Benjamin Admin
807a7002b2
The advisor was structurally correct but unusable: every question showed a snake_case capability id plus a
single generic fallback reason ("Keine Anhaltspunkte im Unternehmensprofil — klären"). The expert text
already EXISTED in the transition patterns (why_asked / reviewable_claim) — the pipeline just dropped it.
- transition_reasoning: TargetRequirement gains `rationale`; assess_transition uses it as the request
reason when present, else the generic fallback (additive, backward-compatible for all consumers).
- onboarding_service._target carries the pattern's why_asked (delta) and reviewable_claim (likely_covered)
into the requirement rationale -> the question's `why`.
- knowledge/onboarding/capability_labels.yaml: curated DE labels (id -> human), reusable across targets;
labels_for() + response.capability_labels expose them; the frontend renders label || prettified id.
Now ISO27001->TISAX reads "Auftragsverarbeitung (Art. 28 DSGVO) — If a TISAX data label is in scope, you
must show Art. 28 GDPR processing-on-behalf controls; ISO 27001 does not establish these." instead of
"data_protection_processing_on_behalf — klären". why_asked text is still EN (existing knowledge; translation
is curation). 34 onboarding+transition tests pass, mypy --strict clean (13 modules), check-loc 0.
46 lines
3.7 KiB
YAML
46 lines
3.7 KiB
YAML
# Human-readable capability labels (DE) — presentation only, reusable across all targets.
|
|
# A capability id is the stable machine identity; this maps it to an expert-facing label for the UI.
|
|
# Curated knowledge (draft — to be corrected by the domain expert). Missing ids fall back to a
|
|
# prettified id in the frontend. NO real company names. Keep labels short + concrete.
|
|
|
|
labels:
|
|
# ── ISMS / ISO 27001 core ───────────────────────────────────────────────
|
|
information_security_management: "Informationssicherheits-Managementsystem (ISMS)"
|
|
access_control_and_authentication: "Zugriffskontrolle & Authentifizierung"
|
|
asset_and_configuration_management: "Asset- & Konfigurationsverwaltung"
|
|
cryptography: "Kryptographie / Verschlüsselung"
|
|
incident_management: "Security-Incident-Management"
|
|
security_awareness_training: "Security-Awareness-Schulungen"
|
|
supplier_security: "Lieferanten-Sicherheit"
|
|
security_logging_and_monitoring: "Security-Logging & Monitoring"
|
|
technical_vulnerability_management: "Technisches Schwachstellen-Management"
|
|
# ── TISAX / VDA-spezifisch ──────────────────────────────────────────────
|
|
prototype_protection: "Prototypenschutz (physisch & logisch)"
|
|
tisax_label_scope_selection: "TISAX-Label-/Scope-Festlegung"
|
|
tisax_assessment_via_enx: "TISAX-Assessment über die ENX-Plattform"
|
|
vda_isa_self_assessment: "VDA-ISA-Selbstauskunft"
|
|
data_protection_processing_on_behalf: "Auftragsverarbeitung (Art. 28 DSGVO)"
|
|
physical_security: "Physische Sicherheit / Zutrittskontrolle"
|
|
# ── QM / ISO 9001 ───────────────────────────────────────────────────────
|
|
document_and_change_control: "Dokumenten- & Änderungslenkung"
|
|
supplier_evaluation: "Lieferantenbewertung"
|
|
release_and_approval_process: "Freigabe- & Genehmigungsprozess"
|
|
ce_conformity_assessment_and_technical_documentation: "CE-Konformitätsbewertung & technische Dokumentation"
|
|
# ── CRA / Produkt-Cybersecurity ─────────────────────────────────────────
|
|
sbom_creation: "SBOM-Erstellung (Software-Stückliste)"
|
|
coordinated_vulnerability_disclosure: "Coordinated Vulnerability Disclosure (CVD)"
|
|
secure_development_lifecycle: "Sicherer Entwicklungslebenszyklus (SDLC)"
|
|
secure_signed_update_distribution: "Sichere, signierte Update-Verteilung"
|
|
security_update_support_period: "Sicherheits-Update-Supportzeitraum"
|
|
product_cyber_risk_assessment: "Produkt-Cyber-Risikobewertung"
|
|
exploited_vuln_and_incident_reporting: "Meldung ausgenutzter Schwachstellen & Vorfälle"
|
|
public_security_advisories: "Öffentliche Security Advisories"
|
|
cybersecurity_management_system: "Cybersecurity-Managementsystem (CSMS)"
|
|
# ── MaschinenVO / Safety ────────────────────────────────────────────────
|
|
machine_safety_risk_assessment: "Maschinen-Risikobeurteilung"
|
|
mechanical_safety_and_guards: "Mechanische Sicherheit & Schutzeinrichtungen"
|
|
operating_instructions_and_safety_information: "Betriebsanleitung & Sicherheitshinweise"
|
|
protection_against_corruption_of_safety_functions: "Schutz der Sicherheitsfunktionen vor Manipulation"
|
|
# ── Umwelt ──────────────────────────────────────────────────────────────
|
|
environmental_management_documentation: "Umweltmanagement-Dokumentation"
|