Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3bcffaf52c84e2e4c5656f76c1741328facf3690
breakpilot-compliance/obligations/cross_domain_relationships.json
T
Benjamin Admin 01956ee690 feat: cross-domain relationship discovery — Capability-Schicht-Entwurf (CRA P1) 
Stufe 1+2 der Ontologie-Entdeckung (User-Schaerfung #54): nicht Aehnlichkeit sondern
STRUKTURELLE Beziehung. 93 Obligations -> BGE-M3 -> 101 cross-family Paare -> Opus
klassifiziert in 8 Kategorien (genau eine je Paar).
- scripts/obligation_discovery/cross_domain_pairs.py (Stufe 1, key-frei)
- scripts/obligation_discovery/classify_relationships.py (Stufe 2, Opus)
- obligations/cross_domain_relationships.json: 16 SHARED_CAPABILITY -> 8 Capabilities
  (mfa/session/transport-tls/code_signing/anomaly_detection), 23 SUPPORTED_BY
  (Hubs: vuln_identification_inventory<-SBOM-Familie 5x, vuln_remediation_patching 5x),
  1 SAME_OBLIGATION (vuln_remediation_patching == provide_security_updates, MERGE-Kandidat),
  42 OVERLAP_ONLY sauber verworfen. Erstentwurf der Capability-Schicht (Phase 4).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-25 19:12:17 +02:00

1552 lines
44 KiB
JSON
Raw Blame History

{
"schema_version": "cross_domain_relationships_v1",
"generated_by": "cross_domain_pairs.py + classify_relationships.py (claude-opus-4-8)",
"scope": "6 CRA-P1-Familien, 93 Obligations, 101 cross-family Kandidatenpaare (BGE-M3 top-8 >=0.60)",
"method": "User-Schaerfung: nicht Aehnlichkeit sondern STRUKTURELLE Beziehung (8 Kategorien, genau eine je Paar).",
"distribution": {
"SHARED_CAPABILITY": 16,
"SAME_OBLIGATION": 1,
"OVERLAP_ONLY": 42,
"SUPPORTED_BY": 23,
"SHARED_EVIDENCE": 7,
"SHARED_PROCEDURE": 5,
"UNRELATED": 7
},
"capability_layer_draft": [
{
"capability": "mfa",
"n_pairs": 5,
"fulfills_obligations": [
"authentication/mfa_required",
"authentication/privileged_op_reauth",
"authentication/remote_access_authentication",
"authentication/supplier_access_auth",
"remote_access/remote_access_mfa",
"remote_access/remote_access_user_validation_ot"
],
"domains": [
"authentication",
"remote_access"
]
},
{
"capability": "session_management",
"n_pairs": 3,
"fulfills_obligations": [
"authentication/reauth_after_inactivity",
"authentication/session_binding_management",
"remote_access/remote_session_management",
"remote_access/temporary_remote_access_mgmt"
],
"domains": [
"authentication",
"remote_access"
]
},
{
"capability": "tls_encryption",
"n_pairs": 2,
"fulfills_obligations": [
"authentication/encrypted_auth_channel",
"remote_access/reject_insecure_remote_protocols",
"remote_access/remote_access_encryption"
],
"domains": [
"authentication",
"remote_access"
]
},
{
"capability": "mutual_tls",
"n_pairs": 2,
"fulfills_obligations": [
"authentication/mutual_authentication",
"authentication/service_to_service_auth",
"remote_access/remote_access_confidentiality_integrity",
"remote_access/remote_access_encryption"
],
"domains": [
"authentication",
"remote_access"
]
},
{
"capability": "code_signing",
"n_pairs": 1,
"fulfills_obligations": [
"authentication/firmware_software_authentication",
"updates/signed_update_integrity"
],
"domains": [
"authentication",
"updates"
]
},
{
"capability": "access_control",
"n_pairs": 1,
"fulfills_obligations": [
"authentication/credential_confidentiality_protection",
"sbom/sbom_confidentiality"
],
"domains": [
"authentication",
"sbom"
]
},
{
"capability": "anomaly_detection",
"n_pairs": 1,
"fulfills_obligations": [
"logging/log_monitoring_alerting",
"remote_access/remote_access_threat_detection"
],
"domains": [
"logging",
"remote_access"
]
},
{
"capability": "tls_certificate_auth",
"n_pairs": 1,
"fulfills_obligations": [
"authentication/tls_certificate_auth",
"remote_access/remote_access_encryption"
],
"domains": [
"authentication",
"remote_access"
]
}
],
"consolidation_suggestions": [
"tls_encryption + mutual_tls + tls_certificate_auth -> EINE Capability 'transport_encryption' (TLS-Varianten, vom Klassifikator fein gesplittet).",
"access_control-Cluster (credential_confidentiality_protection <-> sbom_confidentiality) ist SCHWACH -> eher OVERLAP_ONLY."
],
"merge_candidates": [
{
"a": "vuln/vuln_remediation_patching",
"b": "updates/provide_security_updates",
"reason": "Beide fordern Schwachstellenbehebung via Patches im Support-Zeitraum, deckungsgleich."
}
],
"supported_by_hierarchy": [
{
"child": "vuln/vuln_remediation_patching",
"parent": "remote_access/remote_access_vuln_patch_mgmt",
"reason": "Fernwartungs-Patching ist domaenenspezifischer Teilfall der allgemeinen Schwachstellenbehebung."
},
{
"child": "updates/trusted_update_source",
"parent": "authentication/firmware_software_authentication",
"reason": "Vertrauenswuerdige Quelle ergaenzt Signaturpflicht der Update-Authentifizierung."
},
{
"child": "sbom/sbom_completeness_verification",
"parent": "vuln/vuln_identification_inventory",
"reason": "SBOM-Vollstaendigkeitspruefung traegt zur Schwachstellen-Identifikation bei."
},
{
"child": "remote_access/remote_access_vuln_patch_mgmt",
"parent": "updates/provide_security_updates",
"reason": "Fernwartungs-Patching ist Teilfall der allgemeinen Update-Bereitstellung."
},
{
"child": "remote_access/remote_access_logging_audit",
"parent": "logging/event_logging_security_events",
"reason": "Fernwartungsprotokollierung ist Teilfall des allgemeinen Security-Event-Loggings."
},
{
"child": "vuln/vuln_info_dissemination_users",
"parent": "updates/provide_security_updates",
"reason": "Nutzerinformation ergaenzt die Update-Bereitstellungspflicht."
},
{
"child": "remote_access/remote_access_architecture_design",
"parent": "authentication/remote_access_authentication",
"reason": "Sichere Fernzugriffsarchitektur unterstuetzt Gateway-basierte Authentifizierung."
},
{
"child": "sbom/sbom_creation",
"parent": "vuln/vuln_identification_inventory",
"reason": "SBOM-Erstellung liefert das Inventar fuer Schwachstellen-Identifikation."
},
{
"child": "updates/update_risk_assessment",
"parent": "vuln/vuln_remediation_patching",
"reason": "Update-Risikobeurteilung speist die risikobasierte Schwachstellenbehebung."
},
{
"child": "remote_access/remote_access_vuln_patch_mgmt",
"parent": "vuln/vuln_assessment_prioritization",
"reason": "Fernwartungs-Patching bewertet/priorisiert Schwachstellen wie allgemeine Bewertungspflicht."
},
{
"child": "updates/update_testing_validation",
"parent": "vuln/vuln_remediation_patching",
"reason": "Update-Testen unterstuetzt zuverlaessige Schwachstellenbehebung via Patches."
},
{
"child": "remote_access/remote_access_user_validation_ot",
"parent": "authentication/remote_access_authentication",
"reason": "OT-Nutzervalidierung ist domaenenspezifische Auspraegung der Remote-Authentifizierung."
},
{
"child": "sbom/sbom_maintenance_update",
"parent": "vuln/vuln_identification_inventory",
"reason": "Aktualisierte SBOM unterstuetzt kontinuierliche Schwachstellen-Identifikation."
},
{
"child": "remote_access/remote_access_vuln_patch_mgmt",
"parent": "vuln/vuln_handling_process",
"reason": "Fernwartungs-Patching ist Teilfall des allgemeinen Vuln-Handling-Prozesses."
},
{
"child": "sbom/sbom_tooling_automation",
"parent": "vuln/vuln_identification_inventory",
"reason": "Automatisierte SBOM-Generierung unterstuetzt Schwachstellen-Identifikation."
},
{
"child": "updates/support_period_maintenance",
"parent": "vuln/vuln_remediation_patching",
"reason": "Wartung im Support-Zeitraum unterstuetzt fristgerechte Schwachstellenbehebung."
},
{
"child": "updates/automatic_updates_optout",
"parent": "vuln/vuln_remediation_patching",
"reason": "Automatische Updates unterstuetzen zeitnahe Schwachstellenbehebung."
},
{
"child": "updates/update_risk_assessment",
"parent": "vuln/vuln_assessment_prioritization",
"reason": "Update-Risikobeurteilung speist standardisierte Schwachstellen-Priorisierung."
},
{
"child": "updates/update_rollback",
"parent": "vuln/vuln_remediation_patching",
"reason": "Rollback unterstuetzt sichere Behebung fehlerhafter Patches."
},
{
"child": "sbom/sbom_dependency_coverage",
"parent": "vuln/vuln_identification_inventory",
"reason": "Dependency-Dokumentation unterstuetzt Schwachstellen-Identifikation in Komponenten."
},
{
"child": "remote_access/remote_access_vuln_patch_mgmt",
"parent": "updates/support_period_maintenance",
"reason": "Fernwartungs-Patching ist Teilfall der Support-Wartungsmassnahmen."
},
{
"child": "logging/logging_library_supply_chain",
"parent": "remote_access/remote_access_vuln_patch_mgmt",
"reason": "Logging-Library-Patching ist domaenenspezifischer Teilfall des Vuln-Patch-Managements."
},
{
"child": "vuln/vuln_info_dissemination_users",
"parent": "updates/automatic_updates_optout",
"reason": "Nutzerinformation ergaenzt automatische Update-Bereitstellung."
}
],
"hierarchy_hubs": {
"vuln/vuln_identification_inventory": 5,
"vuln/vuln_remediation_patching": 5,
"remote_access/remote_access_vuln_patch_mgmt": 2,
"updates/provide_security_updates": 2,
"authentication/remote_access_authentication": 2,
"vuln/vuln_assessment_prioritization": 2,
"authentication/firmware_software_authentication": 1,
"logging/event_logging_security_events": 1,
"vuln/vuln_handling_process": 1,
"updates/support_period_maintenance": 1,
"updates/automatic_updates_optout": 1
},
"shared_evidence": [
{
"a": "logging/log_retention_archival",
"b": "remote_access/remote_access_logging_audit",
"evidence": "audit_log",
"reason": "Beide nutzen Audit-Logs zur Aufbewahrung/Auswertung."
},
{
"a": "logging/access_control_event_logging",
"b": "remote_access/remote_access_logging_audit",
"evidence": "audit_log",
"reason": "Beide protokollieren Zugriffsereignisse in Audit-Logs."
},
{
"a": "logging/log_timestamp_synchronization",
"b": "remote_access/remote_access_logging_audit",
"evidence": "audit_log",
"reason": "Beide nutzen zeitgestempelte Audit-Logs."
},
{
"a": "logging/log_transmission_security",
"b": "remote_access/remote_access_logging_audit",
"evidence": "audit_log",
"reason": "Beide betreffen Audit-Logs, Transport bzw. Erfassung."
},
{
"a": "logging/log_monitoring_alerting",
"b": "remote_access/remote_access_logging_audit",
"evidence": "audit_log",
"reason": "Beide nutzen Logs zur Ueberwachung/Auswertung."
},
{
"a": "logging/network_traffic_logging",
"b": "remote_access/remote_access_logging_audit",
"evidence": "audit_log",
"reason": "Beide protokollieren Netzwerk-/Fernzugriffsereignisse."
},
{
"a": "logging/incident_response_logging",
"b": "remote_access/remote_access_logging_audit",
"evidence": "audit_log",
"reason": "Beide verknuepfen Aktivitaeten mit Audit-Logs."
}
],
"shared_procedure": [
{
"a": "vuln/vuln_handling_process",
"b": "logging/logging_governance_roles",
"reason": "Beide ueber Governance-Prozesse mit Rollen/Verantwortlichkeiten erfuellt."
},
{
"a": "vuln/vuln_handling_process",
"b": "authentication/authentication_policy_documented",
"reason": "Beide ueber dokumentierte, gepflegte Richtlinien/Prozesse erfuellt."
},
{
"a": "logging/logging_availability_resilience",
"b": "remote_access/remote_access_fallback_concept",
"reason": "Beide ueber Fallback-/Redundanzkonzepte bei Ausfaellen erfuellt."
},
{
"a": "sbom/sbom_access_provision",
"b": "vuln/coordinated_vulnerability_disclosure",
"reason": "Beide ueber definierte externe Kommunikations-/Meldekanaele erfuellt."
},
{
"a": "vuln/vuln_handling_process",
"b": "updates/support_period_maintenance",
"reason": "Beide ueber definierte Prozesse/Zeithorizonte im Support-Zeitraum erfuellt."
}
],
"noise_counts": {
"OVERLAP_ONLY": 42,
"UNRELATED": 7
},
"raw_results": [
{
"a": "mfa_required",
"fa": "authentication",
"b": "remote_access_mfa",
"fb": "remote_access",
"sim": 0.791,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "mfa",
"evidence_name": "",
"reason": "Beide durch MFA-Faehigkeit erfuellt, unterschiedlicher Geltungsbereich."
},
{
"a": "vuln_remediation_patching",
"fa": "vuln",
"b": "provide_security_updates",
"fb": "updates",
"sim": 0.774,
"relation": "SAME_OBLIGATION",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Beide fordern Schwachstellenbehebung via Patches im Support-Zeitraum, deckungsgleich."
},
{
"a": "firmware_software_authentication",
"fa": "authentication",
"b": "signed_update_integrity",
"fb": "updates",
"sim": 0.75,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "code_signing",
"evidence_name": "",
"reason": "Beide durch kryptografische Signatur/Verifikation von Updates erfuellt."
},
{
"a": "credential_confidentiality_protection",
"fa": "authentication",
"b": "log_transmission_security",
"fb": "logging",
"sim": 0.739,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Credential-Schutz vs. Log-Transportsicherheit, nur thematische Naehe."
},
{
"a": "supplier_access_auth",
"fa": "authentication",
"b": "remote_access_mfa",
"fb": "remote_access",
"sim": 0.727,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "mfa",
"evidence_name": "",
"reason": "Beide ueber starke Multi-Faktor-Authentifizierung erfuellt."
},
{
"a": "encrypted_auth_channel",
"fa": "authentication",
"b": "remote_access_encryption",
"fb": "remote_access",
"sim": 0.724,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "tls_encryption",
"evidence_name": "",
"reason": "Beide durch verschluesselte Kanaele/TLS erfuellt."
},
{
"a": "credential_confidentiality_protection",
"fa": "authentication",
"b": "log_data_minimization_privacy",
"fb": "logging",
"sim": 0.72,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Beide betreffen sensible Daten in Logs, distinkte Pflichten."
},
{
"a": "vuln_remediation_patching",
"fa": "vuln",
"b": "remote_access_vuln_patch_mgmt",
"fb": "remote_access",
"sim": 0.709,
"relation": "SUPPORTED_BY",
"direction": "a->b",
"capability_name": "",
"evidence_name": "",
"reason": "Fernwartungs-Patching ist domaenenspezifischer Teilfall der allgemeinen Schwachstellenbehebung."
},
{
"a": "sbom_confidentiality",
"fa": "sbom",
"b": "credential_confidentiality_protection",
"fb": "authentication",
"sim": 0.706,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "access_control",
"evidence_name": "",
"reason": "Beide ueber Zugriffskontrolle vertraulicher Daten erfuellt."
},
{
"a": "credential_confidentiality_protection",
"fa": "authentication",
"b": "log_integrity_immutability",
"fb": "logging",
"sim": 0.698,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Credential-Schutz vs. Log-Integritaet, distinkt."
},
{
"a": "log_retention_archival",
"fa": "logging",
"b": "remote_access_logging_audit",
"fb": "remote_access",
"sim": 0.696,
"relation": "SHARED_EVIDENCE",
"direction": "none",
"capability_name": "",
"evidence_name": "audit_log",
"reason": "Beide nutzen Audit-Logs zur Aufbewahrung/Auswertung."
},
{
"a": "access_control_event_logging",
"fa": "logging",
"b": "remote_access_logging_audit",
"fb": "remote_access",
"sim": 0.688,
"relation": "SHARED_EVIDENCE",
"direction": "none",
"capability_name": "",
"evidence_name": "audit_log",
"reason": "Beide protokollieren Zugriffsereignisse in Audit-Logs."
},
{
"a": "session_binding_management",
"fa": "authentication",
"b": "remote_session_management",
"fb": "remote_access",
"sim": 0.688,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "session_management",
"evidence_name": "",
"reason": "Beide ueber sicheres Session-Management erfuellt."
},
{
"a": "firmware_software_authentication",
"fa": "authentication",
"b": "trusted_update_source",
"fb": "updates",
"sim": 0.687,
"relation": "SUPPORTED_BY",
"direction": "b->a",
"capability_name": "",
"evidence_name": "",
"reason": "Vertrauenswuerdige Quelle ergaenzt Signaturpflicht der Update-Authentifizierung."
},
{
"a": "log_timestamp_synchronization",
"fa": "logging",
"b": "remote_access_logging_audit",
"fb": "remote_access",
"sim": 0.687,
"relation": "SHARED_EVIDENCE",
"direction": "none",
"capability_name": "",
"evidence_name": "audit_log",
"reason": "Beide nutzen zeitgestempelte Audit-Logs."
},
{
"a": "sbom_completeness_verification",
"fa": "sbom",
"b": "vuln_identification_inventory",
"fb": "vuln",
"sim": 0.685,
"relation": "SUPPORTED_BY",
"direction": "a->b",
"capability_name": "",
"evidence_name": "",
"reason": "SBOM-Vollstaendigkeitspruefung traegt zur Schwachstellen-Identifikation bei."
},
{
"a": "remote_access_authentication",
"fa": "authentication",
"b": "remote_access_confidentiality_integrity",
"fb": "remote_access",
"sim": 0.684,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Authentifizierung vs. Vertraulichkeit/Integritaet der Verbindung, distinkt."
},
{
"a": "privileged_op_reauth",
"fa": "authentication",
"b": "remote_access_mfa",
"fb": "remote_access",
"sim": 0.684,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "mfa",
"evidence_name": "",
"reason": "Beide ueber zusaetzliche Authentifizierung privilegierter Operationen erfuellt."
},
{
"a": "log_transmission_security",
"fa": "logging",
"b": "remote_access_logging_audit",
"fb": "remote_access",
"sim": 0.682,
"relation": "SHARED_EVIDENCE",
"direction": "none",
"capability_name": "",
"evidence_name": "audit_log",
"reason": "Beide betreffen Audit-Logs, Transport bzw. Erfassung."
},
{
"a": "firmware_software_authentication",
"fa": "authentication",
"b": "component_remote_interface_security",
"fb": "remote_access",
"sim": 0.681,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Code-Signing vs. Schnittstellensicherheit, nur lose Verbindung."
},
{
"a": "credential_confidentiality_protection",
"fa": "authentication",
"b": "remote_access_confidentiality_integrity",
"fb": "remote_access",
"sim": 0.678,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Credential-Schutz vs. Remote-Verbindungsschutz, distinkt."
},
{
"a": "log_access_control_protection",
"fa": "logging",
"b": "remote_access_logging_audit",
"fb": "remote_access",
"sim": 0.675,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Log-Zugriffskontrolle vs. Fernwartungsprotokollierung, distinkt."
},
{
"a": "remote_access_vuln_patch_mgmt",
"fa": "remote_access",
"b": "provide_security_updates",
"fb": "updates",
"sim": 0.674,
"relation": "SUPPORTED_BY",
"direction": "a->b",
"capability_name": "",
"evidence_name": "",
"reason": "Fernwartungs-Patching ist Teilfall der allgemeinen Update-Bereitstellung."
},
{
"a": "sbom_confidentiality",
"fa": "sbom",
"b": "remote_access_confidentiality_integrity",
"fb": "remote_access",
"sim": 0.672,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "SBOM-Vertraulichkeit vs. Remote-Verbindungsschutz, distinkt."
},
{
"a": "log_monitoring_alerting",
"fa": "logging",
"b": "remote_access_logging_audit",
"fb": "remote_access",
"sim": 0.672,
"relation": "SHARED_EVIDENCE",
"direction": "none",
"capability_name": "",
"evidence_name": "audit_log",
"reason": "Beide nutzen Logs zur Ueberwachung/Auswertung."
},
{
"a": "access_control_event_logging",
"fa": "logging",
"b": "reject_insecure_remote_protocols",
"fb": "remote_access",
"sim": 0.671,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Logging abgewiesener Zugriffe vs. Protokollblockade, distinkt."
},
{
"a": "vuln_handling_process",
"fa": "vuln",
"b": "logging_governance_roles",
"fb": "logging",
"sim": 0.664,
"relation": "SHARED_PROCEDURE",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Beide ueber Governance-Prozesse mit Rollen/Verantwortlichkeiten erfuellt."
},
{
"a": "logging_config_management",
"fa": "logging",
"b": "remote_access_logging_audit",
"fb": "remote_access",
"sim": 0.662,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Logging-Konfiguration vs. Fernwartungsprotokollierung, nur thematische Naehe."
},
{
"a": "sbom_completeness_verification",
"fa": "sbom",
"b": "firmware_software_authentication",
"fb": "authentication",
"sim": 0.659,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "SBOM-Pruefung vs. Code-Signing, distinkt."
},
{
"a": "remote_access_authentication",
"fa": "authentication",
"b": "remote_access_mfa",
"fb": "remote_access",
"sim": 0.659,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "mfa",
"evidence_name": "",
"reason": "Beide ueber starke/Multi-Faktor-Authentifizierung des Remote-Zugriffs erfuellt."
},
{
"a": "sbom_confidentiality",
"fa": "sbom",
"b": "log_data_minimization_privacy",
"fb": "logging",
"sim": 0.658,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "SBOM-Vertraulichkeit vs. Log-Datenschutz, distinkt."
},
{
"a": "firmware_software_authentication",
"fa": "authentication",
"b": "update_testing_validation",
"fb": "updates",
"sim": 0.658,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Signatur-Authentifizierung vs. Update-Testen, distinkt."
},
{
"a": "remote_access_authentication",
"fa": "authentication",
"b": "remote_access_encryption",
"fb": "remote_access",
"sim": 0.658,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Authentifizierung vs. Verschluesselung des Remote-Zugriffs, distinkt."
},
{
"a": "event_logging_security_events",
"fa": "logging",
"b": "remote_access_logging_audit",
"fb": "remote_access",
"sim": 0.658,
"relation": "SUPPORTED_BY",
"direction": "b->a",
"capability_name": "",
"evidence_name": "",
"reason": "Fernwartungsprotokollierung ist Teilfall des allgemeinen Security-Event-Loggings."
},
{
"a": "firmware_software_authentication",
"fa": "authentication",
"b": "automatic_updates_optout",
"fb": "updates",
"sim": 0.657,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Update-Signatur vs. Auto-Update-Konfiguration, distinkt."
},
{
"a": "remote_maintenance_governance",
"fa": "remote_access",
"b": "support_period_maintenance",
"fb": "updates",
"sim": 0.657,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Fernwartungs-Governance vs. Support-Wartung, nur thematische Naehe."
},
{
"a": "vuln_info_dissemination_users",
"fa": "vuln",
"b": "provide_security_updates",
"fb": "updates",
"sim": 0.656,
"relation": "SUPPORTED_BY",
"direction": "a->b",
"capability_name": "",
"evidence_name": "",
"reason": "Nutzerinformation ergaenzt die Update-Bereitstellungspflicht."
},
{
"a": "remote_access_authentication",
"fa": "authentication",
"b": "remote_access_architecture_design",
"fb": "remote_access",
"sim": 0.656,
"relation": "SUPPORTED_BY",
"direction": "b->a",
"capability_name": "",
"evidence_name": "",
"reason": "Sichere Fernzugriffsarchitektur unterstuetzt Gateway-basierte Authentifizierung."
},
{
"a": "user_authentication_required",
"fa": "authentication",
"b": "remote_access_training",
"fb": "remote_access",
"sim": 0.656,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Authentifizierung vs. Nutzerschulung, distinkt."
},
{
"a": "sbom_completeness_verification",
"fa": "sbom",
"b": "update_testing_validation",
"fb": "updates",
"sim": 0.656,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "SBOM-Pruefung vs. Update-Testen, distinkt."
},
{
"a": "sbom_creation",
"fa": "sbom",
"b": "vuln_identification_inventory",
"fb": "vuln",
"sim": 0.655,
"relation": "SUPPORTED_BY",
"direction": "a->b",
"capability_name": "",
"evidence_name": "",
"reason": "SBOM-Erstellung liefert das Inventar fuer Schwachstellen-Identifikation."
},
{
"a": "vuln_remediation_patching",
"fa": "vuln",
"b": "update_risk_assessment",
"fb": "updates",
"sim": 0.653,
"relation": "SUPPORTED_BY",
"direction": "b->a",
"capability_name": "",
"evidence_name": "",
"reason": "Update-Risikobeurteilung speist die risikobasierte Schwachstellenbehebung."
},
{
"a": "network_traffic_logging",
"fa": "logging",
"b": "remote_access_logging_audit",
"fb": "remote_access",
"sim": 0.653,
"relation": "SHARED_EVIDENCE",
"direction": "none",
"capability_name": "",
"evidence_name": "audit_log",
"reason": "Beide protokollieren Netzwerk-/Fernzugriffsereignisse."
},
{
"a": "session_binding_management",
"fa": "authentication",
"b": "log_transmission_security",
"fb": "logging",
"sim": 0.653,
"relation": "UNRELATED",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Session-Binding vs. Log-Transport, keine echte Beziehung."
},
{
"a": "vuln_assessment_prioritization",
"fa": "vuln",
"b": "remote_access_vuln_patch_mgmt",
"fb": "remote_access",
"sim": 0.652,
"relation": "SUPPORTED_BY",
"direction": "b->a",
"capability_name": "",
"evidence_name": "",
"reason": "Fernwartungs-Patching bewertet/priorisiert Schwachstellen wie allgemeine Bewertungspflicht."
},
{
"a": "credential_confidentiality_protection",
"fa": "authentication",
"b": "log_retention_archival",
"fb": "logging",
"sim": 0.652,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Credential-Schutz vs. Log-Aufbewahrung, distinkt."
},
{
"a": "encrypted_auth_channel",
"fa": "authentication",
"b": "reject_insecure_remote_protocols",
"fb": "remote_access",
"sim": 0.651,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "tls_encryption",
"evidence_name": "",
"reason": "Beide deaktivieren/blockieren unverschluesselte Kanaele."
},
{
"a": "mutual_authentication",
"fa": "authentication",
"b": "remote_access_confidentiality_integrity",
"fb": "remote_access",
"sim": 0.649,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "mutual_tls",
"evidence_name": "",
"reason": "Beide ueber gegenseitige Authentifizierung/Verbindungssicherung erfuellt."
},
{
"a": "token_validation_lifecycle",
"fa": "authentication",
"b": "update_testing_validation",
"fb": "updates",
"sim": 0.649,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Token-Validierung vs. Update-Validierung, nur Wortueberlappung."
},
{
"a": "remote_access_authentication",
"fa": "authentication",
"b": "remote_access_training",
"fb": "remote_access",
"sim": 0.648,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Authentifizierung vs. Schulung, distinkt."
},
{
"a": "remote_access_vuln_patch_mgmt",
"fa": "remote_access",
"b": "update_testing_validation",
"fb": "updates",
"sim": 0.648,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Fernwartungs-Patching vs. Update-Testen, distinkt."
},
{
"a": "vuln_remediation_patching",
"fa": "vuln",
"b": "update_testing_validation",
"fb": "updates",
"sim": 0.646,
"relation": "SUPPORTED_BY",
"direction": "b->a",
"capability_name": "",
"evidence_name": "",
"reason": "Update-Testen unterstuetzt zuverlaessige Schwachstellenbehebung via Patches."
},
{
"a": "logging_config_management",
"fa": "logging",
"b": "automatic_updates_optout",
"fb": "updates",
"sim": 0.646,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Logging-Default vs. Update-Default-Konfiguration, nur Themenueberlappung."
},
{
"a": "access_control_event_logging",
"fa": "logging",
"b": "remote_access_control_least_privilege",
"fb": "remote_access",
"sim": 0.644,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Zugriffsprotokollierung vs. Least-Privilege-Fernzugriff, distinkt."
},
{
"a": "service_to_service_auth",
"fa": "authentication",
"b": "remote_access_encryption",
"fb": "remote_access",
"sim": 0.644,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "mutual_tls",
"evidence_name": "",
"reason": "Beide ueber TLS/mTLS-basierte Authentifizierung/Verschluesselung erfuellt."
},
{
"a": "personal_admin_accounts",
"fa": "authentication",
"b": "remote_access_mfa",
"fb": "remote_access",
"sim": 0.643,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Persoenliche Admin-Konten vs. Remote-MFA, distinkt."
},
{
"a": "incident_response_logging",
"fa": "logging",
"b": "remote_access_logging_audit",
"fb": "remote_access",
"sim": 0.642,
"relation": "SHARED_EVIDENCE",
"direction": "none",
"capability_name": "",
"evidence_name": "audit_log",
"reason": "Beide verknuepfen Aktivitaeten mit Audit-Logs."
},
{
"a": "mfa_required",
"fa": "authentication",
"b": "remote_access_training",
"fb": "remote_access",
"sim": 0.641,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "MFA vs. Schulung, distinkt."
},
{
"a": "session_binding_management",
"fa": "authentication",
"b": "temporary_remote_access_mgmt",
"fb": "remote_access",
"sim": 0.639,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "session_management",
"evidence_name": "",
"reason": "Beide ueber sicheres, zeitbegrenztes Session-Management erfuellt."
},
{
"a": "remote_access_authentication",
"fa": "authentication",
"b": "remote_access_user_validation_ot",
"fb": "remote_access",
"sim": 0.638,
"relation": "SUPPORTED_BY",
"direction": "b->a",
"capability_name": "",
"evidence_name": "",
"reason": "OT-Nutzervalidierung ist domaenenspezifische Auspraegung der Remote-Authentifizierung."
},
{
"a": "sbom_completeness_verification",
"fa": "sbom",
"b": "log_integrity_immutability",
"fb": "logging",
"sim": 0.638,
"relation": "UNRELATED",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "SBOM-Pruefung vs. Log-Integritaet, keine Beziehung."
},
{
"a": "sbom_maintenance_update",
"fa": "sbom",
"b": "vuln_identification_inventory",
"fb": "vuln",
"sim": 0.636,
"relation": "SUPPORTED_BY",
"direction": "a->b",
"capability_name": "",
"evidence_name": "",
"reason": "Aktualisierte SBOM unterstuetzt kontinuierliche Schwachstellen-Identifikation."
},
{
"a": "vuln_handling_process",
"fa": "vuln",
"b": "authentication_policy_documented",
"fb": "authentication",
"sim": 0.635,
"relation": "SHARED_PROCEDURE",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Beide ueber dokumentierte, gepflegte Richtlinien/Prozesse erfuellt."
},
{
"a": "remote_access_authentication",
"fa": "authentication",
"b": "remote_access_threat_detection",
"fb": "remote_access",
"sim": 0.634,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Authentifizierung vs. Threat-Detection, distinkt."
},
{
"a": "vuln_info_dissemination_users",
"fa": "vuln",
"b": "update_testing_validation",
"fb": "updates",
"sim": 0.632,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Nutzerinformation vs. Update-Testen, distinkt."
},
{
"a": "user_authentication_required",
"fa": "authentication",
"b": "signed_update_integrity",
"fb": "updates",
"sim": 0.632,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Nutzer-Authentifizierung vs. Update-Signatur, nur Wortueberlappung."
},
{
"a": "log_monitoring_alerting",
"fa": "logging",
"b": "remote_access_threat_detection",
"fb": "remote_access",
"sim": 0.632,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "anomaly_detection",
"evidence_name": "",
"reason": "Beide ueber Anomalie-/Bedrohungserkennung erfuellt."
},
{
"a": "no_default_credentials",
"fa": "authentication",
"b": "automatic_updates_optout",
"fb": "updates",
"sim": 0.632,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Default-Credentials vs. Auto-Update-Default, nur Default-Thema."
},
{
"a": "tls_certificate_auth",
"fa": "authentication",
"b": "remote_access_encryption",
"fb": "remote_access",
"sim": 0.631,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "tls_certificate_auth",
"evidence_name": "",
"reason": "Beide ueber TLS/Client-Zertifikate erfuellt."
},
{
"a": "reauth_after_inactivity",
"fa": "authentication",
"b": "remote_session_management",
"fb": "remote_access",
"sim": 0.63,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "session_management",
"evidence_name": "",
"reason": "Beide ueber Inaktivitaets-Timeout/Reauth des Session-Managements erfuellt."
},
{
"a": "vuln_handling_process",
"fa": "vuln",
"b": "logging_config_management",
"fb": "logging",
"sim": 0.629,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Vuln-Prozess vs. Logging-Konfiguration, nur Dokumentationsbezug."
},
{
"a": "sbom_access_provision",
"fa": "sbom",
"b": "vuln_identification_inventory",
"fb": "vuln",
"sim": 0.628,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "SBOM-Bereitstellung vs. Schwachstellen-Inventar, distinkt."
},
{
"a": "vuln_handling_process",
"fa": "vuln",
"b": "remote_access_vuln_patch_mgmt",
"fb": "remote_access",
"sim": 0.627,
"relation": "SUPPORTED_BY",
"direction": "b->a",
"capability_name": "",
"evidence_name": "",
"reason": "Fernwartungs-Patching ist Teilfall des allgemeinen Vuln-Handling-Prozesses."
},
{
"a": "logging_availability_resilience",
"fa": "logging",
"b": "remote_access_fallback_concept",
"fb": "remote_access",
"sim": 0.626,
"relation": "SHARED_PROCEDURE",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Beide ueber Fallback-/Redundanzkonzepte bei Ausfaellen erfuellt."
},
{
"a": "remote_access_authentication",
"fa": "authentication",
"b": "remote_maintenance_governance",
"fb": "remote_access",
"sim": 0.625,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Authentifizierung vs. Fernwartungs-Governance, distinkt."
},
{
"a": "vuln_assessment_prioritization",
"fa": "vuln",
"b": "update_testing_validation",
"fb": "updates",
"sim": 0.625,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Schwachstellenbewertung vs. Update-Testen, distinkt."
},
{
"a": "sbom_tooling_automation",
"fa": "sbom",
"b": "vuln_identification_inventory",
"fb": "vuln",
"sim": 0.624,
"relation": "SUPPORTED_BY",
"direction": "a->b",
"capability_name": "",
"evidence_name": "",
"reason": "Automatisierte SBOM-Generierung unterstuetzt Schwachstellen-Identifikation."
},
{
"a": "vuln_remediation_patching",
"fa": "vuln",
"b": "support_period_maintenance",
"fb": "updates",
"sim": 0.624,
"relation": "SUPPORTED_BY",
"direction": "b->a",
"capability_name": "",
"evidence_name": "",
"reason": "Wartung im Support-Zeitraum unterstuetzt fristgerechte Schwachstellenbehebung."
},
{
"a": "network_traffic_logging",
"fa": "logging",
"b": "component_remote_interface_security",
"fb": "remote_access",
"sim": 0.621,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Netzwerk-Logging vs. Schnittstellensicherheit, distinkt."
},
{
"a": "sbom_completeness_verification",
"fa": "sbom",
"b": "signed_update_integrity",
"fb": "updates",
"sim": 0.621,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "SBOM-Pruefung vs. Update-Signatur, distinkt."
},
{
"a": "vuln_assessment_prioritization",
"fa": "vuln",
"b": "password_policy",
"fb": "authentication",
"sim": 0.62,
"relation": "UNRELATED",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Schwachstellenbewertung vs. Passwortrichtlinie, Falsch-Positiv."
},
{
"a": "session_binding_management",
"fa": "authentication",
"b": "remote_access_training",
"fb": "remote_access",
"sim": 0.62,
"relation": "UNRELATED",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Session-Management vs. Schulung, keine Beziehung."
},
{
"a": "vuln_remediation_patching",
"fa": "vuln",
"b": "automatic_updates_optout",
"fb": "updates",
"sim": 0.619,
"relation": "SUPPORTED_BY",
"direction": "b->a",
"capability_name": "",
"evidence_name": "",
"reason": "Automatische Updates unterstuetzen zeitnahe Schwachstellenbehebung."
},
{
"a": "vuln_handling_process",
"fa": "vuln",
"b": "remote_access_logging_audit",
"fb": "remote_access",
"sim": 0.619,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Vuln-Prozess vs. Fernwartungsprotokollierung, distinkt."
},
{
"a": "credential_confidentiality_protection",
"fa": "authentication",
"b": "log_timestamp_synchronization",
"fb": "logging",
"sim": 0.617,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Credential-Schutz vs. Log-Zeitstempel, nur Logbezug."
},
{
"a": "vuln_assessment_prioritization",
"fa": "vuln",
"b": "update_risk_assessment",
"fb": "updates",
"sim": 0.617,
"relation": "SUPPORTED_BY",
"direction": "b->a",
"capability_name": "",
"evidence_name": "",
"reason": "Update-Risikobeurteilung speist standardisierte Schwachstellen-Priorisierung."
},
{
"a": "vuln_handling_process",
"fa": "vuln",
"b": "update_rollback",
"fb": "updates",
"sim": 0.617,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Vuln-Prozess vs. Update-Rollback, distinkt."
},
{
"a": "vuln_remediation_patching",
"fa": "vuln",
"b": "update_rollback",
"fb": "updates",
"sim": 0.616,
"relation": "SUPPORTED_BY",
"direction": "b->a",
"capability_name": "",
"evidence_name": "",
"reason": "Rollback unterstuetzt sichere Behebung fehlerhafter Patches."
},
{
"a": "supplier_access_auth",
"fa": "authentication",
"b": "remote_access_user_validation_ot",
"fb": "remote_access",
"sim": 0.613,
"relation": "SHARED_CAPABILITY",
"direction": "none",
"capability_name": "mfa",
"evidence_name": "",
"reason": "Beide ueber starke Authentifizierung/Validierung externer Fernzugriffe erfuellt."
},
{
"a": "vuln_info_dissemination_users",
"fa": "vuln",
"b": "remote_access_vuln_patch_mgmt",
"fb": "remote_access",
"sim": 0.612,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Nutzerinformation vs. Fernwartungs-Patching, distinkt."
},
{
"a": "remote_access_vuln_patch_mgmt",
"fa": "remote_access",
"b": "update_rollback",
"fb": "updates",
"sim": 0.61,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Fernwartungs-Patching vs. Rollback, distinkt."
},
{
"a": "vuln_info_dissemination_users",
"fa": "vuln",
"b": "log_monitoring_alerting",
"fb": "logging",
"sim": 0.609,
"relation": "UNRELATED",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Nutzerinformation vs. Log-Monitoring, Falsch-Positiv."
},
{
"a": "sbom_dependency_coverage",
"fa": "sbom",
"b": "vuln_identification_inventory",
"fb": "vuln",
"sim": 0.608,
"relation": "SUPPORTED_BY",
"direction": "a->b",
"capability_name": "",
"evidence_name": "",
"reason": "Dependency-Dokumentation unterstuetzt Schwachstellen-Identifikation in Komponenten."
},
{
"a": "remote_access_vuln_patch_mgmt",
"fa": "remote_access",
"b": "support_period_maintenance",
"fb": "updates",
"sim": 0.608,
"relation": "SUPPORTED_BY",
"direction": "a->b",
"capability_name": "",
"evidence_name": "",
"reason": "Fernwartungs-Patching ist Teilfall der Support-Wartungsmassnahmen."
},
{
"a": "logging_config_management",
"fa": "logging",
"b": "support_period_maintenance",
"fb": "updates",
"sim": 0.608,
"relation": "UNRELATED",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Logging-Konfiguration vs. Support-Wartung, keine Beziehung."
},
{
"a": "sbom_format_standard",
"fa": "sbom",
"b": "log_format_standardization",
"fb": "logging",
"sim": 0.606,
"relation": "OVERLAP_ONLY",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "SBOM-Format vs. Log-Format, nur Standardisierungsthema, distinkt."
},
{
"a": "logging_library_supply_chain",
"fa": "logging",
"b": "remote_access_vuln_patch_mgmt",
"fb": "remote_access",
"sim": 0.606,
"relation": "SUPPORTED_BY",
"direction": "a->b",
"capability_name": "",
"evidence_name": "",
"reason": "Logging-Library-Patching ist domaenenspezifischer Teilfall des Vuln-Patch-Managements."
},
{
"a": "remote_access_authentication",
"fa": "authentication",
"b": "support_period_maintenance",
"fb": "updates",
"sim": 0.605,
"relation": "UNRELATED",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Remote-Authentifizierung vs. Support-Wartung, Falsch-Positiv."
},
{
"a": "sbom_access_provision",
"fa": "sbom",
"b": "coordinated_vulnerability_disclosure",
"fb": "vuln",
"sim": 0.604,
"relation": "SHARED_PROCEDURE",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Beide ueber definierte externe Kommunikations-/Meldekanaele erfuellt."
},
{
"a": "vuln_handling_process",
"fa": "vuln",
"b": "support_period_maintenance",
"fb": "updates",
"sim": 0.602,
"relation": "SHARED_PROCEDURE",
"direction": "none",
"capability_name": "",
"evidence_name": "",
"reason": "Beide ueber definierte Prozesse/Zeithorizonte im Support-Zeitraum erfuellt."
},
{
"a": "vuln_info_dissemination_users",
"fa": "vuln",
"b": "automatic_updates_optout",
"fb": "updates",
"sim": 0.601,
"relation": "SUPPORTED_BY",
"direction": "a->b",
"capability_name": "",
"evidence_name": "",
"reason": "Nutzerinformation ergaenzt automatische Update-Bereitstellung."
}
]
}
Reference in New Issue View Git Blame Copy Permalink