AUTH-4045-A05",
"AUTH-4052",
"AUTH-535-A04",
"AUTH-656-A23",
"AUTH-660-A12",
"CLG-001-A03",
"CLG-001-A07",
"COMP-1150",
"COMP-196-A05",
"COMP-2765-A10",
"COMP-2775-A07",
"COMP-2780-A06",
"COMP-3324-A10",
"COMP-3326-A04",
"COMP-3326-A06",
"COMP-3326-A09",
"COMP-3327-A05",
"COMP-3332-A10",
"COMP-3356-A02",
"COMP-3356-A03",
"COMP-3739-A02",
"COMP-4088-A03",
"CRYP-1031-A03",
"CRYP-1068-A08",
"CRYP-1451-A01",
"CRYP-1600-A01",
"CRYP-1763-A02",
"CRYP-1763-A08",
"CRYP-1889-A09",
"CRYP-2020-A06",
"CRYP-415-A11",
"CRYP-415-A34",
"CRYP-630-A06",
"CRYP-743-A06",
"CRYP-805-A07",
"CRYP-867-A09",
"DATA-1257-A08",
"DATA-1729-A01",
"DATA-1729-A03",
"DATA-2229",
"DATA-2229-A01",
"DATA-2309-A06",
"DATA-2388-A10",
"DATA-2417-A05",
"DATA-2481-A08",
"DATA-3369-A06",
"DATA-4348",
"DATA-4348-A04",
"DATA-4353-A02",
"DATA-4358-A05",
"DATA-652-A07",
"DATA-652-A17",
"DATA-652-A30",
"DATA-680-A02",
"DATA-680-A06",
"GLM-001-A06",
"GOV-1439-A08",
"GOV-3504-A09",
"GOV-3868-A10",
"HLT-262-A07",
"INC-251-A03",
"INC-251-A04",
"INC-251-A18",
"INC-251-A37",
"INC-271",
"INC-271-A01",
"INC-271-A08",
"LOG-009",
"LOG-009-A01",
"LOG-009-A02",
"LOG-009-A03",
"LOG-009-A05",
"LOG-009-A06",
"LOG-060-A03",
"LOG-0862-A06",
"LOG-0862-A07",
"LOG-1030",
"LOG-1030-A01",
"LOG-1030-A04",
"LOG-1039-A04",
"LOG-1039-A06",
"LOG-1040-A04",
"LOG-1045-A03",
"LOG-1045-A04",
"LOG-1045-A05",
"LOG-1046-A06",
"LOG-1051-A01",
"LOG-1054-A05",
"LOG-1054-A10",
"LOG-1055-A03",
"LOG-1059-A08",
"LOG-1069-A01",
"LOG-1069-A04",
"LOG-1071-A02",
"LOG-1072-A01",
"LOG-1090-A01",
"LOG-1231-A06",
"LOG-1467",
"LOG-1475-A01",
"LOG-1498",
"LOG-1507",
"LOG-1507-A01",
"LOG-1507-A02",
"LOG-1511-A13",
"LOG-1515",
"LOG-1515-A01",
"LOG-1712-A01",
"LOG-1729-A04",
"LOG-1733-A01",
"LOG-1736",
"LOG-1743-A19",
"LOG-1747-A02",
"LOG-1751-A03",
"LOG-1753-A10",
"LOG-1768-A03",
"LOG-1780-A02",
"LOG-1780-A13",
"LOG-1784-A04",
"LOG-1825",
"LOG-1825-A07",
"LOG-1825-A12",
"LOG-1900-A01",
"LOG-1901",
"LOG-1901-A11",
"LOG-1950-A03",
"LOG-1954-A03",
"LOG-2029-A03",
"LOG-2029-A04",
"LOG-2029-A05",
"LOG-2035-A01",
"LOG-2039",
"LOG-2039-A04",
"LOG-2042",
"LOG-2051-A04",
"LOG-2053",
"LOG-2059-A02",
"LOG-2064-A03",
"LOG-2064-A05",
"LOG-2065-A08",
"LOG-2067",
"LOG-2067-A01",
"LOG-2072",
"LOG-2083-A01",
"LOG-605",
"LOG-615",
"LOG-615-A03",
"LOG-615-A06",
"LOG-626-A05",
"LOG-626-A07",
"LOG-652",
"LOG-652-A01",
"LOG-657",
"LOG-657-A01",
"LOG-657-A02",
"LOG-657-A03",
"LOG-657-A04",
"LOG-657-A05",
"LOG-720",
"LOG-762",
"LOG-774",
"LOG-792-A01",
"LOG-792-A17",
"LOG-792-A35",
"LOG-856",
"LOG-856-A01",
"LOG-856-A02",
"LOG-856-A06",
"LOG-856-A09",
"LOG-856-A10",
"LOG-856-A11",
"LOG-856-A12",
"LOG-856-A16",
"LOG-856-A19",
"LOG-856-A20",
"LOG-856-A21",
"LOG-856-A22",
"LOG-856-A26",
"LOG-856-A28",
"LOG-856-A29",
"LOG-856-A33",
"LOG-856-A34",
"LOG-856-A39",
"LOG-856-A40",
"LOG-856-A41",
"LOG-856-A46",
"LOG-856-A51",
"LOG-856-A52",
"LOG-856-A56",
"LOG-857-A03",
"LOG-857-A23",
"LOG-857-A32",
"LOG-857-A48",
"LOG-857-A56",
"LOG-857-A76",
"LOG-955-A01",
"LOG-958",
"LOG-958-A05",
"LOG-965",
"LOG-965-A01",
"LOG-965-A02",
"LOG-974",
"MLS-001-A02",
"MLS-001-A06",
"NET-048",
"NET-1137",
"NET-1166-A11",
"NET-1258",
"NET-1356-A12",
"NET-1360",
"NET-1530-A07",
"NET-1612-A05",
"NET-1691-A09",
"NET-1738",
"NET-1778",
"NET-1788-A03",
"NET-1798-A06",
"NET-525",
"NET-525-A11",
"NET-788-A12",
"NET-959-A01",
"NET-962-A03",
"PIL-001-A03",
"REL-001-A15",
"SEC-1249-A13",
"SEC-2870-A09",
"SEC-3325",
"SEC-3325-A10",
"SEC-3332-A02",
"SEC-3931-A12",
"SEC-4009-A06",
"SEC-4142-A08",
"SEC-5180-A05",
"SEC-5180-A09",
"SEC-5909-A08",
"SEC-5909-A09",
"SEC-5965-A10",
"SEC-6137",
"SEC-6439-A02",
"SEC-6724-A07",
"SEC-6811-A07",
"SEC-6831-A08",
"SEC-6973-A05",
"SEC-7013-A05",
"SEC-7013-A08",
"SEC-7130",
"SEC-7154",
"SEC-7452-A02",
"SEC-7492-A08",
"SEC-7705",
"SEC-7839-A19",
"SEC-8224-A03",
"SEC-8305",
"SEC-8787",
"SEC-8869-A05",
"SEC-8869-A06",
"SEC-8869-A07",
"TPM-004-A08"
],
"member_count": 283,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.9,
"source_meta_cluster": "M18",
"cluster_size": 147,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "log_data_minimization_privacy",
"name": "Datenminimierung und Datenschutz in Logs",
"description": "Sensible/personenbezogene Daten werden vor der Protokollierung gefiltert, anonymisiert oder ausgeschlossen; Logging respektiert Datenschutzanforderungen.",
"tier": "BEST_PRACTICE",
"subdomain": "log_privacy",
"applicability": "conditional:processes_personal_data",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": false
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "OWASP",
"anchor": "ASVS V7.1 Log Content",
"role": "best_practice"
},
{
"source": "ISO",
"anchor": "ISO 27701",
"role": "best_practice"
}
],
"member_review_units": [
"M68",
"M66",
"M19",
"M57",
"M48",
"M22",
"M42",
"M7"
],
"member_controls": [
"ACC-762-A04",
"AUTH-1555-A04",
"AUTH-1561-A01",
"AUTH-1561-A02",
"AUTH-2798",
"AUTH-2840-A01",
"AUTH-2840-A03",
"AUTH-2840-A05",
"AUTH-2840-A06",
"AUTH-2905-A07",
"AUTH-2950-A08",
"AUTH-3686-A05",
"AUTH-3918",
"AUTH-535",
"AUTH-663-A07",
"CLG-001",
"CLG-001-A02",
"CLG-001-A06",
"COMP-2752-A03",
"COMP-2778-A02",
"COMP-3362-A05",
"CRYP-1111-A11",
"CRYP-1308-A06",
"CRYP-1338-A09",
"CRYP-1794-A09",
"CRYP-1855-A01",
"DATA-1164-A10",
"DATA-1191-A14",
"DATA-1235-A05",
"DATA-2213-A02",
"DATA-2309",
"DATA-2309-A01",
"DATA-3961-A07",
"DATA-4300-A02",
"DATA-4300-A09",
"DATA-4418-A12",
"DATA-4633-A03",
"DATA-4669",
"DATA-4669-A01",
"DATA-4669-A04",
"DATA-827-A06",
"DATA-852-A03",
"DATA-852-A12",
"DATA-947-A02",
"DATA-947-A03",
"DATA-947-A16",
"DATA-947-A17",
"GOV-3865-A03",
"HLG-001",
"HLT-197-A08",
"INC-215-A06",
"LGM-001",
"LOG-001",
"LOG-0879-A03",
"LOG-1052-A05",
"LOG-1058-A11",
"LOG-1063",
"LOG-1238-A10",
"LOG-1475-A03",
"LOG-1663-A02",
"LOG-1663-A03",
"LOG-1727",
"LOG-1731-A01",
"LOG-1733-A11",
"LOG-1743-A15",
"LOG-1749-A04",
"LOG-1752",
"LOG-1755-A09",
"LOG-1776-A02",
"LOG-1830-A15",
"LOG-1956",
"LOG-2051-A02",
"LOG-2051-A03",
"LOG-2057",
"LOG-2057-A01",
"LOG-2057-A03",
"LOG-2057-A04",
"LOG-2067-A04",
"LOG-2072-A05",
"LOG-595-A08",
"LOG-626",
"LOG-626-A01",
"LOG-626-A02",
"LOG-639",
"LOG-641",
"LOG-641-A02",
"LOG-643",
"LOG-643-A01",
"LOG-643-A02",
"LOG-672",
"LOG-672-A01",
"LOG-675-A03",
"LOG-710-A04",
"LOG-710-A05",
"LOG-710-A07",
"LOG-745",
"LOG-900-A11",
"LOG-900-A27",
"LOG-900-A43",
"LOG-900-A59",
"LOG-900-A73",
"LOG-958-A01",
"LOG-971-A06",
"NET-1445-A06",
"NET-1690-A09",
"NET-1691-A06",
"NET-759-A03",
"PLG-001",
"RIL-001",
"SEC-1226-A06",
"SEC-2792",
"SEC-2792-A01",
"SEC-3193-A07",
"SEC-3305",
"SEC-3305-A01",
"SEC-3305-A02",
"SEC-3308-A04",
"SEC-6728-A03",
"SEC-7099-A09",
"SEC-7119-A17"
],
"member_count": 120,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.83,
"source_meta_cluster": "M68",
"cluster_size": 7,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "log_format_standardization",
"name": "Standardisierte und strukturierte Log-Formate",
"description": "Logs werden in standardisierten, strukturierten Formaten erzeugt (z.B. mit Trace/Span-Kontext) fuer Auswertbarkeit und Log-Management-Integration.",
"tier": "BEST_PRACTICE",
"subdomain": "log_format",
"applicability": "conditional:structured_logging",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": false
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AU-3 Content of Audit Records",
"role": "best_practice"
}
],
"member_review_units": [
"M15",
"M16",
"M77",
"M75",
"M49"
],
"member_controls": [
"AUTH-2160-A02",
"AUTH-2161",
"AUTH-2785-A05",
"AUTH-2919-A05",
"AUTH-2919-A11",
"COMP-3305",
"COMP-3305-A01",
"COMP-3305-A02",
"COMP-3305-A04",
"COMP-3429-A02",
"CRYP-1600-A02",
"CRYP-1600-A03",
"CRYP-1600-A04",
"CRYP-1600-A05",
"CRYP-1600-A06",
"CRYP-1600-A09",
"CRYP-1600-A15",
"CRYP-1936-A02",
"CRYP-382-A01",
"DATA-1735",
"DATA-1735-A01",
"GOV-2143",
"GOV-2143-A01",
"GOV-2143-A05",
"GOV-2281-A07",
"INC-991",
"INC-991-A02",
"LOG-001-A11",
"LOG-1093-A02",
"LOG-1235-A01",
"LOG-1237",
"LOG-1237-A02",
"LOG-1237-A04",
"LOG-1238",
"LOG-1238-A01",
"LOG-1238-A04",
"LOG-1238-A05",
"LOG-1238-A06",
"LOG-1238-A07",
"LOG-1238-A08",
"LOG-1238-A09",
"LOG-1246",
"LOG-1251",
"LOG-1251-A04",
"LOG-1478-A03",
"LOG-1478-A07",
"LOG-1739-A04",
"LOG-1780-A10",
"LOG-1825-A06",
"LOG-1941-A01",
"LOG-2027-A01",
"LOG-2055",
"LOG-714-A14",
"LOG-714-A27",
"LOG-714-A28",
"LOG-714-A33",
"LOG-714-A40",
"LOG-714-A41",
"NET-1095-A02",
"NET-1491",
"NET-476-A02",
"NET-476-A30",
"NET-476-A43",
"NET-476-A71",
"SEC-5202",
"SEC-8224-A08"
],
"member_count": 66,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.8,
"source_meta_cluster": "M15",
"cluster_size": 22,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "log_timestamp_synchronization",
"name": "Zeitstempel und Zeitsynchronisation der Logs",
"description": "Logs enthalten verlaessliche Zeitstempel; Logging-Dienste werden auf eine gemeinsame Zeitquelle synchronisiert (ggf. zertifizierte Zeitstempel).",
"tier": "BEST_PRACTICE",
"subdomain": "log_time",
"applicability": "universal",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AU-8 Time Stamps",
"role": "best_practice"
}
],
"member_review_units": [
"M37",
"M85",
"M51",
"M64"
],
"member_controls": [
"COMP-2462-A05",
"COMP-3351",
"COMP-3351-A01",
"COMP-3351-A02",
"CRYP-1806-A12",
"DATA-1186-A01",
"DATA-2194",
"GOV-3824",
"LOG-1075-A06",
"LOG-1075-A08",
"LOG-1092-A01",
"LOG-1484-A05",
"LOG-1900",
"LOG-2037",
"LOG-2060",
"LOG-2065",
"LOG-2067-A06",
"LOG-711",
"LOG-711-A06",
"LOG-711-A14",
"LOG-711-A18",
"LOG-857",
"LOG-962-A06",
"LOG-964-A03",
"LOG-964-A04",
"NET-058-A18",
"NET-058-A36",
"NET-1103-A08",
"NET-1487-A12",
"NET-1689-A10",
"NET-980-A01",
"SEC-2720-A07",
"SEC-2836-A01",
"SEC-3924-A05",
"SEC-3937-A03",
"SEC-5118-A04",
"SEC-5136-A09",
"SEC-6948-A10",
"SEC-8035-A03",
"SEC-8304-A01",
"SEC-8998",
"TSA-006-A01"
],
"member_count": 42,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.82,
"source_meta_cluster": "M37",
"cluster_size": 12,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "logging_availability_resilience",
"name": "Verfuegbarkeit und Resilienz der Protokollierung",
"description": "Bei Ausfall oder Erschoepfung der Protokollierung greifen alternative Verfahren/Redundanz; das System reagiert definiert auf Logging-Fehler.",
"tier": "BEST_PRACTICE",
"subdomain": "log_resilience",
"applicability": "conditional:logging_failure_handling",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": false
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AU-5 Response to Audit Logging Process Failures",
"role": "best_practice"
}
],
"member_review_units": [
"M69",
"M32",
"M50",
"M65",
"M14",
"M67"
],
"member_controls": [
"AUTH-1555-A10",
"AUTH-1565-A02",
"AUTH-3680-A02",
"AUTH-3680-A04",
"AUTH-3686-A02",
"AUTH-3686-A08",
"AUTH-639-A06",
"AUTH-852-A27",
"AUTH-852-A43",
"AUTH-852-A59",
"AUTH-852-A75",
"COMP-3429-A01",
"COMP-3747-A05",
"CRYP-1600-A08",
"CRYP-1600-A13",
"CRYP-1600-A14",
"CRYP-1600-A16",
"CRYP-1842-A05",
"CRYP-2184-A05",
"CRYP-2184-A07",
"CRYP-2184-A10",
"DATA-095-A13",
"DATA-1349-A08",
"DATA-3912",
"DATA-4342-A03",
"DATA-4355-A03",
"FRD-006-A03",
"INC-1307",
"INC-188-A05",
"INC-926-A06",
"LOG-060-A13",
"LOG-0863",
"LOG-0863-A01",
"LOG-1028-A03",
"LOG-1036",
"LOG-1036-A01",
"LOG-1036-A05",
"LOG-1044-A05",
"LOG-1050",
"LOG-1050-A01",
"LOG-1053-A02",
"LOG-1055-A04",
"LOG-1056-A02",
"LOG-1057",
"LOG-1057-A09",
"LOG-1062",
"LOG-1062-A01",
"LOG-1062-A02",
"LOG-1066-A03",
"LOG-1074-A03",
"LOG-1087-A01",
"LOG-1087-A13",
"LOG-1100-A03",
"LOG-1102-A03",
"LOG-1235-A07",
"LOG-1237-A03",
"LOG-1237-A05",
"LOG-1507-A03",
"LOG-172-A05",
"LOG-1764-A01",
"LOG-1848-A13",
"LOG-1901-A02",
"LOG-1901-A08",
"LOG-1901-A12",
"LOG-2039-A03",
"LOG-2051",
"LOG-2055-A01",
"LOG-2057-A05",
"LOG-2064-A01",
"LOG-615-A04",
"LOG-615-A07",
"LOG-955-A04",
"LOG-962",
"LOG-962-A01",
"LOG-973-A03",
"NET-1691-A02",
"NET-1691-A03",
"NET-1691-A04",
"NET-959",
"REL-001-A01",
"REL-001-A07",
"SEC-2019-A01",
"SEC-3305-A03",
"SEC-3305-A05",
"SEC-4124",
"SEC-5485",
"SEC-5843-A05",
"SEC-5852",
"SEC-8295-A06",
"SEC-8308-A04",
"SEC-9020-A10"
],
"member_count": 91,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.82,
"source_meta_cluster": "M32",
"cluster_size": 15,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "logging_thread_safety_correctness",
"name": "Korrektheit und Threadsicherheit der Logging-Komponenten",
"description": "Logging-Komponenten arbeiten threadsicher, ohne Ressourcenverluste/Livelocks; No-Op-Implementierungen verhalten sich definiert.",
"tier": "BEST_PRACTICE",
"subdomain": "log_implementation",
"applicability": "conditional:implementation_level",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": false
},
"source_role": "IMPLEMENTATION",
"legal_basis": [],
"guidance_basis": [
{
"source": "OWASP",
"anchor": "Secure Coding",
"role": "best_practice"
}
],
"member_review_units": [
"M49",
"M75",
"M50",
"M32",
"M97",
"M78"
],
"member_controls": [
"AUTH-639-A06",
"AUTH-852-A27",
"AUTH-852-A43",
"AUTH-852-A59",
"AUTH-852-A75",
"COMP-3429-A01",
"CRYP-1600-A02",
"CRYP-1600-A03",
"CRYP-1600-A04",
"CRYP-1600-A05",
"CRYP-1600-A06",
"CRYP-1600-A08",
"CRYP-1600-A09",
"CRYP-1600-A13",
"CRYP-1600-A14",
"CRYP-1600-A15",
"CRYP-1600-A16",
"DATA-095-A13",
"FRD-006-A03",
"GOV-2143-A05",
"LOG-1055-A04",
"LOG-1087-A13",
"LOG-1093-A02",
"LOG-1237",
"LOG-1237-A02",
"LOG-1237-A04",
"LOG-1238",
"LOG-1238-A01",
"LOG-1238-A04",
"LOG-1238-A05",
"LOG-1238-A06",
"LOG-1238-A07",
"LOG-1238-A08",
"LOG-1238-A09",
"LOG-1251-A08",
"LOG-1478-A03",
"LOG-1478-A07",
"LOG-1825-A06",
"LOG-615-A04",
"LOG-615-A07",
"NET-1491",
"SEC-5241",
"SEC-8295-A06"
],
"member_count": 43,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.78,
"source_meta_cluster": "M49",
"cluster_size": 13,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "logging_library_supply_chain",
"name": "Sicherheit von Logging-Bibliotheken (Supply Chain)",
"description": "Eingesetzte Logging-Bibliotheken werden auf Schwachstellen geprueft (SCA), gepatcht und gegen Log-Injection/JNDI-Lookups gehaertet.",
"tier": "BEST_PRACTICE",
"subdomain": "log_supply_chain",
"applicability": "conditional:uses_third_party_logging",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "OWASP",
"anchor": "A06 Vulnerable Components / Log Injection",
"role": "best_practice"
}
],
"member_review_units": [
"M91",
"M86",
"M55",
"M74"
],
"member_controls": [
"CRYP-415-A22",
"CRYP-415-A51",
"LOG-1232",
"LOG-714-A08",
"LOG-714-A16",
"LOG-714-A25",
"NET-476",
"NET-476-A07",
"NET-476-A09",
"NET-476-A12",
"NET-476-A14",
"NET-476-A23",
"NET-476-A53",
"NET-476-A70",
"NET-476-A72",
"NET-476-A76",
"NET-476-A78",
"NET-476-A79",
"NET-476-A81",
"NET-476-A83",
"SEC-7532-A06"
],
"member_count": 21,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.85,
"source_meta_cluster": "M91",
"cluster_size": 8,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "logging_config_management",
"name": "Konfiguration und Aktivierungsstatus der Protokollierung",
"description": "Logging-Konfiguration und Aktivierungsstatus werden definiert, dokumentiert, dynamisch verifiziert und gegen unsichere Defaults geprueft.",
"tier": "BEST_PRACTICE",
"subdomain": "log_config",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AU-1/CM-6",
"role": "best_practice"
}
],
"member_review_units": [
"M73",
"M14",
"M46",
"M52",
"M74",
"M76",
"M21",
"M39"
],
"member_controls": [
"AUTH-1555-A10",
"AUTH-1565-A02",
"AUTH-2870-A08",
"AUTH-2903-A01",
"AUTH-3016-A10",
"AUTH-3430-A12",
"AUTH-3680-A02",
"AUTH-3680-A04",
"AUTH-3686-A02",
"AUTH-3686-A08",
"AUTH-3687-A07",
"AUTH-3689",
"AUTH-455",
"COMP-2775-A01",
"COMP-2778",
"COMP-2778-A01",
"COMP-2778-A05",
"COMP-3322-A08",
"COMP-3429",
"COMP-3747-A05",
"COMP-4088-A11",
"COMP-801-A05",
"COMP-805-A02",
"COMP-805-A07",
"CRYP-1842-A05",
"CRYP-190-A11",
"CRYP-193-A06",
"CRYP-2184-A05",
"CRYP-2184-A07",
"CRYP-2184-A10",
"CRYP-2330-A09",
"DATA-099-A08",
"DATA-1085-A08",
"DATA-1349-A08",
"DATA-1745",
"DATA-2057-A19",
"DATA-3402",
"DATA-3912",
"DATA-4300-A08",
"DATA-4342-A03",
"DATA-4355-A03",
"DATA-735-A03",
"DATA-735-A04",
"DATA-969-A02",
"DATA-969-A09",
"GOV-1213-A09",
"GOV-3833",
"INC-1307",
"LOG-053",
"LOG-053-A03",
"LOG-053-A09",
"LOG-060",
"LOG-060-A06",
"LOG-060-A15",
"LOG-1028-A03",
"LOG-1036",
"LOG-1036-A05",
"LOG-1050",
"LOG-1050-A01",
"LOG-1055",
"LOG-1055-A02",
"LOG-1057-A09",
"LOG-1066-A03",
"LOG-1231",
"LOG-1231-A03",
"LOG-1231-A04",
"LOG-1231-A05",
"LOG-1231-A10",
"LOG-1231-A11",
"LOG-1231-A12",
"LOG-1232",
"LOG-1235-A05",
"LOG-1237-A06",
"LOG-1248-A05",
"LOG-1513",
"LOG-1513-A01",
"LOG-1515-A03",
"LOG-1695-A07",
"LOG-1731-A04",
"LOG-1739",
"LOG-1762",
"LOG-1848-A13",
"LOG-1901-A12",
"LOG-1947-A07",
"LOG-1956-A02",
"LOG-2026-A05",
"LOG-2029",
"LOG-2053-A10",
"LOG-2065-A05",
"LOG-708-A04",
"LOG-709-A06",
"LOG-709-A07",
"LOG-709-A10",
"LOG-709-A20",
"LOG-709-A23",
"LOG-709-A24",
"LOG-714-A17",
"LOG-762-A04",
"LOG-762-A07",
"LOG-762-A08",
"LOG-762-A09",
"LOG-762-A10",
"LOG-762-A14",
"LOG-762-A17",
"LOG-762-A18",
"LOG-762-A19",
"LOG-762-A23",
"LOG-762-A26",
"LOG-774-A05",
"LOG-774-A12",
"LOG-774-A19",
"LOG-774-A26",
"LOG-774-A33",
"LOG-901-A05",
"LOG-961-A02",
"LOG-964-A02",
"NET-077-A11",
"NET-077-A29",
"NET-1005-A08",
"NET-1233",
"NET-1751",
"NET-1761-A06",
"NET-474-A11",
"NET-474-A47",
"NET-476-A07",
"NET-476-A76",
"NET-960-A02",
"SEC-029-A14",
"SEC-1657",
"SEC-2661-A11",
"SEC-2662-A13",
"SEC-3217-A05",
"SEC-3305-A05",
"SEC-3330",
"SEC-3954-A05",
"SEC-3956-A07",
"SEC-5190-A07",
"SEC-5843-A05",
"SEC-5852",
"SEC-6319-A11",
"SEC-6920",
"SEC-7060-A04",
"SEC-7080-A10"
],
"member_count": 143,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.82,
"source_meta_cluster": "M73",
"cluster_size": 28,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "logging_governance_roles",
"name": "Organisatorische Verankerung und Rollen fuer Logging",
"description": "Verantwortlichkeiten, Stellvertretung, Schulung und organisatorische Prozesse fuer Protokollierung und Dokumentation werden etabliert.",
"tier": "BEST_PRACTICE",
"subdomain": "log_governance",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": false,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "ISO",
"anchor": "ISO 27001 A.5.2/A.6.3",
"role": "best_practice"
}
],
"member_review_units": [
"M12",
"M29",
"M82",
"M98",
"M67",
"M46"
],
"member_controls": [
"AUTH-1191-A01",
"AUTH-1191-A02",
"AUTH-1191-A05",
"AUTH-1220-A01",
"AUTH-1292",
"AUTH-1292-A01",
"AUTH-1562",
"AUTH-1563",
"AUTH-1563-A01",
"AUTH-1563-A02",
"AUTH-1563-A03",
"AUTH-1924-A03",
"AUTH-1924-A04",
"AUTH-2757-A05",
"AUTH-3034-A06",
"AUTH-3034-A07",
"AUTH-3563-A07",
"AUTH-3678-A01",
"AUTH-3678-A04",
"AUTH-3678-A05",
"AUTH-3678-A08",
"AUTH-3680",
"AUTH-3680-A01",
"AUTH-3683-A04",
"AUTH-3685",
"AUTH-3685-A01",
"AUTH-3686",
"AUTH-3686-A04",
"AUTH-3710-A04",
"AUTH-3895-A02",
"AUTH-3918-A01",
"AUTH-3918-A04",
"AUTH-3994",
"COMP-1011-A04",
"COMP-1150-A07",
"COMP-1150-A10",
"COMP-116-A08",
"COMP-116-A17",
"COMP-2054",
"COMP-2928-A04",
"COMP-3324-A05",
"COMP-3326-A08",
"COMP-3678",
"COMP-801-A05",
"COMP-805-A02",
"COMP-805-A07",
"CRYP-193-A06",
"CRYP-376-A08",
"DATA-1085-A04",
"DATA-1085-A05",
"DATA-1085-A08",
"DATA-1349-A02",
"DATA-2212",
"DATA-2212-A01",
"DATA-2212-A04",
"DATA-2232-A01",
"DATA-2266",
"DATA-2266-A01",
"DATA-2266-A02",
"DATA-2535-A04",
"DATA-3961",
"DATA-3968-A02",
"DATA-4345-A03",
"DATA-4353-A01",
"DATA-4355",
"DATA-4355-A01",
"DATA-4355-A04",
"DATA-4358-A06",
"DATA-4364-A03",
"DATA-4366",
"DATA-4634-A02",
"FIN-1018",
"FIN-1044",
"GOV-3423-A02",
"GOV-753-A05",
"INC-151-A09",
"INC-461-A01",
"INC-462",
"INC-462-A01",
"INC-462-A02",
"INC-496",
"INC-698",
"INC-698-A03",
"INC-795-A04",
"INC-926-A06",
"LOG-060-A13",
"LOG-1028",
"LOG-1028-A01",
"LOG-1028-A02",
"LOG-1028-A04",
"LOG-1029-A03",
"LOG-1032-A01",
"LOG-1033-A02",
"LOG-1039",
"LOG-1041",
"LOG-1041-A01",
"LOG-1046",
"LOG-1046-A01",
"LOG-1047-A03",
"LOG-1054-A07",
"LOG-1057",
"LOG-1058-A05",
"LOG-1063-A01",
"LOG-1064",
"LOG-1064-A01",
"LOG-1074",
"LOG-1102-A02",
"LOG-1126-A03",
"LOG-1126-A04",
"LOG-1245",
"LOG-1245-A02",
"LOG-1245-A05",
"LOG-1486-A02",
"LOG-1507-A03",
"LOG-1529-A02",
"LOG-1662",
"LOG-1663",
"LOG-1695",
"LOG-1712-A07",
"LOG-172-A02",
"LOG-1764-A01",
"LOG-1784",
"LOG-1947-A05",
"LOG-1951-A05",
"LOG-1953-A07",
"LOG-1954",
"LOG-1954-A01",
"LOG-1955-A03",
"LOG-2021-A08",
"LOG-2021-A11",
"LOG-2039-A03",
"LOG-2051",
"LOG-2055-A01",
"LOG-2064-A01",
"LOG-622-A01",
"LOG-631-A04",
"LOG-667-A01",
"LOG-762-A04",
"LOG-762-A09",
"LOG-762-A10",
"LOG-762-A14",
"LOG-762-A19",
"LOG-762-A23",
"LOG-906",
"LOG-910",
"LOG-938",
"LOG-940",
"LOG-943",
"LOG-943-A03",
"LOG-948",
"LOG-955-A04",
"LOG-962",
"LOG-962-A01",
"LOG-973-A03",
"LOG-975",
"NET-077-A11",
"NET-077-A29",
"NET-1691-A02",
"NET-1691-A03",
"NET-1691-A04",
"NET-1691-A08",
"NET-1798",
"NET-958-A02",
"SEC-003-A07",
"SEC-003-A08",
"SEC-003-A15",
"SEC-1617-A04",
"SEC-1800-A03",
"SEC-1813",
"SEC-3330-A03",
"SEC-3344-A05",
"SEC-6712",
"SEC-6712-A02",
"SEC-7452-A06",
"SEC-8033",
"SEC-8113"
],
"member_count": 176,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.8,
"source_meta_cluster": "M12",
"cluster_size": 130,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "incident_response_logging",
"name": "Protokollierung im Incident-Response-Prozess",
"description": "Vorfallreaktionen werden mit Root-Cause, Auswirkung, Kommunikation und beteiligten Ressourcen protokolliert und mit Logging-Daten verknuepft.",
"tier": "BEST_PRACTICE",
"subdomain": "incident_logging",
"applicability": "conditional:incident_response",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "IR-4/IR-5",
"role": "best_practice"
}
],
"member_review_units": [
"M31",
"M67",
"M88",
"M89"
],
"member_controls": [
"AUTH-3927-A05",
"AUTH-3927-A07",
"AUTH-3927-A08",
"AUTH-3979",
"AUTH-947",
"COMP-3327-A02",
"INC-246",
"INC-246-A03",
"INC-926-A06",
"LOG-060-A13",
"LOG-1057",
"LOG-1507-A03",
"LOG-1764-A01",
"LOG-1952",
"LOG-2039-A03",
"LOG-2051",
"LOG-2055-A01",
"LOG-2064-A01",
"LOG-723-A07",
"LOG-723-A22",
"LOG-902",
"LOG-938-A04",
"LOG-955-A04",
"LOG-962",
"LOG-962-A01",
"LOG-973-A03",
"NET-1691-A02",
"NET-1691-A03",
"NET-1691-A04",
"SEC-1226",
"SEC-7485-A05"
],
"member_count": 31,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.8,
"source_meta_cluster": "M31",
"cluster_size": 11,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "log_transmission_security",
"name": "Sichere Uebertragung von Logs",
"description": "Audit-Logs werden bei Uebertragung (z.B. zu zentralen Systemen) integritaetsgesichert und verschluesselt; gegenseitige Authentifizierung zwischen Logging-Systemen.",
"tier": "BEST_PRACTICE",
"subdomain": "log_transmission",
"applicability": "conditional:transmits_logs",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AU-9/SC-8",
"role": "best_practice"
}
],
"member_review_units": [
"M13",
"M20",
"M23",
"M60",
"M72"
],
"member_controls": [
"AUTH-1306-A02",
"AUTH-1306-A06",
"AUTH-2849-A10",
"AUTH-2928",
"AUTH-3025-A07",
"AUTH-3231-A09",
"AUTH-506-A06",
"COMP-3324-A10",
"COMP-3326-A09",
"COMP-3327-A05",
"COMP-3356-A02",
"COMP-3356-A03",
"COMP-3362-A04",
"COMP-3739-A02",
"COMP-4059-A05",
"CRYP-1068-A08",
"CRYP-1451-A01",
"CRYP-1530-A03",
"CRYP-2020-A06",
"CRYP-743-A06",
"CRYP-805-A07",
"DATA-1732-A09",
"DATA-2309-A06",
"DATA-2388-A10",
"GOV-1439-A08",
"GOV-3504-A09",
"LOG-1053-A01",
"LOG-1054-A10",
"LOG-1058-A12",
"LOG-1069-A01",
"LOG-1100-A02",
"LOG-1126-A05",
"LOG-1126-A06",
"LOG-1251-A09",
"LOG-1467",
"LOG-1511-A13",
"LOG-1515-A01",
"LOG-1736",
"LOG-2026-A04",
"LOG-2065-A04",
"LOG-2065-A08",
"LOG-2067-A02",
"LOG-2083-A01",
"LOG-792",
"LOG-792-A09",
"LOG-792-A25",
"LOG-902-A09",
"LOG-967",
"LOG-967-A01",
"NET-1166-A11",
"NET-1356-A12",
"NET-1530-A07",
"NET-1612-A05",
"NET-384",
"NET-951",
"NET-962",
"SEC-3305-A04",
"SEC-5909-A09",
"SEC-6811-A07",
"SEC-6831-A08",
"SEC-7013-A05",
"SEC-7013-A08",
"SEC-7130",
"SEC-7154",
"SEC-8869-A05",
"SEC-8869-A06",
"SEC-8869-A07"
],
"member_count": 67,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.8,
"source_meta_cluster": "M13",
"cluster_size": 16,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
},
{
"id": "network_traffic_logging",
"name": "Protokollierung von Netzwerk- und Schnittstellenverkehr",
"description": "Netzwerk- und Schnittstellenereignisse (Egress, Proxy, ZTA, ICS/SCADA, Cloud-Zugriffe) werden protokolliert und inspiziert.",
"tier": "BEST_PRACTICE",
"subdomain": "network_logging",
"applicability": "domain:network",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AU-2/SC-7",
"role": "best_practice"
}
],
"member_review_units": [
"M72",
"M87",
"M92",
"M94",
"M34",
"M6"
],
"member_controls": [
"ACC-652-A03",
"AUTH-1279-A01",
"AUTH-1279-A05",
"AUTH-1562-A01",
"AUTH-1924-A01",
"AUTH-2415-A06",
"AUTH-2415-A12",
"AUTH-2936-A02",
"AUTH-2941-A12",
"AUTH-3918-A02",
"AUTH-973",
"COMP-1455",
"COMP-1789-A14",
"COMP-2033-A08",
"COMP-2724-A04",
"COMP-2775-A06",
"COMP-2928-A01",
"COMP-3301-A07",
"COMP-3658-A01",
"CRYP-1227-A05",
"CRYP-1600-A11",
"CRYP-1600-A12",
"CRYP-423",
"CRYP-841-A07",
"CRYP-845-A07",
"DATA-1050-A11",
"DATA-4300",
"DATA-4670-A09",
"GOV-1443",
"GOV-3530-A02",
"LOG-1044-A03",
"LOG-1093",
"LOG-1093-A01",
"LOG-1100-A02",
"LOG-1126-A05",
"LOG-1126-A06",
"LOG-1475-A02",
"LOG-1545-A04",
"LOG-1731-A02",
"LOG-1733-A04",
"LOG-1734-A04",
"LOG-1753",
"LOG-1761",
"LOG-1761-A01",
"LOG-1767",
"LOG-1767-A01",
"LOG-1772",
"LOG-1772-A01",
"LOG-1776-A01",
"LOG-1950",
"LOG-1950-A01",
"LOG-2067-A02",
"LOG-699",
"LOG-710",
"LOG-720",
"LOG-859",
"LOG-900",
"LOG-974",
"NET-048-A04",
"NET-048-A05",
"NET-048-A14",
"NET-048-A15",
"NET-1357-A08",
"NET-1491-A03",
"NET-1491-A09",
"NET-1691",
"NET-1691-A01",
"NET-1778",
"NET-1788-A03",
"NET-476-A75",
"NET-476-A82",
"NET-504",
"NET-506-A68",
"NET-525",
"NET-525-A11",
"NET-951",
"NET-962",
"SEC-2870-A09",
"SEC-3305-A04",
"SEC-3904",
"SEC-3920-A09",
"SEC-3954",
"SEC-3954-A03",
"SEC-4009",
"SEC-4009-A01",
"SEC-6153-A09",
"SEC-7591-A04",
"SEC-7971-A01",
"SEC-7971-A02",
"SEC-8228-A03",
"SEC-980"
],
"member_count": 91,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.78,
"source_meta_cluster": "M72",
"cluster_size": 7,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"family": "logging"
}
],
"relationships": [
{
"type": "supports",
"from": "log_integrity_immutability",
"to": "event_logging_security_events",
"note": "Integritaetsschutz sichert Beweiswert der Protokolle"
},
{
"type": "supports",
"from": "log_access_control_protection",
"to": "log_integrity_immutability",
"note": "Zugriffsbeschraenkung schuetzt Logs vor Manipulation"
},
{
"type": "depends_on",
"from": "log_monitoring_alerting",
"to": "event_logging_security_events",
"note": "Monitoring setzt erzeugte Logs voraus"
},
{
"type": "supports",
"from": "log_timestamp_synchronization",
"to": "log_integrity_immutability",
"note": "Korrelierbare Zeitstempel staerken Nachvollziehbarkeit"
},
{
"type": "supports",
"from": "log_format_standardization",
"to": "centralized_log_management",
"note": "Standardformate ermoeglichen zentrale Auswertung"
},
{
"type": "depends_on",
"from": "centralized_log_management",
"to": "event_logging_security_events",
"note": "zentrale Aggregation setzt Logerzeugung voraus"
},
{
"type": "implements",
"from": "logging_thread_safety_correctness",
"to": "event_logging_security_events",
"note": "Implementierungsdetail zuverlaessiger Protokollierung"
},
{
"type": "supports",
"from": "logging_library_supply_chain",
"to": "log_integrity_immutability",
"note": "gehaertete Bibliotheken verhindern Log-Manipulation"
},
{
"type": "supports",
"from": "log_data_minimization_privacy",
"to": "event_logging_security_events",
"note": "Datenschutzfilter formen Loginhalt"
},
{
"type": "produces_evidence_for",
"from": "incident_response_logging",
"to": "log_monitoring_alerting",
"note": "IR-Protokolle dokumentieren Reaktion auf Alerts"
},
{
"type": "supports",
"from": "log_transmission_security",
"to": "centralized_log_management",
"note": "sichere Uebertragung speist zentrale Aggregation"
},
{
"type": "supports",
"from": "logging_config_management",
"to": "event_logging_security_events",
"note": "korrekte Konfiguration ermoeglicht vollstaendige Protokollierung"
},
{
"type": "out_of_scope",
"review_units": [
"M8",
"M59",
"M58",
"M71",
"M56",
"M5",
"M81",
"M63"
],
"note": "M8/M5/M81 KI-/FRT- bzw. domaenenspezifische Trainings-/PIN-/Biometrie-Protokollierung (AI Act/sektorale Regulierung); M58/M59/M71/M56/M63 reine DSGVO-/datenschutzrechtliche bzw. nationale Verwaltungs-Protokollierungspflichten, nicht CRA Annex I (2)(k)"
}
]
}
Reference in New Issue View Git Blame Copy Permalink