Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5c1a514b52e88ffd4b50782745d9ec8456bc66b3
breakpilot-compliance/ai-compliance-sdk/policies/payment_controls_v1.json
Benjamin Admin 5c1a514b52 feat: Payment Controls auf 445 erweitert — ZVT/OPI Protokoll komplett 
+37 Controls in 8 neuen Domaenen:
- TERMSYNC (2): Sync-Entscheidungen, Divergenzpruefung
- ZVT-CMD (5): Kommandoreihenfolge, Parameter, Antwortverarbeitung
- ZVT-RT (5): Timeouts, Retry, Backoff, Abbruch-Markierung
- ZVT-STATE (5): State Machine, Exit-Pfade, Recovery
- ZVT-COM (5): Nachrichtenlaenge, Checksummen, Encoding
- ZVT-REV (5): Reversal, Storno, Mehrfachschutz
- ZVT-RESP (5): Response-Codes, Fehlerinterpretation
- ZVT-SESSION (5): Session-Lifecycle, Timeout, Parallelitaet

445 Controls total, 43 Domaenen

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 12:57:05 +02:00

5553 lines
151 KiB
JSON
Raw Blame History

{
"schema": "payment_controls",
"version": "1.0",
"description": "Technische Pruefbibliothek fuer Payment-Terminal-Systeme. Eigene Controls, keine Normkopie.",
"domains": [
{
"id": "PAY",
"name": "Payment Flow & Transaction Integrity",
"description": "Zahlungsablauf, Zustandslogik, Idempotenz, Betragsvalidierung"
},
{
"id": "LOG",
"name": "Logging & Audit",
"description": "Protokollierung, Audit Trail, Datenmaskierung"
},
{
"id": "CRYPTO",
"name": "Secrets & Cryptography",
"description": "Schluesselmanagement, Verschluesselung, Secure Storage"
},
{
"id": "API",
"name": "API & Backend Security",
"description": "Authentifizierung, Autorisierung, Input Validation"
},
{
"id": "TERM",
"name": "Terminal Communication",
"description": "ZVT/OPI Protokolle, Sequenzen, Fehlercodes"
},
{
"id": "FW",
"name": "Firmware & Device Integrity",
"description": "Signierung, Update-Schutz, Manipulationserkennung"
},
{
"id": "REP",
"name": "Reporting & Reconciliation",
"description": "Transaktionsberichte, Abgleich, Exportdaten"
},
{
"id": "ACC",
"name": "Access Control & Administration",
"description": "Rollenkonzept, Privilegien, Session-Management"
},
{
"id": "ERR",
"name": "Error Handling & Resilience",
"description": "Fehlerbehandlung, Recovery, Offline-Szenarien"
},
{
"id": "BLD",
"name": "Build, Deployment & Supply Chain",
"description": "CI/CD Sicherheit, Abhaengigkeiten, Release-Integritaet"
},
{
"id": "AUTH",
"name": "Authentication & Authorization",
"description": "Authentifizierung, Autorisierung, Rollen, Privilegien"
},
{
"id": "SESSION",
"name": "Session Management",
"description": "Sitzungsverwaltung, Token, Cookies, Timeout"
},
{
"id": "KEYMGMT",
"name": "Key Management",
"description": "Schluessellebenszyklen, Rotation, Provisioning"
},
{
"id": "DEVICE",
"name": "Device Identity & Integrity",
"description": "Geraeteidentitaet, Provisioning, Tamper Detection"
},
{
"id": "TRANS",
"name": "Transaction Integrity",
"description": "Transaktionslogik, State Machine, Idempotenz"
},
{
"id": "DATA",
"name": "Data Minimization & Protection",
"description": "Datenminimierung, Maskierung, Klassifikation"
},
{
"id": "ERROR",
"name": "Error Handling & Resilience",
"description": "Fehlerbehandlung, Retry, Fallback, Monitoring"
},
{
"id": "REPORT",
"name": "Reporting & Reconciliation",
"description": "Berichte, Abgleich, Export, Audit Trail"
},
{
"id": "BUILD",
"name": "Build Pipeline Security",
"description": "CI/CD Sicherheit, Artefakt-Integritaet, Abhaengigkeiten"
},
{
"id": "DEPLOY",
"name": "Deployment Security",
"description": "Release-Management, Rollback, Umgebungstrennung"
},
{
"id": "QUEUE",
"name": "Message Queue & Async",
"description": "Warteschlangen, Idempotenz, Dead-Letter, Reihenfolge"
},
{
"id": "TENANT",
"name": "Multi-Tenancy Isolation",
"description": "Mandantentrennung, Cross-Tenant-Schutz, Cache-Isolation"
},
{
"id": "TELEMETRY",
"name": "Telemetry & Observability",
"description": "Metriken, Tracing, Datenmaskierung in Observability"
},
{
"id": "CONFIG",
"name": "Configuration Security",
"description": "Defaults, Validierung, Feature Flags, Laufzeitaenderungen"
},
{
"id": "NETWORK",
"name": "Network Security",
"description": "Segmentierung, Firewall, TLS, Egress-Kontrolle"
},
{
"id": "STORAGE",
"name": "Data Storage Security",
"description": "Persistenz, Backup, Schema-Integritaet, Zugriffskontrolle"
},
{
"id": "MONITOR",
"name": "Monitoring & Alerting",
"description": "Alarmierung, Heartbeats, Schwellwerte, Incident Detection"
},
{
"id": "OPS",
"name": "Operations & Runbooks",
"description": "Betriebsprozesse, Runbooks, Wartung, Recovery"
},
{
"id": "ZVTCORE",
"name": "ZVT Core Protocol",
"description": "ZVT-Rahmenstruktur, Parser, Feldvalidierung, Kodierung"
},
{
"id": "ZVTFLOW",
"name": "ZVT Protocol Flow",
"description": "ZVT-Kommandosequenzen, Zustandsuebergaenge, Sitzungslogik"
},
{
"id": "ZVTERROR",
"name": "ZVT Error Handling",
"description": "ZVT-Fehlercodes, Fehlerklassifikation, Eskalation"
},
{
"id": "ZVTTIME",
"name": "ZVT Timing & Timeout",
"description": "ZVT-Timeouts, Retry, Busy-States, Zeitsteuerung"
},
{
"id": "OPICORE",
"name": "OPI Core Protocol",
"description": "OPI-Nachrichtenstruktur, Schema, Validierung, Parser"
},
{
"id": "OPIFLOW",
"name": "OPI Protocol Flow",
"description": "OPI-Ablaufsteuerung, Korrelation, Storno, Recovery"
},
{
"id": "PROTOINT",
"name": "Protocol Integration",
"description": "Protokollkonverter, Mapping, Serialisierung, Adapter"
},
{
"id": "TERMSTATE",
"name": "Terminal State Management",
"description": "Terminalzustaende, Busy, Reconnect, Sicherheitsflags"
},
{
"id": "TERMREC",
"name": "Terminal Receipt & Records",
"description": "Belegdaten, Validierung, Zuordnung, Datenschutz"
},
{
"id": "TERMSYNC",
"name": "Terminal Synchronization",
"description": "Abgleich, Settlement, Offline-Sync, Konsistenz"
},
{
"id": "ZVT-CMD",
"name": "ZVT Command Flow",
"description": "ZVT-Kommandoreihenfolge, Parameter, Antwortverarbeitung"
},
{
"id": "ZVT-RT",
"name": "ZVT Retry & Timeout",
"description": "Timeout-Definitionen, Retry-Strategien, Backoff"
},
{
"id": "ZVT-STATE",
"name": "ZVT State Machine",
"description": "Zustandsmodell, Uebergaenge, Recovery, Deadlock-Vermeidung"
},
{
"id": "ZVT-COM",
"name": "ZVT Communication Integrity",
"description": "Nachrichtenlaenge, Checksummen, Encoding, Fragmentierung"
},
{
"id": "ZVT-REV",
"name": "ZVT Reversal & Cancellation",
"description": "Storno, Reversal, Zuordnung, Mehrfachschutz"
},
{
"id": "ZVT-RESP",
"name": "ZVT Response Handling",
"description": "Response-Codes, Fehlerinterpretation, Statusupdate"
},
{
"id": "ZVT-SESSION",
"name": "ZVT Session Management",
"description": "Session-Lifecycle, Timeout, Wiederaufnahme, Parallelitaet"
}
],
"controls": [
{
"control_id": "PAY-001",
"domain": "PAY",
"title": "Eindeutige Transaktions-ID pro Zahlungsvorgang",
"objective": "Verhindert Vermischung und Mehrfachverarbeitung",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "high"
},
{
"control_id": "PAY-002",
"domain": "PAY",
"title": "Idempotente Verarbeitung wiederholter Zahlungsanfragen",
"objective": "Verhindert doppelte Buchungen bei Retries",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "PAY-003",
"domain": "PAY",
"title": "Verhinderung doppelter Verbuchung bei Netzwerk-Retry",
"objective": "Stellt konsistente Zahlungszustaende sicher",
"check_target": "system",
"evidence": [
"integration_test",
"architecture_doc"
],
"automation": "partial"
},
{
"control_id": "PAY-004",
"domain": "PAY",
"title": "Definierter Initialzustand jeder Transaktion",
"objective": "Verhindert undefinierte Startbedingungen",
"check_target": "code",
"evidence": [
"source_code"
],
"automation": "high"
},
{
"control_id": "PAY-005",
"domain": "PAY",
"title": "Definierte erlaubte Zustandsuebergaenge in der Transaktionslogik",
"objective": "Verhindert ungueltige State Transitions",
"check_target": "code",
"evidence": [
"source_code",
"unit_test"
],
"automation": "medium"
},
{
"control_id": "PAY-006",
"domain": "PAY",
"title": "Keine direkte Transition in terminalen Erfolgszustand ohne Autorisierung",
"objective": "Verhindert vorzeitige Freigabe",
"check_target": "code",
"evidence": [
"source_code",
"unit_test"
],
"automation": "medium"
},
{
"control_id": "PAY-007",
"domain": "PAY",
"title": "Abbruchpfade fuehren in definierten Endzustand",
"objective": "Sichert sauberes Cancel-Handling",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "PAY-008",
"domain": "PAY",
"title": "Timeout fuehrt in nachvollziehbaren und sicheren Zustand",
"objective": "Verhindert haengende Transaktionen",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "PAY-009",
"domain": "PAY",
"title": "Rollback oder Reversal-Handling bei Teilfehlschlag",
"objective": "Reduziert Inkonsistenzen",
"check_target": "system",
"evidence": [
"integration_test",
"architecture_doc"
],
"automation": "partial"
},
{
"control_id": "PAY-010",
"domain": "PAY",
"title": "Fehlerhafte Antworten werden nicht als Erfolg interpretiert",
"objective": "Verhindert False Positive bei Zahlungsstatus",
"check_target": "code",
"evidence": [
"source_code",
"unit_test"
],
"automation": "high"
},
{
"control_id": "PAY-011",
"domain": "PAY",
"title": "Betragsvalidierung bei jeder Zahlungsanfrage",
"objective": "Verhindert Betragmanipulation und negative Werte",
"check_target": "code",
"evidence": [
"source_code",
"unit_test"
],
"automation": "high"
},
{
"control_id": "PAY-012",
"domain": "PAY",
"title": "Waehrungsfeld wird validiert und konsistent verarbeitet",
"objective": "Verhindert Fehlverarbeitung bei Mehrwaehrung",
"check_target": "code",
"evidence": [
"source_code"
],
"automation": "high"
},
{
"control_id": "PAY-013",
"domain": "PAY",
"title": "Betragsrundung erfolgt deterministisch und dokumentiert",
"objective": "Verhindert Abweichungen Frontend/Terminal/Backend",
"check_target": "code",
"evidence": [
"source_code",
"unit_test"
],
"automation": "medium"
},
{
"control_id": "PAY-014",
"domain": "PAY",
"title": "Keine lokale Manipulation des autorisierten Betrags nach Freigabe",
"objective": "Schuetzt Integritaet der Zahlung",
"check_target": "code",
"evidence": [
"source_code",
"unit_test"
],
"automation": "medium"
},
{
"control_id": "PAY-015",
"domain": "PAY",
"title": "Transaktionskontext bleibt ueber Retry-Versuche konsistent",
"objective": "Verhindert Kontextverlust",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "PAY-016",
"domain": "PAY",
"title": "Antworten ohne Referenz-ID werden nicht akzeptiert",
"objective": "Verhindert verwaiste Zuordnungen",
"check_target": "code",
"evidence": [
"source_code"
],
"automation": "high"
},
{
"control_id": "PAY-017",
"domain": "PAY",
"title": "Doppelte Callback-Verarbeitung wird unterdrueckt",
"objective": "Verhindert doppelte Statusupdates",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "PAY-018",
"domain": "PAY",
"title": "Asynchrone Statusmeldungen werden korreliert und sequenziell verarbeitet",
"objective": "Sichert korrekte Reihenfolge",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "PAY-019",
"domain": "PAY",
"title": "Geschaeftsvorfall wird erst nach bestaetigtem Zahlungsstatus finalisiert",
"objective": "Verhindert Business Success ohne Payment Success",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "PAY-020",
"domain": "PAY",
"title": "Offline-Zahlungen werden explizit gekennzeichnet",
"objective": "Verhindert Verwechslung mit final autorisierten Zahlungen",
"check_target": "code",
"evidence": [
"source_code",
"reporting_output"
],
"automation": "medium"
},
{
"control_id": "LOG-001",
"domain": "LOG",
"title": "Keine sensitiven Zahlungsdaten im Anwendungslog",
"objective": "Verhindert Offenlegung sensitiver Daten",
"check_target": "code",
"evidence": [
"source_code",
"log_config"
],
"automation": "high"
},
{
"control_id": "LOG-002",
"domain": "LOG",
"title": "PAN wird in Logs maskiert",
"objective": "Reduziert Risiko bei Log-Einsicht",
"check_target": "code",
"evidence": [
"source_code",
"log_output_sample"
],
"automation": "high"
},
{
"control_id": "LOG-003",
"domain": "LOG",
"title": "CVV/CVC wird niemals geloggt",
"objective": "Verhindert Protokollierung sensitiver Authentifizierungsdaten",
"check_target": "code",
"evidence": [
"source_code"
],
"automation": "high"
},
{
"control_id": "LOG-004",
"domain": "LOG",
"title": "Kryptographische Schluessel werden nicht geloggt",
"objective": "Verhindert Kompromittierung durch Logging",
"check_target": "code",
"evidence": [
"source_code",
"log_output_sample"
],
"automation": "high"
},
{
"control_id": "LOG-005",
"domain": "LOG",
"title": "Admin-Aktionen werden auditierbar protokolliert",
"objective": "Ermoeglicht Nachvollziehbarkeit privilegierter Handlungen",
"check_target": "system",
"evidence": [
"source_code",
"audit_log_sample"
],
"automation": "partial"
},
{
"control_id": "LOG-006",
"domain": "LOG",
"title": "Konfigurationsaenderungen werden protokolliert",
"objective": "Ermoeglicht Nachweis kritischer Aenderungen",
"check_target": "system",
"evidence": [
"source_code",
"audit_log_sample"
],
"automation": "partial"
},
{
"control_id": "LOG-007",
"domain": "LOG",
"title": "Fehlgeschlagene Authentifizierungsversuche werden geloggt",
"objective": "Unterstuetzt Erkennung von Missbrauch",
"check_target": "code",
"evidence": [
"source_code",
"audit_log_sample"
],
"automation": "high"
},
{
"control_id": "LOG-008",
"domain": "LOG",
"title": "Sicherheitsrelevante Ereignisse erhalten eindeutige Event-Typen",
"objective": "Erleichtert Korrelation und Monitoring",
"check_target": "code",
"evidence": [
"source_code",
"log_schema"
],
"automation": "medium"
},
{
"control_id": "LOG-009",
"domain": "LOG",
"title": "Audit-Events enthalten konsistenten Zeitstempel",
"objective": "Ermoeglicht zeitliche Rekonstruktion",
"check_target": "system",
"evidence": [
"audit_log_sample",
"config"
],
"automation": "partial"
},
{
"control_id": "LOG-010",
"domain": "LOG",
"title": "Audit-Events enthalten eindeutige Terminalkennung",
"objective": "Ermoeglicht Zuordnung zur Quelle",
"check_target": "code",
"evidence": [
"log_schema",
"audit_log_sample"
],
"automation": "medium"
},
{
"control_id": "LOG-011",
"domain": "LOG",
"title": "Debug-Logging in Produktion deaktiviert",
"objective": "Verhindert Leaks in produktiven Systemen",
"check_target": "config",
"evidence": [
"deployment_config"
],
"automation": "high"
},
{
"control_id": "LOG-012",
"domain": "LOG",
"title": "Manipulation von Audit-Logs technisch erschwert",
"objective": "Schuetzt Integritaet des Audit Trails",
"check_target": "system",
"evidence": [
"architecture_doc",
"storage_config"
],
"automation": "low"
},
{
"control_id": "LOG-013",
"domain": "LOG",
"title": "Fehlermeldungen enthalten keine Stacktraces mit sensitiven Payloads",
"objective": "Verhindert indirekten Datenabfluss",
"check_target": "code",
"evidence": [
"source_code",
"log_output_sample"
],
"automation": "medium"
},
{
"control_id": "LOG-014",
"domain": "LOG",
"title": "Jede Zahlungsentscheidung erzeugt Audit-Eintrag",
"objective": "Verbindet Business Outcome mit technischer Evidenz",
"check_target": "system",
"evidence": [
"audit_log_sample",
"integration_test"
],
"automation": "partial"
},
{
"control_id": "LOG-015",
"domain": "LOG",
"title": "Log-Retention konfiguriert und dokumentiert",
"objective": "Sichert Verfuegbarkeit relevanter Ereignishistorie",
"check_target": "config",
"evidence": [
"retention_policy",
"deployment_config"
],
"automation": "medium"
},
{
"control_id": "CRYPTO-001",
"domain": "CRYPTO",
"title": "Keine Secrets im Quellcode",
"objective": "Verhindert Offenlegung im Repository",
"check_target": "code",
"evidence": [
"source_code",
"secret_scan"
],
"automation": "high"
},
{
"control_id": "CRYPTO-002",
"domain": "CRYPTO",
"title": "Keine Secrets in Commit-Historie",
"objective": "Reduziert Leak-Risiko ueber Entwicklungsartefakte",
"check_target": "repository",
"evidence": [
"secret_scan",
"build_scripts"
],
"automation": "high"
},
{
"control_id": "CRYPTO-003",
"domain": "CRYPTO",
"title": "Keine Schluessel im Klartext in Konfigurationsdateien",
"objective": "Schuetzt ruhende Geheimnisse",
"check_target": "config",
"evidence": [
"config",
"secret_scan"
],
"automation": "high"
},
{
"control_id": "CRYPTO-004",
"domain": "CRYPTO",
"title": "Secrets aus sicherem Secret Store bezogen",
"objective": "Verhindert lokale Persistenz",
"check_target": "system",
"evidence": [
"architecture_doc",
"deployment_config"
],
"automation": "partial"
},
{
"control_id": "CRYPTO-005",
"domain": "CRYPTO",
"title": "Zugriff auf Secrets rollen-/servicebezogen eingeschraenkt",
"objective": "Begrenzt Blast Radius",
"check_target": "system",
"evidence": [
"iam_config",
"architecture_doc"
],
"automation": "partial"
},
{
"control_id": "CRYPTO-006",
"domain": "CRYPTO",
"title": "Zentrale und freigegebene Krypto-Bibliotheken verwendet",
"objective": "Verhindert unsichere Eigenimplementierungen",
"check_target": "code",
"evidence": [
"source_code",
"dependency_list"
],
"automation": "medium"
},
{
"control_id": "CRYPTO-007",
"domain": "CRYPTO",
"title": "Keine veralteten kryptographischen Primitive (MD5, SHA1, DES)",
"objective": "Verhindert Einsatz schwacher Verfahren",
"check_target": "code",
"evidence": [
"source_code",
"dependency_scan"
],
"automation": "medium"
},
{
"control_id": "CRYPTO-008",
"domain": "CRYPTO",
"title": "TLS 1.2+ fuer alle externen Verbindungen",
"objective": "Schuetzt Daten bei Uebertragung",
"check_target": "config",
"evidence": [
"config",
"network_scan"
],
"automation": "high"
},
{
"control_id": "CRYPTO-009",
"domain": "CRYPTO",
"title": "Schluesselrotation implementiert und dokumentiert",
"objective": "Reduziert Kompromittierungszeitraum",
"check_target": "process",
"evidence": [
"key_mgmt_doc",
"config"
],
"automation": "low"
},
{
"control_id": "CRYPTO-010",
"domain": "CRYPTO",
"title": "HSM oder Secure Enclave fuer kryptographische Operationen",
"objective": "Hardwarebasierter Schluesselschutz",
"check_target": "system",
"evidence": [
"architecture_doc"
],
"automation": "low"
},
{
"control_id": "CRYPTO-011",
"domain": "CRYPTO",
"title": "Zertifikats-Pinning fuer kritische Verbindungen",
"objective": "Schuetzt gegen MITM",
"check_target": "code",
"evidence": [
"source_code",
"config"
],
"automation": "medium"
},
{
"control_id": "CRYPTO-012",
"domain": "CRYPTO",
"title": "Kryptographische Zufallszahlen aus sicherem Generator",
"objective": "Verhindert vorhersagbare Tokens/Nonces",
"check_target": "code",
"evidence": [
"source_code"
],
"automation": "high"
},
{
"control_id": "CRYPTO-013",
"domain": "CRYPTO",
"title": "PIN-Eingabe nur ueber Secure PIN Entry Device",
"objective": "Schuetzt PIN vor Abgriff",
"check_target": "system",
"evidence": [
"architecture_doc",
"certification"
],
"automation": "low"
},
{
"control_id": "CRYPTO-014",
"domain": "CRYPTO",
"title": "Kartendaten werden verschluesselt uebertragen (P2PE)",
"objective": "End-to-End Schutz der Kartendaten",
"check_target": "system",
"evidence": [
"architecture_doc",
"network_config"
],
"automation": "partial"
},
{
"control_id": "CRYPTO-015",
"domain": "CRYPTO",
"title": "Keine persistente Speicherung vollstaendiger Kartendaten",
"objective": "Minimiert Daten bei Kompromittierung",
"check_target": "code",
"evidence": [
"source_code",
"db_schema"
],
"automation": "high"
},
{
"control_id": "API-001",
"domain": "API",
"title": "Authentifizierung fuer alle Admin-Endpunkte",
"objective": "Verhindert unautorisierten Zugriff",
"check_target": "code",
"evidence": [
"source_code",
"api_spec"
],
"automation": "high"
},
{
"control_id": "API-002",
"domain": "API",
"title": "Rollenbasierte Autorisierung",
"objective": "Least-Privilege Prinzip",
"check_target": "code",
"evidence": [
"source_code",
"rbac_config"
],
"automation": "medium"
},
{
"control_id": "API-003",
"domain": "API",
"title": "Rate Limiting implementiert",
"objective": "Schuetzt gegen Brute Force und DoS",
"check_target": "code",
"evidence": [
"source_code",
"config"
],
"automation": "medium"
},
{
"control_id": "API-004",
"domain": "API",
"title": "Keine sensiblen Daten in Fehlermeldungen",
"objective": "Verhindert Information Leakage",
"check_target": "code",
"evidence": [
"source_code",
"api_test"
],
"automation": "high"
},
{
"control_id": "API-005",
"domain": "API",
"title": "Input Validation gegen Injection",
"objective": "Schuetzt gegen SQL/Command Injection",
"check_target": "code",
"evidence": [
"source_code",
"security_test"
],
"automation": "high"
},
{
"control_id": "API-006",
"domain": "API",
"title": "CORS korrekt konfiguriert",
"objective": "Verhindert Cross-Origin Angriffe",
"check_target": "config",
"evidence": [
"config",
"security_test"
],
"automation": "high"
},
{
"control_id": "API-007",
"domain": "API",
"title": "Session-Timeout fuer Admin-Sessions",
"objective": "Reduziert Risiko bei verlassenen Sessions",
"check_target": "config",
"evidence": [
"config",
"source_code"
],
"automation": "medium"
},
{
"control_id": "API-008",
"domain": "API",
"title": "API-Versionierung implementiert",
"objective": "Ermoeglicht kontrollierte Aenderungen",
"check_target": "code",
"evidence": [
"api_spec",
"source_code"
],
"automation": "medium"
},
{
"control_id": "API-009",
"domain": "API",
"title": "Webhook-Callbacks werden authentifiziert",
"objective": "Verhindert gefaelschte Callbacks",
"check_target": "code",
"evidence": [
"source_code"
],
"automation": "medium"
},
{
"control_id": "API-010",
"domain": "API",
"title": "Idempotenz-Keys fuer kritische POST-Operationen",
"objective": "Verhindert doppelte Ausfuehrung",
"check_target": "code",
"evidence": [
"source_code",
"api_spec"
],
"automation": "medium"
},
{
"control_id": "API-011",
"domain": "API",
"title": "Request-Signierung fuer sicherheitskritische Operationen",
"objective": "Integritaetsschutz der Anfrage",
"check_target": "code",
"evidence": [
"source_code",
"api_spec"
],
"automation": "medium"
},
{
"control_id": "API-012",
"domain": "API",
"title": "Keine sensiblen Daten in URL-Parametern",
"objective": "Verhindert Leakage ueber Logs und Browser-History",
"check_target": "code",
"evidence": [
"source_code"
],
"automation": "high"
},
{
"control_id": "API-013",
"domain": "API",
"title": "Content-Type Validierung bei allen Endpunkten",
"objective": "Verhindert Content-Type Confusion",
"check_target": "code",
"evidence": [
"source_code"
],
"automation": "high"
},
{
"control_id": "API-014",
"domain": "API",
"title": "Health- und Status-Endpunkte exponieren keine sensitiven Details",
"objective": "Verhindert Reconnaissance",
"check_target": "code",
"evidence": [
"source_code",
"api_test"
],
"automation": "high"
},
{
"control_id": "API-015",
"domain": "API",
"title": "Batch-Operationen sind groessenbeschraenkt",
"objective": "Verhindert Ressourcenerschoepfung",
"check_target": "code",
"evidence": [
"source_code"
],
"automation": "medium"
},
{
"control_id": "TERM-001",
"domain": "TERM",
"title": "Korrekte Sequenz von Zahlungsbefehlen",
"objective": "Protokollkonformitaet",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "TERM-002",
"domain": "TERM",
"title": "Retry-Mechanismus bei Verbindungsabbruch",
"objective": "Sichert Transaktionsabschluss",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "TERM-003",
"domain": "TERM",
"title": "Timeout Handling Terminal-Backend",
"objective": "Verhindert Blockierung",
"check_target": "code",
"evidence": [
"source_code",
"config"
],
"automation": "medium"
},
{
"control_id": "TERM-004",
"domain": "TERM",
"title": "Fehlercodes korrekt interpretiert",
"objective": "Verhindert Fehlinterpretation",
"check_target": "code",
"evidence": [
"source_code",
"unit_test"
],
"automation": "medium"
},
{
"control_id": "TERM-005",
"domain": "TERM",
"title": "Status-Synchronisation zwischen Terminal und Backend",
"objective": "Konsistente Zustaende",
"check_target": "system",
"evidence": [
"integration_test",
"architecture_doc"
],
"automation": "partial"
},
{
"control_id": "TERM-006",
"domain": "TERM",
"title": "Verbindungsaufbau zum Terminal authentifiziert",
"objective": "Verhindert Rogue-Terminal",
"check_target": "code",
"evidence": [
"source_code",
"config"
],
"automation": "medium"
},
{
"control_id": "TERM-007",
"domain": "TERM",
"title": "Terminal-Registrierung mit eindeutiger Kennung",
"objective": "Ermoeglicht Asset-Tracking",
"check_target": "system",
"evidence": [
"db_schema",
"admin_ui"
],
"automation": "partial"
},
{
"control_id": "TERM-008",
"domain": "TERM",
"title": "Heartbeat / Keep-Alive fuer Terminal-Verbindung",
"objective": "Erkennt Verbindungsabbruch frueh",
"check_target": "code",
"evidence": [
"source_code"
],
"automation": "medium"
},
{
"control_id": "TERM-009",
"domain": "TERM",
"title": "Protokollversion wird geprueft und erzwungen",
"objective": "Verhindert Downgrade-Angriffe",
"check_target": "code",
"evidence": [
"source_code"
],
"automation": "medium"
},
{
"control_id": "TERM-010",
"domain": "TERM",
"title": "Kontaktlos-Transaktionen nur ueber zugelassene Kernel",
"objective": "Sichert NFC-Konformitaet",
"check_target": "system",
"evidence": [
"certification",
"config"
],
"automation": "low"
},
{
"control_id": "TERM-011",
"domain": "TERM",
"title": "Terminal meldet Tamper-Events an Backend",
"objective": "Zentrales Monitoring von Manipulationsversuchen",
"check_target": "system",
"evidence": [
"integration_test",
"architecture_doc"
],
"automation": "partial"
},
{
"control_id": "TERM-012",
"domain": "TERM",
"title": "Offline-Queue bei Verbindungsunterbrechung",
"objective": "Sichert Transaktionsdaten bei Netzausfall",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "TERM-013",
"domain": "TERM",
"title": "Maximale Queue-Groesse definiert",
"objective": "Verhindert unkontrollierten Speicherverbrauch",
"check_target": "config",
"evidence": [
"config",
"source_code"
],
"automation": "medium"
},
{
"control_id": "TERM-014",
"domain": "TERM",
"title": "End-of-Day / Settlement-Prozess implementiert",
"objective": "Sichert taeglichen Transaktionsabschluss",
"check_target": "system",
"evidence": [
"source_code",
"integration_test"
],
"automation": "partial"
},
{
"control_id": "TERM-015",
"domain": "TERM",
"title": "Terminal-Display zeigt korrekten Zahlungsstatus",
"objective": "Verhindert Fehlkommunikation an Nutzer",
"check_target": "system",
"evidence": [
"integration_test"
],
"automation": "low"
},
{
"control_id": "FW-001",
"domain": "FW",
"title": "Firmware signiert",
"objective": "Verhindert Installation manipulierter Firmware",
"check_target": "system",
"evidence": [
"build_pipeline",
"signing_config"
],
"automation": "low"
},
{
"control_id": "FW-002",
"domain": "FW",
"title": "Signaturpruefung vor Firmware-Update",
"objective": "Blockiert unsignierte Updates",
"check_target": "code",
"evidence": [
"source_code",
"update_process"
],
"automation": "medium"
},
{
"control_id": "FW-003",
"domain": "FW",
"title": "Rollback-Mechanismus vorhanden",
"objective": "Ermoeglicht Recovery nach fehlerhaftem Update",
"check_target": "system",
"evidence": [
"architecture_doc",
"test_report"
],
"automation": "low"
},
{
"control_id": "FW-004",
"domain": "FW",
"title": "Debug-Interfaces in Produktion deaktiviert",
"objective": "Verhindert unautorisierten Zugriff",
"check_target": "config",
"evidence": [
"deployment_config",
"security_test"
],
"automation": "medium"
},
{
"control_id": "FW-005",
"domain": "FW",
"title": "Manipulationserkennung loest Alarm/Sperre aus",
"objective": "Reaktion auf physische Angriffe",
"check_target": "system",
"evidence": [
"architecture_doc",
"test_report"
],
"automation": "low"
},
{
"control_id": "FW-006",
"domain": "FW",
"title": "Secure Boot implementiert",
"objective": "Verhindert Ausfuehrung manipulierter Boot-Images",
"check_target": "system",
"evidence": [
"architecture_doc"
],
"automation": "low"
},
{
"control_id": "FW-007",
"domain": "FW",
"title": "Firmware-Version ist remote abfragbar",
"objective": "Ermoeglicht Fleet-Management und Compliance-Nachweis",
"check_target": "system",
"evidence": [
"api_spec",
"admin_ui"
],
"automation": "partial"
},
{
"control_id": "FW-008",
"domain": "FW",
"title": "Automatische Update-Benachrichtigung bei kritischen Patches",
"objective": "Sichert zeitnahe Reaktion auf Schwachstellen",
"check_target": "system",
"evidence": [
"architecture_doc"
],
"automation": "partial"
},
{
"control_id": "FW-009",
"domain": "FW",
"title": "Keine Persistenz von Zahlungsdaten ueber Neustart hinaus",
"objective": "Schuetzt Daten bei physischem Zugriff",
"check_target": "code",
"evidence": [
"source_code",
"architecture_doc"
],
"automation": "medium"
},
{
"control_id": "FW-010",
"domain": "FW",
"title": "Physischer Speicher wird bei Tamper-Detection geloescht",
"objective": "Zerstoert Schluessel bei Manipulation",
"check_target": "system",
"evidence": [
"architecture_doc",
"certification"
],
"automation": "low"
},
{
"control_id": "REP-001",
"domain": "REP",
"title": "Transaktionsstatus vollstaendig dokumentiert",
"objective": "Ermoeglicht Nachvollziehbarkeit jeder Zahlung",
"check_target": "system",
"evidence": [
"reporting_output",
"db_schema"
],
"automation": "medium"
},
{
"control_id": "REP-002",
"domain": "REP",
"title": "Audit-Trail verknuepft mit Transaktionen",
"objective": "Sichert End-to-End Traceability",
"check_target": "system",
"evidence": [
"reporting_output",
"audit_log_sample"
],
"automation": "medium"
},
{
"control_id": "REP-003",
"domain": "REP",
"title": "Exportdaten plausibel und vollstaendig",
"objective": "Sichert korrekte Weitergabe",
"check_target": "system",
"evidence": [
"export_sample",
"integration_test"
],
"automation": "partial"
},
{
"control_id": "REP-004",
"domain": "REP",
"title": "Fehlercodes nachvollziehbar dokumentiert",
"objective": "Ermoeglicht Fehleranalyse",
"check_target": "code",
"evidence": [
"source_code",
"documentation"
],
"automation": "medium"
},
{
"control_id": "REP-005",
"domain": "REP",
"title": "Revisionssichere Speicherung von Transaktionsdaten",
"objective": "GoBD/GDPdU-konforme Aufbewahrung",
"check_target": "system",
"evidence": [
"architecture_doc",
"storage_config"
],
"automation": "low"
},
{
"control_id": "REP-006",
"domain": "REP",
"title": "Tagesabschluss-Report vollstaendig und konsistent",
"objective": "Sichert taeglichen Abgleich",
"check_target": "system",
"evidence": [
"reporting_output",
"integration_test"
],
"automation": "partial"
},
{
"control_id": "REP-007",
"domain": "REP",
"title": "Summenabgleich Terminal vs. Backend",
"objective": "Erkennt Differenzen",
"check_target": "system",
"evidence": [
"reconciliation_report",
"integration_test"
],
"automation": "partial"
},
{
"control_id": "REP-008",
"domain": "REP",
"title": "Stornierte Transaktionen korrekt ausgewiesen",
"objective": "Sichert korrekte Buchhaltungsgrundlage",
"check_target": "system",
"evidence": [
"reporting_output"
],
"automation": "medium"
},
{
"control_id": "REP-009",
"domain": "REP",
"title": "Historische Reports nicht nachtraeglich aenderbar",
"objective": "Schuetzt Integritaet der Berichterstattung",
"check_target": "system",
"evidence": [
"architecture_doc",
"db_config"
],
"automation": "low"
},
{
"control_id": "REP-010",
"domain": "REP",
"title": "Abrechnungsdaten enthalten keine vollstaendigen Kartennummern",
"objective": "Minimiert Datenexposition in Reports",
"check_target": "code",
"evidence": [
"source_code",
"export_sample"
],
"automation": "high"
},
{
"control_id": "ACC-001",
"domain": "ACC",
"title": "Individuelle Benutzerkonten fuer alle Administratoren",
"objective": "Verhindert geteilte Accounts",
"check_target": "system",
"evidence": [
"admin_ui",
"iam_config"
],
"automation": "partial"
},
{
"control_id": "ACC-002",
"domain": "ACC",
"title": "Standard-Passwoerter werden bei Ersteinrichtung erzwungen zu aendern",
"objective": "Verhindert Default-Credential-Angriffe",
"check_target": "code",
"evidence": [
"source_code",
"deployment_doc"
],
"automation": "medium"
},
{
"control_id": "ACC-003",
"domain": "ACC",
"title": "Multi-Faktor-Authentifizierung fuer Admin-Zugang",
"objective": "Erhoehter Schutz privilegierter Konten",
"check_target": "system",
"evidence": [
"iam_config",
"admin_ui"
],
"automation": "partial"
},
{
"control_id": "ACC-004",
"domain": "ACC",
"title": "Passwort-Komplexitaetsanforderungen implementiert",
"objective": "Verhindert schwache Passwoerter",
"check_target": "code",
"evidence": [
"source_code",
"config"
],
"automation": "high"
},
{
"control_id": "ACC-005",
"domain": "ACC",
"title": "Account-Sperrung nach fehlgeschlagenen Anmeldeversuchen",
"objective": "Schuetzt gegen Brute Force",
"check_target": "code",
"evidence": [
"source_code",
"config"
],
"automation": "high"
},
{
"control_id": "ACC-006",
"domain": "ACC",
"title": "Privilegierte Aktionen erfordern erneute Authentifizierung",
"objective": "Step-Up Authentication",
"check_target": "code",
"evidence": [
"source_code"
],
"automation": "medium"
},
{
"control_id": "ACC-007",
"domain": "ACC",
"title": "Inaktive Sessions werden automatisch beendet",
"objective": "Reduziert Angriffsflaeche bei verlassenen Sessions",
"check_target": "config",
"evidence": [
"config",
"source_code"
],
"automation": "high"
},
{
"control_id": "ACC-008",
"domain": "ACC",
"title": "Berechtigungsaenderungen werden auditiert",
"objective": "Nachvollziehbarkeit von Rechteaenderungen",
"check_target": "system",
"evidence": [
"audit_log_sample",
"source_code"
],
"automation": "partial"
},
{
"control_id": "ACC-009",
"domain": "ACC",
"title": "Least-Privilege Prinzip fuer alle Rollen",
"objective": "Minimiert Rechte auf das Notwendige",
"check_target": "system",
"evidence": [
"rbac_config",
"architecture_doc"
],
"automation": "partial"
},
{
"control_id": "ACC-010",
"domain": "ACC",
"title": "Service-Accounts haben keine interaktive Login-Moeglichkeit",
"objective": "Verhindert Missbrauch technischer Konten",
"check_target": "config",
"evidence": [
"iam_config"
],
"automation": "medium"
},
{
"control_id": "ERR-001",
"domain": "ERR",
"title": "Definierte Fehlerbehandlung fuer alle externen Aufrufe",
"objective": "Verhindert unkontrollierte Abbrueche",
"check_target": "code",
"evidence": [
"source_code"
],
"automation": "medium"
},
{
"control_id": "ERR-002",
"domain": "ERR",
"title": "Graceful Degradation bei Teilausfall",
"objective": "Sichert Basisfunktionalitaet",
"check_target": "system",
"evidence": [
"architecture_doc",
"integration_test"
],
"automation": "partial"
},
{
"control_id": "ERR-003",
"domain": "ERR",
"title": "Recovery nach Stromausfall ohne Datenverlust",
"objective": "Transaktionskonsistenz bei Hardwareausfall",
"check_target": "system",
"evidence": [
"integration_test",
"architecture_doc"
],
"automation": "low"
},
{
"control_id": "ERR-004",
"domain": "ERR",
"title": "Offline-Modus mit definiertem Funktionsumfang",
"objective": "Klare Grenzen bei fehlender Konnektivitaet",
"check_target": "code",
"evidence": [
"source_code",
"documentation"
],
"automation": "medium"
},
{
"control_id": "ERR-005",
"domain": "ERR",
"title": "Automatische Wiederverbindung nach Netzwerkunterbrechung",
"objective": "Minimiert manuelle Intervention",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "ERR-006",
"domain": "ERR",
"title": "Circuit Breaker bei Backend-Ueberlast",
"objective": "Verhindert Kaskadenausfall",
"check_target": "code",
"evidence": [
"source_code",
"config"
],
"automation": "medium"
},
{
"control_id": "ERR-007",
"domain": "ERR",
"title": "Fehlerhafte Datenpakete werden verworfen, nicht verarbeitet",
"objective": "Verhindert Fehlverarbeitung korrupter Daten",
"check_target": "code",
"evidence": [
"source_code",
"unit_test"
],
"automation": "high"
},
{
"control_id": "ERR-008",
"domain": "ERR",
"title": "Health-Check-Endpunkt fuer Terminal-Monitoring",
"objective": "Ermoeglicht proaktive Fehlererkennung",
"check_target": "code",
"evidence": [
"source_code",
"api_spec"
],
"automation": "high"
},
{
"control_id": "ERR-009",
"domain": "ERR",
"title": "Eskalationsprozess bei kritischen Fehlern definiert",
"objective": "Sichert schnelle Reaktion bei Systemausfall",
"check_target": "process",
"evidence": [
"documentation",
"runbook"
],
"automation": "low"
},
{
"control_id": "ERR-010",
"domain": "ERR",
"title": "Wartungsmodus ohne Transaktionsverlust aktivierbar",
"objective": "Ermoeglicht geplante Wartung ohne Datenverlust",
"check_target": "system",
"evidence": [
"admin_ui",
"integration_test"
],
"automation": "partial"
},
{
"control_id": "BLD-001",
"domain": "BLD",
"title": "Build-Pipeline reproduzierbar",
"objective": "Sichert Nachvollziehbarkeit der Artefakte",
"check_target": "system",
"evidence": [
"ci_config",
"build_log"
],
"automation": "medium"
},
{
"control_id": "BLD-002",
"domain": "BLD",
"title": "Abhaengigkeiten werden auf bekannte Schwachstellen geprueft",
"objective": "Verhindert vulnerable Dependencies",
"check_target": "system",
"evidence": [
"dependency_scan",
"ci_config"
],
"automation": "high"
},
{
"control_id": "BLD-003",
"domain": "BLD",
"title": "Release-Artefakte sind signiert",
"objective": "Integritaetsschutz der Auslieferung",
"check_target": "system",
"evidence": [
"signing_config",
"release_process"
],
"automation": "medium"
},
{
"control_id": "BLD-004",
"domain": "BLD",
"title": "Keine Test-Credentials in Release-Konfiguration",
"objective": "Verhindert Produktions-Leaks",
"check_target": "config",
"evidence": [
"deployment_config",
"secret_scan"
],
"automation": "high"
},
{
"control_id": "BLD-005",
"domain": "BLD",
"title": "Container-Images werden auf Schwachstellen gescannt",
"objective": "Sichert Basis-Image Integritaet",
"check_target": "system",
"evidence": [
"container_scan",
"ci_config"
],
"automation": "high"
},
{
"control_id": "BLD-006",
"domain": "BLD",
"title": "SBOM (Software Bill of Materials) wird generiert",
"objective": "Transparenz ueber verwendete Komponenten",
"check_target": "system",
"evidence": [
"sbom_output",
"ci_config"
],
"automation": "medium"
},
{
"control_id": "BLD-007",
"domain": "BLD",
"title": "Deployment nur ueber autorisierte Pipeline",
"objective": "Verhindert manuelle, unkontrollierte Deployments",
"check_target": "system",
"evidence": [
"ci_config",
"access_control"
],
"automation": "medium"
},
{
"control_id": "BLD-008",
"domain": "BLD",
"title": "Rollback-Prozedur fuer Deployments definiert und getestet",
"objective": "Ermoeglicht schnelle Recovery",
"check_target": "process",
"evidence": [
"runbook",
"deployment_doc"
],
"automation": "low"
},
{
"control_id": "BLD-009",
"domain": "BLD",
"title": "Code-Review vor Merge in Release-Branch",
"objective": "Vier-Augen-Prinzip",
"check_target": "process",
"evidence": [
"git_config",
"pr_policy"
],
"automation": "medium"
},
{
"control_id": "BLD-010",
"domain": "BLD",
"title": "Automatisierte Tests vor jedem Release",
"objective": "Sichert Qualitaet vor Auslieferung",
"check_target": "system",
"evidence": [
"ci_config",
"test_results"
],
"automation": "high"
},
{
"control_id": "CRYPTO-016",
"domain": "CRYPTO",
"title": "Unsichere Betriebsmodi wie ECB werden nicht verwendet",
"objective": "Verhindert Musterlecks und schwache Verschluesselung",
"check_target": "code",
"evidence": [
"source_code",
"crypto_config"
],
"automation": "medium"
},
{
"control_id": "CRYPTO-017",
"domain": "CRYPTO",
"title": "Feste IVs oder Nonces werden nicht wiederverwendet",
"objective": "Verhindert kryptographische Schwaechung",
"check_target": "code",
"evidence": [
"source_code",
"unit_tests"
],
"automation": "medium"
},
{
"control_id": "CRYPTO-018",
"domain": "CRYPTO",
"title": "Klartextvergleich geheimer Werte ohne Timing-sichere Funktion",
"objective": "Verhindert Timing-Angriffe",
"check_target": "code",
"evidence": [
"source_code"
],
"automation": "low"
},
{
"control_id": "CRYPTO-019",
"domain": "CRYPTO",
"title": "Schluessel im Speicher nur so lange wie erforderlich",
"objective": "Reduziert Exposition im Prozessspeicher",
"check_target": "code",
"evidence": [
"source_code",
"code_review"
],
"automation": "low"
},
{
"control_id": "CRYPTO-020",
"domain": "CRYPTO",
"title": "Kryptographische Fehler fuehren nicht zu stillen Fallbacks",
"objective": "Verhindert unbemerkte Deaktivierung von Sicherheit",
"check_target": "code",
"evidence": [
"source_code",
"unit_tests"
],
"automation": "medium"
},
{
"control_id": "AUTH-001",
"domain": "AUTH",
"title": "Admin-Schnittstellen erfordern starke Authentifizierung",
"objective": "Verhindert unbefugten Zugriff",
"check_target": "code",
"evidence": [
"source_code",
"route_config"
],
"automation": "high"
},
{
"control_id": "AUTH-002",
"domain": "AUTH",
"title": "Standardpasswoerter in Produktivpfaden ausgeschlossen",
"objective": "Verhindert triviale Kompromittierung",
"check_target": "code",
"evidence": [
"source_code",
"secret_scan"
],
"automation": "high"
},
{
"control_id": "AUTH-003",
"domain": "AUTH",
"title": "Fehlgeschlagene Anmeldeversuche begrenzt oder verzoegert",
"objective": "Erschwert Brute-Force",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "AUTH-004",
"domain": "AUTH",
"title": "Rollen explizit modelliert, nicht aus UI abgeleitet",
"objective": "Verhindert Autorisierungsfehler",
"check_target": "code",
"evidence": [
"source_code",
"policy_definitions"
],
"automation": "medium"
},
{
"control_id": "AUTH-005",
"domain": "AUTH",
"title": "Privilegierte Aktionen erfordern serverseitige Pruefung",
"objective": "Verhindert Umgehung clientseitiger Schutz",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "high"
},
{
"control_id": "AUTH-006",
"domain": "AUTH",
"title": "Autorisierung zentral implementiert",
"objective": "Reduziert Inkonsistenzen",
"check_target": "code",
"evidence": [
"source_code",
"architecture_doc"
],
"automation": "medium"
},
{
"control_id": "AUTH-007",
"domain": "AUTH",
"title": "Service-zu-Service Auth ohne eingebettete Credentials",
"objective": "Verhindert Missbrauch statischer Geheimnisse",
"check_target": "code",
"evidence": [
"source_code",
"secret_scan"
],
"automation": "high"
},
{
"control_id": "AUTH-008",
"domain": "AUTH",
"title": "Deaktivierte Nutzer/Geraete koennen nicht mehr authentifizieren",
"objective": "Wirksame Entzug von Zugriffsrechten",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "AUTH-009",
"domain": "AUTH",
"title": "MFA fuer besonders privilegierte Zugaenge",
"objective": "Erhoehter Schutz Hochrisiko-Funktionen",
"check_target": "code",
"evidence": [
"source_code",
"auth_config"
],
"automation": "medium"
},
{
"control_id": "AUTH-010",
"domain": "AUTH",
"title": "Token auf Ablauf und Integritaet geprueft",
"objective": "Verhindert manipuliertes Auth-Material",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "high"
},
{
"control_id": "AUTH-011",
"domain": "AUTH",
"title": "Autorisierung basiert auf Serverzustand, nicht Client-Rollen",
"objective": "Verhindert Privilege Escalation",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "high"
},
{
"control_id": "AUTH-012",
"domain": "AUTH",
"title": "Admin-Funktionen logisch von Transaktionsfunktionen getrennt",
"objective": "Reduziert Angriffsflaeche",
"check_target": "architecture",
"evidence": [
"source_code",
"route_maps"
],
"automation": "medium"
},
{
"control_id": "AUTH-013",
"domain": "AUTH",
"title": "Authentifizierungsereignisse werden protokolliert",
"objective": "Nachvollziehbarkeit",
"check_target": "code",
"evidence": [
"source_code",
"audit_log_sample"
],
"automation": "medium"
},
{
"control_id": "AUTH-014",
"domain": "AUTH",
"title": "Passwort-Reset umgeht keine Autorisierungsschranken",
"objective": "Verhindert Missbrauch Recovery-Flows",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "AUTH-015",
"domain": "AUTH",
"title": "Maschinen- und Personenidentitaeten getrennt verwaltet",
"objective": "Verhindert Vermischung",
"check_target": "config",
"evidence": [
"iam_config",
"architecture_doc"
],
"automation": "low"
},
{
"control_id": "AUTH-016",
"domain": "AUTH",
"title": "Cross-Tenant-Zugriffe geschuetzt",
"objective": "Verhindert Zugriff auf fremde Mandanten",
"check_target": "code",
"evidence": [
"source_code",
"tenant_tests"
],
"automation": "medium"
},
{
"control_id": "AUTH-017",
"domain": "AUTH",
"title": "Berechtigungsfehler liefern generische Meldungen",
"objective": "Reduziert Informationsleckage",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "high"
},
{
"control_id": "AUTH-018",
"domain": "AUTH",
"title": "Autorisierungsregeln durch Tests abgedeckt",
"objective": "Beweisbarkeit der Zugriffskontrollen",
"check_target": "test",
"evidence": [
"unit_test",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "AUTH-019",
"domain": "AUTH",
"title": "Fallback-Modi umgehen keine Authentifizierung",
"objective": "Verhindert Sicherheitsverlust in Ausnahmezustaenden",
"check_target": "code",
"evidence": [
"source_code",
"error_mode_tests"
],
"automation": "low"
},
{
"control_id": "AUTH-020",
"domain": "AUTH",
"title": "Temporaere Berechtigungen verfallen automatisch",
"objective": "Reduziert dauerhafte Ueberprivilegierung",
"check_target": "code",
"evidence": [
"source_code",
"policy_definitions"
],
"automation": "low"
},
{
"control_id": "SESSION-001",
"domain": "SESSION",
"title": "Sitzungstoken werden nicht im Klartext geloggt",
"objective": "Verhindert Missbrauch gestohlener Sitzungen",
"check_target": "code",
"evidence": [
"source_code",
"log_output"
],
"automation": "high"
},
{
"control_id": "SESSION-002",
"domain": "SESSION",
"title": "Sitzungs-IDs ausreichend zufaellig",
"objective": "Verhindert Session Guessing",
"check_target": "code",
"evidence": [
"source_code",
"auth_config"
],
"automation": "medium"
},
{
"control_id": "SESSION-003",
"domain": "SESSION",
"title": "Sessions verfallen nach Inaktivitaet",
"objective": "Begrenzt Missbrauch",
"check_target": "config",
"evidence": [
"session_config",
"source_code"
],
"automation": "medium"
},
{
"control_id": "SESSION-004",
"domain": "SESSION",
"title": "Sessions nach Rollenwechsel rotiert",
"objective": "Verhindert Session Fixation",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "SESSION-005",
"domain": "SESSION",
"title": "Logout invalidiert serverseitig alle Token",
"objective": "Verhindert weitere Nutzung nach Logout",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "SESSION-006",
"domain": "SESSION",
"title": "Cookies mit Secure und HttpOnly Attributen",
"objective": "Reduziert Diebstahl ueber unsichere Kanaele",
"check_target": "config",
"evidence": [
"http_config",
"integration_test"
],
"automation": "high"
},
{
"control_id": "SESSION-007",
"domain": "SESSION",
"title": "SameSite-Richtlinien explizit gesetzt",
"objective": "Reduziert CSRF-Angriffe",
"check_target": "config",
"evidence": [
"http_config",
"integration_test"
],
"automation": "high"
},
{
"control_id": "SESSION-008",
"domain": "SESSION",
"title": "Token-Pruefung validiert Audience, Issuer, Gueltigkeit",
"objective": "Verhindert Akzeptanz fremder Token",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "high"
},
{
"control_id": "SESSION-009",
"domain": "SESSION",
"title": "Geraete-Sessions eindeutig einer Instanz zugeordnet",
"objective": "Verhindert Sitzungsuebernahme",
"check_target": "code",
"evidence": [
"source_code",
"device_registry"
],
"automation": "medium"
},
{
"control_id": "SESSION-010",
"domain": "SESSION",
"title": "Sitzungsspeicher trennt Mandanten zuverlaessig",
"objective": "Verhindert Cross-Tenant Missbrauch",
"check_target": "architecture",
"evidence": [
"session_config",
"architecture_doc"
],
"automation": "low"
},
{
"control_id": "KEYMGMT-001",
"domain": "KEYMGMT",
"title": "Schluessel ausserhalb des Quellcodes erzeugt und verwaltet",
"objective": "Verhindert Offenlegung durch Codezugriff",
"check_target": "code",
"evidence": [
"source_code",
"secret_scan"
],
"automation": "high"
},
{
"control_id": "KEYMGMT-002",
"domain": "KEYMGMT",
"title": "Produktions- und Testschluessel strikt getrennt",
"objective": "Verhindert unsichere Testkonfigurationen in Produktion",
"check_target": "config",
"evidence": [
"config",
"deployment_config"
],
"automation": "medium"
},
{
"control_id": "KEYMGMT-003",
"domain": "KEYMGMT",
"title": "Schluesselrotation technisch vorgesehen",
"objective": "Begrenzt Auswirkungen kompromittierter Schluessel",
"check_target": "system",
"evidence": [
"key_rotation_jobs",
"source_code"
],
"automation": "low"
},
{
"control_id": "KEYMGMT-004",
"domain": "KEYMGMT",
"title": "Abgelaufene Schluessel werden nicht mehr akzeptiert",
"objective": "Verhindert Nutzung veralteten Materials",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "KEYMGMT-005",
"domain": "KEYMGMT",
"title": "Schluesselzugriffe rollenbasiert und protokolliert",
"objective": "Nachvollziehbarkeit",
"check_target": "system",
"evidence": [
"iam_config",
"audit_log_sample"
],
"automation": "low"
},
{
"control_id": "KEYMGMT-006",
"domain": "KEYMGMT",
"title": "Schluessel nicht zwischen Komponenten unnoetig repliziert",
"objective": "Reduziert Verbreitung",
"check_target": "architecture",
"evidence": [
"architecture_doc",
"source_code"
],
"automation": "low"
},
{
"control_id": "KEYMGMT-007",
"domain": "KEYMGMT",
"title": "Kompromittierte Schluessel koennen deaktiviert werden",
"objective": "Wirksame Reaktion auf Vorfaelle",
"check_target": "system",
"evidence": [
"key_registry",
"incident_runbook"
],
"automation": "low"
},
{
"control_id": "KEYMGMT-008",
"domain": "KEYMGMT",
"title": "Terminal-Geraete nutzen eindeutiges Schluesselmaterial",
"objective": "Verhindert laterale Ausbreitung",
"check_target": "architecture",
"evidence": [
"provisioning_docs",
"device_inventory"
],
"automation": "low"
},
{
"control_id": "KEYMGMT-009",
"domain": "KEYMGMT",
"title": "Schluessel nicht in Client-/Frontend-Artefakte eingebettet",
"objective": "Verhindert Extraktion",
"check_target": "build",
"evidence": [
"artifact_scan",
"secret_scan"
],
"automation": "high"
},
{
"control_id": "KEYMGMT-010",
"domain": "KEYMGMT",
"title": "Schluessellebenszyklen versioniert und dokumentiert",
"objective": "Belastbare Pruef- und Rotationsnachweise",
"check_target": "process",
"evidence": [
"key_registry",
"audit_log_sample"
],
"automation": "low"
},
{
"control_id": "DEVICE-001",
"domain": "DEVICE",
"title": "Geraeteidentitaeten eindeutig und nicht wiederverwendbar",
"objective": "Klare Zuordnung",
"check_target": "system",
"evidence": [
"device_registry",
"provisioning_logic"
],
"automation": "medium"
},
{
"control_id": "DEVICE-002",
"domain": "DEVICE",
"title": "Unregistrierte Geraete koennen keine Verbindung aufbauen",
"objective": "Verhindert unautorisierte Hardware",
"check_target": "code",
"evidence": [
"source_code",
"device_registry"
],
"automation": "medium"
},
{
"control_id": "DEVICE-003",
"domain": "DEVICE",
"title": "Provisioning prueft Identitaet und Sicherheitszustand",
"objective": "Verhindert Aufnahme kompromittierter Geraete",
"check_target": "system",
"evidence": [
"provisioning_workflows",
"source_code"
],
"automation": "low"
},
{
"control_id": "DEVICE-004",
"domain": "DEVICE",
"title": "Geraetekonfigurationen versioniert und geschuetzt",
"objective": "Integritaet betrieblicher Einstellungen",
"check_target": "system",
"evidence": [
"config_registry",
"audit_log_sample"
],
"automation": "low"
},
{
"control_id": "DEVICE-005",
"domain": "DEVICE",
"title": "Geraete-IDs serverseitig validiert",
"objective": "Verhindert Spoofing",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "DEVICE-006",
"domain": "DEVICE",
"title": "Tamper-Events systemseitig ausgewertet",
"objective": "Reaktion auf physische Eingriffe",
"check_target": "system",
"evidence": [
"event_handlers",
"monitoring_rules"
],
"automation": "low"
},
{
"control_id": "DEVICE-007",
"domain": "DEVICE",
"title": "Geraetewechsel fuehrt zu Neuvalidierung",
"objective": "Verhindert Uebernahme alter Vertrauensstellungen",
"check_target": "process",
"evidence": [
"provisioning_docs",
"device_registry"
],
"automation": "low"
},
{
"control_id": "DEVICE-008",
"domain": "DEVICE",
"title": "Geraete melden Zustandsaenderungen an Backend",
"objective": "Zentrale Sichtbarkeit",
"check_target": "system",
"evidence": [
"source_code",
"message_schema"
],
"automation": "medium"
},
{
"control_id": "DEVICE-009",
"domain": "DEVICE",
"title": "Nicht vertrauenswuerdiger Zustand blockiert Kommunikation",
"objective": "Verhindert Betrieb kompromittierter Geraete",
"check_target": "code",
"evidence": [
"source_code",
"tamper_tests"
],
"automation": "low"
},
{
"control_id": "DEVICE-010",
"domain": "DEVICE",
"title": "Zustandsuebergaenge explizit modelliert und getestet",
"objective": "Verhindert inkonsistente Betriebszustaende",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "DEVICE-011",
"domain": "DEVICE",
"title": "Fehlzustaende fuehren zu definierten Safe States",
"objective": "Verhindert unsicheren Weiterbetrieb",
"check_target": "code",
"evidence": [
"source_code",
"error_mode_tests"
],
"automation": "medium"
},
{
"control_id": "DEVICE-012",
"domain": "DEVICE",
"title": "Diagnose-/Wartungsmodi getrennt und zugriffsbeschraenkt",
"objective": "Reduziert Missbrauch",
"check_target": "code",
"evidence": [
"source_code",
"auth_config"
],
"automation": "low"
},
{
"control_id": "DEVICE-013",
"domain": "DEVICE",
"title": "Sicherheitsflags nicht unautorisiert ruecksetzbar",
"objective": "Verhindert Umgehung kritischer Schutzmechanismen",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "low"
},
{
"control_id": "DEVICE-014",
"domain": "DEVICE",
"title": "Geraete-Registrierung und -Deregistrierung auditierbar",
"objective": "Nachvollziehbarkeit Geraetebestand",
"check_target": "system",
"evidence": [
"audit_log_sample",
"device_registry"
],
"automation": "low"
},
{
"control_id": "DEVICE-015",
"domain": "DEVICE",
"title": "Offlinemodus funktional und sicherheitlich klar begrenzt",
"objective": "Verhindert unkontrollierte Zustaende",
"check_target": "code",
"evidence": [
"source_code",
"offline_tests"
],
"automation": "low"
},
{
"control_id": "TRANS-001",
"domain": "TRANS",
"title": "Transaktionsstatus als explizite Zustandsmaschine modelliert",
"objective": "Verhindert ungueltige Statusuebergaenge",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "TRANS-002",
"domain": "TRANS",
"title": "Nur definierte Statusuebergaenge technisch zulaessig",
"objective": "Verhindert inkonsistente Verlaeufe",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "TRANS-003",
"domain": "TRANS",
"title": "Abgebrochene Transaktionen konsistent zurueckgerollt",
"objective": "Verhindert schwebende Zustaende",
"check_target": "system",
"evidence": [
"integration_test",
"error_mode_tests"
],
"automation": "medium"
},
{
"control_id": "TRANS-004",
"domain": "TRANS",
"title": "Asynchrone Rueckmeldungen korrekt zugeordnet",
"objective": "Verhindert Vermischung paralleler Ablaeufe",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "TRANS-005",
"domain": "TRANS",
"title": "Doppelte Nachrichten erkannt und sicher behandelt",
"objective": "Verhindert Mehrfachverarbeitung",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "TRANS-006",
"domain": "TRANS",
"title": "Unvollstaendige Transaktionen periodisch erkannt",
"objective": "Kontrollierte Bereinigung",
"check_target": "system",
"evidence": [
"scheduler_jobs",
"source_code"
],
"automation": "low"
},
{
"control_id": "TRANS-007",
"domain": "TRANS",
"title": "Fehlende Antworten erzeugen keinen stillen Erfolg",
"objective": "Verhindert irreführende Erfolgsmeldungen",
"check_target": "code",
"evidence": [
"source_code",
"timeout_tests"
],
"automation": "high"
},
{
"control_id": "TRANS-008",
"domain": "TRANS",
"title": "Stornierungen an berechtigte Rollen gebunden",
"objective": "Verhindert unautorisierte Manipulation",
"check_target": "code",
"evidence": [
"source_code",
"authorization_tests"
],
"automation": "medium"
},
{
"control_id": "TRANS-009",
"domain": "TRANS",
"title": "Race Conditions durch Sperrmechanismen reduziert",
"objective": "Verhindert konkurrierende Verarbeitung",
"check_target": "code",
"evidence": [
"source_code",
"concurrency_tests"
],
"automation": "low"
},
{
"control_id": "TRANS-010",
"domain": "TRANS",
"title": "Betragsrelevante Felder gegen Rundungsfehler abgesichert",
"objective": "Verhindert finanzielle Abweichungen",
"check_target": "code",
"evidence": [
"source_code",
"unit_test"
],
"automation": "medium"
},
{
"control_id": "DATA-001",
"domain": "DATA",
"title": "Sensitive Daten nur bei fachlicher Erforderlichkeit verarbeitet",
"objective": "Reduziert unnoetige Exposition",
"check_target": "architecture",
"evidence": [
"data_flow_docs",
"source_code"
],
"automation": "low"
},
{
"control_id": "DATA-002",
"domain": "DATA",
"title": "Felder mit erhoehtem Schutzbedarf im Code identifizierbar",
"objective": "Erleichtert gezielte Schutzmassnahmen",
"check_target": "code",
"evidence": [
"source_code",
"data_catalog"
],
"automation": "medium"
},
{
"control_id": "DATA-003",
"domain": "DATA",
"title": "Persistierte Daten auf notwendige Felder minimiert",
"objective": "Verhindert unnoetige Speicherung",
"check_target": "database",
"evidence": [
"db_schema",
"source_code"
],
"automation": "medium"
},
{
"control_id": "DATA-004",
"domain": "DATA",
"title": "Testdaten enthalten keine produktiven Zahlungsdaten",
"objective": "Verhindert Offenlegung in Testumgebungen",
"check_target": "process",
"evidence": [
"test_fixtures",
"secret_scan"
],
"automation": "medium"
},
{
"control_id": "DATA-005",
"domain": "DATA",
"title": "Sensitive Daten in Telemetrie/Tracing nicht offengelegt",
"objective": "Verhindert Abfluss ueber Observability",
"check_target": "code",
"evidence": [
"source_code",
"telemetry_config"
],
"automation": "medium"
},
{
"control_id": "DATA-006",
"domain": "DATA",
"title": "Export-/Reporting-Pfade geben Daten nur maskiert aus",
"objective": "Verhindert Abfluss ueber Nebenausgaben",
"check_target": "code",
"evidence": [
"source_code",
"report_samples"
],
"automation": "medium"
},
{
"control_id": "DATA-007",
"domain": "DATA",
"title": "Datentypen fuer zahlungsrelevante Felder begrenzt",
"objective": "Verhindert fehlerhafte Eingaben",
"check_target": "code",
"evidence": [
"source_code",
"db_schema"
],
"automation": "high"
},
{
"control_id": "DATA-008",
"domain": "DATA",
"title": "Datei-Uploads vor Verarbeitung validiert",
"objective": "Verhindert Einschleusen manipulierten Inhalts",
"check_target": "code",
"evidence": [
"source_code",
"validation_tests"
],
"automation": "high"
},
{
"control_id": "ERROR-001",
"domain": "ERR",
"title": "Sicherheitsrelevante Fehler nicht stillschweigend unterdrueckt",
"objective": "Verhindert verdeckte Sicherheitsverluste",
"check_target": "code",
"evidence": [
"source_code",
"error_paths"
],
"automation": "medium"
},
{
"control_id": "ERROR-002",
"domain": "ERR",
"title": "Retry unterscheidet transiente von fachlichen Fehlern",
"objective": "Verhindert falsche Wiederholungen",
"check_target": "code",
"evidence": [
"source_code",
"retry_logic"
],
"automation": "medium"
},
{
"control_id": "ERROR-003",
"domain": "ERR",
"title": "Fehlercodes konsistent gemappt und dokumentiert",
"objective": "Verbessert Diagnose und Audit",
"check_target": "system",
"evidence": [
"error_mapping",
"source_code"
],
"automation": "medium"
},
{
"control_id": "ERROR-004",
"domain": "ERR",
"title": "Fehlerbehandlung durch Negativtests abgedeckt",
"objective": "Beweisbarkeit robuster Fehlerpfade",
"check_target": "test",
"evidence": [
"negative_tests",
"coverage_reports"
],
"automation": "medium"
},
{
"control_id": "ERROR-005",
"domain": "ERR",
"title": "Dead-letter-Queues fuer asynchrone Fehlerfaelle",
"objective": "Verhindert Verlust problematischer Nachrichten",
"check_target": "system",
"evidence": [
"queue_config",
"ops_docs"
],
"automation": "low"
},
{
"control_id": "REPORT-001",
"domain": "REP",
"title": "Ablehnungen und Fehler nachvollziehbar im Reporting",
"objective": "Verhindert beschoenigte Sicht",
"check_target": "system",
"evidence": [
"report_samples",
"error_mapping"
],
"automation": "medium"
},
{
"control_id": "REPORT-002",
"domain": "REP",
"title": "Reportgenerierung veraendert keine Ursprungsdaten",
"objective": "Schuetzt primaeren Datenbestand",
"check_target": "code",
"evidence": [
"source_code",
"db_permissions"
],
"automation": "low"
},
{
"control_id": "REPORT-003",
"domain": "REP",
"title": "Reports offenbaren nur rollenerforderliche Daten",
"objective": "Reduziert Datenabfluss",
"check_target": "code",
"evidence": [
"authorization_tests",
"report_samples"
],
"automation": "medium"
},
{
"control_id": "REPORT-004",
"domain": "REP",
"title": "Reconciliation-Reports determininstisch reproduzierbar",
"objective": "Belastbare Nachweise bei Abweichungen",
"check_target": "process",
"evidence": [
"reporting_docs",
"integration_test"
],
"automation": "low"
},
{
"control_id": "REPORT-005",
"domain": "REP",
"title": "Berichte beruecksichtigen Zeitzonen konsistent",
"objective": "Verhindert Abstimmungsfehler",
"check_target": "code",
"evidence": [
"source_code",
"report_samples"
],
"automation": "medium"
},
{
"control_id": "BUILD-001",
"domain": "BUILD",
"title": "Build-Pipelines versioniert und nachvollziehbar",
"objective": "Auditierbarkeit des Entstehungsprozesses",
"check_target": "build",
"evidence": [
"pipeline_config",
"version_control"
],
"automation": "medium"
},
{
"control_id": "BUILD-002",
"domain": "BUILD",
"title": "Build-Artefakte reproduzierbar erzeugt",
"objective": "Reduziert Risiko unerkannter Unterschiede",
"check_target": "build",
"evidence": [
"build_pipeline",
"artifact_hashes"
],
"automation": "low"
},
{
"control_id": "BUILD-003",
"domain": "BUILD",
"title": "Abhaengigkeiten auf bekannte Schwachstellen geprueft",
"objective": "Reduziert verwundbare Komponenten",
"check_target": "dependency",
"evidence": [
"dependency_scan",
"sbom"
],
"automation": "high"
},
{
"control_id": "BUILD-004",
"domain": "BUILD",
"title": "Keine nicht freigegebenen externen Quellen eingebunden",
"objective": "Reduziert Supply-Chain-Risiken",
"check_target": "build",
"evidence": [
"pipeline_config",
"dependency_policy"
],
"automation": "medium"
},
{
"control_id": "BUILD-005",
"domain": "BUILD",
"title": "Kein Klartextzugriff auf produktive Geheimnisse in CI/CD",
"objective": "Verhindert Offenlegung im Build-Prozess",
"check_target": "build",
"evidence": [
"pipeline_config",
"secret_scan"
],
"automation": "high"
},
{
"control_id": "BUILD-006",
"domain": "BUILD",
"title": "Build-Trigger fuer Produktionsartefakte autorisiert",
"objective": "Verhindert unautorisierte Releases",
"check_target": "build",
"evidence": [
"pipeline_permissions",
"iam_config"
],
"automation": "medium"
},
{
"control_id": "BUILD-007",
"domain": "BUILD",
"title": "Signierte Artefakte eindeutig gekennzeichnet",
"objective": "Erleichtert Zuordnung gepruefter Artefakte",
"check_target": "build",
"evidence": [
"artifact_metadata",
"release_docs"
],
"automation": "medium"
},
{
"control_id": "BUILD-008",
"domain": "BUILD",
"title": "Sicherheitstests zwingend im Release-Build",
"objective": "Erhoet Wahrscheinlichkeit dass Pruefungen nicht umgangen werden",
"check_target": "build",
"evidence": [
"pipeline_config",
"quality_gates"
],
"automation": "high"
},
{
"control_id": "BUILD-009",
"domain": "BUILD",
"title": "Artefakte auf Konfigurationsfehler geprueft vor Veroeffentlichung",
"objective": "Verhindert Auslieferung unsicherer Defaults",
"check_target": "build",
"evidence": [
"artifact_scan",
"config_scan"
],
"automation": "high"
},
{
"control_id": "BUILD-010",
"domain": "BUILD",
"title": "Sicherheitskritische Build-Schritte getrennt und nachvollziehbar",
"objective": "Erhoeht Transparenz bei sensitiven Artefakten",
"check_target": "build",
"evidence": [
"pipeline_config",
"release_docs"
],
"automation": "low"
},
{
"control_id": "DEPLOY-001",
"domain": "DEPLOY",
"title": "Deployment-Konfigurationen versioniert",
"objective": "Auditierbarkeit produktiver Aenderungen",
"check_target": "config",
"evidence": [
"deployment_manifests",
"version_control"
],
"automation": "medium"
},
{
"control_id": "DEPLOY-002",
"domain": "DEPLOY",
"title": "Produktionsdeployments erfordern Freigaben",
"objective": "Verhindert unautorisierte Aenderungen",
"check_target": "process",
"evidence": [
"pipeline_permissions",
"release_workflows"
],
"automation": "low"
},
{
"control_id": "DEPLOY-003",
"domain": "DEPLOY",
"title": "Produktive und nichtproduktive Ziele strikt getrennt",
"objective": "Verhindert Umgebungsvermischung",
"check_target": "config",
"evidence": [
"deployment_manifests",
"environment_config"
],
"automation": "medium"
},
{
"control_id": "DEPLOY-004",
"domain": "DEPLOY",
"title": "Secrets beim Deployment sicher injiziert",
"objective": "Verhindert Offenlegung in Images/Paketen",
"check_target": "config",
"evidence": [
"deployment_manifests",
"secret_store_config"
],
"automation": "high"
},
{
"control_id": "DEPLOY-005",
"domain": "DEPLOY",
"title": "Rollback-Verfahren definiert und getestet",
"objective": "Kontrollierte Wiederherstellung",
"check_target": "process",
"evidence": [
"release_docs",
"ops_runbooks"
],
"automation": "low"
},
{
"control_id": "DEPLOY-006",
"domain": "DEPLOY",
"title": "Konfigurationsaenderungen auditierbar",
"objective": "Nachvollziehbarkeit von Schutzwirkungsaenderungen",
"check_target": "system",
"evidence": [
"audit_log_sample",
"config_registry"
],
"automation": "medium"
},
{
"control_id": "DEPLOY-007",
"domain": "DEPLOY",
"title": "Kompatibilitaet mit abhaengigen Schnittstellen validiert",
"objective": "Verhindert Betriebsstoerungen",
"check_target": "system",
"evidence": [
"integration_test",
"contract_tests"
],
"automation": "medium"
},
{
"control_id": "DEPLOY-008",
"domain": "DEPLOY",
"title": "Zahlungsparameter vor Aktivierung plausibilisiert",
"objective": "Verhindert fehlerhafte produktive Einstellungen",
"check_target": "config",
"evidence": [
"config_validation",
"deployment_checks"
],
"automation": "medium"
},
{
"control_id": "DEPLOY-009",
"domain": "DEPLOY",
"title": "Post-Deployment Smoke-Checks",
"objective": "Erkennt Fehlzustaende nach Inbetriebnahme",
"check_target": "system",
"evidence": [
"smoke_tests",
"pipeline_config"
],
"automation": "medium"
},
{
"control_id": "DEPLOY-010",
"domain": "DEPLOY",
"title": "Canary/gestufte Rollouts fuer risikoreiche Aenderungen",
"objective": "Reduziert grossflaechige Auswirkungen",
"check_target": "process",
"evidence": [
"deployment_strategy",
"ops_docs"
],
"automation": "low"
},
{
"control_id": "QUEUE-001",
"domain": "QUEUE",
"title": "Nachrichten in Warteschlangen eindeutig identifizierbar",
"objective": "Nachverfolgung und Duplikaterkennung",
"check_target": "code",
"evidence": [
"source_code",
"message_schema"
],
"automation": "medium"
},
{
"control_id": "QUEUE-002",
"domain": "QUEUE",
"title": "Nachrichtenverarbeitung idempotent",
"objective": "Verhindert Mehrfachverarbeitung",
"check_target": "code",
"evidence": [
"source_code",
"queue_tests"
],
"automation": "medium"
},
{
"control_id": "QUEUE-003",
"domain": "QUEUE",
"title": "Fehlerhafte Nachrichten kontrolliert isoliert (Dead Letter)",
"objective": "Verhindert Stau durch Poison Messages",
"check_target": "system",
"evidence": [
"queue_config",
"dead_letter_config"
],
"automation": "medium"
},
{
"control_id": "QUEUE-004",
"domain": "QUEUE",
"title": "Nachrichten enthalten keine unnoetig sensitiven Daten",
"objective": "Reduziert Exposition in async Pfaden",
"check_target": "code",
"evidence": [
"message_schema",
"source_code"
],
"automation": "medium"
},
{
"control_id": "QUEUE-005",
"domain": "QUEUE",
"title": "Nachrichtenreihenfolge fuer kritische Ablaeufe beruecksichtigt",
"objective": "Verhindert inkonsistente Zustaende",
"check_target": "architecture",
"evidence": [
"design_docs",
"source_code"
],
"automation": "low"
},
{
"control_id": "QUEUE-006",
"domain": "QUEUE",
"title": "Veraltete Nachrichten nicht unkontrolliert verarbeitet",
"objective": "Verhindert spaete Ausfuehrung ueberholter Aktionen",
"check_target": "code",
"evidence": [
"message_schema",
"source_code"
],
"automation": "medium"
},
{
"control_id": "QUEUE-007",
"domain": "QUEUE",
"title": "Consumer validieren Schema und Pflichtfelder",
"objective": "Verhindert Verarbeitung manipulierten Inhalts",
"check_target": "code",
"evidence": [
"source_code",
"schema_tests"
],
"automation": "high"
},
{
"control_id": "QUEUE-008",
"domain": "QUEUE",
"title": "Mandantenbezug in async Pfaden erhalten",
"objective": "Verhindert Cross-Tenant-Verarbeitung",
"check_target": "code",
"evidence": [
"message_schema",
"tenant_tests"
],
"automation": "medium"
},
{
"control_id": "QUEUE-009",
"domain": "QUEUE",
"title": "Queue-Berechtigungen auf notwendige Rollen beschraenkt",
"objective": "Reduziert Missbrauch",
"check_target": "config",
"evidence": [
"iam_config",
"queue_config"
],
"automation": "low"
},
{
"control_id": "QUEUE-010",
"domain": "QUEUE",
"title": "Retry unterscheidet technische von fachlichen Fehlern",
"objective": "Verhindert Wiederholung irreversibler Vorgaenge",
"check_target": "code",
"evidence": [
"source_code",
"retry_logic"
],
"automation": "medium"
},
{
"control_id": "TENANT-001",
"domain": "TENANT",
"title": "Mandantenkontext serverseitig gesetzt und validiert",
"objective": "Verhindert Client-seitige Manipulation",
"check_target": "code",
"evidence": [
"source_code",
"tenant_tests"
],
"automation": "high"
},
{
"control_id": "TENANT-002",
"domain": "TENANT",
"title": "Datenabfragen mandantenbeschraenkt und gefiltert",
"objective": "Verhindert Cross-Tenant-Datenzugriff",
"check_target": "code",
"evidence": [
"source_code",
"tenant_tests"
],
"automation": "medium"
},
{
"control_id": "TENANT-003",
"domain": "TENANT",
"title": "Mandantenuebergreifende Verwaltung besonders geschuetzt",
"objective": "Reduziert Risiko privilegierter Fehlzugriffe",
"check_target": "code",
"evidence": [
"source_code",
"authorization_tests"
],
"automation": "medium"
},
{
"control_id": "TENANT-004",
"domain": "TENANT",
"title": "Mandantenkontext in Logs und Queues konsistent",
"objective": "Belastbare Zuordnung",
"check_target": "system",
"evidence": [
"log_samples",
"queue_samples"
],
"automation": "medium"
},
{
"control_id": "TENANT-005",
"domain": "TENANT",
"title": "Mandanten-Konfigurationen gegenseitig geschuetzt",
"objective": "Verhindert Ueberschreibungen",
"check_target": "code",
"evidence": [
"source_code",
"tenant_tests"
],
"automation": "medium"
},
{
"control_id": "TENANT-006",
"domain": "TENANT",
"title": "Caching beruecksichtigt Mandantenkontext",
"objective": "Verhindert Datenlecks durch geteilte Caches",
"check_target": "code",
"evidence": [
"source_code",
"cache_config"
],
"automation": "medium"
},
{
"control_id": "TENANT-007",
"domain": "TENANT",
"title": "Mandantenbezogene Schluessel logisch getrennt",
"objective": "Reduziert laterale Auswirkungen",
"check_target": "architecture",
"evidence": [
"key_registry",
"architecture_doc"
],
"automation": "low"
},
{
"control_id": "TENANT-008",
"domain": "TENANT",
"title": "Datenexporte erzwingen Mandantenisolation",
"objective": "Verhindert Cross-Tenant-Exporte",
"check_target": "code",
"evidence": [
"source_code",
"tenant_tests"
],
"automation": "medium"
},
{
"control_id": "TENANT-009",
"domain": "TENANT",
"title": "Loeschvorgaenge ohne Seiteneffekte auf andere Mandanten",
"objective": "Verhindert Fremdbeeintraechtigung",
"check_target": "code",
"evidence": [
"source_code",
"tenant_tests"
],
"automation": "low"
},
{
"control_id": "TENANT-010",
"domain": "TENANT",
"title": "Isolationstests automatisiert abgedeckt",
"objective": "Beweisbarkeit korrekter Trennung",
"check_target": "test",
"evidence": [
"tenant_tests",
"coverage_reports"
],
"automation": "medium"
},
{
"control_id": "TELEMETRY-001",
"domain": "TELEMETRY",
"title": "Telemetriedaten ohne sensitive Zahlungsdaten",
"objective": "Verhindert Abfluss ueber Monitoring",
"check_target": "code",
"evidence": [
"source_code",
"telemetry_samples"
],
"automation": "medium"
},
{
"control_id": "TELEMETRY-002",
"domain": "TELEMETRY",
"title": "Tracing maskiert identifizierende Felder",
"objective": "Beobachtbarkeit ohne Offenlegung",
"check_target": "code",
"evidence": [
"trace_config",
"trace_samples"
],
"automation": "medium"
},
{
"control_id": "TELEMETRY-003",
"domain": "TELEMETRY",
"title": "Metriken ohne hochkartesische sensitive Labels",
"objective": "Verhindert indirekte Offenlegung",
"check_target": "code",
"evidence": [
"source_code",
"metrics_config"
],
"automation": "medium"
},
{
"control_id": "TELEMETRY-004",
"domain": "TELEMETRY",
"title": "Telemetrie-Endpunkte abgesichert",
"objective": "Reduziert Angriffsflaeche",
"check_target": "config",
"evidence": [
"gateway_config",
"auth_config"
],
"automation": "medium"
},
{
"control_id": "TELEMETRY-005",
"domain": "TELEMETRY",
"title": "Debug-Telemetrie in Produktion begrenzt",
"objective": "Verhindert exzessive Datenerhebung",
"check_target": "config",
"evidence": [
"telemetry_config",
"ops_docs"
],
"automation": "medium"
},
{
"control_id": "TELEMETRY-006",
"domain": "TELEMETRY",
"title": "Fehlertelemetrie nach Prioritaet klassifiziert",
"objective": "Zielgerichtete Reaktion",
"check_target": "code",
"evidence": [
"source_code",
"alert_rules"
],
"automation": "low"
},
{
"control_id": "TELEMETRY-007",
"domain": "TELEMETRY",
"title": "Export externer Telemetrie explizit freigegeben",
"objective": "Verhindert unbeabsichtigten Abfluss",
"check_target": "process",
"evidence": [
"ops_docs",
"telemetry_config"
],
"automation": "low"
},
{
"control_id": "TELEMETRY-008",
"domain": "TELEMETRY",
"title": "Telemetrie-Pipelines gegen Manipulation geschuetzt",
"objective": "Vertrauenswuerdigkeit operativer Signale",
"check_target": "system",
"evidence": [
"iam_config",
"pipeline_config"
],
"automation": "low"
},
{
"control_id": "TELEMETRY-009",
"domain": "TELEMETRY",
"title": "Telemetrie-Ausfall beeintraechtigt Zahlungsbetrieb nicht",
"objective": "Verhindert uebermaessige Kopplung",
"check_target": "architecture",
"evidence": [
"design_docs",
"chaos_tests"
],
"automation": "low"
},
{
"control_id": "TELEMETRY-010",
"domain": "TELEMETRY",
"title": "Kontextanreicherung nur soweit erforderlich",
"objective": "Reduziert unnoetige Anreicherung sensitiver Systeme",
"check_target": "architecture",
"evidence": [
"telemetry_schema",
"data_flow_docs"
],
"automation": "low"
},
{
"control_id": "CONFIG-001",
"domain": "CONFIG",
"title": "Sichere Standardwerte fuer sicherheitsrelevante Konfigurationen",
"objective": "Reduziert unsichere Default-Betriebsmodi",
"check_target": "config",
"evidence": [
"config",
"source_code"
],
"automation": "medium"
},
{
"control_id": "CONFIG-002",
"domain": "CONFIG",
"title": "Konfigurationswerte auf Typ und Plausibilitaet geprueft",
"objective": "Verhindert Fehlverhalten durch ungueltige Einstellungen",
"check_target": "code",
"evidence": [
"source_code",
"config_validation"
],
"automation": "high"
},
{
"control_id": "CONFIG-003",
"domain": "CONFIG",
"title": "Unbekannte Konfigurationsschluessel nicht stillschweigend ignoriert",
"objective": "Verhindert Fehlannahmen",
"check_target": "code",
"evidence": [
"source_code",
"config_validation"
],
"automation": "medium"
},
{
"control_id": "CONFIG-004",
"domain": "CONFIG",
"title": "Keine Test-/Demoendpunkte in Produktionskonfiguration",
"objective": "Verhindert versehentliche Kommunikation",
"check_target": "config",
"evidence": [
"config",
"deployment_manifests"
],
"automation": "high"
},
{
"control_id": "CONFIG-005",
"domain": "CONFIG",
"title": "Dynamische Aenderungen autorisiert und auditierbar",
"objective": "Kontrolle ueber Laufzeitaenderungen",
"check_target": "system",
"evidence": [
"audit_log_sample",
"config_registry"
],
"automation": "medium"
},
{
"control_id": "CONFIG-006",
"domain": "CONFIG",
"title": "Sicherheitsconfig nicht ueber APIs ueberschreibbar",
"objective": "Verhindert Manipulation ueber Verwaltungspfade",
"check_target": "code",
"evidence": [
"source_code",
"authorization_tests"
],
"automation": "medium"
},
{
"control_id": "CONFIG-007",
"domain": "CONFIG",
"title": "Feature-Flags fuer Sicherheit restriktiv verwaltet",
"objective": "Verhindert unbeabsichtigte Deaktivierung",
"check_target": "process",
"evidence": [
"feature_flag_config",
"ops_docs"
],
"automation": "low"
},
{
"control_id": "CONFIG-008",
"domain": "CONFIG",
"title": "Konfigurationsquellen und Prioritaeten eindeutig",
"objective": "Verhindert unerwartete Ueberschreibungen",
"check_target": "architecture",
"evidence": [
"design_docs",
"config_docs"
],
"automation": "low"
},
{
"control_id": "CONFIG-009",
"domain": "CONFIG",
"title": "Schwellwerte und Timeouts explizit konfiguriert",
"objective": "Nachvollziehbare Parametrisierung",
"check_target": "code",
"evidence": [
"source_code",
"config"
],
"automation": "medium"
},
{
"control_id": "CONFIG-010",
"domain": "CONFIG",
"title": "Zahlungslogik-Config vor Aktivierung fachlich validiert",
"objective": "Verhindert betriebsgefaehrdende Einstellungen",
"check_target": "system",
"evidence": [
"validation_rules",
"ops_docs"
],
"automation": "low"
},
{
"control_id": "NETWORK-001",
"domain": "NETWORK",
"title": "Netzwerkverbindungen auf notwendige Ziele begrenzt",
"objective": "Reduziert Angriffsflaeche",
"check_target": "network",
"evidence": [
"network_policies",
"firewall_rules"
],
"automation": "medium"
},
{
"control_id": "NETWORK-002",
"domain": "NETWORK",
"title": "Ausgehende Verbindungen auf erlaubte Protokolle beschraenkt",
"objective": "Verhindert Datenabfluss",
"check_target": "network",
"evidence": [
"firewall_rules",
"egress_policies"
],
"automation": "medium"
},
{
"control_id": "NETWORK-003",
"domain": "NETWORK",
"title": "Verwaltungsdienste nicht ungeschuetzt aus Produktivnetzen erreichbar",
"objective": "Reduziert seitliche Bewegungen",
"check_target": "network",
"evidence": [
"network_policies",
"gateway_config"
],
"automation": "low"
},
{
"control_id": "NETWORK-004",
"domain": "NETWORK",
"title": "Kein stiller Fallback auf unverschluesselte Pfade",
"objective": "Verhindert Schutzverlust",
"check_target": "code",
"evidence": [
"source_code",
"network_config"
],
"automation": "medium"
},
{
"control_id": "NETWORK-005",
"domain": "NETWORK",
"title": "Timeouts fuer kritische Kommunikationspfade definiert",
"objective": "Verhindert unklare Zustaende",
"check_target": "config",
"evidence": [
"network_config",
"source_code"
],
"automation": "medium"
},
{
"control_id": "NETWORK-006",
"domain": "NETWORK",
"title": "Vertrauensanker konfigurierbar, nicht hartkodiert",
"objective": "Kontrollierte Vertrauensverwaltung",
"check_target": "code",
"evidence": [
"source_code",
"tls_config"
],
"automation": "medium"
},
{
"control_id": "NETWORK-007",
"domain": "NETWORK",
"title": "Interne Ports minimiert und dokumentiert",
"objective": "Reduziert unnoetige Offenheit",
"check_target": "network",
"evidence": [
"network_policies",
"port_inventory"
],
"automation": "low"
},
{
"control_id": "NETWORK-008",
"domain": "NETWORK",
"title": "Netzwerksegmente logisch getrennt",
"objective": "Reduziert seitliche Ausbreitung",
"check_target": "architecture",
"evidence": [
"network_diagrams",
"firewall_rules"
],
"automation": "low"
},
{
"control_id": "NETWORK-009",
"domain": "NETWORK",
"title": "Kritische Netzwerkfehler an Monitoring weitergegeben",
"objective": "Schnelle Reaktion auf Kommunikationsprobleme",
"check_target": "system",
"evidence": [
"alert_rules",
"log_samples"
],
"automation": "medium"
},
{
"control_id": "NETWORK-010",
"domain": "NETWORK",
"title": "DNS/Service Discovery fuer kritische Komponenten kontrolliert",
"objective": "Verhindert Fehlroutung",
"check_target": "system",
"evidence": [
"dns_config",
"service_registry"
],
"automation": "low"
},
{
"control_id": "STORAGE-001",
"domain": "STORAGE",
"title": "Persistente Speicherorte dokumentiert",
"objective": "Gezielte Schutz- und Pruefmassnahmen",
"check_target": "architecture",
"evidence": [
"data_flow_docs",
"storage_inventory"
],
"automation": "low"
},
{
"control_id": "STORAGE-002",
"domain": "STORAGE",
"title": "Schreibzugriffe rollenbasiert begrenzt",
"objective": "Reduziert unautorisierte Manipulation",
"check_target": "config",
"evidence": [
"iam_config",
"db_permissions"
],
"automation": "medium"
},
{
"control_id": "STORAGE-003",
"domain": "STORAGE",
"title": "Temporaere Dateien ohne sensitive Daten",
"objective": "Verhindert Schattenpersistenz",
"check_target": "code",
"evidence": [
"source_code",
"artifact_scan"
],
"automation": "medium"
},
{
"control_id": "STORAGE-004",
"domain": "STORAGE",
"title": "Datenbankschemata erzwingen Integritaetsbedingungen",
"objective": "Reduziert inkonsistente Datensaetze",
"check_target": "database",
"evidence": [
"db_schema",
"migration_scripts"
],
"automation": "medium"
},
{
"control_id": "STORAGE-005",
"domain": "STORAGE",
"title": "Aenderungen an Zahlungszustaenden nachvollziehbar",
"objective": "Auditierbarkeit",
"check_target": "system",
"evidence": [
"audit_log_sample",
"db_schema"
],
"automation": "low"
},
{
"control_id": "STORAGE-006",
"domain": "STORAGE",
"title": "Backups folgen selben Schutzanforderungen wie Primaerdaten",
"objective": "Verhindert Schutzluecken in Sekundaerspeichern",
"check_target": "process",
"evidence": [
"backup_config",
"storage_policy"
],
"automation": "low"
},
{
"control_id": "STORAGE-007",
"domain": "STORAGE",
"title": "Persistenzlogik behandelt Teilfehler kontrolliert",
"objective": "Robustheit bei DB-Fehlern",
"check_target": "code",
"evidence": [
"source_code",
"error_mode_tests"
],
"automation": "medium"
},
{
"control_id": "STORAGE-008",
"domain": "STORAGE",
"title": "Storage-Migrationen getestet und reversibel bewertet",
"objective": "Reduziert fehlerhafte Schemaenderungen",
"check_target": "database",
"evidence": [
"migration_scripts",
"test_reports"
],
"automation": "medium"
},
{
"control_id": "STORAGE-009",
"domain": "STORAGE",
"title": "Lesezugriffe fuer Reporting umgehen keine Filterlogik",
"objective": "Verhindert Datenabfluss ueber Sekundaerzugriffe",
"check_target": "code",
"evidence": [
"source_code",
"authorization_tests"
],
"automation": "medium"
},
{
"control_id": "STORAGE-010",
"domain": "STORAGE",
"title": "Dateibasierte Speicher gegen unautorisierte Aenderung geschuetzt",
"objective": "Reduziert Manipulationsrisiko",
"check_target": "system",
"evidence": [
"filesystem_permissions",
"integrity_checks"
],
"automation": "low"
},
{
"control_id": "MONITOR-001",
"domain": "MONITOR",
"title": "Sicherheitskritische Ereignisse haben Alarmierungsregeln",
"objective": "Zeitnahe Reaktion auf Vorfaelle",
"check_target": "system",
"evidence": [
"alert_rules",
"monitoring_config"
],
"automation": "medium"
},
{
"control_id": "MONITOR-002",
"domain": "MONITOR",
"title": "Ausfaelle von Zahlungspfaden werden entdeckt",
"objective": "Reduziert unbemerkte Stoerungen",
"check_target": "system",
"evidence": [
"monitoring_config",
"synthetic_checks"
],
"automation": "medium"
},
{
"control_id": "MONITOR-003",
"domain": "MONITOR",
"title": "Monitoring differenziert Verfuegbarkeit/Sicherheit/Fachfehler",
"objective": "Bessere Priorisierung",
"check_target": "system",
"evidence": [
"alert_rules",
"metric_samples"
],
"automation": "low"
},
{
"control_id": "MONITOR-004",
"domain": "MONITOR",
"title": "Schwellenwerte fuer kritische Funktionen definiert",
"objective": "Verhindert ad-hoc Ereigniserkennung",
"check_target": "process",
"evidence": [
"ops_docs",
"monitoring_config"
],
"automation": "low"
},
{
"control_id": "MONITOR-005",
"domain": "MONITOR",
"title": "Alarmierungswege dokumentiert und wirksam",
"objective": "Reaktionsfaehigkeit im Vorfall",
"check_target": "process",
"evidence": [
"incident_docs",
"alert_config"
],
"automation": "low"
},
{
"control_id": "MONITOR-006",
"domain": "MONITOR",
"title": "Wiederkehrende Fehler aggregiert und als Muster erkennbar",
"objective": "Fruehwarnung bei systemischen Problemen",
"check_target": "system",
"evidence": [
"monitoring_dashboards",
"alert_rules"
],
"automation": "low"
},
{
"control_id": "MONITOR-007",
"domain": "MONITOR",
"title": "Queue-Monitoring erfasst Stau, Alter, Fehlerquoten",
"objective": "Kontrolle verteilter Verarbeitungswege",
"check_target": "system",
"evidence": [
"queue_metrics",
"monitoring_dashboards"
],
"automation": "medium"
},
{
"control_id": "MONITOR-008",
"domain": "MONITOR",
"title": "Monitoring gegen triviale Deaktivierung geschuetzt",
"objective": "Vertrauenswuerdigkeit betrieblicher Kontrollen",
"check_target": "system",
"evidence": [
"iam_config",
"audit_log_sample"
],
"automation": "low"
},
{
"control_id": "MONITOR-009",
"domain": "MONITOR",
"title": "Stille Fehlzustaende durch Heartbeats/Synthetic Checks adressiert",
"objective": "Verhindert truegerischen Anschein",
"check_target": "system",
"evidence": [
"synthetic_checks",
"heartbeat_config"
],
"automation": "medium"
},
{
"control_id": "MONITOR-010",
"domain": "MONITOR",
"title": "Monitoring-Nachweise reproduzierbar abrufbar",
"objective": "Belastbare Betriebsnachweise",
"check_target": "process",
"evidence": [
"dashboard_exports",
"ops_docs"
],
"automation": "low"
},
{
"control_id": "OPS-001",
"domain": "OPS",
"title": "Betriebsrollen und Verantwortlichkeiten dokumentiert",
"objective": "Klare Zustaendigkeit",
"check_target": "process",
"evidence": [
"ops_docs",
"role_model"
],
"automation": "low"
},
{
"control_id": "OPS-002",
"domain": "OPS",
"title": "Runbooks fuer typische Stoerungen vorhanden",
"objective": "Reaktionsgeschwindigkeit und Konsistenz",
"check_target": "process",
"evidence": [
"runbooks",
"incident_docs"
],
"automation": "low"
},
{
"control_id": "OPS-003",
"domain": "OPS",
"title": "Sicherheitsmassnahmen nicht an Einzelpersonen gebunden",
"objective": "Reduziert Abhaengigkeit von implizitem Wissen",
"check_target": "process",
"evidence": [
"ops_docs",
"training_records"
],
"automation": "low"
},
{
"control_id": "OPS-004",
"domain": "OPS",
"title": "Notfallzugriffe zeitlich begrenzt und auditierbar",
"objective": "Reduziert Missbrauch von Sonderzugaengen",
"check_target": "system",
"evidence": [
"audit_log_sample",
"iam_config"
],
"automation": "low"
},
{
"control_id": "OPS-005",
"domain": "OPS",
"title": "Schluessel-/Zertifikats-/Geraetewechsel-Prozesse definiert",
"objective": "Verhindert ungeordnete Sicherheitsuebergaenge",
"check_target": "process",
"evidence": [
"ops_docs",
"runbooks"
],
"automation": "low"
},
{
"control_id": "OPS-006",
"domain": "OPS",
"title": "Wartungsfenster fachlich und technisch abgestimmt",
"objective": "Verhindert ueberraschende Auswirkungen",
"check_target": "process",
"evidence": [
"ops_docs",
"change_docs"
],
"automation": "low"
},
{
"control_id": "OPS-007",
"domain": "OPS",
"title": "Betriebsparameter regelmaessig auf Sollzustand geprueft",
"objective": "Erkennt schleichende Drift",
"check_target": "system",
"evidence": [
"ops_checks",
"config_registry"
],
"automation": "medium"
},
{
"control_id": "OPS-008",
"domain": "OPS",
"title": "Wiederanlauf nach Ausfall folgt definierten Prioritaeten",
"objective": "Verhindert ungeordnete Recovery",
"check_target": "process",
"evidence": [
"runbooks",
"recovery_tests"
],
"automation": "low"
},
{
"control_id": "OPS-009",
"domain": "OPS",
"title": "Drittabhaengigkeiten dokumentiert und ueberwacht",
"objective": "Transparenz ueber externe Ausfallrisiken",
"check_target": "process",
"evidence": [
"vendor_inventory",
"monitoring_docs"
],
"automation": "low"
},
{
"control_id": "OPS-010",
"domain": "OPS",
"title": "Betriebsnachweise fuer Ausschreibungen strukturiert abrufbar",
"objective": "Belastbare Compliance-Antworten",
"check_target": "process",
"evidence": [
"evidence_registry",
"reporting_docs"
],
"automation": "low"
},
{
"control_id": "ZVTCORE-001",
"domain": "ZVTCORE",
"title": "ZVT-Nachrichten auf vollstaendige Rahmenstruktur geprueft",
"objective": "Verhindert Verarbeitung beschaedigter Frames",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "high"
},
{
"control_id": "ZVTCORE-002",
"domain": "ZVTCORE",
"title": "Unbekannte ZVT-Kommandos definiert abgewiesen",
"objective": "Verhindert undefiniertes Verhalten",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "high"
},
{
"control_id": "ZVTCORE-003",
"domain": "ZVTCORE",
"title": "ZVT-Nachrichtenlaengen vor Verarbeitung validiert",
"objective": "Verhindert Parser-Ueberlaeufe",
"check_target": "code",
"evidence": [
"source_code",
"fuzz_tests"
],
"automation": "high"
},
{
"control_id": "ZVTCORE-004",
"domain": "ZVTCORE",
"title": "Feldgrenzen in ZVT-Datenstrukturen strikt eingehalten",
"objective": "Verhindert Fehlinterpretation",
"check_target": "code",
"evidence": [
"source_code",
"schema_tests"
],
"automation": "high"
},
{
"control_id": "ZVTCORE-005",
"domain": "ZVTCORE",
"title": "Optionale ZVT-Felder nur bei formaler Korrektheit verarbeitet",
"objective": "Verhindert Fehlannahmen",
"check_target": "code",
"evidence": [
"source_code",
"negative_tests"
],
"automation": "medium"
},
{
"control_id": "ZVTCORE-006",
"domain": "ZVTCORE",
"title": "Unerwartete Feldreihenfolgen kontrolliert behandelt",
"objective": "Verhindert Parserdrift",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "medium"
},
{
"control_id": "ZVTCORE-007",
"domain": "ZVTCORE",
"title": "Parser trennt Transport- von fachlichen Zahlungsfehlern",
"objective": "Korrekte Fehlerbehandlung und Retry",
"check_target": "code",
"evidence": [
"source_code",
"error_mapping"
],
"automation": "medium"
},
{
"control_id": "ZVTCORE-008",
"domain": "ZVTCORE",
"title": "Reservierte/verbotene Werte in ZVT-Frames erkannt",
"objective": "Verhindert unsaubere Verarbeitung",
"check_target": "code",
"evidence": [
"source_code",
"negative_tests"
],
"automation": "medium"
},
{
"control_id": "ZVTCORE-009",
"domain": "ZVTCORE",
"title": "Definierte Zeichensaetze und Kodierungen verwendet",
"objective": "Verhindert Fehlinterpretation von Belegdaten",
"check_target": "code",
"evidence": [
"source_code",
"protocol_docs"
],
"automation": "medium"
},
{
"control_id": "ZVTCORE-010",
"domain": "ZVTCORE",
"title": "ZVT-Nachrichten vor Fachlogik normalisiert und typisiert",
"objective": "Reduziert Parserkomplexitaet",
"check_target": "code",
"evidence": [
"source_code",
"unit_test"
],
"automation": "medium"
},
{
"control_id": "ZVTFLOW-001",
"domain": "ZVTFLOW",
"title": "Zahlung erst nach Protokollinitialisierung gesendet",
"objective": "Verhindert fehlerhafte Sequenzen",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "ZVTFLOW-002",
"domain": "ZVTFLOW",
"title": "Kommandos nur in zulaessigen Zustaenden ausgeloest",
"objective": "Verhindert ungueltige Kommandofolgen",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "ZVTFLOW-003",
"domain": "ZVTFLOW",
"title": "Parallele Zahlungen auf gleicher Verbindung serialisiert",
"objective": "Verhindert kollidierende Ablaeufe",
"check_target": "code",
"evidence": [
"source_code",
"concurrency_tests"
],
"automation": "medium"
},
{
"control_id": "ZVTFLOW-004",
"domain": "ZVTFLOW",
"title": "Statusabfragen veraendern Zahlungszustand nicht",
"objective": "Verhindert Seiteneffekte diagnostischer Ops",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "medium"
},
{
"control_id": "ZVTFLOW-005",
"domain": "ZVTFLOW",
"title": "Abbruchkommandos nur in zulaessigen Phasen",
"objective": "Verhindert inkonsistente Abbruchzustaende",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "ZVTFLOW-006",
"domain": "ZVTFLOW",
"title": "Storno referenziert eindeutig Ursprungstransaktion",
"objective": "Verhindert falsche Zuordnung",
"check_target": "code",
"evidence": [
"source_code",
"db_schema"
],
"automation": "medium"
},
{
"control_id": "ZVTFLOW-007",
"domain": "ZVTFLOW",
"title": "Wiederanlauf nur mit eindeutigem Transaktionskontext",
"objective": "Verhindert doppelte Fortsetzung",
"check_target": "code",
"evidence": [
"source_code",
"reconnect_tests"
],
"automation": "low"
},
{
"control_id": "ZVTFLOW-008",
"domain": "ZVTFLOW",
"title": "Terminalseitige Zwischenzustaende vor Folgebefehlen beruecksichtigt",
"objective": "Verhindert vorschnelle Kommandos",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "ZVTFLOW-009",
"domain": "ZVTFLOW",
"title": "Async Rueckmeldungen korrekt zugeordnet",
"objective": "Verhindert Vermischung paralleler Sitzungen",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "ZVTFLOW-010",
"domain": "ZVTFLOW",
"title": "Nach Transaktionsende expliziter Idle-Zustand",
"objective": "Verhindert haengende Sitzungskontexte",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "ZVTERROR-001",
"domain": "ZVTERROR",
"title": "ZVT-Fehlercodes vollstaendig auf interne Klassen gemappt",
"objective": "Konsistente Fehlerbehandlung",
"check_target": "code",
"evidence": [
"source_code",
"error_mapping"
],
"automation": "medium"
},
{
"control_id": "ZVTERROR-002",
"domain": "ZVTERROR",
"title": "Unbekannte Fehlercodes fuehren nicht zu Erfolgsbewertung",
"objective": "Verhindert False Positives",
"check_target": "code",
"evidence": [
"source_code",
"negative_tests"
],
"automation": "high"
},
{
"control_id": "ZVTERROR-003",
"domain": "ZVTERROR",
"title": "Transport- und Terminalablehnungen erzeugen unterschiedliche Folgeaktionen",
"objective": "Korrekte Retry-Entscheidungen",
"check_target": "code",
"evidence": [
"source_code",
"error_mode_tests"
],
"automation": "medium"
},
{
"control_id": "ZVTERROR-004",
"domain": "ZVTERROR",
"title": "Fehler ohne Transaktionskontext als unvollstaendig markiert",
"objective": "Verhindert unpruefbare Abschluesse",
"check_target": "code",
"evidence": [
"source_code",
"db_schema"
],
"automation": "medium"
},
{
"control_id": "ZVTERROR-005",
"domain": "ZVTERROR",
"title": "Wiederholte Protokollfehler fuehren zu Eskalation/Reset",
"objective": "Verhindert korrupte Kommunikation",
"check_target": "code",
"evidence": [
"source_code",
"reliability_tests"
],
"automation": "low"
},
{
"control_id": "ZVTERROR-006",
"domain": "ZVTERROR",
"title": "Belegdruckfehler ueberschreiben nicht Zahlungsstatus",
"objective": "Trennt Zahlungs- von Nebenfehlern",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "low"
},
{
"control_id": "ZVTERROR-007",
"domain": "ZVTERROR",
"title": "Bediener- und technischer Abbruch getrennt ausgewiesen",
"objective": "Aussagekraft im Audit/Support",
"check_target": "code",
"evidence": [
"source_code",
"error_mapping"
],
"automation": "medium"
},
{
"control_id": "ZVTERROR-008",
"domain": "ZVTERROR",
"title": "Fehler in optionalen Erweiterungen beeintraechtigen Kernablauf nicht",
"objective": "Begrenzt Seiteneffekte",
"check_target": "code",
"evidence": [
"source_code",
"negative_tests"
],
"automation": "low"
},
{
"control_id": "ZVTERROR-009",
"domain": "ZVTERROR",
"title": "Mehrdeutige Antworten als inkonsistenter Fehlerzustand behandelt",
"objective": "Verhindert unsichere Interpretation",
"check_target": "code",
"evidence": [
"source_code",
"negative_tests"
],
"automation": "low"
},
{
"control_id": "ZVTERROR-010",
"domain": "ZVTERROR",
"title": "Fehlerzustaende erzeugen auditierbare Ereignisse",
"objective": "Nachvollziehbarkeit bei Protokollproblemen",
"check_target": "system",
"evidence": [
"audit_log_sample",
"source_code"
],
"automation": "medium"
},
{
"control_id": "ZVTTIME-001",
"domain": "ZVTTIME",
"title": "Antwort-Timeouts je ZVT-Kommando explizit definiert",
"objective": "Verhindert unkontrollierte Haenger",
"check_target": "config",
"evidence": [
"source_code",
"config"
],
"automation": "medium"
},
{
"control_id": "ZVTTIME-002",
"domain": "ZVTTIME",
"title": "Timeouts differenziert nach Protokollphase",
"objective": "Realistische Zeitsteuerung",
"check_target": "code",
"evidence": [
"source_code",
"timeout_tests"
],
"automation": "medium"
},
{
"control_id": "ZVTTIME-003",
"domain": "ZVTTIME",
"title": "Nach Timeout Protokollzustand explizit bereinigt",
"objective": "Verhindert haengende Sitzungen",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "ZVTTIME-004",
"domain": "ZVTTIME",
"title": "Zeitkritische Nachrichten nicht durch Anwendungslogik verzoegert",
"objective": "Verhindert selbstverursachte Abbrueche",
"check_target": "code",
"evidence": [
"source_code",
"performance_tests"
],
"automation": "low"
},
{
"control_id": "ZVTTIME-005",
"domain": "ZVTTIME",
"title": "Retry-Intervalle definiert und begrenzt",
"objective": "Verhindert aggressives Wiederholen",
"check_target": "code",
"evidence": [
"source_code",
"retry_logic"
],
"automation": "medium"
},
{
"control_id": "ZVTTIME-006",
"domain": "ZVTTIME",
"title": "Verspaetete Antworten nach Timeout nicht als aktuell akzeptiert",
"objective": "Verhindert Fehlzuordnung",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "ZVTTIME-007",
"domain": "ZVTTIME",
"title": "Konfigurierbare Zeitwerte mit Mindest-/Hoechstgrenzen",
"objective": "Verhindert riskante Einstellungen",
"check_target": "config",
"evidence": [
"config_validation",
"source_code"
],
"automation": "medium"
},
{
"control_id": "ZVTTIME-008",
"domain": "ZVTTIME",
"title": "Busy-Zustaende zeitlich ueberwacht",
"objective": "Verhindert endloses Warten",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "low"
},
{
"control_id": "ZVTTIME-009",
"domain": "ZVTTIME",
"title": "Zeitbezogene Events mit korrelierbarem Zeitstempel",
"objective": "Diagnose von Latenzproblemen",
"check_target": "system",
"evidence": [
"log_samples",
"source_code"
],
"automation": "medium"
},
{
"control_id": "ZVTTIME-010",
"domain": "ZVTTIME",
"title": "Timeout-Abbrueche fuehren nicht automatisch zu Stornierung",
"objective": "Verhindert falsche Schlussfolgerungen",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "low"
},
{
"control_id": "OPICORE-001",
"domain": "OPICORE",
"title": "OPI-Nachrichten auf Schema- und Pflichtfeldkonformitaet geprueft",
"objective": "Verhindert ungueltige Anfragen/Antworten",
"check_target": "code",
"evidence": [
"source_code",
"schema_tests"
],
"automation": "high"
},
{
"control_id": "OPICORE-002",
"domain": "OPICORE",
"title": "OPI-Nachrichtentypen eindeutig klassifiziert und geroutet",
"objective": "Verhindert Fehlbehandlung",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "medium"
},
{
"control_id": "OPICORE-003",
"domain": "OPICORE",
"title": "Unbekannte OPI-Felder/Erweiterungen kontrolliert behandelt",
"objective": "Robustheit gegenueber Versionen",
"check_target": "code",
"evidence": [
"source_code",
"compatibility_tests"
],
"automation": "medium"
},
{
"control_id": "OPICORE-004",
"domain": "OPICORE",
"title": "OPI-Korrelationskennungen strikt validiert",
"objective": "Verhindert Kontextvermischung",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "high"
},
{
"control_id": "OPICORE-005",
"domain": "OPICORE",
"title": "Widerspruechliche Pflichtinfos abgewiesen",
"objective": "Verhindert inkonsistente Verarbeitung",
"check_target": "code",
"evidence": [
"source_code",
"negative_tests"
],
"automation": "high"
},
{
"control_id": "OPICORE-006",
"domain": "OPICORE",
"title": "Datum/Betrag/Waehrung typisiert und semantisch validiert",
"objective": "Verhindert manipulative Nutzlasten",
"check_target": "code",
"evidence": [
"source_code",
"validation_tests"
],
"automation": "high"
},
{
"control_id": "OPICORE-007",
"domain": "OPICORE",
"title": "Protokollfehler und Geschaeftsantworten sauber getrennt",
"objective": "Korrekte Folgeentscheidungen",
"check_target": "code",
"evidence": [
"source_code",
"error_mapping"
],
"automation": "medium"
},
{
"control_id": "OPICORE-008",
"domain": "OPICORE",
"title": "OPI-Payloads vor Logging/Persistenz maskiert",
"objective": "Verhindert Datenabfluss aus Nachrichten",
"check_target": "code",
"evidence": [
"source_code",
"log_samples"
],
"automation": "medium"
},
{
"control_id": "OPICORE-009",
"domain": "OPICORE",
"title": "Protokollversion und Kompatibilitaet explizit geprueft",
"objective": "Verhindert verdeckte Inkompatibilitaeten",
"check_target": "code",
"evidence": [
"source_code",
"compatibility_tests"
],
"automation": "medium"
},
{
"control_id": "OPICORE-010",
"domain": "OPICORE",
"title": "Parser schuetzt gegen uebergrosse/verschachtelte Nutzlasten",
"objective": "Reduziert DoS-Risiko",
"check_target": "code",
"evidence": [
"source_code",
"fuzz_tests"
],
"automation": "medium"
},
{
"control_id": "OPIFLOW-001",
"domain": "OPIFLOW",
"title": "OPI-Anfragen nur in zulaessiger Reihenfolge gesendet",
"objective": "Verhindert Protokollverletzungen",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "OPIFLOW-002",
"domain": "OPIFLOW",
"title": "Antworten eindeutig der Anforderung zugeordnet",
"objective": "Verhindert Vermischung",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "high"
},
{
"control_id": "OPIFLOW-003",
"domain": "OPIFLOW",
"title": "Doppelte Responses dedupliziert",
"objective": "Verhindert Mehrfachverarbeitung",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "OPIFLOW-004",
"domain": "OPIFLOW",
"title": "Stornierungen referenzieren korrekte Ursprungstransaktion",
"objective": "Verhindert falsche Folgeaktionen",
"check_target": "code",
"evidence": [
"source_code",
"db_schema"
],
"automation": "medium"
},
{
"control_id": "OPIFLOW-005",
"domain": "OPIFLOW",
"title": "Async Events nur ueber definierte Zustandsuebergaenge",
"objective": "Verhindert inkonsistente Statusspruenge",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "OPIFLOW-006",
"domain": "OPIFLOW",
"title": "OPI-Timeouts fuehren zu expliziten Pending/Fehler-Zustaenden",
"objective": "Verhindert unklare Bewertung",
"check_target": "code",
"evidence": [
"source_code",
"timeout_tests"
],
"automation": "medium"
},
{
"control_id": "OPIFLOW-007",
"domain": "OPIFLOW",
"title": "Keine Folgeanfragen auf Basis unvollstaendiger Antworten",
"objective": "Verhindert Kettenfehler",
"check_target": "code",
"evidence": [
"source_code",
"validation_tests"
],
"automation": "medium"
},
{
"control_id": "OPIFLOW-008",
"domain": "OPIFLOW",
"title": "Wiederanlaeufe unterscheiden idempotente von nicht-idempotenten Aktionen",
"objective": "Verhindert doppelte Wirkung",
"check_target": "code",
"evidence": [
"source_code",
"retry_logic"
],
"automation": "medium"
},
{
"control_id": "OPIFLOW-009",
"domain": "OPIFLOW",
"title": "Dialogbeendigung hinterlaesst keinen offenen fachlichen Status",
"objective": "Verhindert haengende Kontexte",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "OPIFLOW-010",
"domain": "OPIFLOW",
"title": "Workflows gegen parallele Statusaenderungen abgesichert",
"objective": "Verhindert Race Conditions",
"check_target": "code",
"evidence": [
"source_code",
"concurrency_tests"
],
"automation": "low"
},
{
"control_id": "PROTOINT-001",
"domain": "PROTOINT",
"title": "Protokollkonverter erhalten alle Informationen verlustfrei",
"objective": "Verhindert semantischen Informationsverlust",
"check_target": "code",
"evidence": [
"source_code",
"mapping_tests"
],
"automation": "medium"
},
{
"control_id": "PROTOINT-002",
"domain": "PROTOINT",
"title": "Keine unmoeglichen Mischzustaende aus verschiedenen Protokollen",
"objective": "Verhindert inkonsistente Aggregation",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "low"
},
{
"control_id": "PROTOINT-003",
"domain": "PROTOINT",
"title": "Korrelationskennungen beim Protokolluebergang erhalten",
"objective": "End-to-End Nachverfolgung",
"check_target": "code",
"evidence": [
"source_code",
"message_schema"
],
"automation": "medium"
},
{
"control_id": "PROTOINT-004",
"domain": "PROTOINT",
"title": "Protokollfehler in normierte interne Semantik ueberfuehrt",
"objective": "Konsistente Behandlung",
"check_target": "code",
"evidence": [
"source_code",
"error_mapping"
],
"automation": "medium"
},
{
"control_id": "PROTOINT-005",
"domain": "PROTOINT",
"title": "Nicht mappbare Infos explizit kenntlich, nicht still verworfen",
"objective": "Verhindert unsichtbaren Informationsverlust",
"check_target": "code",
"evidence": [
"source_code",
"mapping_tests"
],
"automation": "low"
},
{
"control_id": "PROTOINT-006",
"domain": "PROTOINT",
"title": "Interne Modelle erzwingen zulaessige Wertebereiche vor Serialisierung",
"objective": "Verhindert ungueltige Protokollnachrichten",
"check_target": "code",
"evidence": [
"source_code",
"validation_tests"
],
"automation": "high"
},
{
"control_id": "PROTOINT-007",
"domain": "PROTOINT",
"title": "Serialisierung deterministisch und testbar",
"objective": "Reproduzierbarkeit",
"check_target": "code",
"evidence": [
"source_code",
"golden_tests"
],
"automation": "medium"
},
{
"control_id": "PROTOINT-008",
"domain": "PROTOINT",
"title": "Parser und Serializer verwenden gleiche Feldsemantik",
"objective": "Verhindert Drift",
"check_target": "code",
"evidence": [
"source_code",
"roundtrip_tests"
],
"automation": "medium"
},
{
"control_id": "PROTOINT-009",
"domain": "PROTOINT",
"title": "Protokolladapter logisch von Geschaeftsregeln getrennt",
"objective": "Reduziert Seiteneffekte",
"check_target": "architecture",
"evidence": [
"source_code",
"design_docs"
],
"automation": "low"
},
{
"control_id": "PROTOINT-010",
"domain": "PROTOINT",
"title": "Protokollmapping-Aenderungen durch Regressionstests abgesichert",
"objective": "Verhindert Integrationsbrueche",
"check_target": "test",
"evidence": [
"regression_tests",
"protocol_tests"
],
"automation": "medium"
},
{
"control_id": "TERMSTATE-001",
"domain": "TERMSTATE",
"title": "Terminalzustaende als explizites Modell repraesentiert",
"objective": "Klarheit und Pruefbarkeit",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "TERMSTATE-002",
"domain": "TERMSTATE",
"title": "Busy-Status blockiert unzulaessige Folgekommandos",
"objective": "Verhindert Kollisionen",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "TERMSTATE-003",
"domain": "TERMSTATE",
"title": "Nach Reconnect aktive Neusynchronisation",
"objective": "Verhindert veraltetes Verbindungswissen",
"check_target": "code",
"evidence": [
"source_code",
"reconnect_tests"
],
"automation": "low"
},
{
"control_id": "TERMSTATE-004",
"domain": "TERMSTATE",
"title": "Ungueltige Terminal+Transaktionsstatus-Kombinationen erkannt",
"objective": "Verhindert widerspruechliche Entscheidungen",
"check_target": "code",
"evidence": [
"source_code",
"negative_tests"
],
"automation": "medium"
},
{
"control_id": "TERMSTATE-005",
"domain": "TERMSTATE",
"title": "Service-/Wartungszustaende vom Zahlungsbetrieb getrennt",
"objective": "Reduziert Seiteneffekte",
"check_target": "code",
"evidence": [
"source_code",
"auth_tests"
],
"automation": "low"
},
{
"control_id": "TERMSTATE-006",
"domain": "TERMSTATE",
"title": "Statusaenderungen erzeugen nachvollziehbare Backend-Events",
"objective": "Sichtbarkeit kritischer Aenderungen",
"check_target": "system",
"evidence": [
"audit_log_sample",
"source_code"
],
"automation": "medium"
},
{
"control_id": "TERMSTATE-007",
"domain": "TERMSTATE",
"title": "Unklare Zustaende fuehren zu konservativem Verhalten",
"objective": "Verhindert unsichere Annahmen",
"check_target": "code",
"evidence": [
"source_code",
"error_mode_tests"
],
"automation": "medium"
},
{
"control_id": "TERMSTATE-008",
"domain": "TERMSTATE",
"title": "Verfuegbarkeit nicht mit fachlichem Zahlungserfolg verwechselt",
"objective": "Verhindert falsche Geschaeftsentscheidungen",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "TERMSTATE-009",
"domain": "TERMSTATE",
"title": "Lokale Statuscaches verfallen kontrolliert",
"objective": "Verhindert veraltete Zustandsinformationen",
"check_target": "code",
"evidence": [
"source_code",
"cache_tests"
],
"automation": "low"
},
{
"control_id": "TERMSTATE-010",
"domain": "TERMSTATE",
"title": "Sicherheitszustaende nicht durch Nutzeraktionen ruecksetzbar",
"objective": "Schuetzt kritische Geraetezustaende",
"check_target": "code",
"evidence": [
"source_code",
"authorization_tests"
],
"automation": "low"
},
{
"control_id": "TERMREC-001",
"domain": "TERMREC",
"title": "Belegdaten vor Persistenz/Ausgabe formal validiert",
"objective": "Verhindert fehlerhafte Belegverarbeitung",
"check_target": "code",
"evidence": [
"source_code",
"validation_tests"
],
"automation": "medium"
},
{
"control_id": "TERMREC-002",
"domain": "TERMREC",
"title": "Doppelte Belegmeldungen erkannt und nicht mehrfach verarbeitet",
"objective": "Verhindert Mehrfachablage",
"check_target": "code",
"evidence": [
"source_code",
"dedup_tests"
],
"automation": "medium"
},
{
"control_id": "TERMREC-003",
"domain": "TERMREC",
"title": "Belegdaten dem korrekten Transaktionskontext zugeordnet",
"objective": "Verhindert Vermischung",
"check_target": "code",
"evidence": [
"source_code",
"db_schema"
],
"automation": "medium"
},
{
"control_id": "TERMREC-004",
"domain": "TERMREC",
"title": "Fehlgeschlagener Belegdruck veraendert nicht Zahlungsstatus",
"objective": "Trennt Zahlungsabschluss von Druckproblemen",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "low"
},
{
"control_id": "TERMREC-005",
"domain": "TERMREC",
"title": "Belegtexte vor Logging auf sensitive Inhalte geprueft",
"objective": "Verhindert Datenabfluss ueber Ausgabepfade",
"check_target": "code",
"evidence": [
"source_code",
"log_samples"
],
"automation": "medium"
},
{
"control_id": "TERMREC-006",
"domain": "TERMREC",
"title": "Belegereignisse auditierbar und zeitlich korrelierbar",
"objective": "Nachweis ueber Ausgabeverhalten",
"check_target": "system",
"evidence": [
"audit_log_sample",
"report_samples"
],
"automation": "medium"
},
{
"control_id": "TERMREC-007",
"domain": "TERMREC",
"title": "Mehrteilige Belegdaten vollstaendig und korrekt zusammengefuehrt",
"objective": "Verhindert Datenverlust",
"check_target": "code",
"evidence": [
"source_code",
"golden_tests"
],
"automation": "medium"
},
{
"control_id": "TERMREC-008",
"domain": "TERMREC",
"title": "Beschaedigte Belegsegmente als unvollstaendig markiert",
"objective": "Verhindert Nutzung defekter Daten",
"check_target": "code",
"evidence": [
"source_code",
"negative_tests"
],
"automation": "medium"
},
{
"control_id": "TERMREC-009",
"domain": "TERMREC",
"title": "Belegformate zwischen Terminal und Backend kompatibel",
"objective": "Verhindert Zeichensatz-/Layoutfehler",
"check_target": "code",
"evidence": [
"source_code",
"compatibility_tests"
],
"automation": "low"
},
{
"control_id": "TERMREC-010",
"domain": "TERMREC",
"title": "Belegdaten auf erforderliche Inhalte minimiert",
"objective": "Reduziert unnoetige Speicherung",
"check_target": "architecture",
"evidence": [
"data_flow_docs",
"db_schema"
],
"automation": "low"
},
{
"control_id": "TERMSYNC-009",
"domain": "TERMSYNC",
"title": "Sync unterscheidet fachliche Klaerung von technischer Wiederholung",
"objective": "Verhindert Wiederholung finaler Zustaende",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "TERMSYNC-010",
"domain": "TERMSYNC",
"title": "Terminal/Backend-Zustaende regelmaessig auf Divergenzen geprueft",
"objective": "Erkennt Inkonsistenzen fruehzeitig",
"check_target": "system",
"evidence": [
"reconciliation_jobs",
"audit_log_sample"
],
"automation": "medium"
},
{
"control_id": "ZVT-CMD-001",
"domain": "ZVT-CMD",
"title": "ZVT-Kommandos nur in zulaessiger Reihenfolge",
"objective": "Verhindert Protokollverletzungen",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "high"
},
{
"control_id": "ZVT-CMD-002",
"domain": "ZVT-CMD",
"title": "Ungueltige Kommandos sicher zurueckgewiesen",
"objective": "Verhindert undefined behavior",
"check_target": "code",
"evidence": [
"source_code",
"negative_tests"
],
"automation": "high"
},
{
"control_id": "ZVT-CMD-003",
"domain": "ZVT-CMD",
"title": "Verpflichtende Parameter vorhanden",
"objective": "Sichert korrekte Kommunikation",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "high"
},
{
"control_id": "ZVT-CMD-004",
"domain": "ZVT-CMD",
"title": "Optionalfelder korrekt interpretiert und validiert",
"objective": "Verhindert Fehlinterpretation",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-CMD-005",
"domain": "ZVT-CMD",
"title": "Terminalantworten vollstaendig gelesen und verarbeitet",
"objective": "Verhindert Zustandsverlust",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "ZVT-RT-001",
"domain": "ZVT-RT",
"title": "Timeouts fuer Terminalkommunikation definiert",
"objective": "Verhindert blockierende Prozesse",
"check_target": "config",
"evidence": [
"config",
"source_code"
],
"automation": "high"
},
{
"control_id": "ZVT-RT-002",
"domain": "ZVT-RT",
"title": "Retries unterscheiden idempotent/nicht-idempotent",
"objective": "Verhindert doppelte Buchungen",
"check_target": "code",
"evidence": [
"source_code",
"retry_logic"
],
"automation": "medium"
},
{
"control_id": "ZVT-RT-003",
"domain": "ZVT-RT",
"title": "Retry-Anzahl begrenzt",
"objective": "Verhindert Endlosschleifen",
"check_target": "config",
"evidence": [
"config",
"source_code"
],
"automation": "high"
},
{
"control_id": "ZVT-RT-004",
"domain": "ZVT-RT",
"title": "Backoff-Strategien implementiert",
"objective": "Verhindert Ueberlastung",
"check_target": "code",
"evidence": [
"source_code",
"retry_logic"
],
"automation": "medium"
},
{
"control_id": "ZVT-RT-005",
"domain": "ZVT-RT",
"title": "Abgebrochene Transaktionen eindeutig markiert",
"objective": "Erleichtert Recovery",
"check_target": "system",
"evidence": [
"db_schema",
"source_code"
],
"automation": "medium"
},
{
"control_id": "ZVT-STATE-001",
"domain": "ZVT-STATE",
"title": "Zahlungszustaende als explizite State Machine",
"objective": "Verhindert implizite Zustaende",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-STATE-002",
"domain": "ZVT-STATE",
"title": "Ungueltige Zustandsuebergaenge nicht moeglich",
"objective": "Verhindert inkonsistente Zustaende",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "high"
},
{
"control_id": "ZVT-STATE-003",
"domain": "ZVT-STATE",
"title": "Jeder Zustand hat definierten Exit-Pfad",
"objective": "Verhindert Deadlocks",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-STATE-004",
"domain": "ZVT-STATE",
"title": "Terminal- und Backendzustand abgeglichen",
"objective": "Verhindert Divergenzen",
"check_target": "system",
"evidence": [
"integration_test",
"reconciliation_jobs"
],
"automation": "medium"
},
{
"control_id": "ZVT-STATE-005",
"domain": "ZVT-STATE",
"title": "Recovery-Zustaende explizit modelliert",
"objective": "Erhoeht Robustheit",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-COM-001",
"domain": "ZVT-COM",
"title": "Nachrichtenlaengen validiert",
"objective": "Verhindert Parsing-Fehler",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "high"
},
{
"control_id": "ZVT-COM-002",
"domain": "ZVT-COM",
"title": "Checksummen/Integritaet geprueft",
"objective": "Verhindert manipulierte Daten",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-COM-003",
"domain": "ZVT-COM",
"title": "Teilweise empfangene Nachrichten nicht verarbeitet",
"objective": "Verhindert inkonsistente Verarbeitung",
"check_target": "code",
"evidence": [
"source_code",
"negative_tests"
],
"automation": "high"
},
{
"control_id": "ZVT-COM-004",
"domain": "ZVT-COM",
"title": "Nachrichten in korrektem Encoding interpretiert",
"objective": "Verhindert Datenfehler",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-COM-005",
"domain": "ZVT-COM",
"title": "Protokollverletzungen erkannt und geloggt",
"objective": "Erhoeht Diagnosefaehigkeit",
"check_target": "system",
"evidence": [
"source_code",
"log_samples"
],
"automation": "medium"
},
{
"control_id": "ZVT-REV-001",
"domain": "ZVT-REV",
"title": "Reversal nur fuer geeignete Transaktionen",
"objective": "Verhindert unzulaessige Rueckabwicklung",
"check_target": "code",
"evidence": [
"source_code",
"authorization_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-REV-002",
"domain": "ZVT-REV",
"title": "Reversal eindeutig einer Transaktion zugeordnet",
"objective": "Verhindert falsche Zuordnung",
"check_target": "code",
"evidence": [
"source_code",
"db_schema"
],
"automation": "high"
},
{
"control_id": "ZVT-REV-003",
"domain": "ZVT-REV",
"title": "Mehrfach-Reversal verhindert",
"objective": "Verhindert doppelte Rueckbuchung",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "high"
},
{
"control_id": "ZVT-REV-004",
"domain": "ZVT-REV",
"title": "Reversal vollstaendig dokumentiert",
"objective": "Ermoeglicht Audit",
"check_target": "system",
"evidence": [
"audit_log_sample",
"db_schema"
],
"automation": "medium"
},
{
"control_id": "ZVT-REV-005",
"domain": "ZVT-REV",
"title": "Fehlgeschlagene Reversals erneut geprueft oder eskaliert",
"objective": "Verhindert offene Transaktionen",
"check_target": "system",
"evidence": [
"source_code",
"ops_docs"
],
"automation": "low"
},
{
"control_id": "ZVT-RESP-001",
"domain": "ZVT-RESP",
"title": "Alle Terminal-Response-Codes vollstaendig abgedeckt",
"objective": "Verhindert unhandled states",
"check_target": "code",
"evidence": [
"source_code",
"error_mapping"
],
"automation": "high"
},
{
"control_id": "ZVT-RESP-002",
"domain": "ZVT-RESP",
"title": "Fehlercodes korrekt interpretiert",
"objective": "Verhindert falsche Verarbeitung",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-RESP-003",
"domain": "ZVT-RESP",
"title": "Unbekannte Response-Codes sicher behandelt",
"objective": "Erhoeht Robustheit",
"check_target": "code",
"evidence": [
"source_code",
"negative_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-RESP-004",
"domain": "ZVT-RESP",
"title": "Response-Daten validiert",
"objective": "Verhindert Inkonsistenzen",
"check_target": "code",
"evidence": [
"source_code",
"validation_tests"
],
"automation": "high"
},
{
"control_id": "ZVT-RESP-005",
"domain": "ZVT-RESP",
"title": "Terminalstatus nach Response aktualisiert",
"objective": "Synchronisiert Zustaende",
"check_target": "system",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-SESSION-001",
"domain": "ZVT-SESSION",
"title": "Terminal-Sessions explizit geoeffnet und geschlossen",
"objective": "Verhindert Zombie-Sessions",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "ZVT-SESSION-002",
"domain": "ZVT-SESSION",
"title": "Session-Timeouts definiert",
"objective": "Verhindert haengende Sessions",
"check_target": "config",
"evidence": [
"config",
"source_code"
],
"automation": "high"
},
{
"control_id": "ZVT-SESSION-003",
"domain": "ZVT-SESSION",
"title": "Session-Abbrueche erkannt",
"objective": "Erhoeht Stabilitaet",
"check_target": "system",
"evidence": [
"source_code",
"monitoring_config"
],
"automation": "medium"
},
{
"control_id": "ZVT-SESSION-004",
"domain": "ZVT-SESSION",
"title": "Session-Wiederaufnahme kontrolliert",
"objective": "Verhindert Inkonsistenzen",
"check_target": "code",
"evidence": [
"source_code",
"reconnect_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-SESSION-005",
"domain": "ZVT-SESSION",
"title": "Parallele Sessions kontrolliert",
"objective": "Verhindert Race Conditions",
"check_target": "code",
"evidence": [
"source_code",
"concurrency_tests"
],
"automation": "medium"
}
]
}
Reference in New Issue View Git Blame Copy Permalink