Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
be9cfdc2d496ecd9533054a90e5a6bdff7354906
breakpilot-compliance/ai-compliance-sdk/internal/gap/norm_mapping.go
T
Benjamin Admin 8f169cbae3 feat(gap): IST-Zustand Assessment — IACE + Normen + Prozesse 
Gap Analysis v2: statt 500 generische Gaps → nur die ECHTEN Lücken.

Backend:
- ProductProfile um 15 IST-Felder erweitert (Normen, Doku, Prozesse, CE)
- assessGapStatus prüft: IACE-Mitigations → Zertifizierungen → Normen → IST-Felder
- norm_mapping.go: 20 Normen → MC-Topic Mapping (ISO 12100, IEC 62443, etc.)
- IACE-Integration: CheckIACECoverage() matcht verified Mitigations gegen MCs

Frontend:
- 2-Step Wizard: Produkt beschreiben → IST-Zustand erfassen
- IstAssessment.tsx: CE-Jahr, Normen-Multiselect, Doku+Prozess Checkboxen
- Step-Navigation mit visuellen Indikatoren

Migration 025 erweitert um IST-Felder.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-11 08:33:17 +02:00

74 lines
2.7 KiB
Go
Raw Blame History

package gap
// NormToControlMapping maps applied norms to MC topic prefixes they cover.
// If a manufacturer has applied a norm, all matching MC topics are "fulfilled".
var NormToControlMapping = map[string][]string{
// Machine Safety
"ISO12100": {"risk_management_assessment", "risk_management_documentation", "product_safety"},
"ENISO13849": {"product_safety", "risk_management_assessment", "secure_development"},
"IEC61508": {"product_safety", "risk_management", "secure_development"},
"IEC62061": {"product_safety", "risk_management"},
// EMC / Electrical Safety
"EN61326": {"network_security", "physical_security"},
"EN62368": {"physical_security", "product_safety"},
"IEC60204": {"physical_security", "product_safety"},
// Information Security
"ISO27001": {
"access_control", "encryption", "incident", "audit_logging",
"vulnerability", "patch_management", "risk_management",
"human_resources_security", "physical_security", "backup",
"disaster_recovery", "change_management", "asset_management",
"monitoring", "network_security",
},
"ISO27002": {
"access_control", "encryption", "audit_logging",
"vulnerability", "patch_management",
},
// Industrial Cybersecurity
"IEC62443": {
"network_security", "network_segmentation", "access_control",
"monitoring", "vulnerability", "patch_management",
"incident", "secure_development",
},
// Medical Devices
"ISO13485": {"risk_management", "documentation", "change_management", "training"},
"IEC60601": {"physical_security", "product_safety"},
"ISO14971": {"risk_management_assessment", "risk_management_documentation"},
"IEC62304": {"secure_development", "change_management", "documentation"},
// Crypto/Fintech
"ISO22301": {"disaster_recovery", "backup", "incident"},
"PCIDSS": {"encryption", "access_control", "audit_logging", "vulnerability", "network_segmentation"},
// Quality / Environmental
"ISO9001": {"change_management", "documentation", "training", "compliance_audit"},
"ISO14001": {"compliance_audit", "documentation", "risk_management"},
// Product Safety / RoHS / REACH
"EN50581": {"supply_chain_due_diligence", "product_safety"},
// Functional Safety (software)
"ASPICE": {"secure_development", "change_management", "documentation"},
"ISO26262": {"secure_development", "risk_management", "product_safety"},
}
// normCoversControl checks if any applied norm covers a given MC topic.
func normCoversControl(appliedNorms []string, mcTopic string) bool {
for _, norm := range appliedNorms {
topics, ok := NormToControlMapping[norm]
if !ok {
continue
}
for _, topic := range topics {
if contains(mcTopic, topic) {
return true
}
}
}
return false
}
Reference in New Issue View Git Blame Copy Permalink