Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
db2fd9d8e91faa2492f4cf32a3eb7fe3919e9685
breakpilot-compliance/obligations/cra_authentication.json
T
Benjamin Admin 48e39423e6 Add curated CRA authentication obligations (scaling test) 
Erster großer Skalierungstest der Registry-Pipeline mit Zwei-Stufen-Clustering:
4408 Controls → 2134 Mikro → 170 Review Units → Opus-Synthese 54 → Kuration 29.

- Zwei-Stufen-Clustering (Mikro→Meta/Review-Unit) ist der Skalierungs-Fix für große Domänen
- harte Tier-Regel generalisiert: nur 6 LEGAL_MINIMUM (CRA fordert nur High-Level-Auth),
  23 BEST_PRACTICE; MFA/Passwort/Session/Krypto = guidance_basis, kein CRA-Primärrecht
- Kuration (key-frei, regelbasiert): Krypto-Mikro→guidance · Prüf/Nachweis→evidence-Facette ·
  Mechanismus-Familien behalten · eID/PSD2→out_of_scope; 6 LM unangetastet
- Provenance pro Obligation (source_meta_cluster/confidence/model/version)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-25 07:30:55 +02:00

10458 lines
211 KiB
JSON
Raw Blame History

{
"schema_version": "obligation_registry_v1",
"regulation": "CRA",
"regulation_code": "eu_2024_2847",
"family": "authentication",
"generated_by": "obl_auth_synth/claude-opus-4-8",
"synthesis_version": "v1",
"citation_status": "pending_span_anchor",
"obligations": [
{
"id": "user_authentication_required",
"name": "Benutzerauthentifizierung vor Zugriff",
"description": "Produkte mit digitalen Elementen muessen Nutzer und Entitaeten vor Gewaehrung von Zugriff auf Funktionen, Daten oder geschuetzte Ressourcen authentisieren.",
"tier": "LEGAL_MINIMUM",
"family": "authentication",
"subdomain": "credential",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "LEGAL_BASIS",
"legal_basis": [
{
"source": "CRA",
"regulation_code": "eu_2024_2847",
"anchor": "Annex I (2)(d)",
"citation": "protect... by ensuring protection from unauthorised access, including by reporting... appropriate control mechanisms incl. authentication, identity or access management"
}
],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AC-14",
"role": "best_practice"
}
],
"member_review_units": [
"M3",
"M5",
"M9",
"M21",
"M36",
"M113",
"M118",
"M155",
"M160"
],
"member_controls": [
"ACC-0383-A06",
"ACC-0384-A02",
"ACC-0384-A03",
"ACC-067-A06",
"ACC-067-A17",
"ACC-082-A06",
"ACC-082-A07",
"ACC-082-A15",
"ACC-082-A16",
"ACC-111-A05",
"ACC-111-A10",
"ACC-320",
"ACC-320-A01",
"ACC-320-A02",
"ACC-320-A03",
"ACC-320-A04",
"ACC-320-A06",
"ACC-320-A09",
"ACC-320-A10",
"ACC-320-A11",
"ACC-320-A12",
"ACC-320-A13",
"ACC-320-A17",
"ACC-320-A19",
"ACC-320-A20",
"ACC-320-A21",
"ACC-320-A26",
"ACC-320-A28",
"ACC-320-A29",
"ACC-320-A35",
"ACC-320-A36",
"ACC-320-A37",
"ACC-320-A38",
"ACC-320-A41",
"ACC-320-A42",
"ACC-320-A43",
"ACC-320-A44",
"ACC-320-A45",
"ACC-327-A18",
"ACC-327-A60",
"ACC-427",
"ACC-427-A01",
"ACC-427-A02",
"ACC-427-A03",
"ACC-427-A11",
"ACC-427-A12",
"ACC-477-A03",
"ACC-478-A02",
"ACC-490",
"ACC-490-A02",
"ACC-490-A04",
"ACC-490-A09",
"ACC-499-A05",
"ACC-504-A09",
"ACC-508-A01",
"ACC-513",
"ACC-518-A06",
"ACC-559",
"ACC-567-A10",
"ACC-571-A05",
"ACC-578-A03",
"ACC-581-A04",
"ACC-586-A03",
"ACC-586-A04",
"ACC-588-A03",
"ACC-594-A10",
"ACC-607-A01",
"ACC-607-A04",
"ACC-630-A05",
"ACC-630-A12",
"ACC-635",
"ACC-635-A01",
"ACC-637",
"ACC-637-A01",
"ACC-641-A06",
"ACC-653",
"ACC-653-A01",
"ACC-657-A02",
"ACC-660-A06",
"ACC-673-A10",
"ACC-727-A03",
"ACC-741-A03",
"ACL-004",
"ACL-004-A03",
"ACL-004-A04",
"ACL-004-A06",
"AI-052-A26",
"AI-052-A27",
"AI-1012",
"AI-1012-A03",
"AI-1012-A04",
"AI-1012-A05",
"AI-1012-A07",
"AI-1027-A07",
"AI-1236-A04",
"AI-1263-A05",
"AI-1263-A10",
"AI-1392-A06",
"AI-1408-A01",
"AI-1417-A06",
"AI-1660-A12",
"AI-1715-A08",
"AI-814",
"AI-814-A02",
"AI-814-A06",
"AI-814-A07",
"AI-814-A11",
"AI-814-A12",
"AI-814-A16",
"AI-814-A17",
"AI-814-A21",
"AI-814-A22",
"AI-814-A26",
"AI-814-A27",
"AI-981-A04",
"AI-997-A01",
"API-001",
"ARC-007-A06",
"AUTH-018",
"AUTH-018-A18",
"AUTH-032",
"AUTH-043",
"AUTH-045",
"AUTH-067-A12",
"AUTH-098",
"AUTH-1001",
"AUTH-1002",
"AUTH-1003",
"AUTH-1003-A01",
"AUTH-1004-A01",
"AUTH-1008",
"AUTH-1009-A01",
"AUTH-1009-A03",
"AUTH-1011-A01",
"AUTH-1019",
"AUTH-1026",
"AUTH-1026-A01",
"AUTH-1048",
"AUTH-1048-A03",
"AUTH-1048-A04",
"AUTH-1048-A19",
"AUTH-1048-A68",
"AUTH-1048-A69",
"AUTH-1049",
"AUTH-1060",
"AUTH-1061",
"AUTH-1087-A01",
"AUTH-1087-A04",
"AUTH-1092",
"AUTH-1092-A04",
"AUTH-1099-A04",
"AUTH-1102-A08",
"AUTH-1110",
"AUTH-1110-A03",
"AUTH-120-A11",
"AUTH-1283",
"AUTH-1283-A01",
"AUTH-1283-A02",
"AUTH-1291",
"AUTH-1293",
"AUTH-1295-A01",
"AUTH-1296-A05",
"AUTH-1298-A02",
"AUTH-1303-A03",
"AUTH-1303-A04",
"AUTH-1310-A01",
"AUTH-1313-A01",
"AUTH-1313-A03",
"AUTH-1321-A05",
"AUTH-1426-A05",
"AUTH-1426-A06",
"AUTH-1437",
"AUTH-1437-A01",
"AUTH-1437-A04",
"AUTH-1437-A06",
"AUTH-1437-A07",
"AUTH-1441",
"AUTH-1443-A02",
"AUTH-1445-A04",
"AUTH-1446",
"AUTH-1446-A02",
"AUTH-1446-A04",
"AUTH-1455",
"AUTH-1455-A01",
"AUTH-1455-A07",
"AUTH-1463-A02",
"AUTH-1463-A07",
"AUTH-1463-A08",
"AUTH-1464-A04",
"AUTH-1464-A05",
"AUTH-1464-A07",
"AUTH-1466-A04",
"AUTH-1466-A08",
"AUTH-1468",
"AUTH-1468-A03",
"AUTH-1468-A04",
"AUTH-1468-A07",
"AUTH-1468-A08",
"AUTH-1472-A01",
"AUTH-1524",
"AUTH-1524-A01",
"AUTH-1524-A02",
"AUTH-1525-A03",
"AUTH-1529",
"AUTH-1529-A01",
"AUTH-1529-A06",
"AUTH-1535-A02",
"AUTH-1538-A01",
"AUTH-1538-A10",
"AUTH-1539-A03",
"AUTH-1576-A01",
"AUTH-1579-A01",
"AUTH-1583-A06",
"AUTH-1623-A04",
"AUTH-1623-A07",
"AUTH-1623-A08",
"AUTH-1624-A11",
"AUTH-1631",
"AUTH-1633-A01",
"AUTH-1634-A06",
"AUTH-1635-A06",
"AUTH-1635-A12",
"AUTH-1637-A03",
"AUTH-1637-A08",
"AUTH-1640-A03",
"AUTH-1640-A04",
"AUTH-1652-A07",
"AUTH-1654",
"AUTH-1654-A01",
"AUTH-1654-A02",
"AUTH-1654-A03",
"AUTH-1654-A05",
"AUTH-1655-A02",
"AUTH-1658-A05",
"AUTH-1666-A04",
"AUTH-1669-A04",
"AUTH-1669-A07",
"AUTH-1673-A08",
"AUTH-1675-A07",
"AUTH-1678-A02",
"AUTH-1691",
"AUTH-1691-A01",
"AUTH-1694-A06",
"AUTH-1695",
"AUTH-1696-A03",
"AUTH-1696-A04",
"AUTH-1700-A04",
"AUTH-1701-A09",
"AUTH-1702-A03",
"AUTH-1706-A03",
"AUTH-1706-A05",
"AUTH-1706-A06",
"AUTH-1706-A09",
"AUTH-1708",
"AUTH-1709-A05",
"AUTH-1711-A02",
"AUTH-1711-A04",
"AUTH-1711-A07",
"AUTH-1711-A10",
"AUTH-1713",
"AUTH-1716",
"AUTH-1721-A03",
"AUTH-1752-A10",
"AUTH-1753-A01",
"AUTH-1753-A02",
"AUTH-1753-A04",
"AUTH-1753-A07",
"AUTH-1790-A01",
"AUTH-1808-A07",
"AUTH-1809",
"AUTH-1809-A01",
"AUTH-1809-A02",
"AUTH-1809-A03",
"AUTH-1809-A04",
"AUTH-1809-A05",
"AUTH-1809-A06",
"AUTH-1810",
"AUTH-1810-A01",
"AUTH-1810-A06",
"AUTH-1811",
"AUTH-1812",
"AUTH-1812-A01",
"AUTH-1812-A02",
"AUTH-1814-A01",
"AUTH-1820-A04",
"AUTH-1820-A06",
"AUTH-1823",
"AUTH-1823-A01",
"AUTH-1823-A02",
"AUTH-1826-A10",
"AUTH-1827-A04",
"AUTH-1830-A02",
"AUTH-1830-A03",
"AUTH-1830-A06",
"AUTH-1830-A08",
"AUTH-1831-A05",
"AUTH-1833-A03",
"AUTH-1833-A05",
"AUTH-1833-A08",
"AUTH-1843-A08",
"AUTH-1859",
"AUTH-1859-A02",
"AUTH-1859-A03",
"AUTH-1862-A04",
"AUTH-1877",
"AUTH-1877-A01",
"AUTH-1877-A02",
"AUTH-1877-A06",
"AUTH-1877-A08",
"AUTH-1896-A01",
"AUTH-1901",
"AUTH-1901-A01",
"AUTH-1909",
"AUTH-1909-A01",
"AUTH-1909-A02",
"AUTH-1909-A05",
"AUTH-1909-A07",
"AUTH-1909-A08",
"AUTH-1910-A11",
"AUTH-1911-A01",
"AUTH-1911-A05",
"AUTH-1912-A04",
"AUTH-1915-A03",
"AUTH-1915-A08",
"AUTH-1916-A01",
"AUTH-1916-A05",
"AUTH-1917-A04",
"AUTH-1917-A08",
"AUTH-1933",
"AUTH-1935",
"AUTH-1936-A11",
"AUTH-1938",
"AUTH-1943",
"AUTH-1943-A02",
"AUTH-1943-A07",
"AUTH-1944",
"AUTH-1944-A01",
"AUTH-1945-A07",
"AUTH-1945-A09",
"AUTH-1946-A03",
"AUTH-1946-A04",
"AUTH-1952",
"AUTH-1952-A02",
"AUTH-1952-A03",
"AUTH-1952-A05",
"AUTH-1952-A06",
"AUTH-1952-A07",
"AUTH-1952-A08",
"AUTH-1959",
"AUTH-1959-A01",
"AUTH-1959-A02",
"AUTH-2280",
"AUTH-2280-A01",
"AUTH-2289",
"AUTH-2320",
"AUTH-2331-A08",
"AUTH-2333-A01",
"AUTH-2333-A02",
"AUTH-2338-A06",
"AUTH-2345-A03",
"AUTH-2345-A04",
"AUTH-2368-A03",
"AUTH-2368-A04",
"AUTH-2372-A01",
"AUTH-2375",
"AUTH-2382-A01",
"AUTH-2399",
"AUTH-2399-A01",
"AUTH-2399-A04",
"AUTH-2400-A03",
"AUTH-2403",
"AUTH-2403-A03",
"AUTH-2403-A06",
"AUTH-2405",
"AUTH-2405-A05",
"AUTH-2412-A02",
"AUTH-2412-A03",
"AUTH-2413-A04",
"AUTH-2416-A01",
"AUTH-2416-A03",
"AUTH-2417",
"AUTH-2417-A04",
"AUTH-2417-A11",
"AUTH-2417-A13",
"AUTH-2424-A01",
"AUTH-2428",
"AUTH-2441-A01",
"AUTH-2444-A01",
"AUTH-2444-A07",
"AUTH-2451-A04",
"AUTH-2464-A03",
"AUTH-2466-A10",
"AUTH-2483-A02",
"AUTH-2485-A07",
"AUTH-2510-A06",
"AUTH-2550-A02",
"AUTH-2550-A03",
"AUTH-2630",
"AUTH-2630-A02",
"AUTH-2635",
"AUTH-2635-A04",
"AUTH-2635-A05",
"AUTH-2635-A07",
"AUTH-2660-A01",
"AUTH-2678",
"AUTH-2678-A01",
"AUTH-2779",
"AUTH-2781-A03",
"AUTH-2801",
"AUTH-2801-A03",
"AUTH-2817",
"AUTH-2817-A03",
"AUTH-2817-A04",
"AUTH-2817-A05",
"AUTH-2847",
"AUTH-2851",
"AUTH-2852",
"AUTH-2852-A01",
"AUTH-2866",
"AUTH-2866-A01",
"AUTH-2866-A03",
"AUTH-2873-A01",
"AUTH-2873-A05",
"AUTH-2873-A07",
"AUTH-2875-A03",
"AUTH-2877-A01",
"AUTH-2877-A05",
"AUTH-2880-A01",
"AUTH-2883",
"AUTH-2883-A01",
"AUTH-2883-A02",
"AUTH-2912-A01",
"AUTH-2919",
"AUTH-2921-A12",
"AUTH-2922-A01",
"AUTH-2922-A02",
"AUTH-2929",
"AUTH-2930",
"AUTH-2935-A02",
"AUTH-2935-A06",
"AUTH-2939-A04",
"AUTH-2943",
"AUTH-2943-A02",
"AUTH-2944-A04",
"AUTH-2945-A03",
"AUTH-2946",
"AUTH-2949-A06",
"AUTH-2956-A14",
"AUTH-2958-A07",
"AUTH-2959-A03",
"AUTH-2960-A01",
"AUTH-2960-A06",
"AUTH-2960-A07",
"AUTH-2960-A08",
"AUTH-2964",
"AUTH-2966-A01",
"AUTH-2966-A04",
"AUTH-2967-A05",
"AUTH-2970-A03",
"AUTH-2970-A05",
"AUTH-2970-A08",
"AUTH-2975-A02",
"AUTH-2975-A12",
"AUTH-2977-A05",
"AUTH-2980",
"AUTH-2981-A08",
"AUTH-2984",
"AUTH-2987-A01",
"AUTH-2989-A01",
"AUTH-2989-A05",
"AUTH-2993-A03",
"AUTH-2994-A03",
"AUTH-2996-A01",
"AUTH-3002-A04",
"AUTH-3013-A01",
"AUTH-3013-A02",
"AUTH-3016-A15",
"AUTH-3016-A16",
"AUTH-3017-A03",
"AUTH-3021-A01",
"AUTH-3021-A04",
"AUTH-3022-A06",
"AUTH-3025",
"AUTH-3025-A01",
"AUTH-3038",
"AUTH-3038-A03",
"AUTH-3045",
"AUTH-3045-A01",
"AUTH-3045-A02",
"AUTH-3045-A03",
"AUTH-3065-A02",
"AUTH-3065-A03",
"AUTH-3065-A04",
"AUTH-3069",
"AUTH-3071-A01",
"AUTH-3071-A04",
"AUTH-3071-A09",
"AUTH-3073",
"AUTH-3073-A02",
"AUTH-3073-A03",
"AUTH-3073-A05",
"AUTH-3075-A01",
"AUTH-3075-A02",
"AUTH-3077",
"AUTH-3078",
"AUTH-3082",
"AUTH-3082-A01",
"AUTH-3108-A05",
"AUTH-3112-A14",
"AUTH-3150",
"AUTH-3150-A01",
"AUTH-3150-A04",
"AUTH-3150-A07",
"AUTH-3150-A09",
"AUTH-3151",
"AUTH-3151-A01",
"AUTH-3151-A05",
"AUTH-3151-A06",
"AUTH-3151-A07",
"AUTH-3151-A08",
"AUTH-3151-A10",
"AUTH-3151-A11",
"AUTH-3154",
"AUTH-3154-A01",
"AUTH-3154-A02",
"AUTH-3154-A08",
"AUTH-3155",
"AUTH-3155-A03",
"AUTH-3155-A04",
"AUTH-3155-A08",
"AUTH-3161-A04",
"AUTH-3164-A02",
"AUTH-3164-A05",
"AUTH-3164-A07",
"AUTH-3164-A12",
"AUTH-3166-A01",
"AUTH-3166-A02",
"AUTH-3170",
"AUTH-3170-A01",
"AUTH-3170-A02",
"AUTH-3230-A01",
"AUTH-3231-A04",
"AUTH-3246-A01",
"AUTH-3247-A04",
"AUTH-3258",
"AUTH-3258-A01",
"AUTH-3258-A04",
"AUTH-3258-A07",
"AUTH-3258-A10",
"AUTH-3258-A11",
"AUTH-3266",
"AUTH-3266-A01",
"AUTH-3279-A03",
"AUTH-3281-A01",
"AUTH-3286-A01",
"AUTH-3314-A01",
"AUTH-3314-A02",
"AUTH-3314-A03",
"AUTH-3333-A07",
"AUTH-3343",
"AUTH-3343-A02",
"AUTH-3394-A04",
"AUTH-3396-A01",
"AUTH-3396-A04",
"AUTH-3399",
"AUTH-3399-A03",
"AUTH-3399-A05",
"AUTH-3430-A07",
"AUTH-3450",
"AUTH-3452-A01",
"AUTH-3452-A05",
"AUTH-3454-A03",
"AUTH-3458-A01",
"AUTH-3460-A01",
"AUTH-3460-A02",
"AUTH-3460-A05",
"AUTH-3460-A07",
"AUTH-3460-A08",
"AUTH-3461-A02",
"AUTH-3461-A06",
"AUTH-3541-A01",
"AUTH-3541-A05",
"AUTH-3542-A08",
"AUTH-3545-A05",
"AUTH-3545-A09",
"AUTH-3547-A01",
"AUTH-3548-A02",
"AUTH-3549",
"AUTH-3552",
"AUTH-3552-A03",
"AUTH-3552-A05",
"AUTH-3554",
"AUTH-3554-A03",
"AUTH-3556-A03",
"AUTH-3558",
"AUTH-3558-A02",
"AUTH-3558-A04",
"AUTH-3562",
"AUTH-3594-A05",
"AUTH-3595-A01",
"AUTH-3596-A06",
"AUTH-3597",
"AUTH-3597-A03",
"AUTH-3597-A04",
"AUTH-3597-A05",
"AUTH-3597-A09",
"AUTH-3599-A02",
"AUTH-3599-A05",
"AUTH-3624",
"AUTH-3624-A01",
"AUTH-3624-A02",
"AUTH-3641",
"AUTH-3641-A01",
"AUTH-3641-A08",
"AUTH-3645-A05",
"AUTH-3645-A06",
"AUTH-3648-A06",
"AUTH-3656-A09",
"AUTH-3656-A12",
"AUTH-3656-A13",
"AUTH-3677-A06",
"AUTH-3704-A06",
"AUTH-3705",
"AUTH-3705-A01",
"AUTH-3751-A01",
"AUTH-3825-A01",
"AUTH-3825-A06",
"AUTH-384",
"AUTH-384-A05",
"AUTH-384-A07",
"AUTH-384-A10",
"AUTH-3887-A07",
"AUTH-3906",
"AUTH-3915-A03",
"AUTH-3922",
"AUTH-3923-A02",
"AUTH-3935",
"AUTH-3935-A10",
"AUTH-3935-A11",
"AUTH-3935-A12",
"AUTH-3935-A13",
"AUTH-3935-A14",
"AUTH-3935-A15",
"AUTH-3935-A16",
"AUTH-3935-A17",
"AUTH-3935-A18",
"AUTH-3935-A19",
"AUTH-3946-A03",
"AUTH-3946-A06",
"AUTH-3947-A06",
"AUTH-3951-A06",
"AUTH-3951-A07",
"AUTH-3955-A01",
"AUTH-3958",
"AUTH-3960-A02",
"AUTH-3960-A03",
"AUTH-3960-A04",
"AUTH-3962-A01",
"AUTH-3964-A06",
"AUTH-3968-A07",
"AUTH-3977-A03",
"AUTH-3984-A04",
"AUTH-3993-A01",
"AUTH-3993-A03",
"AUTH-3997",
"AUTH-3997-A02",
"AUTH-3999-A02",
"AUTH-4007",
"AUTH-4027-A03",
"AUTH-4030-A06",
"AUTH-4031-A06",
"AUTH-4032-A08",
"AUTH-4035",
"AUTH-4035-A05",
"AUTH-4035-A06",
"AUTH-4043-A08",
"AUTH-4048",
"AUTH-4053",
"AUTH-4054-A02",
"AUTH-4054-A04",
"AUTH-4054-A07",
"AUTH-4072-A06",
"AUTH-4076-A01",
"AUTH-4082-A01",
"AUTH-4095-A01",
"AUTH-4130",
"AUTH-4130-A01",
"AUTH-4133-A01",
"AUTH-4135",
"AUTH-451-A02",
"AUTH-474",
"AUTH-474-A02",
"AUTH-497",
"AUTH-497-A03",
"AUTH-500-A03",
"AUTH-505-A04",
"AUTH-520",
"AUTH-520-A01",
"AUTH-524-A08",
"AUTH-530-A01",
"AUTH-530-A05",
"AUTH-530-A08",
"AUTH-530-A11",
"AUTH-532",
"AUTH-538-A06",
"AUTH-548",
"AUTH-548-A01",
"AUTH-548-A03",
"AUTH-559",
"AUTH-559-A01",
"AUTH-559-A03",
"AUTH-559-A05",
"AUTH-559-A09",
"AUTH-559-A12",
"AUTH-577",
"AUTH-577-A05",
"AUTH-582",
"AUTH-582-A01",
"AUTH-584",
"AUTH-584-A01",
"AUTH-584-A02",
"AUTH-584-A08",
"AUTH-584-A09",
"AUTH-585",
"AUTH-585-A03",
"AUTH-592",
"AUTH-592-A02",
"AUTH-595",
"AUTH-595-A05",
"AUTH-595-A07",
"AUTH-610",
"AUTH-610-A06",
"AUTH-615",
"AUTH-615-A01",
"AUTH-615-A02",
"AUTH-615-A03",
"AUTH-615-A04",
"AUTH-615-A05",
"AUTH-616",
"AUTH-616-A01",
"AUTH-616-A02",
"AUTH-616-A03",
"AUTH-616-A05",
"AUTH-616-A06",
"AUTH-616-A12",
"AUTH-616-A13",
"AUTH-617",
"AUTH-621-A08",
"AUTH-621-A16",
"AUTH-623",
"AUTH-623-A01",
"AUTH-623-A02",
"AUTH-623-A03",
"AUTH-623-A04",
"AUTH-623-A05",
"AUTH-623-A06",
"AUTH-637-A08",
"AUTH-637-A09",
"AUTH-637-A30",
"AUTH-646-A04",
"AUTH-655-A10",
"AUTH-655-A11",
"AUTH-659",
"AUTH-659-A01",
"AUTH-661-A06",
"AUTH-661-A15",
"AUTH-670-A06",
"AUTH-694",
"AUTH-694-A02",
"AUTH-694-A03",
"AUTH-700-A02",
"AUTH-710-A03",
"AUTH-710-A04",
"AUTH-710-A05",
"AUTH-725-A03",
"AUTH-727",
"AUTH-730-A03",
"AUTH-730-A12",
"AUTH-732",
"AUTH-732-A04",
"AUTH-732-A05",
"AUTH-732-A06",
"AUTH-732-A07",
"AUTH-732-A08",
"AUTH-734",
"AUTH-734-A01",
"AUTH-734-A11",
"AUTH-745",
"AUTH-745-A01",
"AUTH-748-A05",
"AUTH-748-A06",
"AUTH-748-A10",
"AUTH-748-A11",
"AUTH-752",
"AUTH-752-A01",
"AUTH-752-A07",
"AUTH-774",
"AUTH-775-A10",
"AUTH-784",
"AUTH-784-A02",
"AUTH-784-A03",
"AUTH-784-A07",
"AUTH-785-A01",
"AUTH-803-A01",
"AUTH-803-A05",
"AUTH-803-A06",
"AUTH-803-A07",
"AUTH-803-A08",
"AUTH-804-A06",
"AUTH-807",
"AUTH-807-A01",
"AUTH-818-A02",
"AUTH-822-A04",
"AUTH-822-A05",
"AUTH-822-A07",
"AUTH-822-A09",
"AUTH-825-A05",
"AUTH-827-A05",
"AUTH-827-A06",
"AUTH-827-A09",
"AUTH-827-A14",
"AUTH-828-A05",
"AUTH-828-A09",
"AUTH-828-A10",
"AUTH-836-A04",
"AUTH-836-A05",
"AUTH-836-A07",
"AUTH-836-A11",
"AUTH-836-A16",
"AUTH-837-A06",
"AUTH-837-A13",
"AUTH-838-A10",
"AUTH-838-A17",
"AUTH-838-A26",
"AUTH-838-A36",
"AUTH-838-A44",
"AUTH-844-A03",
"AUTH-844-A12",
"AUTH-844-A20",
"AUTH-844-A27",
"AUTH-844-A36",
"AUTH-845",
"AUTH-845-A01",
"AUTH-845-A13",
"AUTH-845-A24",
"AUTH-845-A27",
"AUTH-845-A45",
"AUTH-846",
"AUTH-846-A01",
"AUTH-846-A02",
"AUTH-846-A03",
"AUTH-846-A10",
"AUTH-846-A11",
"AUTH-846-A12",
"AUTH-846-A20",
"AUTH-846-A21",
"AUTH-846-A22",
"AUTH-846-A30",
"AUTH-846-A31",
"AUTH-846-A32",
"AUTH-846-A39",
"AUTH-846-A40",
"AUTH-846-A41",
"AUTH-849",
"AUTH-849-A10",
"AUTH-849-A17",
"AUTH-849-A23",
"AUTH-849-A34",
"AUTH-849-A40",
"AUTH-849-A49",
"AUTH-849-A55",
"AUTH-851-A01",
"AUTH-851-A02",
"AUTH-851-A46",
"AUTH-885-A03",
"AUTH-885-A10",
"AUTH-885-A17",
"AUTH-885-A22",
"AUTH-885-A31",
"AUTH-888-A03",
"AUTH-888-A10",
"AUTH-888-A17",
"AUTH-888-A25",
"AUTH-888-A30",
"AUTH-888-A33",
"AUTH-888-A37",
"AUTH-894",
"AUTH-894-A06",
"AUTH-894-A11",
"AUTH-894-A12",
"AUTH-894-A17",
"AUTH-894-A22",
"AUTH-902-A01",
"AUTH-902-A11",
"AUTH-902-A17",
"AUTH-903-A23",
"AUTH-905-A04",
"AUTH-905-A09",
"AUTH-905-A14",
"AUTH-905-A17",
"AUTH-905-A22",
"AUTH-909-A02",
"AUTH-909-A12",
"AUTH-909-A22",
"AUTH-909-A32",
"AUTH-909-A42",
"AUTH-913-A05",
"AUTH-914",
"AUTH-915",
"AUTH-915-A07",
"AUTH-915-A13",
"AUTH-915-A14",
"AUTH-917",
"AUTH-917-A01",
"AUTH-917-A04",
"AUTH-917-A05",
"AUTH-917-A06",
"AUTH-917-A09",
"AUTH-917-A10",
"AUTH-917-A11",
"AUTH-917-A14",
"AUTH-917-A15",
"AUTH-917-A16",
"AUTH-917-A17",
"AUTH-917-A20",
"AUTH-917-A21",
"AUTH-917-A22",
"AUTH-917-A24",
"AUTH-917-A25",
"AUTH-917-A26",
"AUTH-919-A01",
"AUTH-919-A07",
"AUTH-922-A02",
"AUTH-922-A08",
"AUTH-928-A07",
"AUTH-928-A13",
"AUTH-928-A19",
"AUTH-928-A25",
"AUTH-928-A30",
"AUTH-932",
"AUTH-937-A01",
"AUTH-937-A08",
"AUTH-937-A15",
"AUTH-937-A22",
"AUTH-937-A29",
"AUTH-938-A01",
"AUTH-938-A02",
"AUTH-938-A03",
"AUTH-938-A08",
"AUTH-938-A09",
"AUTH-938-A10",
"AUTH-938-A13",
"AUTH-938-A14",
"AUTH-938-A19",
"AUTH-938-A20",
"AUTH-938-A21",
"AUTH-938-A26",
"AUTH-938-A27",
"AUTH-938-A28",
"AUTH-938-A36",
"AUTH-938-A37",
"AUTH-938-A38",
"AUTH-941",
"AUTH-941-A04",
"AUTH-941-A05",
"AUTH-941-A10",
"AUTH-941-A11",
"AUTH-941-A14",
"AUTH-941-A17",
"AUTH-941-A18",
"AUTH-941-A23",
"AUTH-941-A24",
"AUTH-942-A13",
"AUTH-948",
"AUTH-949-A18",
"AUTH-954-A15",
"AUTH-974-A07",
"AUTH-988-A09",
"AUTH-988-A20",
"AUTH-989-A18",
"COMP-001-A41",
"COMP-001-A83",
"COMP-1079-A02",
"COMP-1079-A10",
"COMP-1264-A01",
"COMP-1264-A02",
"COMP-1264-A05",
"COMP-1812-A02",
"COMP-1817",
"COMP-1883-A01",
"COMP-1883-A03",
"COMP-1904-A01",
"COMP-1904-A04",
"COMP-1904-A05",
"COMP-1951-A03",
"COMP-1960-A06",
"COMP-1960-A09",
"COMP-2012-A02",
"COMP-2029-A04",
"COMP-2131-A09",
"COMP-2182-A02",
"COMP-2627-A08",
"COMP-2639-A04",
"COMP-2652-A02",
"COMP-3435-A01",
"COMP-3435-A05",
"COMP-3602",
"COMP-3602-A01",
"COMP-3602-A08",
"COMP-3602-A10",
"COMP-3733-A03",
"COMP-3739-A09",
"COMP-3981",
"COMP-3983-A02",
"COMP-3983-A04",
"COMP-3983-A05",
"COMP-3983-A09",
"COMP-3983-A10",
"COMP-3983-A11",
"COMP-3983-A14",
"CRYP-1017-A01",
"CRYP-1097-A09",
"CRYP-1103-A11",
"CRYP-1124-A05",
"CRYP-1134",
"CRYP-1252-A02",
"CRYP-1255-A01",
"CRYP-1305-A03",
"CRYP-1306-A07",
"CRYP-1385-A02",
"CRYP-1386-A08",
"CRYP-1391-A05",
"CRYP-1393-A03",
"CRYP-1421-A03",
"CRYP-1466-A03",
"CRYP-1466-A05",
"CRYP-1525-A06",
"CRYP-1652-A10",
"CRYP-1684-A01",
"CRYP-1694-A01",
"CRYP-1712-A15",
"CRYP-1725-A07",
"CRYP-1750-A14",
"CRYP-1756-A05",
"CRYP-1788-A03",
"CRYP-1819-A02",
"CRYP-1864",
"CRYP-1864-A02",
"CRYP-1864-A03",
"CRYP-190-A12",
"CRYP-190-A13",
"CRYP-1968-A15",
"CRYP-1983-A01",
"CRYP-2094-A03",
"CRYP-2142-A02",
"CRYP-2144-A02",
"CRYP-2192-A03",
"CRYP-2192-A06",
"CRYP-2287-A12",
"CRYP-2294-A09",
"CRYP-335-A03",
"CRYP-425-A02",
"CRYP-447-A16",
"CRYP-450-A05",
"CRYP-450-A06",
"CRYP-450-A40",
"CRYP-450-A52",
"CRYP-450-A53",
"CRYP-626",
"CRYP-655-A01",
"CRYP-655-A07",
"CRYP-671-A08",
"CRYP-749-A05",
"CRYP-773-A02",
"CRYP-809-A02",
"CRYP-822-A03",
"CRYP-868-A02",
"CRYP-952-A08",
"DATA-014-A01",
"DATA-1136-A06",
"DATA-1161-A02",
"DATA-1191-A10",
"DATA-1207-A03",
"DATA-1257-A05",
"DATA-1257-A09",
"DATA-1701-A05",
"DATA-1801-A06",
"DATA-1881-A01",
"DATA-2057-A21",
"DATA-2119-A01",
"DATA-2427-A01",
"DATA-2533-A01",
"DATA-2558-A03",
"DATA-260-A02",
"DATA-260-A08",
"DATA-2607-A05",
"DATA-2648-A01",
"DATA-2668-A01",
"DATA-3292-A01",
"DATA-3324-A05",
"DATA-3401-A01",
"DATA-3613-A01",
"DATA-3649-A09",
"DATA-3692-A04",
"DATA-3754-A03",
"DATA-4203-A05",
"DATA-4294-A13",
"DATA-879-A03",
"DATA-972-A06",
"DATA-972-A12",
"FIN-1094-A03",
"FIN-1223-A06",
"FIN-1223-A10",
"FIN-606-A06",
"FIN-852",
"FIN-852-A04",
"FIN-891-A08",
"GIA-002-A02",
"GIA-002-A06",
"GOV-0661-A15",
"GOV-1435-A08",
"GOV-1562-A05",
"GOV-1605-A01",
"GOV-1611-A04",
"GOV-1648-A01",
"GOV-1648-A02",
"GOV-1700-A01",
"GOV-1732-A01",
"GOV-1733-A04",
"GOV-3072-A05",
"GOV-3501-A02",
"GOV-3860-A09",
"GOV-3860-A10",
"GOV-3871",
"GOV-3902-A01",
"GOV-3909-A01",
"GOV-3909-A02",
"GOV-413-A18",
"GOV-519",
"GOV-519-A11",
"GOV-519-A35",
"GOV-520-A40",
"GOV-877-A05",
"HLT-524-A04",
"HLT-532-A06",
"HLT-559-A03",
"IAM-008",
"IDA-005",
"IDA-008-A01",
"IDA-008-A04",
"IDF-004-A02",
"IDF-010",
"IDF-010-A01",
"INC-071-A14",
"INC-1142-A03",
"INC-946-A06",
"LAB-246-A08",
"LGM-001-A09",
"LOG-053-A07",
"LOG-1086-A03",
"LOG-1087-A03",
"LOG-1087-A11",
"LOG-121-A04",
"LOG-121-A17",
"LOG-1549-A05",
"LOG-1549-A08",
"LOG-1742-A05",
"LOG-1742-A08",
"LOG-1742-A13",
"LOG-1748-A01",
"LOG-1767-A02",
"LOG-1859",
"LOG-1859-A04",
"LOG-1859-A10",
"LOG-705-A01",
"LOG-735-A17",
"LOG-735-A18",
"LOG-745-A44",
"LOG-745-A54",
"LOG-774-A01",
"LOG-774-A15",
"LOG-774-A22",
"LOG-774-A29",
"MIA-001",
"NET-076-A07",
"NET-076-A14",
"NET-1014-A03",
"NET-1014-A07",
"NET-1249-A05",
"NET-1274-A01",
"NET-1277-A01",
"NET-1303-A01",
"NET-1309-A02",
"NET-1464-A05",
"NET-1466-A04",
"NET-1476-A09",
"NET-1633",
"NET-1633-A01",
"NET-1669-A02",
"NET-1669-A07",
"NET-1683-A06",
"NET-1787-A11",
"NET-1855-A01",
"NET-1856-A10",
"NET-1858-A08",
"NET-351",
"NET-351-A01",
"NET-351-A02",
"NET-351-A06",
"NET-351-A07",
"NET-391",
"NET-391-A01",
"NET-391-A08",
"NET-405",
"NET-405-A03",
"NET-405-A08",
"NET-405-A09",
"NET-465-A02",
"NET-465-A07",
"NET-506-A15",
"NET-506-A60",
"NET-527-A04",
"NET-527-A15",
"NET-527-A23",
"NET-794-A06",
"NET-825-A03",
"NET-855-A05",
"NET-857-A01",
"NET-857-A02",
"NET-857-A04",
"NET-857-A05",
"NET-860-A01",
"NET-860-A02",
"NET-867-A02",
"NET-928-A02",
"NET-965-A03",
"NET-980-A07",
"NET-981-A10",
"NET-982-A02",
"PFI-001-A02",
"PRC-012-A01",
"SEC-008-A13",
"SEC-082-A06",
"SEC-1144-A03",
"SEC-1144-A28",
"SEC-1144-A42",
"SEC-1144-A56",
"SEC-1144-A70",
"SEC-1146-A02",
"SEC-1146-A07",
"SEC-1146-A54",
"SEC-1146-A59",
"SEC-1153-A12",
"SEC-1215-A05",
"SEC-1221-A10",
"SEC-2007-A02",
"SEC-2635-A03",
"SEC-2635-A04",
"SEC-2643-A07",
"SEC-2662-A07",
"SEC-2662-A13",
"SEC-2698-A01",
"SEC-2738-A02",
"SEC-2788-A06",
"SEC-2818-A05",
"SEC-2845-A09",
"SEC-2899",
"SEC-2899-A04",
"SEC-2899-A05",
"SEC-2899-A06",
"SEC-2927-A04",
"SEC-3065-A02",
"SEC-3157-A07",
"SEC-3159-A05",
"SEC-3195-A04",
"SEC-3217-A03",
"SEC-3383-A08",
"SEC-3709-A10",
"SEC-3732-A08",
"SEC-3872-A01",
"SEC-3931-A02",
"SEC-3931-A10",
"SEC-3935-A02",
"SEC-4010-A09",
"SEC-4217",
"SEC-4254-A03",
"SEC-4414-A04",
"SEC-4513",
"SEC-4513-A04",
"SEC-4560",
"SEC-4561",
"SEC-4561-A01",
"SEC-4561-A02",
"SEC-4561-A03",
"SEC-4561-A07",
"SEC-4655-A03",
"SEC-4655-A04",
"SEC-5505-A02",
"SEC-5595-A13",
"SEC-5610-A03",
"SEC-5615",
"SEC-5792-A02",
"SEC-5792-A03",
"SEC-5858-A07",
"SEC-5880-A03",
"SEC-6093-A01",
"SEC-6153-A10",
"SEC-6170-A02",
"SEC-6296",
"SEC-6724-A05",
"SEC-6770",
"SEC-6771-A04",
"SEC-6784-A10",
"SEC-6830-A05",
"SEC-6919-A03",
"SEC-6956-A06",
"SEC-7022-A04",
"SEC-7108-A03",
"SEC-7229-A09",
"SEC-7237-A02",
"SEC-7343-A03",
"SEC-7398-A03",
"SEC-7442-A04",
"SEC-7963-A02",
"SEC-7967",
"SEC-7993-A02",
"SEC-7994",
"SEC-7994-A06",
"SEC-8016",
"SEC-8041-A07",
"SEC-8121-A05",
"SEC-8138-A03",
"SEC-8155-A02",
"SEC-8257-A02",
"SEC-9014-A16",
"SEC-9136-A08",
"SEC-9175",
"SEC-9212-A01",
"SEC-9212-A02"
],
"member_count": 1339,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.95,
"source_meta_cluster": "M5",
"cluster_size": 339,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"evidence_merged_from": [
"auth_testing"
]
},
{
"id": "authentication_policy_documented",
"name": "Authentifizierungsrichtlinie dokumentieren",
"description": "Eine Authentifizierungs- und Autorisierungsrichtlinie ist zu dokumentieren, zu versionieren und aktuell zu halten.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "credential",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": false,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "ISO",
"anchor": "ISO 27001 A.5.17",
"role": "best_practice"
},
{
"source": "Warnungen bei unsicheren Authentifizierungsmethoden",
"anchor": "",
"role": "implementation_guidance",
"merged_from": "weak_method_warnings"
}
],
"member_review_units": [
"M3",
"M35",
"M40",
"M116"
],
"member_controls": [
"ACC-0383-A06",
"ACC-0384-A02",
"ACC-0384-A03",
"ACC-082-A06",
"ACC-082-A07",
"ACC-082-A15",
"ACC-082-A16",
"ACC-320",
"ACC-320-A01",
"ACC-320-A02",
"ACC-320-A03",
"ACC-320-A04",
"ACC-320-A06",
"ACC-320-A09",
"ACC-320-A10",
"ACC-320-A11",
"ACC-320-A12",
"ACC-320-A13",
"ACC-320-A17",
"ACC-320-A19",
"ACC-320-A20",
"ACC-320-A21",
"ACC-320-A26",
"ACC-320-A28",
"ACC-320-A29",
"ACC-320-A35",
"ACC-320-A36",
"ACC-320-A37",
"ACC-320-A41",
"ACC-320-A43",
"ACC-320-A44",
"ACC-320-A45",
"ACC-327-A18",
"ACC-327-A60",
"ACC-427",
"ACC-427-A01",
"ACC-427-A11",
"ACC-518-A06",
"ACC-567-A10",
"ACC-568-A05",
"ACC-571-A09",
"ACC-741-A03",
"ACC-741-A05",
"ACC-754-A05",
"ACL-004-A04",
"AI-052-A26",
"AI-052-A27",
"AI-1027-A07",
"AI-1311-A05",
"AI-1311-A09",
"AI-1417-A06",
"AI-1715-A08",
"AUTH-013-A09",
"AUTH-014",
"AUTH-014-A18",
"AUTH-014-A25",
"AUTH-014-A26",
"AUTH-032",
"AUTH-043",
"AUTH-045",
"AUTH-067-A12",
"AUTH-088-A01",
"AUTH-088-A02",
"AUTH-088-A07",
"AUTH-1004-A01",
"AUTH-1009-A01",
"AUTH-1009-A03",
"AUTH-1011-A01",
"AUTH-1011-A11",
"AUTH-1011-A13",
"AUTH-1026",
"AUTH-1026-A01",
"AUTH-1088-A01",
"AUTH-1088-A04",
"AUTH-1095-A01",
"AUTH-1095-A04",
"AUTH-1096-A04",
"AUTH-1101-A01",
"AUTH-1101-A06",
"AUTH-1110-A03",
"AUTH-1276",
"AUTH-1282",
"AUTH-1283-A02",
"AUTH-1283-A03",
"AUTH-1283-A04",
"AUTH-1283-A05",
"AUTH-1295-A02",
"AUTH-1295-A05",
"AUTH-1298",
"AUTH-1298-A01",
"AUTH-1298-A02",
"AUTH-1298-A03",
"AUTH-1310-A04",
"AUTH-1311-A02",
"AUTH-1313-A01",
"AUTH-1313-A02",
"AUTH-1314-A04",
"AUTH-1426-A05",
"AUTH-1437",
"AUTH-1437-A01",
"AUTH-1437-A02",
"AUTH-1437-A06",
"AUTH-1448-A01",
"AUTH-1455-A02",
"AUTH-1463-A02",
"AUTH-1480",
"AUTH-1480-A01",
"AUTH-1519-A02",
"AUTH-1524-A03",
"AUTH-1529-A06",
"AUTH-1535-A04",
"AUTH-1576-A01",
"AUTH-1579-A01",
"AUTH-1579-A02",
"AUTH-1623-A03",
"AUTH-1623-A04",
"AUTH-1623-A07",
"AUTH-1623-A08",
"AUTH-1624-A11",
"AUTH-1627",
"AUTH-1634",
"AUTH-1634-A01",
"AUTH-1637-A09",
"AUTH-1640-A03",
"AUTH-1645-A04",
"AUTH-1646",
"AUTH-1669-A01",
"AUTH-1677-A02",
"AUTH-1677-A08",
"AUTH-1678-A07",
"AUTH-1693",
"AUTH-1693-A01",
"AUTH-1694-A06",
"AUTH-1711-A02",
"AUTH-1711-A08",
"AUTH-1711-A09",
"AUTH-1711-A10",
"AUTH-1716-A02",
"AUTH-1716-A03",
"AUTH-1720-A05",
"AUTH-1721-A01",
"AUTH-1721-A03",
"AUTH-1734-A02",
"AUTH-1746",
"AUTH-1746-A01",
"AUTH-1747-A01",
"AUTH-1753-A05",
"AUTH-1810-A01",
"AUTH-1812-A02",
"AUTH-1812-A05",
"AUTH-1814-A01",
"AUTH-1814-A02",
"AUTH-1818-A06",
"AUTH-1835-A04",
"AUTH-1835-A08",
"AUTH-1837",
"AUTH-1837-A02",
"AUTH-1839-A05",
"AUTH-1843-A07",
"AUTH-1843-A09",
"AUTH-1844-A04",
"AUTH-1858",
"AUTH-1859",
"AUTH-1859-A04",
"AUTH-1859-A05",
"AUTH-1859-A07",
"AUTH-1864-A02",
"AUTH-1864-A04",
"AUTH-1864-A05",
"AUTH-1864-A06",
"AUTH-1864-A07",
"AUTH-1864-A08",
"AUTH-1877-A05",
"AUTH-1877-A08",
"AUTH-1877-A11",
"AUTH-1901-A02",
"AUTH-1908-A02",
"AUTH-1908-A04",
"AUTH-1909-A02",
"AUTH-1909-A06",
"AUTH-1909-A07",
"AUTH-1909-A08",
"AUTH-1910-A09",
"AUTH-1913",
"AUTH-1915",
"AUTH-1915-A01",
"AUTH-1917-A04",
"AUTH-1917-A08",
"AUTH-1938-A04",
"AUTH-1943-A04",
"AUTH-1947-A07",
"AUTH-1952-A05",
"AUTH-1952-A06",
"AUTH-1952-A08",
"AUTH-1959",
"AUTH-1959-A02",
"AUTH-1959-A04",
"AUTH-1959-A06",
"AUTH-1959-A08",
"AUTH-2280",
"AUTH-2280-A01",
"AUTH-2317-A02",
"AUTH-2333-A01",
"AUTH-2333-A02",
"AUTH-2338-A06",
"AUTH-2368-A03",
"AUTH-2368-A08",
"AUTH-2371",
"AUTH-2371-A03",
"AUTH-2371-A05",
"AUTH-2372-A01",
"AUTH-2375-A05",
"AUTH-2382-A01",
"AUTH-2399",
"AUTH-2399-A04",
"AUTH-2400-A07",
"AUTH-2403",
"AUTH-2403-A02",
"AUTH-2403-A06",
"AUTH-2405-A05",
"AUTH-2413-A05",
"AUTH-2413-A06",
"AUTH-2416",
"AUTH-2416-A01",
"AUTH-2416-A03",
"AUTH-2416-A05",
"AUTH-2416-A07",
"AUTH-2416-A08",
"AUTH-2417-A06",
"AUTH-2417-A07",
"AUTH-2417-A11",
"AUTH-2417-A13",
"AUTH-2420",
"AUTH-2423",
"AUTH-2423-A04",
"AUTH-2430-A01",
"AUTH-2438",
"AUTH-2438-A03",
"AUTH-2441-A06",
"AUTH-2444-A01",
"AUTH-2444-A07",
"AUTH-2451-A04",
"AUTH-2464-A03",
"AUTH-2466-A04",
"AUTH-2466-A12",
"AUTH-2543-A04",
"AUTH-2573-A03",
"AUTH-2678-A04",
"AUTH-2678-A05",
"AUTH-2678-A06",
"AUTH-2678-A07",
"AUTH-2689-A07",
"AUTH-2779",
"AUTH-2781-A07",
"AUTH-2793-A01",
"AUTH-2801",
"AUTH-2817",
"AUTH-2817-A01",
"AUTH-2847-A15",
"AUTH-2850-A04",
"AUTH-2851",
"AUTH-2851-A09",
"AUTH-2852",
"AUTH-2873-A01",
"AUTH-2873-A05",
"AUTH-2873-A06",
"AUTH-2875-A02",
"AUTH-2875-A05",
"AUTH-2877-A01",
"AUTH-2877-A05",
"AUTH-2880-A01",
"AUTH-2880-A08",
"AUTH-2886-A05",
"AUTH-2889-A05",
"AUTH-2906-A01",
"AUTH-2906-A08",
"AUTH-2913-A13",
"AUTH-2921",
"AUTH-2943-A08",
"AUTH-2945",
"AUTH-2949-A09",
"AUTH-2956",
"AUTH-2959-A03",
"AUTH-2960-A08",
"AUTH-2970-A02",
"AUTH-2970-A07",
"AUTH-2970-A09",
"AUTH-2975",
"AUTH-2977-A06",
"AUTH-2981-A01",
"AUTH-2987-A06",
"AUTH-2989-A01",
"AUTH-2995",
"AUTH-3008-A02",
"AUTH-3016-A14",
"AUTH-3017-A07",
"AUTH-3018-A05",
"AUTH-3045",
"AUTH-3045-A01",
"AUTH-3045-A02",
"AUTH-3045-A03",
"AUTH-3064-A04",
"AUTH-3065-A03",
"AUTH-3065-A04",
"AUTH-3068",
"AUTH-3068-A01",
"AUTH-3068-A02",
"AUTH-3068-A03",
"AUTH-3068-A04",
"AUTH-3068-A05",
"AUTH-3070-A03",
"AUTH-3071-A01",
"AUTH-3071-A03",
"AUTH-3071-A04",
"AUTH-3071-A09",
"AUTH-3073-A01",
"AUTH-3073-A05",
"AUTH-3074-A03",
"AUTH-3074-A04",
"AUTH-3075-A01",
"AUTH-3150-A03",
"AUTH-3150-A04",
"AUTH-3150-A05",
"AUTH-3150-A06",
"AUTH-3150-A09",
"AUTH-3151",
"AUTH-3151-A01",
"AUTH-3151-A07",
"AUTH-3151-A10",
"AUTH-3151-A12",
"AUTH-3154-A02",
"AUTH-3154-A06",
"AUTH-3155-A04",
"AUTH-3161-A04",
"AUTH-3164-A02",
"AUTH-3164-A05",
"AUTH-3164-A07",
"AUTH-3164-A12",
"AUTH-3166-A01",
"AUTH-3166-A02",
"AUTH-3170",
"AUTH-3170-A01",
"AUTH-3170-A02",
"AUTH-3230-A01",
"AUTH-3255-A02",
"AUTH-3258-A02",
"AUTH-3258-A12",
"AUTH-3279-A03",
"AUTH-3284",
"AUTH-3284-A03",
"AUTH-3300-A10",
"AUTH-3305",
"AUTH-3305-A05",
"AUTH-3314-A01",
"AUTH-3314-A02",
"AUTH-3314-A03",
"AUTH-3394-A02",
"AUTH-3394-A04",
"AUTH-3396-A02",
"AUTH-3396-A04",
"AUTH-3425-A03",
"AUTH-3428-A01",
"AUTH-3430-A01",
"AUTH-3430-A06",
"AUTH-3430-A12",
"AUTH-3460-A02",
"AUTH-3460-A03",
"AUTH-3461-A02",
"AUTH-3461-A04",
"AUTH-3461-A06",
"AUTH-3541-A03",
"AUTH-3541-A05",
"AUTH-3541-A08",
"AUTH-3548-A01",
"AUTH-3550-A01",
"AUTH-3550-A02",
"AUTH-3554-A01",
"AUTH-3554-A05",
"AUTH-3556-A03",
"AUTH-3558-A04",
"AUTH-3562-A03",
"AUTH-3594-A08",
"AUTH-3595-A11",
"AUTH-3596-A06",
"AUTH-3597",
"AUTH-3597-A01",
"AUTH-3597-A04",
"AUTH-3597-A05",
"AUTH-3597-A08",
"AUTH-3624",
"AUTH-3624-A01",
"AUTH-3624-A02",
"AUTH-3633-A07",
"AUTH-3633-A10",
"AUTH-3634-A05",
"AUTH-3641-A05",
"AUTH-3652-A08",
"AUTH-3656-A05",
"AUTH-3656-A06",
"AUTH-3656-A08",
"AUTH-3677-A06",
"AUTH-3705-A10",
"AUTH-3712",
"AUTH-3751-A04",
"AUTH-384-A06",
"AUTH-3865-A07",
"AUTH-3887-A07",
"AUTH-3900-A04",
"AUTH-3904",
"AUTH-3904-A01",
"AUTH-3904-A02",
"AUTH-3904-A04",
"AUTH-3908-A02",
"AUTH-3908-A03",
"AUTH-3922",
"AUTH-3935-A16",
"AUTH-3946-A04",
"AUTH-3951-A01",
"AUTH-3951-A02",
"AUTH-3951-A03",
"AUTH-3951-A04",
"AUTH-3951-A05",
"AUTH-3951-A06",
"AUTH-3951-A07",
"AUTH-3951-A09",
"AUTH-3955-A07",
"AUTH-3958-A01",
"AUTH-3958-A03",
"AUTH-3958-A06",
"AUTH-3960-A01",
"AUTH-3960-A04",
"AUTH-3960-A05",
"AUTH-3963-A05",
"AUTH-3963-A06",
"AUTH-3964",
"AUTH-3964-A01",
"AUTH-3964-A02",
"AUTH-3964-A03",
"AUTH-3964-A04",
"AUTH-3964-A05",
"AUTH-3964-A06",
"AUTH-3968-A02",
"AUTH-3968-A04",
"AUTH-3984-A02",
"AUTH-3987",
"AUTH-3987-A02",
"AUTH-3999-A01",
"AUTH-4004",
"AUTH-4007-A06",
"AUTH-4031-A01",
"AUTH-4031-A07",
"AUTH-4032-A11",
"AUTH-4036-A01",
"AUTH-4036-A05",
"AUTH-4043",
"AUTH-4043-A06",
"AUTH-4050",
"AUTH-4054-A07",
"AUTH-4054-A08",
"AUTH-4121-A02",
"AUTH-4130-A03",
"AUTH-4135-A03",
"AUTH-474-A07",
"AUTH-497",
"AUTH-497-A03",
"AUTH-505-A04",
"AUTH-509-A05",
"AUTH-509-A06",
"AUTH-530-A01",
"AUTH-530-A05",
"AUTH-530-A08",
"AUTH-530-A11",
"AUTH-559",
"AUTH-559-A01",
"AUTH-559-A03",
"AUTH-559-A05",
"AUTH-559-A16",
"AUTH-582",
"AUTH-582-A01",
"AUTH-584",
"AUTH-584-A01",
"AUTH-584-A02",
"AUTH-584-A08",
"AUTH-584-A09",
"AUTH-592-A05",
"AUTH-592-A06",
"AUTH-595",
"AUTH-595-A05",
"AUTH-610",
"AUTH-610-A06",
"AUTH-615",
"AUTH-615-A01",
"AUTH-615-A02",
"AUTH-615-A03",
"AUTH-615-A04",
"AUTH-615-A05",
"AUTH-616",
"AUTH-616-A01",
"AUTH-616-A02",
"AUTH-616-A03",
"AUTH-616-A05",
"AUTH-616-A06",
"AUTH-616-A12",
"AUTH-616-A13",
"AUTH-616-A15",
"AUTH-616-A16",
"AUTH-617",
"AUTH-623",
"AUTH-623-A01",
"AUTH-623-A02",
"AUTH-623-A03",
"AUTH-623-A04",
"AUTH-623-A05",
"AUTH-623-A06",
"AUTH-637-A08",
"AUTH-637-A09",
"AUTH-637-A30",
"AUTH-665",
"AUTH-670",
"AUTH-694",
"AUTH-694-A03",
"AUTH-694-A06",
"AUTH-710-A05",
"AUTH-718",
"AUTH-732-A04",
"AUTH-732-A05",
"AUTH-745",
"AUTH-745-A01",
"AUTH-745-A04",
"AUTH-745-A05",
"AUTH-748-A05",
"AUTH-748-A06",
"AUTH-748-A10",
"AUTH-748-A11",
"AUTH-751",
"AUTH-752",
"AUTH-752-A01",
"AUTH-752-A07",
"AUTH-784-A01",
"AUTH-784-A03",
"AUTH-789-A03",
"AUTH-803-A07",
"AUTH-804-A06",
"AUTH-818-A02",
"AUTH-818-A08",
"AUTH-818-A14",
"AUTH-822-A04",
"AUTH-822-A05",
"AUTH-825-A05",
"AUTH-831",
"AUTH-836-A04",
"AUTH-836-A11",
"AUTH-838-A11",
"AUTH-838-A18",
"AUTH-838-A27",
"AUTH-838-A37",
"AUTH-838-A45",
"AUTH-845-A01",
"AUTH-845-A13",
"AUTH-845-A24",
"AUTH-845-A27",
"AUTH-845-A45",
"AUTH-846-A03",
"AUTH-846-A12",
"AUTH-846-A22",
"AUTH-846-A32",
"AUTH-846-A41",
"AUTH-850",
"AUTH-857-A03",
"AUTH-885-A03",
"AUTH-885-A10",
"AUTH-885-A17",
"AUTH-885-A22",
"AUTH-885-A25",
"AUTH-885-A31",
"AUTH-885-A34",
"AUTH-889",
"AUTH-894-A06",
"AUTH-894-A11",
"AUTH-894-A12",
"AUTH-902-A01",
"AUTH-902-A11",
"AUTH-902-A17",
"AUTH-906-A01",
"AUTH-906-A06",
"AUTH-906-A11",
"AUTH-906-A15",
"AUTH-906-A20",
"AUTH-906-A21",
"AUTH-909-A02",
"AUTH-909-A12",
"AUTH-909-A22",
"AUTH-909-A32",
"AUTH-909-A42",
"AUTH-917",
"AUTH-917-A01",
"AUTH-917-A04",
"AUTH-917-A05",
"AUTH-917-A06",
"AUTH-917-A09",
"AUTH-917-A10",
"AUTH-917-A11",
"AUTH-917-A14",
"AUTH-917-A15",
"AUTH-917-A17",
"AUTH-917-A20",
"AUTH-917-A21",
"AUTH-917-A22",
"AUTH-917-A24",
"AUTH-917-A25",
"AUTH-917-A26",
"AUTH-919",
"AUTH-922-A02",
"AUTH-922-A08",
"AUTH-925-A13",
"AUTH-926",
"AUTH-932",
"AUTH-932-A02",
"AUTH-932-A07",
"AUTH-932-A12",
"AUTH-932-A18",
"AUTH-932-A23",
"AUTH-937-A01",
"AUTH-937-A08",
"AUTH-937-A15",
"AUTH-937-A22",
"AUTH-937-A29",
"AUTH-939-A12",
"AUTH-939-A29",
"AUTH-954-A15",
"AUTH-960",
"AUTH-974-A07",
"AUTH-987",
"AUTH-987-A01",
"AUTH-987-A23",
"AUTH-987-A24",
"COMP-1264",
"COMP-1264-A01",
"COMP-1264-A02",
"COMP-1264-A05",
"COMP-1652-A07",
"COMP-1745-A03",
"COMP-1817-A04",
"COMP-2060-A01",
"COMP-2131-A09",
"COMP-262-A01",
"COMP-2639-A04",
"COMP-2755-A01",
"COMP-2768-A02",
"COMP-2876-A05",
"COMP-3476-A04",
"COMP-3602",
"COMP-3602-A01",
"COMP-3602-A06",
"COMP-3602-A08",
"COMP-3602-A10",
"COMP-3733-A08",
"COMP-3739-A06",
"COMP-3739-A07",
"COMP-3978-A01",
"COMP-3978-A02",
"COMP-3981-A06",
"COMP-3983",
"COMP-3983-A02",
"COMP-3983-A07",
"COMP-3983-A12",
"COMP-3983-A13",
"CRYP-1089-A02",
"CRYP-1134-A05",
"CRYP-1159-A02",
"CRYP-1214-A04",
"CRYP-1255-A04",
"CRYP-1255-A05",
"CRYP-1386-A08",
"CRYP-1421-A05",
"CRYP-1431-A02",
"CRYP-1466-A03",
"CRYP-1473-A07",
"CRYP-1475-A06",
"CRYP-1520-A04",
"CRYP-1533-A05",
"CRYP-1712-A01",
"CRYP-1712-A05",
"CRYP-172-A07",
"CRYP-1732-A01",
"CRYP-1751-A10",
"CRYP-1751-A11",
"CRYP-1788-A11",
"CRYP-1864",
"CRYP-1864-A02",
"CRYP-1927-A12",
"CRYP-1942-A10",
"CRYP-1983-A01",
"CRYP-2101-A02",
"CRYP-2173-A01",
"CRYP-2287-A01",
"CRYP-2308-A04",
"CRYP-2363-A05",
"CRYP-450-A05",
"CRYP-450-A06",
"CRYP-450-A40",
"CRYP-450-A52",
"CRYP-450-A53",
"CRYP-626",
"CRYP-726-A08",
"CRYP-738-A05",
"CRYP-773-A09",
"CRYP-873-A01",
"CRYP-873-A10",
"CRYP-880-A04",
"CRYP-927-A11",
"CRYP-961-A10",
"DATA-1191-A10",
"DATA-1240-A08",
"DATA-1257-A09",
"DATA-1499-A03",
"DATA-1801-A06",
"DATA-1801-A09",
"DATA-1881-A07",
"DATA-2427-A06",
"DATA-2572",
"DATA-260-A02",
"DATA-260-A08",
"DATA-2607-A02",
"DATA-2607-A03",
"DATA-2607-A05",
"DATA-2648-A01",
"DATA-2663-A04",
"DATA-3292-A01",
"DATA-3324-A11",
"DATA-3401-A01",
"DATA-3649-A14",
"DATA-4027-A02",
"DATA-4225-A03",
"DATA-972-A06",
"DATA-972-A12",
"FIN-1223-A06",
"GOV-1561-A04",
"GOV-180-A18",
"GOV-2396-A07",
"GOV-2718-A03",
"GOV-3502-A08",
"GOV-413-A18",
"GOV-519",
"GOV-520-A40",
"INC-946-A11",
"LOG-1059-A01",
"LOG-1737-A01",
"MIA-001",
"NET-004-A05",
"NET-004-A09",
"NET-004-A19",
"NET-1012-A03",
"NET-1012-A06",
"NET-1014-A03",
"NET-1014-A04",
"NET-104-A02",
"NET-104-A10",
"NET-1277-A06",
"NET-1293-A07",
"NET-1309-A01",
"NET-1343-A05",
"NET-149-A01",
"NET-149-A11",
"NET-1856-A05",
"NET-351",
"NET-351-A01",
"NET-351-A02",
"NET-351-A06",
"NET-351-A07",
"NET-351-A10",
"NET-391",
"NET-391-A01",
"NET-391-A08",
"NET-405",
"NET-405-A03",
"NET-405-A08",
"NET-405-A09",
"NET-859-A05",
"NET-859-A06",
"NET-860-A03",
"NET-860-A04",
"NET-860-A08",
"PFI-001-A02",
"SEC-1085",
"SEC-1144-A03",
"SEC-1144-A28",
"SEC-1144-A42",
"SEC-1144-A56",
"SEC-1144-A70",
"SEC-1146-A02",
"SEC-1146-A07",
"SEC-1146-A54",
"SEC-1146-A59",
"SEC-1153-A12",
"SEC-171-A16",
"SEC-171-A34",
"SEC-2035-A04",
"SEC-2153-A03",
"SEC-2176-A03",
"SEC-2635-A03",
"SEC-2786-A04",
"SEC-2809-A04",
"SEC-2818-A04",
"SEC-2818-A05",
"SEC-2853-A05",
"SEC-2895-A06",
"SEC-3175-A11",
"SEC-3223",
"SEC-3643-A08",
"SEC-3709-A07",
"SEC-3853",
"SEC-3857-A05",
"SEC-3857-A08",
"SEC-3895-A01",
"SEC-3991",
"SEC-4090-A05",
"SEC-4292-A04",
"SEC-4561-A04",
"SEC-4593-A05",
"SEC-4655",
"SEC-4655-A01",
"SEC-4655-A02",
"SEC-4655-A04",
"SEC-4655-A05",
"SEC-5595-A09",
"SEC-5596-A02",
"SEC-5610-A02",
"SEC-5767",
"SEC-5780",
"SEC-5792-A03",
"SEC-5792-A04",
"SEC-6770",
"SEC-6784-A06",
"SEC-6830-A05",
"SEC-7442-A06",
"SEC-8016-A03",
"SEC-8016-A09",
"SEC-8138-A03",
"SEC-8257-A10",
"SEC-8325",
"SEC-9212-A02"
],
"member_count": 842,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.85,
"source_meta_cluster": "M3",
"cluster_size": 376,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"evidence_merged_from": [
"auth_inventory",
"auth_suitability_assessment",
"auth_risk_assessment"
]
},
{
"id": "auth_exceptions_documented",
"name": "Ausnahmen von Authentifizierungspflicht dokumentieren",
"description": "Erlaubte Aktionen ohne Identifikation/Authentifizierung sowie Ausnahmen sind explizit zu dokumentieren und zu begruenden.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "credential",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": false,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AC-14",
"role": "best_practice"
}
],
"member_review_units": [
"M3",
"M1",
"M6",
"M107"
],
"member_controls": [
"ACC-001-A14",
"ACC-001-A17",
"ACC-001-A29",
"ACC-0383-A06",
"ACC-0384-A02",
"ACC-0384-A03",
"ACC-0410-A03",
"ACC-082-A06",
"ACC-082-A07",
"ACC-082-A08",
"ACC-082-A09",
"ACC-082-A15",
"ACC-082-A16",
"ACC-082-A17",
"ACC-082-A18",
"ACC-320",
"ACC-320-A01",
"ACC-320-A02",
"ACC-320-A03",
"ACC-320-A04",
"ACC-320-A06",
"ACC-320-A09",
"ACC-320-A10",
"ACC-320-A11",
"ACC-320-A12",
"ACC-320-A13",
"ACC-320-A16",
"ACC-320-A17",
"ACC-320-A18",
"ACC-320-A19",
"ACC-320-A20",
"ACC-320-A21",
"ACC-320-A24",
"ACC-320-A26",
"ACC-320-A28",
"ACC-320-A29",
"ACC-320-A34",
"ACC-320-A35",
"ACC-320-A36",
"ACC-320-A37",
"ACC-320-A38",
"ACC-320-A40",
"ACC-320-A41",
"ACC-320-A42",
"ACC-320-A43",
"ACC-320-A44",
"ACC-320-A45",
"ACC-320-A48",
"ACC-327-A18",
"ACC-327-A60",
"ACC-427",
"ACC-427-A01",
"ACC-427-A02",
"ACC-427-A03",
"ACC-427-A11",
"ACC-427-A12",
"ACC-478-A08",
"ACC-490-A04",
"ACC-490-A09",
"ACC-499-A05",
"ACC-499-A07",
"ACC-504-A09",
"ACC-508-A06",
"ACC-518-A06",
"ACC-559-A04",
"ACC-567-A10",
"ACC-578-A07",
"ACC-607",
"ACC-673-A10",
"ACC-741-A03",
"ACL-004-A04",
"AI-052-A26",
"AI-052-A27",
"AI-052-A28",
"AI-052-A29",
"AI-1012-A03",
"AI-1012-A04",
"AI-1012-A05",
"AI-1012-A07",
"AI-1027-A07",
"AI-1236-A04",
"AI-1408-A01",
"AI-1417-A06",
"AI-1660-A12",
"AI-1715-A08",
"AI-797-A09",
"AI-797-A18",
"AI-797-A36",
"AI-797-A45",
"AI-924-A13",
"AI-924-A14",
"AI-997-A01",
"AUTH-008-A25",
"AUTH-018",
"AUTH-018-A18",
"AUTH-032",
"AUTH-043",
"AUTH-045",
"AUTH-067-A12",
"AUTH-1004-A01",
"AUTH-1008",
"AUTH-1009-A01",
"AUTH-1009-A03",
"AUTH-1011-A01",
"AUTH-1026",
"AUTH-1026-A01",
"AUTH-1048-A03",
"AUTH-1048-A69",
"AUTH-1049-A56",
"AUTH-1050-A13",
"AUTH-1061-A75",
"AUTH-1084",
"AUTH-1087-A04",
"AUTH-1095-A02",
"AUTH-1096",
"AUTH-1096-A01",
"AUTH-1102-A08",
"AUTH-1102-A14",
"AUTH-1110-A03",
"AUTH-112-A04",
"AUTH-112-A17",
"AUTH-1283-A02",
"AUTH-1288",
"AUTH-1293",
"AUTH-1296-A05",
"AUTH-1298-A02",
"AUTH-1300-A05",
"AUTH-1303-A03",
"AUTH-1313-A01",
"AUTH-1313-A04",
"AUTH-1314-A03",
"AUTH-1426-A05",
"AUTH-1426-A06",
"AUTH-1437",
"AUTH-1437-A01",
"AUTH-1437-A06",
"AUTH-1445-A02",
"AUTH-1445-A04",
"AUTH-1455",
"AUTH-1455-A01",
"AUTH-1455-A07",
"AUTH-1463-A02",
"AUTH-1463-A04",
"AUTH-1463-A09",
"AUTH-1464-A04",
"AUTH-1464-A05",
"AUTH-1464-A07",
"AUTH-1466-A04",
"AUTH-1466-A09",
"AUTH-1468-A01",
"AUTH-1468-A06",
"AUTH-1524",
"AUTH-1524-A01",
"AUTH-1524-A02",
"AUTH-1524-A04",
"AUTH-1529-A04",
"AUTH-1529-A06",
"AUTH-1535-A02",
"AUTH-1538-A01",
"AUTH-1538-A10",
"AUTH-1576-A01",
"AUTH-1579-A01",
"AUTH-1623-A04",
"AUTH-1623-A07",
"AUTH-1623-A08",
"AUTH-1624-A11",
"AUTH-1633-A01",
"AUTH-1634-A06",
"AUTH-1635-A06",
"AUTH-1640-A03",
"AUTH-1652-A07",
"AUTH-1654",
"AUTH-1654-A01",
"AUTH-1654-A02",
"AUTH-1654-A03",
"AUTH-1654-A05",
"AUTH-1669-A05",
"AUTH-1669-A06",
"AUTH-1669-A07",
"AUTH-1675-A07",
"AUTH-1678-A02",
"AUTH-1679",
"AUTH-1679-A02",
"AUTH-1694-A06",
"AUTH-1695",
"AUTH-1702-A03",
"AUTH-1706-A05",
"AUTH-1706-A09",
"AUTH-1709-A05",
"AUTH-1711-A02",
"AUTH-1711-A04",
"AUTH-1711-A06",
"AUTH-1711-A07",
"AUTH-1711-A10",
"AUTH-1721-A03",
"AUTH-1742-A01",
"AUTH-1742-A07",
"AUTH-1752-A10",
"AUTH-1759-A05",
"AUTH-1790",
"AUTH-1809",
"AUTH-1809-A02",
"AUTH-1809-A06",
"AUTH-1810-A01",
"AUTH-1812",
"AUTH-1812-A01",
"AUTH-1812-A02",
"AUTH-1814-A01",
"AUTH-1818-A11",
"AUTH-1820-A06",
"AUTH-1823",
"AUTH-1823-A01",
"AUTH-1823-A02",
"AUTH-1827-A04",
"AUTH-1831-A05",
"AUTH-1859",
"AUTH-1860-A05",
"AUTH-1860-A08",
"AUTH-1860-A09",
"AUTH-1862-A09",
"AUTH-1865-A12",
"AUTH-187-A11",
"AUTH-1877-A08",
"AUTH-1909-A02",
"AUTH-1909-A07",
"AUTH-1909-A08",
"AUTH-1910-A05",
"AUTH-1910-A11",
"AUTH-1912-A07",
"AUTH-1917-A04",
"AUTH-1917-A08",
"AUTH-1936-A11",
"AUTH-1940-A04",
"AUTH-1952",
"AUTH-1952-A02",
"AUTH-1952-A03",
"AUTH-1952-A05",
"AUTH-1952-A06",
"AUTH-1952-A07",
"AUTH-1952-A08",
"AUTH-1959",
"AUTH-1959-A02",
"AUTH-2121-A04",
"AUTH-2280",
"AUTH-2280-A01",
"AUTH-2315-A04",
"AUTH-2331-A08",
"AUTH-2333-A01",
"AUTH-2333-A02",
"AUTH-2338-A06",
"AUTH-2338-A09",
"AUTH-2345-A03",
"AUTH-2345-A04",
"AUTH-2368-A03",
"AUTH-2372-A01",
"AUTH-2382-A01",
"AUTH-2399",
"AUTH-2399-A04",
"AUTH-2399-A07",
"AUTH-2403",
"AUTH-2403-A03",
"AUTH-2403-A06",
"AUTH-2405-A05",
"AUTH-2405-A06",
"AUTH-2416-A01",
"AUTH-2416-A03",
"AUTH-2417-A04",
"AUTH-2417-A11",
"AUTH-2417-A13",
"AUTH-2444-A01",
"AUTH-2444-A07",
"AUTH-2451-A04",
"AUTH-2464-A03",
"AUTH-2678",
"AUTH-2678-A01",
"AUTH-2779",
"AUTH-2793",
"AUTH-2793-A02",
"AUTH-2801",
"AUTH-2805-A06",
"AUTH-2805-A11",
"AUTH-2817",
"AUTH-2850",
"AUTH-2851",
"AUTH-2851-A10",
"AUTH-2852",
"AUTH-2873-A01",
"AUTH-2873-A05",
"AUTH-2877-A01",
"AUTH-2877-A05",
"AUTH-2879",
"AUTH-2880-A01",
"AUTH-2883",
"AUTH-2883-A01",
"AUTH-2883-A02",
"AUTH-2921-A12",
"AUTH-2935-A06",
"AUTH-2939-A04",
"AUTH-2959-A03",
"AUTH-2960-A08",
"AUTH-2967-A05",
"AUTH-2979-A07",
"AUTH-2980",
"AUTH-2989-A01",
"AUTH-2993-A03",
"AUTH-3004",
"AUTH-3013-A02",
"AUTH-3045",
"AUTH-3045-A01",
"AUTH-3045-A02",
"AUTH-3045-A03",
"AUTH-3045-A04",
"AUTH-3065-A02",
"AUTH-3065-A03",
"AUTH-3065-A04",
"AUTH-3068-A06",
"AUTH-3071-A01",
"AUTH-3071-A04",
"AUTH-3071-A09",
"AUTH-3073",
"AUTH-3073-A02",
"AUTH-3073-A03",
"AUTH-3073-A05",
"AUTH-3075-A01",
"AUTH-3075-A02",
"AUTH-3075-A03",
"AUTH-3075-A05",
"AUTH-3082-A10",
"AUTH-3150",
"AUTH-3150-A01",
"AUTH-3150-A04",
"AUTH-3150-A07",
"AUTH-3150-A09",
"AUTH-3151",
"AUTH-3151-A01",
"AUTH-3151-A05",
"AUTH-3151-A07",
"AUTH-3151-A09",
"AUTH-3151-A10",
"AUTH-3154",
"AUTH-3154-A01",
"AUTH-3154-A02",
"AUTH-3154-A08",
"AUTH-3155",
"AUTH-3155-A04",
"AUTH-3161-A04",
"AUTH-3164-A02",
"AUTH-3164-A05",
"AUTH-3164-A07",
"AUTH-3164-A12",
"AUTH-3166-A01",
"AUTH-3166-A02",
"AUTH-3170",
"AUTH-3170-A01",
"AUTH-3170-A02",
"AUTH-3230-A01",
"AUTH-3266-A07",
"AUTH-3279-A03",
"AUTH-3314-A01",
"AUTH-3314-A02",
"AUTH-3314-A03",
"AUTH-3394-A04",
"AUTH-3396-A04",
"AUTH-3399",
"AUTH-3399-A03",
"AUTH-3460-A02",
"AUTH-3460-A04",
"AUTH-3460-A08",
"AUTH-3461-A02",
"AUTH-3461-A03",
"AUTH-3461-A05",
"AUTH-3461-A06",
"AUTH-3486-A10",
"AUTH-3541-A05",
"AUTH-3541-A06",
"AUTH-3542-A06",
"AUTH-3547-A01",
"AUTH-3548-A02",
"AUTH-3549",
"AUTH-3552-A05",
"AUTH-3554-A02",
"AUTH-3554-A03",
"AUTH-3556-A03",
"AUTH-3558-A04",
"AUTH-3595",
"AUTH-3595-A06",
"AUTH-3595-A08",
"AUTH-3596",
"AUTH-3596-A04",
"AUTH-3596-A06",
"AUTH-3597",
"AUTH-3597-A03",
"AUTH-3597-A04",
"AUTH-3597-A05",
"AUTH-3597-A06",
"AUTH-3599-A02",
"AUTH-3599-A04",
"AUTH-3624",
"AUTH-3624-A01",
"AUTH-3624-A02",
"AUTH-3638",
"AUTH-3641",
"AUTH-3677-A06",
"AUTH-3751-A08",
"AUTH-3825-A01",
"AUTH-3825-A06",
"AUTH-384-A07",
"AUTH-384-A10",
"AUTH-3887-A07",
"AUTH-3922",
"AUTH-3935",
"AUTH-3935-A10",
"AUTH-3935-A11",
"AUTH-3935-A12",
"AUTH-3935-A13",
"AUTH-3935-A14",
"AUTH-3935-A15",
"AUTH-3935-A16",
"AUTH-3935-A17",
"AUTH-3935-A18",
"AUTH-3935-A19",
"AUTH-3948-A04",
"AUTH-3951-A06",
"AUTH-3951-A07",
"AUTH-3955-A01",
"AUTH-3958-A02",
"AUTH-3960-A02",
"AUTH-3960-A03",
"AUTH-3960-A04",
"AUTH-3964-A06",
"AUTH-3964-A07",
"AUTH-3993",
"AUTH-3993-A01",
"AUTH-3993-A02",
"AUTH-3993-A03",
"AUTH-4027-A02",
"AUTH-4030-A03",
"AUTH-4031-A08",
"AUTH-4032-A02",
"AUTH-4036-A04",
"AUTH-4043-A08",
"AUTH-4054-A07",
"AUTH-4085",
"AUTH-4085-A01",
"AUTH-4095-A17",
"AUTH-4135",
"AUTH-494-A02",
"AUTH-497",
"AUTH-497-A03",
"AUTH-505-A04",
"AUTH-505-A06",
"AUTH-530-A01",
"AUTH-530-A05",
"AUTH-530-A08",
"AUTH-530-A11",
"AUTH-548",
"AUTH-548-A01",
"AUTH-548-A03",
"AUTH-559",
"AUTH-559-A01",
"AUTH-559-A03",
"AUTH-559-A04",
"AUTH-559-A05",
"AUTH-559-A09",
"AUTH-559-A12",
"AUTH-559-A13",
"AUTH-559-A14",
"AUTH-559-A15",
"AUTH-577",
"AUTH-577-A05",
"AUTH-582",
"AUTH-582-A01",
"AUTH-584",
"AUTH-584-A01",
"AUTH-584-A02",
"AUTH-584-A06",
"AUTH-584-A08",
"AUTH-584-A09",
"AUTH-592",
"AUTH-592-A02",
"AUTH-595",
"AUTH-595-A05",
"AUTH-610",
"AUTH-610-A06",
"AUTH-615",
"AUTH-615-A01",
"AUTH-615-A02",
"AUTH-615-A03",
"AUTH-615-A04",
"AUTH-615-A05",
"AUTH-615-A06",
"AUTH-616",
"AUTH-616-A01",
"AUTH-616-A02",
"AUTH-616-A03",
"AUTH-616-A05",
"AUTH-616-A06",
"AUTH-616-A12",
"AUTH-616-A13",
"AUTH-617",
"AUTH-623",
"AUTH-623-A01",
"AUTH-623-A02",
"AUTH-623-A03",
"AUTH-623-A04",
"AUTH-623-A05",
"AUTH-623-A06",
"AUTH-623-A07",
"AUTH-623-A08",
"AUTH-637-A08",
"AUTH-637-A09",
"AUTH-637-A30",
"AUTH-646-A04",
"AUTH-655-A10",
"AUTH-655-A11",
"AUTH-694",
"AUTH-694-A02",
"AUTH-694-A03",
"AUTH-700-A02",
"AUTH-710-A04",
"AUTH-710-A05",
"AUTH-710-A06",
"AUTH-732-A01",
"AUTH-732-A04",
"AUTH-732-A05",
"AUTH-743-A04",
"AUTH-743-A10",
"AUTH-745",
"AUTH-745-A01",
"AUTH-748-A05",
"AUTH-748-A06",
"AUTH-748-A10",
"AUTH-748-A11",
"AUTH-751-A05",
"AUTH-751-A06",
"AUTH-751-A07",
"AUTH-751-A08",
"AUTH-752",
"AUTH-752-A01",
"AUTH-752-A07",
"AUTH-762-A11",
"AUTH-774-A01",
"AUTH-775-A10",
"AUTH-784-A03",
"AUTH-784-A08",
"AUTH-784-A09",
"AUTH-785-A01",
"AUTH-803-A05",
"AUTH-803-A07",
"AUTH-804-A05",
"AUTH-804-A06",
"AUTH-818-A02",
"AUTH-822-A04",
"AUTH-822-A05",
"AUTH-822-A06",
"AUTH-822-A08",
"AUTH-824-A15",
"AUTH-825-A05",
"AUTH-828-A05",
"AUTH-828-A09",
"AUTH-828-A10",
"AUTH-836",
"AUTH-836-A01",
"AUTH-836-A02",
"AUTH-836-A04",
"AUTH-836-A05",
"AUTH-836-A06",
"AUTH-836-A07",
"AUTH-836-A08",
"AUTH-836-A09",
"AUTH-836-A11",
"AUTH-836-A12",
"AUTH-836-A17",
"AUTH-836-A18",
"AUTH-837-A07",
"AUTH-838-A10",
"AUTH-838-A17",
"AUTH-838-A26",
"AUTH-838-A36",
"AUTH-838-A44",
"AUTH-845-A01",
"AUTH-845-A07",
"AUTH-845-A13",
"AUTH-845-A19",
"AUTH-845-A24",
"AUTH-845-A27",
"AUTH-845-A29",
"AUTH-845-A39",
"AUTH-845-A45",
"AUTH-845-A55",
"AUTH-846-A03",
"AUTH-846-A09",
"AUTH-846-A12",
"AUTH-846-A19",
"AUTH-846-A22",
"AUTH-846-A29",
"AUTH-846-A32",
"AUTH-846-A38",
"AUTH-846-A41",
"AUTH-846-A48",
"AUTH-849-A26",
"AUTH-849-A27",
"AUTH-849-A31",
"AUTH-849-A32",
"AUTH-849-A43",
"AUTH-849-A44",
"AUTH-849-A46",
"AUTH-849-A47",
"AUTH-849-A58",
"AUTH-849-A59",
"AUTH-851-A01",
"AUTH-851-A02",
"AUTH-851-A46",
"AUTH-885-A03",
"AUTH-885-A10",
"AUTH-885-A17",
"AUTH-885-A22",
"AUTH-885-A31",
"AUTH-888-A30",
"AUTH-888-A37",
"AUTH-894-A06",
"AUTH-894-A11",
"AUTH-894-A12",
"AUTH-902-A01",
"AUTH-902-A11",
"AUTH-902-A17",
"AUTH-905-A04",
"AUTH-905-A09",
"AUTH-905-A14",
"AUTH-905-A17",
"AUTH-905-A22",
"AUTH-909-A02",
"AUTH-909-A12",
"AUTH-909-A22",
"AUTH-909-A32",
"AUTH-909-A42",
"AUTH-913-A05",
"AUTH-917",
"AUTH-917-A01",
"AUTH-917-A04",
"AUTH-917-A05",
"AUTH-917-A06",
"AUTH-917-A09",
"AUTH-917-A10",
"AUTH-917-A11",
"AUTH-917-A14",
"AUTH-917-A15",
"AUTH-917-A17",
"AUTH-917-A20",
"AUTH-917-A21",
"AUTH-917-A22",
"AUTH-917-A24",
"AUTH-917-A25",
"AUTH-917-A26",
"AUTH-922-A02",
"AUTH-922-A08",
"AUTH-925-A05",
"AUTH-925-A06",
"AUTH-925-A12",
"AUTH-928-A07",
"AUTH-928-A13",
"AUTH-928-A19",
"AUTH-928-A25",
"AUTH-928-A30",
"AUTH-932",
"AUTH-937-A01",
"AUTH-937-A08",
"AUTH-937-A15",
"AUTH-937-A22",
"AUTH-937-A29",
"AUTH-941-A04",
"AUTH-941-A05",
"AUTH-941-A10",
"AUTH-941-A11",
"AUTH-941-A17",
"AUTH-941-A18",
"AUTH-941-A23",
"AUTH-941-A24",
"AUTH-954-A15",
"AUTH-974-A07",
"AUTH-986-A08",
"AUTH-986-A09",
"AUTH-989-A18",
"COMP-1264-A01",
"COMP-1264-A02",
"COMP-1264-A04",
"COMP-1264-A05",
"COMP-1883-A03",
"COMP-1904-A04",
"COMP-1904-A06",
"COMP-1904-A07",
"COMP-1960-A06",
"COMP-2029-A04",
"COMP-2129-A04",
"COMP-2131-A09",
"COMP-2639-A04",
"COMP-3435-A05",
"COMP-3602",
"COMP-3602-A01",
"COMP-3602-A08",
"COMP-3602-A10",
"COMP-3733-A03",
"COMP-3983-A02",
"COMP-3983-A04",
"CRYP-1097-A09",
"CRYP-1124-A05",
"CRYP-1210-A09",
"CRYP-1299-A09",
"CRYP-1306-A07",
"CRYP-1372-A05",
"CRYP-1386-A08",
"CRYP-1393-A03",
"CRYP-1433-A07",
"CRYP-1466-A03",
"CRYP-1466-A05",
"CRYP-1712-A15",
"CRYP-1725-A02",
"CRYP-1750-A09",
"CRYP-1761-A01",
"CRYP-1864",
"CRYP-1864-A02",
"CRYP-1864-A05",
"CRYP-1983-A01",
"CRYP-2142-A06",
"CRYP-2148-A06",
"CRYP-2179-A09",
"CRYP-2334",
"CRYP-447-A16",
"CRYP-450-A05",
"CRYP-450-A06",
"CRYP-450-A40",
"CRYP-450-A52",
"CRYP-450-A53",
"CRYP-626",
"CRYP-637-A10",
"CRYP-713-A07",
"CRYP-738-A06",
"CRYP-790",
"DATA-1191-A10",
"DATA-1257-A05",
"DATA-1257-A09",
"DATA-1801-A06",
"DATA-2493-A12",
"DATA-2510-A07",
"DATA-260-A02",
"DATA-260-A08",
"DATA-2607-A05",
"DATA-2648-A01",
"DATA-3292-A01",
"DATA-3372-A07",
"DATA-3376-A01",
"DATA-3376-A06",
"DATA-3401-A01",
"DATA-3613-A01",
"DATA-3754-A03",
"DATA-4225-A04",
"DATA-4317-A05",
"DATA-972-A06",
"DATA-972-A12",
"FIN-1223-A06",
"GOV-1196-A04",
"GOV-180-A06",
"GOV-180-A12",
"GOV-2076-A13",
"GOV-3110-A02",
"GOV-413-A18",
"GOV-519",
"GOV-519-A11",
"GOV-519-A35",
"GOV-520-A40",
"INC-1352-A03",
"LOG-053-A07",
"LOG-107-A02",
"LOG-1742-A13",
"LOG-1748-A01",
"LOG-1767-A02",
"LOG-1861-A06",
"LOG-705-A01",
"LOG-735-A17",
"LOG-735-A18",
"LOG-745-A44",
"LOG-745-A54",
"LOG-774-A01",
"LOG-774-A15",
"LOG-774-A22",
"LOG-774-A29",
"MIA-001",
"NET-1014-A03",
"NET-1293-A02",
"NET-351",
"NET-351-A01",
"NET-351-A02",
"NET-351-A06",
"NET-351-A07",
"NET-391",
"NET-391-A01",
"NET-391-A08",
"NET-405",
"NET-405-A03",
"NET-405-A08",
"NET-405-A09",
"NET-506-A15",
"NET-506-A60",
"NET-857-A06",
"NET-857-A12",
"NET-860-A06",
"NET-860-A09",
"NET-980-A07",
"PFI-001-A02",
"SEC-052-A06",
"SEC-093-A05",
"SEC-093-A06",
"SEC-1144-A03",
"SEC-1144-A28",
"SEC-1144-A42",
"SEC-1144-A56",
"SEC-1144-A70",
"SEC-1146-A02",
"SEC-1146-A07",
"SEC-1146-A54",
"SEC-1146-A59",
"SEC-1153-A12",
"SEC-2635-A03",
"SEC-2643-A15",
"SEC-2662-A07",
"SEC-2662-A13",
"SEC-2738-A06",
"SEC-2809",
"SEC-2809-A02",
"SEC-2809-A05",
"SEC-2809-A09",
"SEC-2818-A05",
"SEC-2899-A04",
"SEC-3195-A04",
"SEC-3383-A03",
"SEC-3383-A08",
"SEC-3732-A08",
"SEC-3740-A03",
"SEC-3935-A02",
"SEC-3965-A02",
"SEC-4292-A12",
"SEC-4295",
"SEC-4513-A07",
"SEC-4560-A03",
"SEC-4655-A03",
"SEC-4655-A04",
"SEC-5435-A03",
"SEC-5505-A05",
"SEC-5595-A13",
"SEC-5767-A01",
"SEC-5792-A03",
"SEC-6770",
"SEC-6784-A08",
"SEC-6784-A10",
"SEC-6804-A01",
"SEC-6804-A02",
"SEC-6830-A05",
"SEC-6833-A07",
"SEC-7984-A07",
"SEC-7994-A06",
"SEC-8102-A02",
"SEC-8121-A05",
"SEC-8138-A03",
"SEC-9212-A01",
"SEC-9212-A02"
],
"member_count": 865,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.8,
"source_meta_cluster": "M6",
"cluster_size": 243,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "mfa_required",
"name": "Multi-Faktor-Authentifizierung umsetzen",
"description": "Multi-Faktor-Authentifizierung ist fuer Benutzerzugriffe umzusetzen, insbesondere wo erhoehtes Risiko besteht.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "mfa",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "SP 800-63B",
"role": "best_practice"
},
{
"source": "Out-of-Band-Authentifizierung",
"anchor": "",
"role": "implementation_guidance",
"merged_from": "out_of_band_authentication"
},
{
"source": "Hardware-basierte Authentifizierung (AAL3)",
"anchor": "",
"role": "implementation_guidance",
"merged_from": "hardware_authenticators"
},
{
"source": "E-Mail-Authentifizierungsmechanismen (SPF/DKIM/DMARC)",
"anchor": "",
"role": "implementation_guidance",
"merged_from": "email_authentication"
}
],
"member_review_units": [
"M1",
"M94",
"M95",
"M38",
"M110",
"M113",
"M126"
],
"member_controls": [
"ACC-001-A14",
"ACC-001-A17",
"ACC-001-A29",
"ACC-0410-A03",
"ACC-082-A08",
"ACC-082-A09",
"ACC-082-A17",
"ACC-082-A18",
"ACC-320-A16",
"ACC-320-A18",
"ACC-320-A24",
"ACC-320-A34",
"ACC-320-A40",
"ACC-320-A48",
"ACC-478-A08",
"ACC-499-A07",
"ACC-508-A06",
"ACC-559-A04",
"ACC-578-A07",
"ACC-607",
"AI-052-A28",
"AI-052-A29",
"AI-1573-A01",
"AI-797-A09",
"AI-797-A18",
"AI-797-A36",
"AI-797-A45",
"AI-924-A13",
"AI-924-A14",
"AUTH-008-A25",
"AUTH-1049-A56",
"AUTH-1050-A13",
"AUTH-1061-A75",
"AUTH-1084",
"AUTH-1095-A02",
"AUTH-1096",
"AUTH-1096-A01",
"AUTH-1102-A14",
"AUTH-112-A04",
"AUTH-112-A17",
"AUTH-1288",
"AUTH-1300-A05",
"AUTH-1303-A05",
"AUTH-1313-A04",
"AUTH-1314-A03",
"AUTH-1445-A02",
"AUTH-1463-A04",
"AUTH-1463-A09",
"AUTH-1466-A09",
"AUTH-1468-A01",
"AUTH-1468-A06",
"AUTH-1524-A04",
"AUTH-1529-A04",
"AUTH-1669-A05",
"AUTH-1669-A06",
"AUTH-1679",
"AUTH-1679-A02",
"AUTH-1711-A06",
"AUTH-1742-A01",
"AUTH-1742-A07",
"AUTH-1759-A05",
"AUTH-1790",
"AUTH-1790-A04",
"AUTH-1818-A11",
"AUTH-1860-A05",
"AUTH-1860-A08",
"AUTH-1860-A09",
"AUTH-1862-A09",
"AUTH-1865-A12",
"AUTH-187-A11",
"AUTH-1901-A05",
"AUTH-1910-A05",
"AUTH-1912-A07",
"AUTH-1940-A04",
"AUTH-2121-A04",
"AUTH-2315-A04",
"AUTH-2338-A09",
"AUTH-2399-A07",
"AUTH-2405-A06",
"AUTH-2452-A07",
"AUTH-2473-A01",
"AUTH-2473-A02",
"AUTH-2484-A01",
"AUTH-2548",
"AUTH-2551",
"AUTH-2552-A03",
"AUTH-2689-A02",
"AUTH-2689-A04",
"AUTH-2793",
"AUTH-2793-A02",
"AUTH-2805-A06",
"AUTH-2805-A11",
"AUTH-2850",
"AUTH-2851-A10",
"AUTH-2873-A04",
"AUTH-2879",
"AUTH-2924",
"AUTH-2945-A11",
"AUTH-2968",
"AUTH-2979-A07",
"AUTH-2996",
"AUTH-3004",
"AUTH-3021-A07",
"AUTH-3045-A04",
"AUTH-3068-A06",
"AUTH-3082-A10",
"AUTH-3165-A02",
"AUTH-3166-A07",
"AUTH-3258-A09",
"AUTH-3266-A07",
"AUTH-3281",
"AUTH-3284-A01",
"AUTH-3284-A04",
"AUTH-3284-A05",
"AUTH-3333-A06",
"AUTH-3334",
"AUTH-3334-A05",
"AUTH-3452-A01",
"AUTH-3452-A05",
"AUTH-3457",
"AUTH-3460-A04",
"AUTH-3461-A03",
"AUTH-3461-A05",
"AUTH-3469-A03",
"AUTH-3486-A10",
"AUTH-3541-A06",
"AUTH-3542-A06",
"AUTH-3547",
"AUTH-3554-A02",
"AUTH-3562-A01",
"AUTH-3595",
"AUTH-3595-A02",
"AUTH-3595-A06",
"AUTH-3595-A08",
"AUTH-3596",
"AUTH-3596-A04",
"AUTH-3597-A06",
"AUTH-3599-A04",
"AUTH-3638",
"AUTH-3652-A11",
"AUTH-3653",
"AUTH-3659-A01",
"AUTH-3677-A04",
"AUTH-3705-A02",
"AUTH-3751-A08",
"AUTH-3825-A08",
"AUTH-3887-A01",
"AUTH-3908-A05",
"AUTH-3915",
"AUTH-3915-A01",
"AUTH-3915-A03",
"AUTH-3921",
"AUTH-3929-A01",
"AUTH-3947",
"AUTH-3948-A04",
"AUTH-3958-A02",
"AUTH-3964-A07",
"AUTH-3968-A09",
"AUTH-3977-A02",
"AUTH-3993",
"AUTH-3993-A02",
"AUTH-4027-A02",
"AUTH-4030-A03",
"AUTH-4031-A08",
"AUTH-4032-A02",
"AUTH-4036-A04",
"AUTH-4082-A10",
"AUTH-4083-A05",
"AUTH-4085",
"AUTH-4085-A01",
"AUTH-4095-A17",
"AUTH-494-A02",
"AUTH-500-A03",
"AUTH-505-A06",
"AUTH-538-A04",
"AUTH-544",
"AUTH-544-A06",
"AUTH-544-A07",
"AUTH-559-A04",
"AUTH-559-A13",
"AUTH-572",
"AUTH-572-A02",
"AUTH-572-A07",
"AUTH-577-A04",
"AUTH-584-A06",
"AUTH-615-A06",
"AUTH-623-A07",
"AUTH-623-A08",
"AUTH-637-A31",
"AUTH-648-A02",
"AUTH-661-A09",
"AUTH-661-A22",
"AUTH-710-A06",
"AUTH-732-A01",
"AUTH-743-A04",
"AUTH-743-A10",
"AUTH-751-A05",
"AUTH-751-A06",
"AUTH-751-A07",
"AUTH-751-A08",
"AUTH-762-A11",
"AUTH-774-A01",
"AUTH-784-A08",
"AUTH-784-A09",
"AUTH-785-A02",
"AUTH-803",
"AUTH-803-A03",
"AUTH-803-A06",
"AUTH-803-A08",
"AUTH-804-A05",
"AUTH-807",
"AUTH-807-A01",
"AUTH-810-A04",
"AUTH-819-A03",
"AUTH-819-A04",
"AUTH-822-A03",
"AUTH-822-A06",
"AUTH-822-A08",
"AUTH-824-A09",
"AUTH-824-A15",
"AUTH-824-A16",
"AUTH-827-A10",
"AUTH-836",
"AUTH-836-A01",
"AUTH-836-A02",
"AUTH-836-A06",
"AUTH-836-A08",
"AUTH-836-A09",
"AUTH-836-A12",
"AUTH-836-A17",
"AUTH-836-A18",
"AUTH-837-A07",
"AUTH-845-A02",
"AUTH-845-A07",
"AUTH-845-A14",
"AUTH-845-A19",
"AUTH-845-A25",
"AUTH-845-A28",
"AUTH-845-A29",
"AUTH-845-A39",
"AUTH-845-A46",
"AUTH-845-A55",
"AUTH-846-A09",
"AUTH-846-A19",
"AUTH-846-A29",
"AUTH-846-A38",
"AUTH-846-A48",
"AUTH-849-A26",
"AUTH-849-A27",
"AUTH-849-A31",
"AUTH-849-A32",
"AUTH-849-A43",
"AUTH-849-A44",
"AUTH-849-A46",
"AUTH-849-A47",
"AUTH-849-A58",
"AUTH-849-A59",
"AUTH-902",
"AUTH-903-A21",
"AUTH-903-A22",
"AUTH-909",
"AUTH-925-A05",
"AUTH-925-A06",
"AUTH-925-A12",
"AUTH-949-A03",
"AUTH-986-A08",
"AUTH-986-A09",
"AUTH-989-A22",
"COMP-1079-A07",
"COMP-1264-A04",
"COMP-1904-A06",
"COMP-1904-A07",
"COMP-2129-A04",
"COMP-3360-A02",
"COMP-3421-A13",
"COMP-3435-A01",
"COMP-3981-A05",
"CRYP-1210-A09",
"CRYP-1299-A09",
"CRYP-1372-A05",
"CRYP-1433-A07",
"CRYP-1684-A07",
"CRYP-1725-A02",
"CRYP-1750-A09",
"CRYP-1751",
"CRYP-1751-A01",
"CRYP-1864-A05",
"CRYP-1884-A04",
"CRYP-1927-A13",
"CRYP-2142-A06",
"CRYP-2148-A06",
"CRYP-2173-A04",
"CRYP-2179-A09",
"CRYP-2334",
"CRYP-447-A01",
"CRYP-447-A17",
"CRYP-637-A10",
"CRYP-713-A07",
"CRYP-723-A09",
"CRYP-738-A06",
"CRYP-790",
"DATA-1191-A02",
"DATA-1810-A02",
"DATA-2493-A12",
"DATA-2510-A07",
"DATA-3154-A02",
"DATA-3376-A06",
"DATA-3614",
"DATA-3754-A02",
"DATA-3948",
"DATA-4225-A04",
"DATA-4317-A05",
"GIA-002",
"GOV-180-A06",
"GOV-180-A12",
"GOV-2076-A13",
"GOV-3110-A02",
"GOV-3868-A01",
"GOV-3868-A07",
"INC-246",
"INC-246-A01",
"INC-246-A02",
"INC-246-A04",
"LOG-107-A02",
"LOG-1506-A03",
"LOG-1861-A06",
"LOG-967-A06",
"NET-040-A03",
"NET-040-A12",
"NET-1166-A05",
"NET-1293-A02",
"NET-1787-A12",
"NET-351-A09",
"NET-405-A02",
"NET-405-A07",
"NET-857-A06",
"NET-857-A12",
"NET-860-A09",
"NET-887-A02",
"NET-887-A07",
"SEC-019-A02",
"SEC-019-A14",
"SEC-019-A29",
"SEC-052-A06",
"SEC-093-A05",
"SEC-093-A06",
"SEC-171-A47",
"SEC-2643-A07",
"SEC-2643-A15",
"SEC-2738-A06",
"SEC-2781-A01",
"SEC-2809",
"SEC-2809-A02",
"SEC-2809-A05",
"SEC-2809-A08",
"SEC-2809-A09",
"SEC-3383",
"SEC-3383-A01",
"SEC-3383-A03",
"SEC-3383-A09",
"SEC-3643-A07",
"SEC-3740-A03",
"SEC-387-A10",
"SEC-387-A24",
"SEC-3870",
"SEC-3965-A02",
"SEC-418-A15",
"SEC-4292-A12",
"SEC-4295",
"SEC-4513-A07",
"SEC-4560-A03",
"SEC-5435-A03",
"SEC-5505-A05",
"SEC-5767-A01",
"SEC-5915-A06",
"SEC-6778",
"SEC-6784-A08",
"SEC-6804-A01",
"SEC-6804-A02",
"SEC-6833-A07",
"SEC-6846-A03",
"SEC-7686-A01",
"SEC-7686-A02",
"SEC-7686-A05",
"SEC-7793-A09",
"SEC-7979-A02",
"SEC-7984-A07",
"SEC-8815",
"SEC-8847-A02",
"SEC-8996-A06",
"SEC-9087-A02"
],
"member_count": 391,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.9,
"source_meta_cluster": "M94",
"cluster_size": 55,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "step_up_authentication",
"name": "Step-up/erneute Authentifizierung bei sensiblen Aktionen",
"description": "Bei kritischen oder sensiblen Operationen ist eine Step-up- bzw. erneute Authentifizierung auszuloesen.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "session",
"applicability": "conditional:sensitive_action",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "SP 800-63B 4.3",
"role": "best_practice"
},
{
"source": "NIST",
"anchor": "SP 800-63-3",
"role": "best_practice"
}
],
"member_review_units": [
"M0",
"M4",
"M112"
],
"member_controls": [
"ACC-001-A09",
"ACC-001-A24",
"ACC-014-A07",
"ACC-014-A11",
"ACC-014-A16",
"ACC-014-A20",
"ACC-0384",
"ACC-0384-A01",
"ACC-0384-A05",
"ACC-0411",
"ACC-0411-A01",
"ACC-0411-A03",
"ACC-0411-A05",
"ACC-0411-A09",
"ACC-064-A04",
"ACC-064-A09",
"ACC-064-A14",
"ACC-180-A07",
"ACC-320-A08",
"ACC-320-A15",
"ACC-320-A23",
"ACC-320-A31",
"ACC-320-A39",
"ACC-320-A47",
"ACC-326-A01",
"ACC-326-A12",
"ACC-326-A23",
"ACC-326-A34",
"ACC-326-A45",
"ACC-326-A56",
"ACC-427-A05",
"ACC-427-A14",
"ACC-490-A06",
"ACC-504-A05",
"ACC-521-A10",
"ACC-533",
"ACC-533-A02",
"ACC-640-A04",
"ACC-640-A07",
"ACC-640-A12",
"ACC-647-A03",
"ACC-655-A17",
"ACC-660",
"AI-019",
"AI-1236-A08",
"AI-1351-A10",
"AI-1424-A03",
"AI-760-A03",
"AI-760-A35",
"AUTH-047",
"AUTH-071-A11",
"AUTH-071-A12",
"AUTH-1018",
"AUTH-1096-A03",
"AUTH-1099-A07",
"AUTH-1300-A06",
"AUTH-1426",
"AUTH-1426-A01",
"AUTH-1426-A04",
"AUTH-1443-A06",
"AUTH-1455-A03",
"AUTH-1463-A05",
"AUTH-1466-A05",
"AUTH-1466-A07",
"AUTH-1529-A05",
"AUTH-1530",
"AUTH-1530-A03",
"AUTH-1633-A04",
"AUTH-1640-A08",
"AUTH-1652-A14",
"AUTH-1654-A04",
"AUTH-1667-A05",
"AUTH-1667-A06",
"AUTH-1670-A13",
"AUTH-1671-A11",
"AUTH-1672-A13",
"AUTH-1677-A05",
"AUTH-1694-A05",
"AUTH-1709-A06",
"AUTH-1806-A07",
"AUTH-1811-A03",
"AUTH-1813-A09",
"AUTH-1823-A03",
"AUTH-1823-A07",
"AUTH-1826-A05",
"AUTH-1830-A05",
"AUTH-1834-A07",
"AUTH-1859-A06",
"AUTH-1862-A07",
"AUTH-1908-A03",
"AUTH-1917-A07",
"AUTH-1932-A04",
"AUTH-1932-A05",
"AUTH-1945-A06",
"AUTH-2315-A05",
"AUTH-2397-A04",
"AUTH-2409-A01",
"AUTH-2417-A09",
"AUTH-2425-A14",
"AUTH-2426-A04",
"AUTH-2461-A08",
"AUTH-2466-A03",
"AUTH-2466-A05",
"AUTH-2466-A06",
"AUTH-2486-A10",
"AUTH-2573-A03",
"AUTH-2635-A06",
"AUTH-2641-A02",
"AUTH-2678-A09",
"AUTH-2781-A07",
"AUTH-2781-A08",
"AUTH-2817-A08",
"AUTH-2819-A05",
"AUTH-2851-A09",
"AUTH-2883-A08",
"AUTH-2886-A07",
"AUTH-2926",
"AUTH-2935-A05",
"AUTH-2935-A10",
"AUTH-2937-A09",
"AUTH-2939",
"AUTH-2943-A13",
"AUTH-2947",
"AUTH-2949",
"AUTH-2955",
"AUTH-2958",
"AUTH-2964-A02",
"AUTH-2967-A01",
"AUTH-2973-A04",
"AUTH-2974-A05",
"AUTH-2975-A07",
"AUTH-2978-A05",
"AUTH-2981",
"AUTH-2985-A09",
"AUTH-2995-A02",
"AUTH-3020-A02",
"AUTH-3045-A05",
"AUTH-3065-A01",
"AUTH-3068-A04",
"AUTH-3070-A01",
"AUTH-3082-A06",
"AUTH-3154-A07",
"AUTH-3165-A07",
"AUTH-3258-A06",
"AUTH-3284-A03",
"AUTH-3296-A07",
"AUTH-3300-A02",
"AUTH-3334",
"AUTH-3334-A05",
"AUTH-3393-A01",
"AUTH-3430-A04",
"AUTH-3542-A11",
"AUTH-3543-A12",
"AUTH-3548-A01",
"AUTH-3595-A07",
"AUTH-3597-A07",
"AUTH-3597-A08",
"AUTH-3635-A03",
"AUTH-3635-A04",
"AUTH-3641-A05",
"AUTH-3647-A08",
"AUTH-3659-A02",
"AUTH-3670-A09",
"AUTH-3825-A07",
"AUTH-3900-A03",
"AUTH-3906-A10",
"AUTH-3906-A11",
"AUTH-3908",
"AUTH-3921-A09",
"AUTH-3947-A05",
"AUTH-3948",
"AUTH-3948-A01",
"AUTH-3948-A03",
"AUTH-3955",
"AUTH-3955-A04",
"AUTH-3955-A06",
"AUTH-3962-A06",
"AUTH-3963-A04",
"AUTH-3964-A03",
"AUTH-3964-A04",
"AUTH-3964-A05",
"AUTH-3977",
"AUTH-3977-A01",
"AUTH-3977-A04",
"AUTH-3984-A05",
"AUTH-3997-A03",
"AUTH-3999-A03",
"AUTH-4004",
"AUTH-4031-A05",
"AUTH-4043-A03",
"AUTH-4043-A04",
"AUTH-4123",
"AUTH-4123-A03",
"AUTH-4133",
"AUTH-4134",
"AUTH-492-A04",
"AUTH-505-A03",
"AUTH-509",
"AUTH-509-A02",
"AUTH-637-A32",
"AUTH-637-A33",
"AUTH-700-A07",
"AUTH-700-A08",
"AUTH-710",
"AUTH-739",
"AUTH-739-A01",
"AUTH-739-A02",
"AUTH-752-A08",
"AUTH-757-A12",
"AUTH-762-A04",
"AUTH-762-A05",
"AUTH-763-A07",
"AUTH-782-A02",
"AUTH-782-A07",
"AUTH-782-A11",
"AUTH-782-A16",
"AUTH-794-A07",
"AUTH-837",
"AUTH-837-A08",
"AUTH-837-A16",
"AUTH-837-A17",
"AUTH-838-A03",
"AUTH-838-A05",
"AUTH-838-A07",
"AUTH-838-A13",
"AUTH-838-A15",
"AUTH-838-A22",
"AUTH-838-A31",
"AUTH-838-A33",
"AUTH-838-A41",
"AUTH-838-A49",
"AUTH-843",
"AUTH-843-A07",
"AUTH-843-A16",
"AUTH-843-A25",
"AUTH-843-A35",
"AUTH-843-A45",
"AUTH-843-A52",
"AUTH-850-A06",
"AUTH-850-A16",
"AUTH-850-A26",
"AUTH-850-A44",
"AUTH-851",
"AUTH-885",
"AUTH-885-A25",
"AUTH-885-A34",
"AUTH-888",
"AUTH-888-A07",
"AUTH-888-A14",
"AUTH-888-A22",
"AUTH-888-A29",
"AUTH-888-A38",
"AUTH-889",
"AUTH-889-A03",
"AUTH-889-A11",
"AUTH-889-A23",
"AUTH-889-A31",
"AUTH-889-A35",
"AUTH-895",
"AUTH-902-A07",
"AUTH-902-A08",
"AUTH-902-A13",
"AUTH-902-A14",
"AUTH-902-A18",
"AUTH-926",
"AUTH-932-A02",
"AUTH-932-A07",
"AUTH-932-A12",
"AUTH-932-A18",
"AUTH-932-A23",
"AUTH-933",
"AUTH-941-A13",
"AUTH-942",
"AUTH-949-A38",
"AUTH-949-A56",
"AUTH-989-A22",
"CHP-002-A07",
"CHP-004-A03",
"COMP-1904-A03",
"COMP-1960-A08",
"COMP-2144-A03",
"COMP-2876-A10",
"COMP-2880-A04",
"COMP-2928-A03",
"COMP-3602-A03",
"CRYP-1013-A10",
"CRYP-1022-A07",
"CRYP-1124-A03",
"CRYP-1124-A07",
"CRYP-1201-A02",
"CRYP-1317",
"CRYP-1354-A01",
"CRYP-1434-A09",
"CRYP-1466-A04",
"CRYP-1475-A06",
"CRYP-1523-A07",
"CRYP-1530-A07",
"CRYP-1712",
"CRYP-172-A07",
"CRYP-1724-A09",
"CRYP-1750-A06",
"CRYP-1756-A13",
"CRYP-1788",
"CRYP-1927-A12",
"CRYP-2179-A05",
"CRYP-447-A15",
"CRYP-780-A06",
"DATA-1881-A07",
"DATA-2427-A02",
"DATA-2481-A09",
"DATA-2607-A07",
"DATA-2660-A06",
"DATA-2663-A09",
"DATA-4121-A01",
"GOV-008-A13",
"GOV-1701-A04",
"GOV-2718-A03",
"GOV-3493-A09",
"GOV-511-A28",
"IAM-005",
"IAM-005-A01",
"IAM-005-A02",
"IAM-005-A03",
"IAM-005-A07",
"IAM-005-A08",
"IAM-005-A09",
"IDA-002-A07",
"IDA-005-A05",
"IDA-005-A07",
"IDA-006-A07",
"IDA-007-A07",
"MBT-004-A04",
"NET-1012-A03",
"NET-1012-A06",
"NET-1014-A09",
"NET-1633-A03",
"NET-512-A06",
"NET-512-A12",
"NET-857-A07",
"NET-857-A08",
"NET-857-A09",
"NET-860-A04",
"NET-860-A07",
"SEC-1153-A38",
"SEC-1153-A52",
"SEC-1153-A68",
"SEC-1232-A07",
"SEC-2853-A02",
"SEC-4513-A05",
"SEC-4513-A06",
"SEC-4593-A03",
"SEC-4593-A04",
"SEC-4966-A12",
"SEC-5792-A05",
"SEC-5915-A07",
"SEC-5915-A08",
"SEC-5965-A08",
"SEC-6153-A11",
"SEC-6771-A07",
"SEC-6784-A09",
"SEC-7237-A08",
"SEC-7450-A02",
"SEC-7686-A06",
"SEC-7962-A07",
"SEC-7963-A05",
"SEC-7963-A06",
"SEC-8016-A06",
"SEC-8103-A02",
"SEC-8244",
"SEC-8295-A06"
],
"member_count": 370,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.85,
"source_meta_cluster": "M0",
"cluster_size": 166,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"merged_from": [
"risk_based_authentication"
]
},
{
"id": "privileged_op_reauth",
"name": "Explizite Authentifizierung vor privilegierten Operationen",
"description": "Privilegierte Operationen erfordern explizite (Token/PIN-)Authentifizierung vor Ausfuehrung.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "credential",
"applicability": "conditional:privileged_op",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "IA-02",
"role": "best_practice"
},
{
"source": "NIST",
"anchor": "IA-02(1)",
"role": "best_practice"
}
],
"member_review_units": [
"M4",
"M11",
"M160"
],
"member_controls": [
"ACC-064-A04",
"ACC-064-A09",
"ACC-064-A14",
"ACC-326-A01",
"ACC-326-A12",
"ACC-326-A23",
"ACC-326-A34",
"ACC-326-A45",
"ACC-326-A56",
"ACC-504-A05",
"ACC-567",
"ACC-567-A01",
"ACC-640-A04",
"ACC-640-A07",
"ACC-647-A03",
"ACC-660",
"AI-019",
"AI-1424-A03",
"AI-760-A03",
"AI-760-A35",
"AUTH-001",
"AUTH-046",
"AUTH-071-A11",
"AUTH-071-A12",
"AUTH-1018",
"AUTH-1018-A02",
"AUTH-1018-A03",
"AUTH-1058",
"AUTH-1067",
"AUTH-1102-A02",
"AUTH-1102-A04",
"AUTH-116-A01",
"AUTH-116-A12",
"AUTH-1275",
"AUTH-1280",
"AUTH-1295-A06",
"AUTH-1303-A01",
"AUTH-1303-A02",
"AUTH-1310-A02",
"AUTH-1314",
"AUTH-1314-A01",
"AUTH-1316",
"AUTH-1426",
"AUTH-1426-A01",
"AUTH-1426-A03",
"AUTH-1426-A04",
"AUTH-1446-A01",
"AUTH-1455-A03",
"AUTH-1466-A05",
"AUTH-1525",
"AUTH-1529-A03",
"AUTH-1529-A07",
"AUTH-1530",
"AUTH-1530-A03",
"AUTH-1634-A03",
"AUTH-1638-A01",
"AUTH-1645-A03",
"AUTH-1649-A01",
"AUTH-1649-A03",
"AUTH-1649-A04",
"AUTH-1677-A03",
"AUTH-1682-A02",
"AUTH-1684-A04",
"AUTH-1688-A06",
"AUTH-1701",
"AUTH-1701-A02",
"AUTH-1701-A05",
"AUTH-1709-A06",
"AUTH-1711",
"AUTH-1711-A01",
"AUTH-1711-A03",
"AUTH-1711-A05",
"AUTH-1716-A01",
"AUTH-1720",
"AUTH-1720-A02",
"AUTH-1721-A02",
"AUTH-1810-A04",
"AUTH-1813-A08",
"AUTH-1823-A03",
"AUTH-1826-A05",
"AUTH-1896",
"AUTH-1896-A02",
"AUTH-1896-A03",
"AUTH-1896-A04",
"AUTH-1901-A03",
"AUTH-1908-A03",
"AUTH-1917-A07",
"AUTH-1945-A06",
"AUTH-2315",
"AUTH-2315-A03",
"AUTH-2315-A05",
"AUTH-2316-A01",
"AUTH-2316-A02",
"AUTH-2317-A03",
"AUTH-2322-A01",
"AUTH-2338-A01",
"AUTH-2338-A05",
"AUTH-2368-A01",
"AUTH-2368-A02",
"AUTH-2368-A05",
"AUTH-2397-A04",
"AUTH-2409-A01",
"AUTH-2419-A04",
"AUTH-2419-A05",
"AUTH-2426-A04",
"AUTH-2452-A01",
"AUTH-2452-A02",
"AUTH-2452-A03",
"AUTH-2452-A08",
"AUTH-2452-A09",
"AUTH-2461",
"AUTH-2461-A01",
"AUTH-2466-A03",
"AUTH-2466-A05",
"AUTH-2466-A06",
"AUTH-2473-A01",
"AUTH-2473-A02",
"AUTH-2475-A04",
"AUTH-2484-A01",
"AUTH-2486-A10",
"AUTH-2552-A03",
"AUTH-2689",
"AUTH-2689-A01",
"AUTH-2689-A02",
"AUTH-2689-A03",
"AUTH-2689-A05",
"AUTH-2819-A05",
"AUTH-2822-A02",
"AUTH-2822-A07",
"AUTH-2866-A02",
"AUTH-2873-A03",
"AUTH-2877",
"AUTH-2877-A02",
"AUTH-2883-A04",
"AUTH-2883-A08",
"AUTH-2886-A01",
"AUTH-2886-A07",
"AUTH-2926",
"AUTH-2930-A01",
"AUTH-2930-A08",
"AUTH-2935-A05",
"AUTH-2935-A10",
"AUTH-2937-A04",
"AUTH-2939",
"AUTH-2944-A12",
"AUTH-2946-A02",
"AUTH-2947",
"AUTH-2949",
"AUTH-2955",
"AUTH-2956-A04",
"AUTH-2958",
"AUTH-2963-A05",
"AUTH-2964-A02",
"AUTH-2965-A05",
"AUTH-2967-A01",
"AUTH-2968",
"AUTH-2968-A05",
"AUTH-2969-A01",
"AUTH-2973-A04",
"AUTH-2978-A05",
"AUTH-2981",
"AUTH-2981-A07",
"AUTH-2982-A01",
"AUTH-2987",
"AUTH-2987-A08",
"AUTH-2987-A09",
"AUTH-2993",
"AUTH-2993-A04",
"AUTH-2994",
"AUTH-2995-A02",
"AUTH-2996",
"AUTH-2996-A07",
"AUTH-3002-A06",
"AUTH-3011",
"AUTH-3011-A01",
"AUTH-3012",
"AUTH-3013-A04",
"AUTH-3013-A07",
"AUTH-3015",
"AUTH-3015-A01",
"AUTH-3015-A02",
"AUTH-3018",
"AUTH-3018-A04",
"AUTH-3021-A07",
"AUTH-3045-A05",
"AUTH-3064",
"AUTH-3064-A01",
"AUTH-3064-A03",
"AUTH-3065-A01",
"AUTH-3070-A01",
"AUTH-3074",
"AUTH-3074-A05",
"AUTH-3151-A03",
"AUTH-3155-A05",
"AUTH-3165-A02",
"AUTH-3258-A06",
"AUTH-3286-A02",
"AUTH-3305-A01",
"AUTH-3333-A06",
"AUTH-3393-A01",
"AUTH-3452-A01",
"AUTH-3452-A05",
"AUTH-3454-A01",
"AUTH-3454-A05",
"AUTH-3454-A06",
"AUTH-3454-A07",
"AUTH-3460",
"AUTH-3460-A06",
"AUTH-3461",
"AUTH-3461-A01",
"AUTH-3461-A07",
"AUTH-3469-A03",
"AUTH-3541-A02",
"AUTH-3541-A07",
"AUTH-3543-A01",
"AUTH-3545-A04",
"AUTH-3547",
"AUTH-3594",
"AUTH-3594-A01",
"AUTH-3594-A02",
"AUTH-3594-A07",
"AUTH-3595-A07",
"AUTH-3596-A01",
"AUTH-3596-A07",
"AUTH-3599",
"AUTH-3635-A03",
"AUTH-3635-A04",
"AUTH-3635-A05",
"AUTH-3652-A05",
"AUTH-3652-A06",
"AUTH-3659-A01",
"AUTH-3659-A02",
"AUTH-3705-A02",
"AUTH-3705-A06",
"AUTH-3751",
"AUTH-3825-A07",
"AUTH-3825-A08",
"AUTH-3887-A01",
"AUTH-3900",
"AUTH-3900-A01",
"AUTH-3900-A02",
"AUTH-3900-A03",
"AUTH-3900-A05",
"AUTH-3906-A03",
"AUTH-3906-A04",
"AUTH-3906-A10",
"AUTH-3906-A11",
"AUTH-3908",
"AUTH-3908-A05",
"AUTH-3915",
"AUTH-3915-A01",
"AUTH-3915-A03",
"AUTH-3921-A09",
"AUTH-3929-A01",
"AUTH-3946-A01",
"AUTH-3947-A05",
"AUTH-3948",
"AUTH-3948-A01",
"AUTH-3948-A03",
"AUTH-3955",
"AUTH-3955-A02",
"AUTH-3955-A03",
"AUTH-3955-A04",
"AUTH-3955-A06",
"AUTH-3962-A06",
"AUTH-3963-A01",
"AUTH-3963-A02",
"AUTH-3963-A04",
"AUTH-3968-A09",
"AUTH-3969-A02",
"AUTH-3977",
"AUTH-3977-A01",
"AUTH-3977-A02",
"AUTH-3977-A04",
"AUTH-3982-A01",
"AUTH-3984-A05",
"AUTH-3984-A06",
"AUTH-3988-A04",
"AUTH-3997-A03",
"AUTH-3999-A03",
"AUTH-3999-A04",
"AUTH-4031-A05",
"AUTH-4035-A01",
"AUTH-4069-A02",
"AUTH-4072-A13",
"AUTH-4076",
"AUTH-4079-A04",
"AUTH-4083-A05",
"AUTH-4123-A03",
"AUTH-4127",
"AUTH-4130-A02",
"AUTH-492-A04",
"AUTH-500-A03",
"AUTH-505-A03",
"AUTH-520-A04",
"AUTH-538",
"AUTH-538-A04",
"AUTH-551",
"AUTH-551-A02",
"AUTH-559-A17",
"AUTH-606",
"AUTH-616-A04",
"AUTH-616-A14",
"AUTH-616-A17",
"AUTH-637-A32",
"AUTH-637-A33",
"AUTH-648",
"AUTH-648-A02",
"AUTH-680-A04",
"AUTH-700",
"AUTH-710",
"AUTH-738",
"AUTH-754-A05",
"AUTH-754-A07",
"AUTH-754-A12",
"AUTH-762-A04",
"AUTH-762-A05",
"AUTH-763-A06",
"AUTH-766-A06",
"AUTH-769-A07",
"AUTH-774-A03",
"AUTH-785-A02",
"AUTH-803",
"AUTH-803-A02",
"AUTH-803-A06",
"AUTH-803-A08",
"AUTH-807",
"AUTH-807-A01",
"AUTH-807-A04",
"AUTH-813",
"AUTH-815",
"AUTH-824-A09",
"AUTH-824-A16",
"AUTH-825",
"AUTH-827",
"AUTH-831-A03",
"AUTH-831-A05",
"AUTH-837",
"AUTH-837-A08",
"AUTH-837-A16",
"AUTH-837-A17",
"AUTH-838-A03",
"AUTH-838-A05",
"AUTH-838-A07",
"AUTH-838-A15",
"AUTH-838-A33",
"AUTH-843",
"AUTH-843-A07",
"AUTH-843-A16",
"AUTH-843-A25",
"AUTH-843-A35",
"AUTH-843-A45",
"AUTH-843-A52",
"AUTH-845-A02",
"AUTH-845-A04",
"AUTH-845-A05",
"AUTH-845-A14",
"AUTH-845-A17",
"AUTH-845-A25",
"AUTH-845-A28",
"AUTH-845-A36",
"AUTH-845-A37",
"AUTH-845-A46",
"AUTH-845-A48",
"AUTH-845-A49",
"AUTH-845-A52",
"AUTH-845-A53",
"AUTH-850-A06",
"AUTH-850-A16",
"AUTH-850-A26",
"AUTH-850-A44",
"AUTH-851",
"AUTH-851-A16",
"AUTH-855-A01",
"AUTH-855-A02",
"AUTH-855-A16",
"AUTH-855-A17",
"AUTH-855-A31",
"AUTH-855-A32",
"AUTH-855-A46",
"AUTH-855-A47",
"AUTH-855-A48",
"AUTH-855-A61",
"AUTH-855-A62",
"AUTH-867-A20",
"AUTH-889-A03",
"AUTH-889-A11",
"AUTH-889-A23",
"AUTH-889-A31",
"AUTH-889-A35",
"AUTH-893-A10",
"AUTH-893-A22",
"AUTH-895",
"AUTH-902",
"AUTH-902-A07",
"AUTH-902-A08",
"AUTH-902-A13",
"AUTH-902-A14",
"AUTH-902-A18",
"AUTH-903-A21",
"AUTH-903-A22",
"AUTH-939",
"AUTH-939-A01",
"AUTH-939-A02",
"AUTH-939-A09",
"AUTH-939-A19",
"AUTH-939-A26",
"AUTH-939-A31",
"AUTH-939-A42",
"AUTH-951",
"AVL-003-A06",
"BND-002-A02",
"BND-002-A04",
"BND-002-A06",
"BND-002-A08",
"COMP-1904",
"COMP-1904-A03",
"COMP-2144-A03",
"COMP-2780-A04",
"COMP-2880-A04",
"COMP-2928-A03",
"COMP-3313-A03",
"COMP-3435-A01",
"COMP-3602-A03",
"CRYP-1079-A08",
"CRYP-1124-A03",
"CRYP-1201-A02",
"CRYP-1269",
"CRYP-1269-A01",
"CRYP-1269-A02",
"CRYP-1288-A04",
"CRYP-1354-A01",
"CRYP-1359-A05",
"CRYP-1394-A03",
"CRYP-1652-A09",
"CRYP-1700-A02",
"CRYP-1751",
"CRYP-1751-A01",
"CRYP-1751-A02",
"CRYP-1756-A13",
"CRYP-1788",
"CRYP-1819-A01",
"CRYP-1927-A06",
"CRYP-2179-A05",
"CRYP-2287",
"CRYP-2301-A06",
"CRYP-2315-A06",
"CRYP-2355-A01",
"CRYP-626-A05",
"CRYP-876-A06",
"DATA-1007-A02",
"DATA-1007-A09",
"DATA-1007-A11",
"DATA-1801",
"DATA-2427-A02",
"DATA-259",
"DATA-2662-A05",
"DATA-3154-A06",
"DATA-3613-A04",
"DATA-3614-A02",
"DATA-4121-A01",
"GIA-002",
"GIA-002-A10",
"GOV-008-A13",
"GOV-1701-A04",
"GOV-3868-A11",
"GOV-511-A28",
"IAM-005",
"IAM-005-A02",
"IAM-005-A08",
"LOG-1506-A03",
"LOG-967",
"LOG-967-A01",
"LOG-967-A03",
"LOG-967-A05",
"LOG-967-A06",
"NET-040-A03",
"NET-040-A12",
"NET-1014-A09",
"NET-1166-A05",
"NET-1243-A05",
"NET-1345-A02",
"NET-1633-A02",
"NET-1787-A12",
"NET-465-A02",
"NET-465-A07",
"NET-928-A02",
"PRC-012-A01",
"SEC-1223-A05",
"SEC-1232-A07",
"SEC-171-A47",
"SEC-2445-A01",
"SEC-2643-A07",
"SEC-2781-A01",
"SEC-2853-A02",
"SEC-3157-A03",
"SEC-3157-A07",
"SEC-387-A10",
"SEC-387-A24",
"SEC-3870",
"SEC-4010-A09",
"SEC-4021-A03",
"SEC-418-A15",
"SEC-4254-A03",
"SEC-4561",
"SEC-4561-A02",
"SEC-4566-A04",
"SEC-4593-A03",
"SEC-4593-A04",
"SEC-5610",
"SEC-5640-A04",
"SEC-5792-A01",
"SEC-5915-A05",
"SEC-5915-A06",
"SEC-5915-A07",
"SEC-5915-A08",
"SEC-6775",
"SEC-7686-A05",
"SEC-7793-A05",
"SEC-7962-A07",
"SEC-7984",
"SEC-7984-A01",
"SEC-7984-A04",
"SEC-7984-A08",
"SEC-8103-A02",
"SEC-8244",
"SEC-8825-A04",
"SEC-8825-A05",
"SEC-8847-A02",
"SEC-9065-A01"
],
"member_count": 530,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.82,
"source_meta_cluster": "M4",
"cluster_size": 159,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"merged_from": [
"mfa_privileged_access"
]
},
{
"id": "strong_crypto_authentication",
"name": "Kryptographische Verfahren fuer Authentifizierung",
"description": "Authentifizierungsmechanismen muessen auf robusten, anerkannten kryptographischen Verfahren beruhen und gegen Angriffe robust sein.",
"tier": "LEGAL_MINIMUM",
"family": "authentication",
"subdomain": "credential",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "LEGAL_BASIS",
"legal_basis": [
{
"source": "CRA",
"regulation_code": "eu_2024_2847",
"anchor": "Annex I (2)(e)",
"citation": "protect the confidentiality... through state-of-the-art mechanisms incl. encryption"
}
],
"guidance_basis": [
{
"source": "BSI",
"anchor": "TR-02102",
"role": "best_practice"
},
{
"source": "Ephemere Schluessel bei Authentifizierung",
"anchor": "",
"role": "implementation_guidance",
"merged_from": "ephemeral_key_auth"
},
{
"source": "Nachrichtenauthentifizierung (MAC)",
"anchor": "",
"role": "implementation_guidance",
"merged_from": "message_authentication_codes"
},
{
"source": "Replay-Schutz mit Nonces",
"anchor": "",
"role": "implementation_guidance",
"merged_from": "replay_protection_nonce"
},
{
"source": "Challenge-Response-Authentifizierung",
"anchor": "",
"role": "implementation_guidance",
"merged_from": "challenge_response_auth"
},
{
"source": "Datenursprungs-/Domaenenauthentifizierung",
"anchor": "",
"role": "implementation_guidance",
"merged_from": "data_origin_authentication"
},
{
"source": "Zugelassene Hash-Funktionen fuer Authentifizierung",
"anchor": "",
"role": "implementation_guidance",
"merged_from": "approved_hash_functions"
}
],
"member_review_units": [
"M1",
"M16",
"M59",
"M82",
"M85",
"M96",
"M106",
"M140",
"M143"
],
"member_controls": [
"ACC-001-A14",
"ACC-001-A17",
"ACC-001-A29",
"ACC-0357",
"ACC-0357-A01",
"ACC-0357-A02",
"ACC-0357-A03",
"ACC-0357-A06",
"ACC-0410-A03",
"ACC-082-A08",
"ACC-082-A09",
"ACC-082-A17",
"ACC-082-A18",
"ACC-320-A16",
"ACC-320-A18",
"ACC-320-A24",
"ACC-320-A34",
"ACC-320-A40",
"ACC-320-A48",
"ACC-478-A08",
"ACC-499-A07",
"ACC-508-A06",
"ACC-559-A04",
"ACC-578-A07",
"ACC-607",
"AI-052-A28",
"AI-052-A29",
"AI-1027",
"AI-1027-A06",
"AI-797-A09",
"AI-797-A18",
"AI-797-A36",
"AI-797-A45",
"AI-924-A13",
"AI-924-A14",
"AUT-001",
"AUT-002",
"AUTH-008-A25",
"AUTH-1005-A01",
"AUTH-1049-A56",
"AUTH-1050-A13",
"AUTH-1052-A13",
"AUTH-1052-A22",
"AUTH-1052-A36",
"AUTH-1061-A75",
"AUTH-1084",
"AUTH-1095-A02",
"AUTH-1096",
"AUTH-1096-A01",
"AUTH-1102-A14",
"AUTH-112-A04",
"AUTH-112-A17",
"AUTH-1288",
"AUTH-1300-A05",
"AUTH-1313-A04",
"AUTH-1314-A03",
"AUTH-1445-A02",
"AUTH-1463-A04",
"AUTH-1463-A09",
"AUTH-1466-A09",
"AUTH-1468-A01",
"AUTH-1468-A06",
"AUTH-1524-A04",
"AUTH-1529-A04",
"AUTH-1648",
"AUTH-1648-A05",
"AUTH-1649-A02",
"AUTH-1650-A05",
"AUTH-1650-A06",
"AUTH-1658",
"AUTH-1658-A01",
"AUTH-1658-A03",
"AUTH-1658-A04",
"AUTH-1658-A06",
"AUTH-1658-A07",
"AUTH-1658-A10",
"AUTH-1660",
"AUTH-1660-A03",
"AUTH-1664",
"AUTH-1667-A07",
"AUTH-1669-A05",
"AUTH-1669-A06",
"AUTH-1671-A08",
"AUTH-1678",
"AUTH-1678-A06",
"AUTH-1679",
"AUTH-1679-A02",
"AUTH-1680",
"AUTH-1680-A03",
"AUTH-1680-A06",
"AUTH-1681",
"AUTH-1681-A01",
"AUTH-1688",
"AUTH-1692-A05",
"AUTH-1693-A07",
"AUTH-1702-A06",
"AUTH-1711-A06",
"AUTH-1742-A01",
"AUTH-1742-A07",
"AUTH-1750-A03",
"AUTH-1759-A05",
"AUTH-1776-A08",
"AUTH-1779",
"AUTH-1779-A01",
"AUTH-1790",
"AUTH-1808-A03",
"AUTH-1815",
"AUTH-1815-A01",
"AUTH-1817-A01",
"AUTH-1817-A03",
"AUTH-1818-A11",
"AUTH-1831-A03",
"AUTH-1835",
"AUTH-1835-A01",
"AUTH-1839",
"AUTH-1839-A01",
"AUTH-1839-A02",
"AUTH-1839-A04",
"AUTH-1843-A02",
"AUTH-1844",
"AUTH-1845-A04",
"AUTH-1846",
"AUTH-1849",
"AUTH-1858-A01",
"AUTH-1860",
"AUTH-1860-A02",
"AUTH-1860-A05",
"AUTH-1860-A08",
"AUTH-1860-A09",
"AUTH-1862-A09",
"AUTH-1864",
"AUTH-1864-A01",
"AUTH-1864-A02",
"AUTH-1864-A04",
"AUTH-1864-A05",
"AUTH-1864-A06",
"AUTH-1864-A07",
"AUTH-1864-A08",
"AUTH-1865-A12",
"AUTH-187-A11",
"AUTH-1908",
"AUTH-1910",
"AUTH-1910-A01",
"AUTH-1910-A03",
"AUTH-1910-A04",
"AUTH-1910-A05",
"AUTH-1910-A07",
"AUTH-1910-A08",
"AUTH-1910-A10",
"AUTH-1911-A02",
"AUTH-1912-A02",
"AUTH-1912-A06",
"AUTH-1912-A07",
"AUTH-1919-A07",
"AUTH-1930-A01",
"AUTH-1932-A03",
"AUTH-1933",
"AUTH-1935",
"AUTH-1940-A01",
"AUTH-1940-A04",
"AUTH-1944",
"AUTH-1944-A01",
"AUTH-1947",
"AUTH-1949",
"AUTH-1949-A01",
"AUTH-1949-A07",
"AUTH-1949-A08",
"AUTH-1949-A09",
"AUTH-2121-A04",
"AUTH-2315-A04",
"AUTH-2338-A09",
"AUTH-2368-A07",
"AUTH-2382",
"AUTH-2399-A07",
"AUTH-2405-A06",
"AUTH-2444-A02",
"AUTH-2553",
"AUTH-2553-A02",
"AUTH-2689-A06",
"AUTH-2793",
"AUTH-2793-A02",
"AUTH-2793-A04",
"AUTH-2805-A06",
"AUTH-2805-A11",
"AUTH-2822",
"AUTH-2850",
"AUTH-2851-A10",
"AUTH-2852-A02",
"AUTH-2873-A02",
"AUTH-2879",
"AUTH-2883-A06",
"AUTH-2913-A04",
"AUTH-2930-A12",
"AUTH-2979-A07",
"AUTH-3004",
"AUTH-3021-A03",
"AUTH-3024",
"AUTH-3024-A03",
"AUTH-3045-A04",
"AUTH-3068-A06",
"AUTH-3074-A04",
"AUTH-3075-A04",
"AUTH-3082-A10",
"AUTH-3150-A02",
"AUTH-3150-A08",
"AUTH-3154-A05",
"AUTH-3155-A09",
"AUTH-3266-A07",
"AUTH-3279-A01",
"AUTH-3305-A05",
"AUTH-3305-A08",
"AUTH-3455-A08",
"AUTH-3460-A04",
"AUTH-3461-A03",
"AUTH-3461-A05",
"AUTH-3486-A10",
"AUTH-3541-A03",
"AUTH-3541-A06",
"AUTH-3541-A08",
"AUTH-3542-A06",
"AUTH-3545-A07",
"AUTH-3550",
"AUTH-3550-A01",
"AUTH-3554-A02",
"AUTH-3595",
"AUTH-3595-A06",
"AUTH-3595-A08",
"AUTH-3596",
"AUTH-3596-A04",
"AUTH-3597-A06",
"AUTH-3597-A10",
"AUTH-3599-A04",
"AUTH-3624-A06",
"AUTH-3638",
"AUTH-3642-A04",
"AUTH-3644",
"AUTH-3751-A08",
"AUTH-3948-A04",
"AUTH-3958-A02",
"AUTH-3963-A03",
"AUTH-3964-A07",
"AUTH-3993",
"AUTH-3993-A02",
"AUTH-4027-A02",
"AUTH-4030-A03",
"AUTH-4031-A08",
"AUTH-4032-A02",
"AUTH-4032-A14",
"AUTH-4036-A04",
"AUTH-4040",
"AUTH-4085",
"AUTH-4085-A01",
"AUTH-4095-A17",
"AUTH-452-A04",
"AUTH-474-A07",
"AUTH-494-A02",
"AUTH-505",
"AUTH-505-A02",
"AUTH-505-A06",
"AUTH-515",
"AUTH-515-A02",
"AUTH-515-A03",
"AUTH-515-A04",
"AUTH-515-A07",
"AUTH-524-A02",
"AUTH-524-A06",
"AUTH-524-A09",
"AUTH-550",
"AUTH-550-A01",
"AUTH-550-A06",
"AUTH-558-A01",
"AUTH-559-A04",
"AUTH-559-A13",
"AUTH-584-A06",
"AUTH-586",
"AUTH-586-A01",
"AUTH-615-A06",
"AUTH-623-A07",
"AUTH-623-A08",
"AUTH-666",
"AUTH-666-A01",
"AUTH-700-A01",
"AUTH-710-A06",
"AUTH-732-A01",
"AUTH-743-A04",
"AUTH-743-A10",
"AUTH-751",
"AUTH-751-A05",
"AUTH-751-A06",
"AUTH-751-A07",
"AUTH-751-A08",
"AUTH-762-A11",
"AUTH-774-A01",
"AUTH-783",
"AUTH-784-A08",
"AUTH-784-A09",
"AUTH-789-A03",
"AUTH-804-A05",
"AUTH-818-A19",
"AUTH-820",
"AUTH-820-A01",
"AUTH-822-A06",
"AUTH-822-A08",
"AUTH-824-A15",
"AUTH-836",
"AUTH-836-A01",
"AUTH-836-A02",
"AUTH-836-A06",
"AUTH-836-A08",
"AUTH-836-A09",
"AUTH-836-A12",
"AUTH-836-A17",
"AUTH-836-A18",
"AUTH-837-A07",
"AUTH-845-A07",
"AUTH-845-A19",
"AUTH-845-A29",
"AUTH-845-A39",
"AUTH-845-A55",
"AUTH-846-A04",
"AUTH-846-A09",
"AUTH-846-A13",
"AUTH-846-A19",
"AUTH-846-A23",
"AUTH-846-A29",
"AUTH-846-A33",
"AUTH-846-A38",
"AUTH-846-A42",
"AUTH-846-A48",
"AUTH-849-A26",
"AUTH-849-A27",
"AUTH-849-A31",
"AUTH-849-A32",
"AUTH-849-A43",
"AUTH-849-A44",
"AUTH-849-A46",
"AUTH-849-A47",
"AUTH-849-A58",
"AUTH-849-A59",
"AUTH-898",
"AUTH-898-A09",
"AUTH-898-A17",
"AUTH-925-A05",
"AUTH-925-A06",
"AUTH-925-A12",
"AUTH-944",
"AUTH-944-A05",
"AUTH-986-A08",
"AUTH-986-A09",
"COMP-1055",
"COMP-1264-A04",
"COMP-1266",
"COMP-1883-A07",
"COMP-1904-A06",
"COMP-1904-A07",
"COMP-2028-A07",
"COMP-2060-A01",
"COMP-2129-A04",
"CRYP-1116-A02",
"CRYP-1134-A06",
"CRYP-1150-A06",
"CRYP-1162-A04",
"CRYP-1201-A01",
"CRYP-1203-A01",
"CRYP-1210-A09",
"CRYP-1217-A02",
"CRYP-1267",
"CRYP-1267-A02",
"CRYP-1286",
"CRYP-1286-A02",
"CRYP-1288-A10",
"CRYP-1293-A08",
"CRYP-1299-A09",
"CRYP-1316-A05",
"CRYP-1336",
"CRYP-1336-A02",
"CRYP-1336-A06",
"CRYP-1372-A05",
"CRYP-1378",
"CRYP-1382",
"CRYP-1385",
"CRYP-1385-A03",
"CRYP-1385-A05",
"CRYP-1385-A07",
"CRYP-1389",
"CRYP-1404",
"CRYP-1421",
"CRYP-1421-A01",
"CRYP-1421-A07",
"CRYP-1421-A10",
"CRYP-1424-A03",
"CRYP-1433-A07",
"CRYP-1434-A03",
"CRYP-1449-A04",
"CRYP-1449-A11",
"CRYP-1463",
"CRYP-1463-A03",
"CRYP-1467-A03",
"CRYP-1467-A08",
"CRYP-1469-A02",
"CRYP-1469-A07",
"CRYP-1469-A08",
"CRYP-1475",
"CRYP-1520-A05",
"CRYP-1520-A10",
"CRYP-1522-A02",
"CRYP-1523",
"CRYP-1523-A02",
"CRYP-1523-A04",
"CRYP-1523-A08",
"CRYP-1524-A04",
"CRYP-1525-A08",
"CRYP-1531-A02",
"CRYP-1531-A05",
"CRYP-1535",
"CRYP-1535-A04",
"CRYP-1535-A05",
"CRYP-1535-A11",
"CRYP-1537",
"CRYP-1539-A03",
"CRYP-1539-A08",
"CRYP-1725-A02",
"CRYP-1750-A09",
"CRYP-1750-A13",
"CRYP-1793",
"CRYP-1864-A05",
"CRYP-193-A03",
"CRYP-1993-A03",
"CRYP-2142-A06",
"CRYP-2148-A01",
"CRYP-2148-A06",
"CRYP-2179-A09",
"CRYP-2334",
"CRYP-637-A10",
"CRYP-713-A07",
"CRYP-738-A06",
"CRYP-790",
"CRYP-796-A08",
"CRYP-809",
"CRYP-809-A01",
"CRYP-848",
"DATA-1274-A03",
"DATA-1499-A06",
"DATA-2427-A06",
"DATA-2493-A12",
"DATA-2510-A07",
"DATA-3376-A06",
"DATA-4225-A04",
"DATA-4317-A05",
"DATA-879-A07",
"DATA-879-A10",
"DATA-879-A14",
"GOV-1439-A09",
"GOV-1732-A01",
"GOV-1733-A04",
"GOV-180-A06",
"GOV-180-A12",
"GOV-2076-A13",
"GOV-3110-A02",
"IDF-004",
"IDF-004-A01",
"IDF-006",
"INC-978-A09",
"INC-978-A10",
"INC-978-A11",
"LOG-107-A02",
"LOG-1861-A06",
"MSG-003",
"NET-1015-A02",
"NET-1233-A07",
"NET-1293-A02",
"NET-1467-A13",
"NET-1482-A11",
"NET-651-A03",
"NET-651-A13",
"NET-651-A23",
"NET-651-A33",
"NET-651-A43",
"NET-651-A54",
"NET-758-A01",
"NET-758-A07",
"NET-758-A14",
"NET-758-A20",
"NET-758-A28",
"NET-857-A06",
"NET-857-A12",
"NET-860-A09",
"NET-879-A03",
"NET-991-A07",
"NET-991-A08",
"SEC-052-A06",
"SEC-093-A05",
"SEC-093-A06",
"SEC-2176-A03",
"SEC-2643-A15",
"SEC-2738-A06",
"SEC-2809",
"SEC-2809-A02",
"SEC-2809-A03",
"SEC-2809-A05",
"SEC-2809-A09",
"SEC-2839-A02",
"SEC-2845-A09",
"SEC-3383-A03",
"SEC-3605",
"SEC-3728-A11",
"SEC-3740-A03",
"SEC-3965-A02",
"SEC-4015-A08",
"SEC-4089-A08",
"SEC-4090",
"SEC-4090-A04",
"SEC-4090-A05",
"SEC-4090-A08",
"SEC-4217",
"SEC-4292-A11",
"SEC-4292-A12",
"SEC-4295",
"SEC-4295-A01",
"SEC-4508",
"SEC-4509-A07",
"SEC-4513-A07",
"SEC-4560-A03",
"SEC-5435-A03",
"SEC-5505-A05",
"SEC-5767-A01",
"SEC-6784-A08",
"SEC-6804-A01",
"SEC-6804-A02",
"SEC-6833-A07",
"SEC-7984-A07",
"SEC-8241-A01",
"SEC-8257-A10"
],
"member_count": 533,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.85,
"source_meta_cluster": "M1",
"cluster_size": 234,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "credential_lifecycle_management",
"name": "Verwaltung von Authentifizierungsmitteln (Lifecycle)",
"description": "Authentifizierungsmittel sind ueber ihren gesamten Lebenszyklus (Ausstellung, Erneuerung, Sperrung, Loeschung) zu verwalten und aktuell zu halten.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "credential",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "ISO",
"anchor": "ISO 27001 A.5.17",
"role": "best_practice"
},
{
"source": "NIST",
"anchor": "MP-06",
"role": "best_practice"
}
],
"member_review_units": [
"M1",
"M30",
"M44",
"M63",
"M93"
],
"member_controls": [
"ACC-001-A14",
"ACC-001-A17",
"ACC-001-A29",
"ACC-0410-A03",
"ACC-082-A08",
"ACC-082-A09",
"ACC-082-A17",
"ACC-082-A18",
"ACC-320-A16",
"ACC-320-A18",
"ACC-320-A24",
"ACC-320-A34",
"ACC-320-A40",
"ACC-320-A48",
"ACC-478-A08",
"ACC-499-A07",
"ACC-508-A06",
"ACC-559-A04",
"ACC-578-A07",
"ACC-607",
"AI-052-A28",
"AI-052-A29",
"AI-797-A09",
"AI-797-A18",
"AI-797-A36",
"AI-797-A45",
"AI-924-A13",
"AI-924-A14",
"AUTH-008-A25",
"AUTH-1049-A35",
"AUTH-1049-A50",
"AUTH-1049-A56",
"AUTH-1050-A13",
"AUTH-1061-A75",
"AUTH-1084",
"AUTH-1095-A02",
"AUTH-1096",
"AUTH-1096-A01",
"AUTH-1102-A14",
"AUTH-112-A04",
"AUTH-112-A17",
"AUTH-1288",
"AUTH-1300-A05",
"AUTH-1313-A04",
"AUTH-1314-A03",
"AUTH-1445-A02",
"AUTH-1463-A04",
"AUTH-1463-A09",
"AUTH-1466-A09",
"AUTH-1468-A01",
"AUTH-1468-A06",
"AUTH-1480",
"AUTH-1480-A01",
"AUTH-1524-A04",
"AUTH-1529-A04",
"AUTH-1637",
"AUTH-1637-A01",
"AUTH-1661-A01",
"AUTH-1669-A05",
"AUTH-1669-A06",
"AUTH-1670",
"AUTH-1677-A02",
"AUTH-1677-A08",
"AUTH-1678-A03",
"AUTH-1679",
"AUTH-1679-A02",
"AUTH-1700-A03",
"AUTH-1706",
"AUTH-1706-A01",
"AUTH-1706-A02",
"AUTH-1706-A07",
"AUTH-1706-A08",
"AUTH-1711-A06",
"AUTH-1725",
"AUTH-1742-A01",
"AUTH-1742-A07",
"AUTH-1746",
"AUTH-1746-A01",
"AUTH-1759-A05",
"AUTH-1790",
"AUTH-1813-A07",
"AUTH-1818-A11",
"AUTH-1860-A05",
"AUTH-1860-A08",
"AUTH-1860-A09",
"AUTH-1862-A09",
"AUTH-1865-A12",
"AUTH-187-A11",
"AUTH-1910-A05",
"AUTH-1912-A07",
"AUTH-1940-A04",
"AUTH-2121-A04",
"AUTH-2315-A04",
"AUTH-2338-A09",
"AUTH-2338-A10",
"AUTH-2371-A05",
"AUTH-2399-A07",
"AUTH-2405-A06",
"AUTH-2416-A07",
"AUTH-2438",
"AUTH-2464",
"AUTH-2793",
"AUTH-2793-A02",
"AUTH-2805-A06",
"AUTH-2805-A11",
"AUTH-2817-A01",
"AUTH-2817-A02",
"AUTH-2850",
"AUTH-2851-A10",
"AUTH-2879",
"AUTH-2979-A07",
"AUTH-3004",
"AUTH-3045-A04",
"AUTH-3068",
"AUTH-3068-A01",
"AUTH-3068-A03",
"AUTH-3068-A05",
"AUTH-3068-A06",
"AUTH-3073-A01",
"AUTH-3082-A10",
"AUTH-3161",
"AUTH-3258-A08",
"AUTH-3266-A07",
"AUTH-3460-A04",
"AUTH-3461-A03",
"AUTH-3461-A05",
"AUTH-3486-A10",
"AUTH-3541-A06",
"AUTH-3542-A06",
"AUTH-3554-A01",
"AUTH-3554-A02",
"AUTH-3554-A05",
"AUTH-3595",
"AUTH-3595-A06",
"AUTH-3595-A08",
"AUTH-3596",
"AUTH-3596-A04",
"AUTH-3597-A06",
"AUTH-3599-A04",
"AUTH-3638",
"AUTH-3712",
"AUTH-3751-A08",
"AUTH-3948-A04",
"AUTH-3958-A02",
"AUTH-3964-A07",
"AUTH-3993",
"AUTH-3993-A02",
"AUTH-4006-A14",
"AUTH-4027-A02",
"AUTH-4030-A03",
"AUTH-4031-A08",
"AUTH-4032-A02",
"AUTH-4036-A04",
"AUTH-4085",
"AUTH-4085-A01",
"AUTH-4095-A17",
"AUTH-4130-A03",
"AUTH-4135-A01",
"AUTH-494-A02",
"AUTH-505-A06",
"AUTH-559-A04",
"AUTH-559-A13",
"AUTH-584-A06",
"AUTH-615-A06",
"AUTH-623-A07",
"AUTH-623-A08",
"AUTH-710-A06",
"AUTH-732-A01",
"AUTH-743-A04",
"AUTH-743-A10",
"AUTH-751-A05",
"AUTH-751-A06",
"AUTH-751-A07",
"AUTH-751-A08",
"AUTH-762-A11",
"AUTH-774-A01",
"AUTH-784-A08",
"AUTH-784-A09",
"AUTH-804-A05",
"AUTH-822-A06",
"AUTH-822-A08",
"AUTH-824-A15",
"AUTH-827-A04",
"AUTH-827-A13",
"AUTH-836",
"AUTH-836-A01",
"AUTH-836-A02",
"AUTH-836-A06",
"AUTH-836-A08",
"AUTH-836-A09",
"AUTH-836-A12",
"AUTH-836-A17",
"AUTH-836-A18",
"AUTH-837-A07",
"AUTH-845-A07",
"AUTH-845-A19",
"AUTH-845-A29",
"AUTH-845-A39",
"AUTH-845-A55",
"AUTH-846-A09",
"AUTH-846-A19",
"AUTH-846-A29",
"AUTH-846-A38",
"AUTH-846-A48",
"AUTH-849-A26",
"AUTH-849-A27",
"AUTH-849-A31",
"AUTH-849-A32",
"AUTH-849-A43",
"AUTH-849-A44",
"AUTH-849-A46",
"AUTH-849-A47",
"AUTH-849-A58",
"AUTH-849-A59",
"AUTH-925-A05",
"AUTH-925-A06",
"AUTH-925-A12",
"AUTH-986-A08",
"AUTH-986-A09",
"COMP-1264-A04",
"COMP-1904-A06",
"COMP-1904-A07",
"COMP-1960-A07",
"COMP-2129-A04",
"CRYP-1089-A02",
"CRYP-1210-A09",
"CRYP-1214-A04",
"CRYP-1299-A09",
"CRYP-1372-A05",
"CRYP-1433-A07",
"CRYP-1725-A02",
"CRYP-1750-A09",
"CRYP-1751-A10",
"CRYP-1751-A11",
"CRYP-1864-A05",
"CRYP-2142-A06",
"CRYP-2148-A06",
"CRYP-2179-A09",
"CRYP-2334",
"CRYP-637-A10",
"CRYP-713-A07",
"CRYP-738-A06",
"CRYP-790",
"DATA-1240-A08",
"DATA-2493-A12",
"DATA-2510-A07",
"DATA-2572",
"DATA-3376-A06",
"DATA-3649-A14",
"DATA-4225-A04",
"DATA-4317-A05",
"DATA-4666-A04",
"GOV-180-A06",
"GOV-180-A12",
"GOV-2076-A13",
"GOV-3110-A02",
"INC-946-A11",
"LOG-107-A02",
"LOG-1861-A06",
"MSG-003-A03",
"NET-1293-A02",
"NET-857-A06",
"NET-857-A12",
"NET-860-A09",
"SEC-052-A06",
"SEC-093-A05",
"SEC-093-A06",
"SEC-2643-A15",
"SEC-2738-A06",
"SEC-2809",
"SEC-2809-A02",
"SEC-2809-A05",
"SEC-2809-A09",
"SEC-3383-A03",
"SEC-3740-A03",
"SEC-3965-A02",
"SEC-3991",
"SEC-4292-A12",
"SEC-4295",
"SEC-4513-A07",
"SEC-4560-A03",
"SEC-5435-A03",
"SEC-5505-A05",
"SEC-5767-A01",
"SEC-6784-A08",
"SEC-6804-A01",
"SEC-6804-A02",
"SEC-6833-A07",
"SEC-6846-A05",
"SEC-6925-A10",
"SEC-7425-A04",
"SEC-7984-A07"
],
"member_count": 292,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.83,
"source_meta_cluster": "M30",
"cluster_size": 13,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"merged_from": [
"secure_credential_deletion"
]
},
{
"id": "credential_confidentiality_protection",
"name": "Vertraulichkeit von Authentifizierungsmaterial",
"description": "Authentifizierungsgeheimnisse, -daten und -material sind vor unbefugtem Zugriff, Offenlegung und Speicherung in Logs zu schuetzen.",
"tier": "LEGAL_MINIMUM",
"family": "authentication",
"subdomain": "credential",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "LEGAL_BASIS",
"legal_basis": [
{
"source": "CRA",
"regulation_code": "eu_2024_2847",
"anchor": "Annex I (2)(e)",
"citation": "protect the confidentiality of stored, transmitted or otherwise processed data"
}
],
"guidance_basis": [
{
"source": "OWASP",
"anchor": "ASVS V2",
"role": "best_practice"
},
{
"source": "Sichere Speicherung von Authentifizierungsgeheimnissen",
"anchor": "",
"role": "implementation_guidance",
"merged_from": "credential_storage_hashing"
}
],
"member_review_units": [
"M35",
"M122",
"M123",
"M15",
"M37",
"M84"
],
"member_controls": [
"ACC-645-A13",
"ACC-645-A16",
"ACC-690-A02",
"AI-1351-A03",
"AUTH-036",
"AUTH-036-A10",
"AUTH-036-A13",
"AUTH-1099-A01",
"AUTH-1283-A03",
"AUTH-1286",
"AUTH-1295-A02",
"AUTH-1296",
"AUTH-1296-A01",
"AUTH-1300-A02",
"AUTH-1313-A02",
"AUTH-1437-A03",
"AUTH-1441-A07",
"AUTH-1441-A08",
"AUTH-1468-A02",
"AUTH-148-A11",
"AUTH-1524-A03",
"AUTH-1529-A10",
"AUTH-1535",
"AUTH-1535-A06",
"AUTH-1627",
"AUTH-1634",
"AUTH-1634-A01",
"AUTH-1640-A02",
"AUTH-1646",
"AUTH-1669",
"AUTH-1669-A01",
"AUTH-1669-A02",
"AUTH-1693",
"AUTH-1693-A01",
"AUTH-1694",
"AUTH-1694-A01",
"AUTH-1694-A02",
"AUTH-1721-A01",
"AUTH-1734-A02",
"AUTH-1747",
"AUTH-1817",
"AUTH-1819-A02",
"AUTH-1820",
"AUTH-1836-A02",
"AUTH-1858",
"AUTH-1865",
"AUTH-1865-A01",
"AUTH-1865-A08",
"AUTH-1877-A04",
"AUTH-1915",
"AUTH-1915-A01",
"AUTH-1919",
"AUTH-1949-A06",
"AUTH-2167-A01",
"AUTH-2317-A02",
"AUTH-2317-A06",
"AUTH-2333-A03",
"AUTH-2375-A05",
"AUTH-2416",
"AUTH-2416-A05",
"AUTH-2416-A08",
"AUTH-2419-A06",
"AUTH-2423",
"AUTH-2423-A04",
"AUTH-2425",
"AUTH-2430-A01",
"AUTH-2466-A08",
"AUTH-2466-A11",
"AUTH-2486",
"AUTH-2553-A12",
"AUTH-2650",
"AUTH-2650-A01",
"AUTH-2793-A01",
"AUTH-2805",
"AUTH-2805-A01",
"AUTH-2805-A02",
"AUTH-2805-A03",
"AUTH-2805-A04",
"AUTH-2805-A05",
"AUTH-2850-A02",
"AUTH-2850-A04",
"AUTH-2875-A02",
"AUTH-2886-A04",
"AUTH-2921",
"AUTH-2922-A06",
"AUTH-2923-A01",
"AUTH-2930-A07",
"AUTH-2933-A04",
"AUTH-2935",
"AUTH-2935-A08",
"AUTH-2937",
"AUTH-2937-A05",
"AUTH-2940",
"AUTH-2945",
"AUTH-2953",
"AUTH-2956",
"AUTH-2974-A03",
"AUTH-2975",
"AUTH-2995",
"AUTH-2996-A05",
"AUTH-3010",
"AUTH-3013-A10",
"AUTH-3016-A14",
"AUTH-3017-A07",
"AUTH-3018-A05",
"AUTH-3024-A03",
"AUTH-3074-A01",
"AUTH-3151-A04",
"AUTH-3255",
"AUTH-3255-A02",
"AUTH-3258-A02",
"AUTH-3258-A05",
"AUTH-3279",
"AUTH-3305",
"AUTH-3425-A03",
"AUTH-3430-A01",
"AUTH-3430-A02",
"AUTH-3550-A02",
"AUTH-3597-A01",
"AUTH-3643",
"AUTH-3645-A07",
"AUTH-3652",
"AUTH-3652-A01",
"AUTH-3652-A02",
"AUTH-3652-A03",
"AUTH-3652-A04",
"AUTH-3652-A09",
"AUTH-3672",
"AUTH-3751-A02",
"AUTH-3751-A04",
"AUTH-3865-A07",
"AUTH-3906-A14",
"AUTH-3908-A04",
"AUTH-3929",
"AUTH-3955-A07",
"AUTH-3958-A01",
"AUTH-3958-A06",
"AUTH-3984",
"AUTH-3984-A03",
"AUTH-3987",
"AUTH-3987-A02",
"AUTH-4050",
"AUTH-4121-A02",
"AUTH-577-A06",
"AUTH-592-A04",
"AUTH-625",
"AUTH-625-A01",
"AUTH-655",
"AUTH-655-A01",
"AUTH-655-A04",
"AUTH-655-A08",
"AUTH-655-A15",
"AUTH-670",
"AUTH-674-A03",
"AUTH-674-A04",
"AUTH-675-A03",
"AUTH-700-A03",
"AUTH-710-A02",
"AUTH-718",
"AUTH-732-A02",
"AUTH-732-A03",
"AUTH-734-A10",
"AUTH-748",
"AUTH-748-A02",
"AUTH-748-A04",
"AUTH-748-A09",
"AUTH-750",
"AUTH-763",
"AUTH-771-A02",
"AUTH-783",
"AUTH-784-A04",
"AUTH-784-A05",
"AUTH-784-A06",
"AUTH-789",
"AUTH-789-A01",
"AUTH-818-A08",
"AUTH-818-A14",
"AUTH-833-A04",
"AUTH-833-A09",
"AUTH-836-A03",
"AUTH-836-A10",
"AUTH-836-A14",
"AUTH-843-A05",
"AUTH-843-A14",
"AUTH-843-A23",
"AUTH-843-A33",
"AUTH-843-A43",
"AUTH-843-A50",
"AUTH-846-A05",
"AUTH-846-A14",
"AUTH-846-A24",
"AUTH-846-A34",
"AUTH-846-A43",
"AUTH-849-A02",
"AUTH-849-A04",
"AUTH-849-A11",
"AUTH-849-A13",
"AUTH-849-A18",
"AUTH-849-A20",
"AUTH-849-A35",
"AUTH-849-A37",
"AUTH-849-A50",
"AUTH-850",
"AUTH-850-A05",
"AUTH-850-A09",
"AUTH-850-A15",
"AUTH-850-A34",
"AUTH-919",
"AUTH-925-A02",
"AUTH-925-A09",
"AUTH-925-A17",
"AUTH-934",
"AUTH-934-A01",
"AUTH-934-A02",
"AUTH-934-A03",
"AUTH-934-A04",
"AUTH-934-A09",
"AUTH-934-A10",
"AUTH-934-A11",
"AUTH-934-A12",
"AUTH-934-A18",
"AUTH-934-A19",
"AUTH-934-A20",
"AUTH-934-A21",
"AUTH-934-A27",
"AUTH-934-A28",
"AUTH-934-A29",
"AUTH-934-A30",
"AUTH-934-A40",
"AUTH-934-A41",
"AUTH-934-A42",
"AUTH-934-A43",
"AUTH-987",
"AUTH-987-A01",
"AUTH-987-A23",
"AUTH-987-A24",
"COMP-1264",
"COMP-1735-A09",
"COMP-1745-A03",
"COMP-262-A01",
"COMP-2876-A05",
"COMP-3431-A02",
"COMP-3983",
"COMP-3983-A13",
"CRYP-1124",
"CRYP-1124-A01",
"CRYP-1124-A04",
"CRYP-1124-A08",
"CRYP-1134-A05",
"CRYP-1159-A02",
"CRYP-1239-A01",
"CRYP-1255",
"CRYP-1267",
"CRYP-1267-A02",
"CRYP-1271",
"CRYP-1336",
"CRYP-1336-A02",
"CRYP-1336-A06",
"CRYP-1421-A02",
"CRYP-1424-A03",
"CRYP-1434-A03",
"CRYP-1458-A06",
"CRYP-1460-A04",
"CRYP-1475",
"CRYP-1702-A03",
"CRYP-1712-A01",
"CRYP-1732-A01",
"CRYP-191-A02",
"CRYP-1927",
"CRYP-1942-A10",
"CRYP-2101-A02",
"CRYP-2173-A01",
"CRYP-2179",
"CRYP-224-A08",
"CRYP-2254-A04",
"CRYP-2363-A05",
"CRYP-780-A02",
"CRYP-873",
"CRYP-880-A04",
"DATA-4027-A02",
"DATA-720-A02",
"INC-971-A06",
"NET-004-A05",
"NET-004-A09",
"NET-004-A19",
"NET-104-A02",
"NET-104-A10",
"NET-1291-A16",
"NET-1293-A07",
"NET-1309-A01",
"NET-1343-A05",
"NET-1471-A01",
"NET-149-A01",
"NET-149-A11",
"NET-1856-A05",
"SEC-171-A16",
"SEC-171-A34",
"SEC-2035-A04",
"SEC-2153-A03",
"SEC-2809-A04",
"SEC-2853-A04",
"SEC-3195",
"SEC-3223",
"SEC-3223-A09",
"SEC-3643-A08",
"SEC-400-A04",
"SEC-400-A05",
"SEC-400-A21",
"SEC-400-A22",
"SEC-4561-A04",
"SEC-4966-A07",
"SEC-5610-A02",
"SEC-5780",
"SEC-6107-A02",
"SEC-8325"
],
"member_count": 315,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.85,
"source_meta_cluster": "M122",
"cluster_size": 11,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "password_policy",
"name": "Passwort-Richtlinien und Mindestanforderungen",
"description": "Passwortbasierte Authentifizierung muss Mindestlaenge, Komplexitaet und initiale Vergabe gemaess Standard umsetzen.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "password",
"applicability": "conditional:password_based",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "SP 800-63B 5.1.1",
"role": "best_practice"
},
{
"source": "Keine wissensbasierte Authentifizierung als Primaerfaktor",
"anchor": "",
"role": "implementation_guidance",
"merged_from": "no_kba_primary"
}
],
"member_review_units": [
"M26",
"M33",
"M87",
"M104",
"M128"
],
"member_controls": [
"AUTH-001",
"AUTH-046",
"AUTH-1018-A02",
"AUTH-1018-A03",
"AUTH-1067",
"AUTH-1102-A02",
"AUTH-1102-A04",
"AUTH-1275",
"AUTH-1280",
"AUTH-1295-A06",
"AUTH-1303-A01",
"AUTH-1303-A02",
"AUTH-1310-A02",
"AUTH-1314",
"AUTH-1314-A01",
"AUTH-1316",
"AUTH-1426-A03",
"AUTH-1446-A01",
"AUTH-1525",
"AUTH-1529-A03",
"AUTH-1529-A07",
"AUTH-1649-A01",
"AUTH-1649-A03",
"AUTH-1649-A04",
"AUTH-1677-A03",
"AUTH-1682-A02",
"AUTH-1810-A04",
"AUTH-1896",
"AUTH-1896-A02",
"AUTH-1896-A03",
"AUTH-1896-A04",
"AUTH-1901-A03",
"AUTH-1919",
"AUTH-1949-A06",
"AUTH-2317-A06",
"AUTH-2368-A01",
"AUTH-2368-A02",
"AUTH-2368-A05",
"AUTH-2419-A04",
"AUTH-2419-A05",
"AUTH-2452-A01",
"AUTH-2452-A02",
"AUTH-2452-A03",
"AUTH-2452-A08",
"AUTH-2452-A09",
"AUTH-2461",
"AUTH-2461-A01",
"AUTH-2475-A04",
"AUTH-2689",
"AUTH-2689-A01",
"AUTH-2689-A03",
"AUTH-2689-A05",
"AUTH-2822-A02",
"AUTH-2822-A07",
"AUTH-2866-A02",
"AUTH-2873-A03",
"AUTH-2877",
"AUTH-2877-A02",
"AUTH-2886-A01",
"AUTH-2922-A06",
"AUTH-2923-A01",
"AUTH-2930-A01",
"AUTH-2930-A07",
"AUTH-2930-A08",
"AUTH-2937-A04",
"AUTH-2944-A12",
"AUTH-2946-A02",
"AUTH-2953",
"AUTH-2956-A04",
"AUTH-2963-A05",
"AUTH-2965-A05",
"AUTH-2968-A05",
"AUTH-2969-A01",
"AUTH-2978-A04",
"AUTH-2981-A07",
"AUTH-2982-A01",
"AUTH-2987",
"AUTH-2987-A08",
"AUTH-2987-A09",
"AUTH-2993",
"AUTH-2993-A04",
"AUTH-2996-A07",
"AUTH-3002-A06",
"AUTH-3011",
"AUTH-3011-A01",
"AUTH-3012",
"AUTH-3013-A04",
"AUTH-3013-A07",
"AUTH-3013-A10",
"AUTH-3015",
"AUTH-3015-A01",
"AUTH-3015-A02",
"AUTH-3017-A06",
"AUTH-3018",
"AUTH-3018-A04",
"AUTH-3064-A03",
"AUTH-3074-A01",
"AUTH-3151-A03",
"AUTH-3155-A02",
"AUTH-3155-A05",
"AUTH-3305-A01",
"AUTH-3454-A01",
"AUTH-3454-A05",
"AUTH-3454-A06",
"AUTH-3454-A07",
"AUTH-3460",
"AUTH-3460-A06",
"AUTH-3461",
"AUTH-3461-A01",
"AUTH-3461-A07",
"AUTH-3541-A02",
"AUTH-3541-A07",
"AUTH-3594",
"AUTH-3594-A01",
"AUTH-3594-A02",
"AUTH-3594-A07",
"AUTH-3596-A01",
"AUTH-3596-A07",
"AUTH-3635-A05",
"AUTH-3652-A05",
"AUTH-3652-A06",
"AUTH-3654-A02",
"AUTH-3705-A06",
"AUTH-3900",
"AUTH-3900-A01",
"AUTH-3900-A02",
"AUTH-3900-A05",
"AUTH-3906-A03",
"AUTH-3906-A04",
"AUTH-3946-A01",
"AUTH-3955-A02",
"AUTH-3955-A03",
"AUTH-3963-A01",
"AUTH-3963-A02",
"AUTH-3969",
"AUTH-3969-A02",
"AUTH-3982-A01",
"AUTH-3984-A06",
"AUTH-3988-A04",
"AUTH-3999-A04",
"AUTH-4035-A01",
"AUTH-4069-A02",
"AUTH-4072-A13",
"AUTH-4076",
"AUTH-4079-A04",
"AUTH-4123-A02",
"AUTH-4130-A02",
"AUTH-520-A04",
"AUTH-538",
"AUTH-551",
"AUTH-551-A02",
"AUTH-559-A17",
"AUTH-616-A04",
"AUTH-616-A14",
"AUTH-616-A17",
"AUTH-648",
"AUTH-680-A04",
"AUTH-750",
"AUTH-754-A05",
"AUTH-754-A07",
"AUTH-754-A12",
"AUTH-763-A06",
"AUTH-766-A06",
"AUTH-769-A07",
"AUTH-774-A03",
"AUTH-775-A06",
"AUTH-803-A02",
"AUTH-807-A04",
"AUTH-813",
"AUTH-825",
"AUTH-827",
"AUTH-827-A10",
"AUTH-831-A03",
"AUTH-831-A05",
"AUTH-836-A03",
"AUTH-836-A10",
"AUTH-836-A14",
"AUTH-849-A02",
"AUTH-849-A11",
"AUTH-849-A18",
"AUTH-849-A35",
"AUTH-849-A50",
"AUTH-850-A05",
"AUTH-850-A15",
"AUTH-850-A34",
"AUTH-851-A16",
"AUTH-855-A01",
"AUTH-855-A16",
"AUTH-855-A31",
"AUTH-855-A46",
"AUTH-855-A47",
"AUTH-855-A61",
"AUTH-867-A20",
"AUTH-939",
"AUTH-939-A01",
"AUTH-939-A02",
"AUTH-939-A09",
"AUTH-939-A19",
"AUTH-939-A26",
"AUTH-939-A31",
"AUTH-939-A42",
"BND-002-A02",
"BND-002-A04",
"BND-002-A06",
"BND-002-A08",
"COMP-1960-A01",
"COMP-2780-A04",
"COMP-3431-A02",
"CRYP-1079-A07",
"CRYP-1079-A08",
"CRYP-1359-A05",
"CRYP-1652-A09",
"CRYP-1700-A02",
"CRYP-1751-A02",
"CRYP-1819-A01",
"CRYP-1927-A06",
"CRYP-2287",
"CRYP-2301-A06",
"CRYP-2315-A06",
"CRYP-2355-A01",
"CRYP-626-A05",
"CRYP-876-A06",
"DATA-2662-A05",
"DATA-3154-A06",
"DATA-3613-A02",
"DATA-3613-A04",
"DATA-3614-A02",
"GIA-002-A10",
"GOV-3868-A11",
"LOG-967",
"LOG-967-A01",
"LOG-967-A03",
"LOG-967-A05",
"NET-1243-A05",
"NET-1633-A02",
"NET-822-A10",
"SEC-2445-A01",
"SEC-3157-A03",
"SEC-3223-A04",
"SEC-3643-A07",
"SEC-4566-A04",
"SEC-4966-A04",
"SEC-5640-A04",
"SEC-5792-A01",
"SEC-5915-A05",
"SEC-7793-A05",
"SEC-7984",
"SEC-7984-A01",
"SEC-7984-A04",
"SEC-7984-A08",
"SEC-8825-A04",
"SEC-8825-A05",
"SEC-9065-A01"
],
"member_count": 253,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.82,
"source_meta_cluster": "M87",
"cluster_size": 22,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "no_default_credentials",
"name": "Keine Standard-/Default-Credentials",
"description": "Standardpasswoerter und Default-Credentials muessen geaendert/deaktiviert werden; keine Auslieferung mit fest eingestellten Zugangsdaten.",
"tier": "LEGAL_MINIMUM",
"family": "authentication",
"subdomain": "password",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "LEGAL_BASIS",
"legal_basis": [
{
"source": "CRA",
"regulation_code": "eu_2024_2847",
"anchor": "Annex I (2)(a)",
"citation": "be made available with a secure by default configuration"
}
],
"guidance_basis": [],
"member_review_units": [
"M104"
],
"member_controls": [
"AUTH-3017-A06",
"AUTH-3654-A02",
"AUTH-3969",
"AUTH-4123-A02",
"COMP-1960-A01",
"CRYP-1079-A07",
"NET-822-A10",
"SEC-3223-A04",
"SEC-4966-A04"
],
"member_count": 9,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.8,
"source_meta_cluster": "M104",
"cluster_size": 9,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "account_lockout_failed_attempts",
"name": "Account-Sperrung nach fehlgeschlagenen Versuchen",
"description": "Nach wiederholten fehlgeschlagenen Authentifizierungsversuchen sind Lockout-/Rate-Limit-Massnahmen umzusetzen, inkl. biometrischer Versuchszaehlung.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "credential",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "OWASP",
"anchor": "ASVS V2.2",
"role": "best_practice"
}
],
"member_review_units": [
"M43",
"M33",
"M3",
"M88"
],
"member_controls": [
"ACC-0383-A06",
"ACC-0384-A02",
"ACC-0384-A03",
"ACC-082-A06",
"ACC-082-A07",
"ACC-082-A15",
"ACC-082-A16",
"ACC-320",
"ACC-320-A01",
"ACC-320-A02",
"ACC-320-A03",
"ACC-320-A04",
"ACC-320-A06",
"ACC-320-A09",
"ACC-320-A10",
"ACC-320-A11",
"ACC-320-A12",
"ACC-320-A13",
"ACC-320-A17",
"ACC-320-A19",
"ACC-320-A20",
"ACC-320-A21",
"ACC-320-A26",
"ACC-320-A28",
"ACC-320-A29",
"ACC-320-A35",
"ACC-320-A36",
"ACC-320-A37",
"ACC-320-A38",
"ACC-320-A41",
"ACC-320-A42",
"ACC-320-A43",
"ACC-320-A44",
"ACC-320-A45",
"ACC-327-A18",
"ACC-327-A60",
"ACC-427",
"ACC-427-A01",
"ACC-427-A02",
"ACC-427-A03",
"ACC-427-A11",
"ACC-427-A12",
"ACC-490-A04",
"ACC-490-A09",
"ACC-499-A05",
"ACC-504-A09",
"ACC-518-A06",
"ACC-567-A10",
"ACC-584-A05",
"ACC-673-A10",
"ACC-741-A03",
"ACL-004-A04",
"AI-052-A26",
"AI-052-A27",
"AI-1012-A03",
"AI-1012-A04",
"AI-1012-A05",
"AI-1012-A07",
"AI-1027-A07",
"AI-1236-A04",
"AI-1408-A01",
"AI-1417-A06",
"AI-1660-A12",
"AI-1715-A08",
"AI-997-A01",
"AUTH-018",
"AUTH-018-A18",
"AUTH-032",
"AUTH-043",
"AUTH-045",
"AUTH-047-A02",
"AUTH-067-A12",
"AUTH-088-A01",
"AUTH-088-A02",
"AUTH-1004-A01",
"AUTH-1008",
"AUTH-1009-A01",
"AUTH-1009-A03",
"AUTH-1011-A01",
"AUTH-1026",
"AUTH-1026-A01",
"AUTH-1048-A03",
"AUTH-1048-A69",
"AUTH-1087-A04",
"AUTH-1093-A03",
"AUTH-1102-A02",
"AUTH-1102-A04",
"AUTH-1102-A08",
"AUTH-1110-A03",
"AUTH-1135-A03",
"AUTH-1135-A04",
"AUTH-1168-A02",
"AUTH-1168-A03",
"AUTH-1280",
"AUTH-1283-A02",
"AUTH-1293",
"AUTH-1295-A06",
"AUTH-1296-A05",
"AUTH-1298-A02",
"AUTH-1298-A03",
"AUTH-1299-A05",
"AUTH-1303-A03",
"AUTH-1311-A02",
"AUTH-1313-A01",
"AUTH-1316",
"AUTH-1426-A03",
"AUTH-1426-A05",
"AUTH-1426-A06",
"AUTH-1437",
"AUTH-1437-A01",
"AUTH-1437-A02",
"AUTH-1437-A06",
"AUTH-1445-A04",
"AUTH-1448-A01",
"AUTH-1455",
"AUTH-1455-A01",
"AUTH-1455-A07",
"AUTH-1463-A02",
"AUTH-1464-A04",
"AUTH-1464-A05",
"AUTH-1464-A07",
"AUTH-1466-A04",
"AUTH-1466-A08",
"AUTH-1522-A04",
"AUTH-1524",
"AUTH-1524-A01",
"AUTH-1524-A02",
"AUTH-1525",
"AUTH-1529-A03",
"AUTH-1529-A06",
"AUTH-1529-A07",
"AUTH-1535-A02",
"AUTH-1538-A01",
"AUTH-1538-A10",
"AUTH-1576-A01",
"AUTH-1579-A01",
"AUTH-1623-A04",
"AUTH-1623-A07",
"AUTH-1623-A08",
"AUTH-1624-A11",
"AUTH-1633-A01",
"AUTH-1634-A06",
"AUTH-1635-A06",
"AUTH-1640-A01",
"AUTH-1640-A03",
"AUTH-1649-A04",
"AUTH-1652-A07",
"AUTH-1654",
"AUTH-1654-A01",
"AUTH-1654-A02",
"AUTH-1654-A03",
"AUTH-1654-A05",
"AUTH-1666-A04",
"AUTH-1669-A07",
"AUTH-1673-A08",
"AUTH-1675-A07",
"AUTH-1677-A03",
"AUTH-1678-A02",
"AUTH-1678-A07",
"AUTH-1682-A02",
"AUTH-1694-A06",
"AUTH-1695",
"AUTH-1701-A09",
"AUTH-1702-A03",
"AUTH-1706-A05",
"AUTH-1706-A09",
"AUTH-1709-A05",
"AUTH-1711-A02",
"AUTH-1711-A04",
"AUTH-1711-A07",
"AUTH-1711-A10",
"AUTH-1720-A08",
"AUTH-1721-A03",
"AUTH-1752-A05",
"AUTH-1752-A10",
"AUTH-1753-A05",
"AUTH-1753-A07",
"AUTH-1806",
"AUTH-1808-A07",
"AUTH-1809",
"AUTH-1809-A02",
"AUTH-1809-A06",
"AUTH-1810",
"AUTH-1810-A01",
"AUTH-1810-A04",
"AUTH-1810-A06",
"AUTH-1812",
"AUTH-1812-A01",
"AUTH-1812-A02",
"AUTH-1814-A01",
"AUTH-1820-A04",
"AUTH-1820-A06",
"AUTH-1823",
"AUTH-1823-A01",
"AUTH-1823-A02",
"AUTH-1827-A04",
"AUTH-1829-A01",
"AUTH-1830-A02",
"AUTH-1830-A03",
"AUTH-1830-A06",
"AUTH-1830-A08",
"AUTH-1831-A05",
"AUTH-1835-A08",
"AUTH-1839-A05",
"AUTH-1843-A07",
"AUTH-1843-A08",
"AUTH-1843-A09",
"AUTH-1859",
"AUTH-1877-A06",
"AUTH-1877-A08",
"AUTH-1896-A04",
"AUTH-1909-A02",
"AUTH-1909-A07",
"AUTH-1909-A08",
"AUTH-1910-A11",
"AUTH-1911-A01",
"AUTH-1911-A05",
"AUTH-1913",
"AUTH-1915-A03",
"AUTH-1915-A08",
"AUTH-1916-A01",
"AUTH-1916-A05",
"AUTH-1917-A04",
"AUTH-1917-A08",
"AUTH-1931-A05",
"AUTH-1933",
"AUTH-1935",
"AUTH-1936-A11",
"AUTH-1943-A07",
"AUTH-1944",
"AUTH-1944-A01",
"AUTH-1945-A07",
"AUTH-1945-A09",
"AUTH-1946-A04",
"AUTH-1947-A07",
"AUTH-1952",
"AUTH-1952-A02",
"AUTH-1952-A03",
"AUTH-1952-A05",
"AUTH-1952-A06",
"AUTH-1952-A07",
"AUTH-1952-A08",
"AUTH-1959",
"AUTH-1959-A02",
"AUTH-1959-A04",
"AUTH-1959-A05",
"AUTH-1959-A06",
"AUTH-1959-A08",
"AUTH-2280",
"AUTH-2280-A01",
"AUTH-2331-A08",
"AUTH-2333-A01",
"AUTH-2333-A02",
"AUTH-2338-A04",
"AUTH-2338-A06",
"AUTH-2345-A03",
"AUTH-2345-A04",
"AUTH-2368-A03",
"AUTH-2368-A05",
"AUTH-2372-A01",
"AUTH-2382-A01",
"AUTH-2399",
"AUTH-2399-A04",
"AUTH-2403",
"AUTH-2403-A03",
"AUTH-2403-A06",
"AUTH-2405-A05",
"AUTH-2411",
"AUTH-2413",
"AUTH-2413-A01",
"AUTH-2413-A03",
"AUTH-2416-A01",
"AUTH-2416-A03",
"AUTH-2417-A04",
"AUTH-2417-A11",
"AUTH-2417-A13",
"AUTH-2419-A04",
"AUTH-2419-A05",
"AUTH-2421-A03",
"AUTH-2444-A01",
"AUTH-2444-A07",
"AUTH-2444-A08",
"AUTH-2451-A04",
"AUTH-2464-A03",
"AUTH-2660-A02",
"AUTH-2678",
"AUTH-2678-A01",
"AUTH-2779",
"AUTH-2781-A03",
"AUTH-2801",
"AUTH-2801-A03",
"AUTH-2817",
"AUTH-2851",
"AUTH-2852",
"AUTH-2866-A02",
"AUTH-2866-A03",
"AUTH-2873-A01",
"AUTH-2873-A05",
"AUTH-2873-A07",
"AUTH-2875-A01",
"AUTH-2877",
"AUTH-2877-A01",
"AUTH-2877-A02",
"AUTH-2877-A05",
"AUTH-2880-A01",
"AUTH-2883",
"AUTH-2883-A01",
"AUTH-2883-A02",
"AUTH-2906-A01",
"AUTH-2906-A08",
"AUTH-2921-A12",
"AUTH-2935-A06",
"AUTH-2939-A04",
"AUTH-2943-A01",
"AUTH-2943-A08",
"AUTH-2946",
"AUTH-2946-A02",
"AUTH-2949-A06",
"AUTH-2949-A09",
"AUTH-2958-A07",
"AUTH-2959-A03",
"AUTH-2960-A08",
"AUTH-2963-A05",
"AUTH-2964",
"AUTH-2966-A04",
"AUTH-2967-A05",
"AUTH-2970-A02",
"AUTH-2970-A03",
"AUTH-2970-A05",
"AUTH-2970-A07",
"AUTH-2970-A08",
"AUTH-2980",
"AUTH-2981-A08",
"AUTH-2984",
"AUTH-2987",
"AUTH-2987-A06",
"AUTH-2987-A08",
"AUTH-2989-A01",
"AUTH-2993-A03",
"AUTH-2993-A04",
"AUTH-2996-A07",
"AUTH-3002-A04",
"AUTH-3002-A06",
"AUTH-3007-A03",
"AUTH-3008-A02",
"AUTH-3011",
"AUTH-3011-A06",
"AUTH-3013-A02",
"AUTH-3016",
"AUTH-3016-A15",
"AUTH-3016-A16",
"AUTH-3018",
"AUTH-3021-A04",
"AUTH-3025",
"AUTH-3045",
"AUTH-3045-A01",
"AUTH-3045-A02",
"AUTH-3045-A03",
"AUTH-3064-A03",
"AUTH-3065-A02",
"AUTH-3065-A03",
"AUTH-3065-A04",
"AUTH-3071-A01",
"AUTH-3071-A04",
"AUTH-3071-A09",
"AUTH-3073",
"AUTH-3073-A02",
"AUTH-3073-A03",
"AUTH-3073-A05",
"AUTH-3075-A01",
"AUTH-3075-A02",
"AUTH-3150",
"AUTH-3150-A01",
"AUTH-3150-A04",
"AUTH-3150-A07",
"AUTH-3150-A09",
"AUTH-3151",
"AUTH-3151-A01",
"AUTH-3151-A05",
"AUTH-3151-A06",
"AUTH-3151-A07",
"AUTH-3151-A10",
"AUTH-3151-A11",
"AUTH-3154",
"AUTH-3154-A01",
"AUTH-3154-A02",
"AUTH-3154-A08",
"AUTH-3155",
"AUTH-3155-A04",
"AUTH-3155-A05",
"AUTH-3161-A04",
"AUTH-3164-A02",
"AUTH-3164-A05",
"AUTH-3164-A07",
"AUTH-3164-A12",
"AUTH-3166-A01",
"AUTH-3166-A02",
"AUTH-3170",
"AUTH-3170-A01",
"AUTH-3170-A02",
"AUTH-3230-A01",
"AUTH-3279-A03",
"AUTH-3305-A04",
"AUTH-3314-A01",
"AUTH-3314-A02",
"AUTH-3314-A03",
"AUTH-3394-A04",
"AUTH-3396-A04",
"AUTH-3399",
"AUTH-3399-A03",
"AUTH-3454-A01",
"AUTH-3454-A05",
"AUTH-3454-A06",
"AUTH-3454-A07",
"AUTH-3460-A02",
"AUTH-3460-A05",
"AUTH-3460-A07",
"AUTH-3460-A08",
"AUTH-3461-A02",
"AUTH-3461-A06",
"AUTH-3541-A05",
"AUTH-3545",
"AUTH-3547-A01",
"AUTH-3548-A02",
"AUTH-3549",
"AUTH-3552-A03",
"AUTH-3552-A05",
"AUTH-3554-A03",
"AUTH-3556-A03",
"AUTH-3558-A04",
"AUTH-3562-A04",
"AUTH-3595-A01",
"AUTH-3596-A06",
"AUTH-3597",
"AUTH-3597-A03",
"AUTH-3597-A04",
"AUTH-3597-A05",
"AUTH-3599-A02",
"AUTH-3624",
"AUTH-3624-A01",
"AUTH-3624-A02",
"AUTH-3633-A02",
"AUTH-3641",
"AUTH-3641-A01",
"AUTH-3641-A08",
"AUTH-3656-A08",
"AUTH-3656-A09",
"AUTH-3656-A12",
"AUTH-3656-A13",
"AUTH-3677-A06",
"AUTH-3825-A01",
"AUTH-3825-A06",
"AUTH-384-A07",
"AUTH-384-A10",
"AUTH-3887-A07",
"AUTH-3922",
"AUTH-3935",
"AUTH-3935-A10",
"AUTH-3935-A11",
"AUTH-3935-A12",
"AUTH-3935-A13",
"AUTH-3935-A14",
"AUTH-3935-A15",
"AUTH-3935-A16",
"AUTH-3935-A17",
"AUTH-3935-A18",
"AUTH-3935-A19",
"AUTH-3951-A06",
"AUTH-3951-A07",
"AUTH-3955-A01",
"AUTH-3955-A02",
"AUTH-3955-A03",
"AUTH-3960-A02",
"AUTH-3960-A03",
"AUTH-3960-A04",
"AUTH-3960-A05",
"AUTH-3964-A06",
"AUTH-3984-A06",
"AUTH-3988-A04",
"AUTH-3993-A01",
"AUTH-3993-A03",
"AUTH-3999-A04",
"AUTH-4007-A06",
"AUTH-4028-A05",
"AUTH-4031-A07",
"AUTH-4043",
"AUTH-4043-A06",
"AUTH-4043-A08",
"AUTH-4054-A07",
"AUTH-4130-A02",
"AUTH-4135",
"AUTH-4135-A03",
"AUTH-497",
"AUTH-497-A03",
"AUTH-505-A04",
"AUTH-530-A01",
"AUTH-530-A05",
"AUTH-530-A08",
"AUTH-530-A11",
"AUTH-532-A02",
"AUTH-538-A06",
"AUTH-548",
"AUTH-548-A01",
"AUTH-548-A03",
"AUTH-559",
"AUTH-559-A01",
"AUTH-559-A03",
"AUTH-559-A05",
"AUTH-559-A09",
"AUTH-559-A12",
"AUTH-559-A17",
"AUTH-577",
"AUTH-577-A05",
"AUTH-582",
"AUTH-582-A01",
"AUTH-584",
"AUTH-584-A01",
"AUTH-584-A02",
"AUTH-584-A08",
"AUTH-584-A09",
"AUTH-586-A03",
"AUTH-586-A04",
"AUTH-592",
"AUTH-592-A02",
"AUTH-595",
"AUTH-595-A05",
"AUTH-610",
"AUTH-610-A06",
"AUTH-615",
"AUTH-615-A01",
"AUTH-615-A02",
"AUTH-615-A03",
"AUTH-615-A04",
"AUTH-615-A05",
"AUTH-616",
"AUTH-616-A01",
"AUTH-616-A02",
"AUTH-616-A03",
"AUTH-616-A04",
"AUTH-616-A05",
"AUTH-616-A06",
"AUTH-616-A12",
"AUTH-616-A13",
"AUTH-616-A14",
"AUTH-617",
"AUTH-623",
"AUTH-623-A01",
"AUTH-623-A02",
"AUTH-623-A03",
"AUTH-623-A04",
"AUTH-623-A05",
"AUTH-623-A06",
"AUTH-637-A08",
"AUTH-637-A09",
"AUTH-637-A30",
"AUTH-646-A04",
"AUTH-655-A10",
"AUTH-655-A11",
"AUTH-674",
"AUTH-674-A02",
"AUTH-680-A04",
"AUTH-694",
"AUTH-694-A02",
"AUTH-694-A03",
"AUTH-700-A02",
"AUTH-710-A03",
"AUTH-710-A04",
"AUTH-710-A05",
"AUTH-732-A04",
"AUTH-732-A05",
"AUTH-745",
"AUTH-745-A01",
"AUTH-745-A05",
"AUTH-748-A05",
"AUTH-748-A06",
"AUTH-748-A10",
"AUTH-748-A11",
"AUTH-752",
"AUTH-752-A01",
"AUTH-752-A07",
"AUTH-754-A05",
"AUTH-754-A07",
"AUTH-754-A12",
"AUTH-766-A06",
"AUTH-769-A07",
"AUTH-775-A10",
"AUTH-782-A06",
"AUTH-784-A03",
"AUTH-785",
"AUTH-785-A01",
"AUTH-795-A02",
"AUTH-803-A05",
"AUTH-803-A07",
"AUTH-804-A06",
"AUTH-818-A02",
"AUTH-822-A04",
"AUTH-822-A05",
"AUTH-825-A05",
"AUTH-828-A05",
"AUTH-828-A09",
"AUTH-828-A10",
"AUTH-831-A03",
"AUTH-831-A05",
"AUTH-836-A04",
"AUTH-836-A05",
"AUTH-836-A07",
"AUTH-836-A11",
"AUTH-836-A16",
"AUTH-838-A10",
"AUTH-838-A11",
"AUTH-838-A17",
"AUTH-838-A18",
"AUTH-838-A26",
"AUTH-838-A27",
"AUTH-838-A36",
"AUTH-838-A37",
"AUTH-838-A44",
"AUTH-838-A45",
"AUTH-844-A03",
"AUTH-844-A12",
"AUTH-844-A20",
"AUTH-844-A27",
"AUTH-844-A36",
"AUTH-845-A01",
"AUTH-845-A06",
"AUTH-845-A13",
"AUTH-845-A18",
"AUTH-845-A24",
"AUTH-845-A27",
"AUTH-845-A38",
"AUTH-845-A45",
"AUTH-845-A50",
"AUTH-845-A54",
"AUTH-846-A03",
"AUTH-846-A12",
"AUTH-846-A22",
"AUTH-846-A32",
"AUTH-846-A41",
"AUTH-850-A19",
"AUTH-850-A29",
"AUTH-850-A38",
"AUTH-850-A46",
"AUTH-851-A01",
"AUTH-851-A02",
"AUTH-851-A16",
"AUTH-851-A46",
"AUTH-867-A20",
"AUTH-885-A03",
"AUTH-885-A10",
"AUTH-885-A17",
"AUTH-885-A22",
"AUTH-885-A31",
"AUTH-888-A30",
"AUTH-888-A37",
"AUTH-894-A06",
"AUTH-894-A11",
"AUTH-894-A12",
"AUTH-902-A01",
"AUTH-902-A11",
"AUTH-902-A17",
"AUTH-905-A04",
"AUTH-905-A09",
"AUTH-905-A14",
"AUTH-905-A17",
"AUTH-905-A22",
"AUTH-909-A02",
"AUTH-909-A12",
"AUTH-909-A22",
"AUTH-909-A32",
"AUTH-909-A42",
"AUTH-913-A05",
"AUTH-917",
"AUTH-917-A01",
"AUTH-917-A04",
"AUTH-917-A05",
"AUTH-917-A06",
"AUTH-917-A09",
"AUTH-917-A10",
"AUTH-917-A11",
"AUTH-917-A14",
"AUTH-917-A15",
"AUTH-917-A16",
"AUTH-917-A17",
"AUTH-917-A20",
"AUTH-917-A21",
"AUTH-917-A22",
"AUTH-917-A24",
"AUTH-917-A25",
"AUTH-917-A26",
"AUTH-922-A02",
"AUTH-922-A08",
"AUTH-928-A07",
"AUTH-928-A13",
"AUTH-928-A19",
"AUTH-928-A25",
"AUTH-928-A30",
"AUTH-932",
"AUTH-937-A01",
"AUTH-937-A08",
"AUTH-937-A15",
"AUTH-937-A22",
"AUTH-937-A29",
"AUTH-938-A01",
"AUTH-938-A02",
"AUTH-938-A03",
"AUTH-938-A08",
"AUTH-938-A09",
"AUTH-938-A10",
"AUTH-938-A13",
"AUTH-938-A14",
"AUTH-938-A19",
"AUTH-938-A20",
"AUTH-938-A21",
"AUTH-938-A26",
"AUTH-938-A27",
"AUTH-938-A28",
"AUTH-938-A36",
"AUTH-938-A37",
"AUTH-938-A38",
"AUTH-941-A04",
"AUTH-941-A05",
"AUTH-941-A10",
"AUTH-941-A11",
"AUTH-941-A17",
"AUTH-941-A18",
"AUTH-941-A23",
"AUTH-941-A24",
"AUTH-953",
"AUTH-953-A06",
"AUTH-954-A15",
"AUTH-960",
"AUTH-974-A07",
"AUTH-976-A07",
"AUTH-988-A09",
"AUTH-988-A20",
"AUTH-989-A18",
"AUTH-995-A05",
"AUTH-995-A85",
"AUTH-996-A04",
"AUTH-996-A17",
"BND-002-A02",
"BND-002-A04",
"BND-002-A06",
"BND-002-A08",
"COMP-1264-A01",
"COMP-1264-A02",
"COMP-1264-A05",
"COMP-1883-A03",
"COMP-1904-A04",
"COMP-1904-A05",
"COMP-1948",
"COMP-1948-A02",
"COMP-1960-A06",
"COMP-1960-A09",
"COMP-2029-A04",
"COMP-2131-A09",
"COMP-2639-A04",
"COMP-3435-A05",
"COMP-3602",
"COMP-3602-A01",
"COMP-3602-A08",
"COMP-3602-A10",
"COMP-3733-A03",
"COMP-3983-A02",
"COMP-3983-A04",
"COMP-3983-A12",
"CRYP-1097-A09",
"CRYP-1124-A05",
"CRYP-1141-A09",
"CRYP-1306-A07",
"CRYP-1386-A08",
"CRYP-1391-A05",
"CRYP-1393-A03",
"CRYP-1466-A03",
"CRYP-1466-A05",
"CRYP-1712-A15",
"CRYP-1864",
"CRYP-1864-A02",
"CRYP-191",
"CRYP-1983-A01",
"CRYP-2287",
"CRYP-2287-A01",
"CRYP-2287-A12",
"CRYP-2301-A06",
"CRYP-447-A16",
"CRYP-447-A20",
"CRYP-450-A05",
"CRYP-450-A06",
"CRYP-450-A40",
"CRYP-450-A52",
"CRYP-450-A53",
"CRYP-626",
"CRYP-626-A05",
"CRYP-671-A01",
"CRYP-671-A02",
"CRYP-876-A06",
"DATA-1191-A10",
"DATA-1257-A05",
"DATA-1257-A09",
"DATA-1801-A06",
"DATA-260-A02",
"DATA-260-A08",
"DATA-2607-A05",
"DATA-2648-A01",
"DATA-2662-A05",
"DATA-2663-A04",
"DATA-3292-A01",
"DATA-3401-A01",
"DATA-3613-A01",
"DATA-3754-A03",
"DATA-598-A05",
"DATA-598-A06",
"DATA-972-A06",
"DATA-972-A12",
"FIN-1223-A06",
"GOV-1562-A05",
"GOV-1700-A01",
"GOV-1732-A01",
"GOV-1733-A04",
"GOV-3902-A01",
"GOV-413-A18",
"GOV-519",
"GOV-519-A11",
"GOV-519-A35",
"GOV-520-A40",
"IAM-008",
"IDA-008-A01",
"IDA-008-A04",
"IDF-004-A02",
"IDF-010",
"IDF-010-A01",
"INC-946-A06",
"LGM-001-A09",
"LOG-053-A07",
"LOG-1742-A05",
"LOG-1742-A08",
"LOG-1742-A13",
"LOG-1748-A01",
"LOG-1767-A02",
"LOG-705-A01",
"LOG-735-A17",
"LOG-735-A18",
"LOG-745-A44",
"LOG-745-A54",
"LOG-774-A01",
"LOG-774-A15",
"LOG-774-A22",
"LOG-774-A29",
"MIA-001",
"NET-1014-A03",
"NET-1014-A04",
"NET-1633-A02",
"NET-351",
"NET-351-A01",
"NET-351-A02",
"NET-351-A06",
"NET-351-A07",
"NET-391",
"NET-391-A01",
"NET-391-A08",
"NET-405",
"NET-405-A03",
"NET-405-A08",
"NET-405-A09",
"NET-506-A15",
"NET-506-A60",
"NET-794-A06",
"NET-806-A02",
"NET-857-A04",
"NET-857-A05",
"NET-901-A04",
"NET-920-A02",
"NET-938-A10",
"NET-965",
"NET-980-A07",
"PFI-001-A02",
"SEC-082-A06",
"SEC-1085",
"SEC-1144-A03",
"SEC-1144-A28",
"SEC-1144-A42",
"SEC-1144-A56",
"SEC-1144-A70",
"SEC-1146-A02",
"SEC-1146-A07",
"SEC-1146-A54",
"SEC-1146-A59",
"SEC-1153-A12",
"SEC-2445-A01",
"SEC-2635-A03",
"SEC-2662-A07",
"SEC-2662-A13",
"SEC-2798",
"SEC-2818-A05",
"SEC-2841-A03",
"SEC-2845-A09",
"SEC-2899-A04",
"SEC-2899-A06",
"SEC-3195-A04",
"SEC-3383-A08",
"SEC-3406",
"SEC-3732-A08",
"SEC-3842-A02",
"SEC-3935-A02",
"SEC-4028-A03",
"SEC-4076-A02",
"SEC-4217",
"SEC-4292-A08",
"SEC-4509",
"SEC-4513-A04",
"SEC-4655-A03",
"SEC-4655-A04",
"SEC-5595-A13",
"SEC-5792-A03",
"SEC-5792-A04",
"SEC-6770",
"SEC-6784-A10",
"SEC-6830-A05",
"SEC-7963-A03",
"SEC-7963-A04",
"SEC-7965-A03",
"SEC-7994-A06",
"SEC-8121-A05",
"SEC-8138-A03",
"SEC-8295-A01",
"SEC-8334-A06",
"SEC-8825-A05",
"SEC-9212-A01",
"SEC-9212-A02"
],
"member_count": 929,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.82,
"source_meta_cluster": "M43",
"cluster_size": 95,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"evidence_merged_from": [
"auth_anomaly_detection",
"auth_failure_logging"
]
},
{
"id": "server_side_validation",
"name": "Serverseitige Validierung von Authentifizierung",
"description": "Authentifizierungsentscheidungen sind serverseitig zu validieren; clientseitige/nicht vertrauenswuerdige Validierung ist unzulaessig.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "credential",
"applicability": "universal",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "OWASP",
"anchor": "ASVS V1.2",
"role": "best_practice"
}
],
"member_review_units": [
"M15",
"M32",
"M123"
],
"member_controls": [
"ACC-645-A13",
"ACC-645-A16",
"ACC-690-A02",
"AI-1351-A03",
"AUTH-036",
"AUTH-036-A10",
"AUTH-036-A13",
"AUTH-1099-A01",
"AUTH-1099-A06",
"AUTH-1286",
"AUTH-1296",
"AUTH-1296-A01",
"AUTH-1306-A06",
"AUTH-1529-A10",
"AUTH-1535",
"AUTH-1535-A06",
"AUTH-1627-A15",
"AUTH-1640-A02",
"AUTH-1659-A01",
"AUTH-1669",
"AUTH-1669-A02",
"AUTH-1694",
"AUTH-1694-A01",
"AUTH-1694-A02",
"AUTH-1701-A01",
"AUTH-1701-A08",
"AUTH-1748-A05",
"AUTH-1752-A04",
"AUTH-1758-A01",
"AUTH-1758-A05",
"AUTH-1819-A02",
"AUTH-1820",
"AUTH-1830-A01",
"AUTH-1836-A02",
"AUTH-1864-A09",
"AUTH-1877-A04",
"AUTH-1918-A07",
"AUTH-1931-A07",
"AUTH-2167-A01",
"AUTH-2333-A03",
"AUTH-2466-A11",
"AUTH-2486",
"AUTH-2650",
"AUTH-2650-A01",
"AUTH-2678-A11",
"AUTH-2805",
"AUTH-2805-A01",
"AUTH-2805-A02",
"AUTH-2805-A03",
"AUTH-2805-A04",
"AUTH-2805-A05",
"AUTH-2850-A02",
"AUTH-2883-A09",
"AUTH-2886-A04",
"AUTH-2886-A06",
"AUTH-2912-A14",
"AUTH-2937",
"AUTH-2940",
"AUTH-2952",
"AUTH-2974-A03",
"AUTH-2986-A02",
"AUTH-2986-A06",
"AUTH-3010",
"AUTH-3151-A04",
"AUTH-3258-A05",
"AUTH-3279",
"AUTH-3452-A04",
"AUTH-3552-A02",
"AUTH-3639",
"AUTH-3643",
"AUTH-3645-A07",
"AUTH-3672",
"AUTH-3751-A02",
"AUTH-3906-A14",
"AUTH-3929",
"AUTH-3984",
"AUTH-3984-A03",
"AUTH-674-A04",
"AUTH-675-A03",
"AUTH-732-A02",
"AUTH-732-A03",
"AUTH-734-A10",
"AUTH-748-A04",
"AUTH-748-A09",
"AUTH-771-A02",
"AUTH-794",
"AUTH-794-A02",
"AUTH-794-A08",
"AUTH-833-A04",
"AUTH-833-A09",
"AUTH-836-A13",
"AUTH-837-A14",
"AUTH-843-A05",
"AUTH-843-A14",
"AUTH-843-A23",
"AUTH-843-A33",
"AUTH-843-A43",
"AUTH-843-A50",
"AUTH-846-A05",
"AUTH-846-A06",
"AUTH-846-A14",
"AUTH-846-A15",
"AUTH-846-A24",
"AUTH-846-A25",
"AUTH-846-A34",
"AUTH-846-A35",
"AUTH-846-A43",
"AUTH-846-A44",
"AUTH-849-A04",
"AUTH-849-A08",
"AUTH-849-A09",
"AUTH-849-A13",
"AUTH-849-A20",
"AUTH-849-A24",
"AUTH-849-A25",
"AUTH-849-A29",
"AUTH-849-A30",
"AUTH-849-A37",
"AUTH-849-A41",
"AUTH-849-A42",
"AUTH-849-A56",
"AUTH-849-A57",
"AUTH-850-A09",
"AUTH-915-A20",
"AUTH-915-A26",
"AUTH-934",
"AUTH-934-A01",
"AUTH-934-A02",
"AUTH-934-A03",
"AUTH-934-A04",
"AUTH-934-A09",
"AUTH-934-A10",
"AUTH-934-A11",
"AUTH-934-A12",
"AUTH-934-A18",
"AUTH-934-A19",
"AUTH-934-A20",
"AUTH-934-A21",
"AUTH-934-A27",
"AUTH-934-A28",
"AUTH-934-A29",
"AUTH-934-A30",
"AUTH-934-A40",
"AUTH-934-A41",
"AUTH-934-A42",
"AUTH-934-A43",
"CRYP-1124",
"CRYP-1124-A01",
"CRYP-1124-A08",
"CRYP-1239-A01",
"CRYP-1460-A04",
"CRYP-1927",
"CRYP-2179",
"CRYP-2179-A10",
"CRYP-2254-A04",
"DATA-3649-A13",
"DATA-720-A02",
"IAM-001-A07",
"IAM-001-A11",
"INC-1154-A05",
"INC-971-A06",
"NET-887-A09",
"SEC-3195",
"SEC-400-A04",
"SEC-400-A05",
"SEC-400-A21",
"SEC-400-A22",
"SEC-7963-A07",
"SEC-8334-A13"
],
"member_count": 169,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.78,
"source_meta_cluster": "M15",
"cluster_size": 83,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "session_binding_management",
"name": "Sitzungsbindung und Session-Management",
"description": "Nach erfolgreicher Authentifizierung sind Sessions sicher zu binden, neue Session-IDs zu generieren und sicher zu verwalten.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "session",
"applicability": "universal",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "OWASP",
"anchor": "ASVS V3",
"role": "best_practice"
}
],
"member_review_units": [
"M25",
"M11",
"M57",
"M71",
"M87",
"M95",
"M103",
"M105"
],
"member_controls": [
"ACC-567",
"ACC-567-A01",
"AUT-005",
"AUT-005-A05",
"AUTH-1058",
"AUTH-1058-A01",
"AUTH-116-A01",
"AUTH-116-A12",
"AUTH-1300-A03",
"AUTH-1634-A03",
"AUTH-1638-A01",
"AUTH-1645-A03",
"AUTH-1645-A05",
"AUTH-1669-A08",
"AUTH-1684-A04",
"AUTH-1688-A06",
"AUTH-1701",
"AUTH-1701-A02",
"AUTH-1701-A05",
"AUTH-1711",
"AUTH-1711-A01",
"AUTH-1711-A03",
"AUTH-1711-A05",
"AUTH-1716-A01",
"AUTH-1720",
"AUTH-1720-A02",
"AUTH-1721-A02",
"AUTH-1745-A01",
"AUTH-1748",
"AUTH-1748-A01",
"AUTH-1750-A01",
"AUTH-1752",
"AUTH-1806-A04",
"AUTH-1813-A08",
"AUTH-1822-A02",
"AUTH-1830-A04",
"AUTH-1843-A01",
"AUTH-1914",
"AUTH-1914-A02",
"AUTH-1914-A04",
"AUTH-1917-A01",
"AUTH-1919",
"AUTH-1931",
"AUTH-1931-A01",
"AUTH-1931-A02",
"AUTH-1932-A08",
"AUTH-1940-A05",
"AUTH-1948-A01",
"AUTH-1949-A06",
"AUTH-2315",
"AUTH-2315-A03",
"AUTH-2316-A01",
"AUTH-2316-A02",
"AUTH-2317-A03",
"AUTH-2317-A06",
"AUTH-2322-A01",
"AUTH-2338-A01",
"AUTH-2338-A05",
"AUTH-2548",
"AUTH-2551",
"AUTH-2553-A04",
"AUTH-2883-A04",
"AUTH-2922-A06",
"AUTH-2923-A01",
"AUTH-2924",
"AUTH-2930-A07",
"AUTH-2933",
"AUTH-2953",
"AUTH-2964-A05",
"AUTH-2988",
"AUTH-2988-A01",
"AUTH-2989-A03",
"AUTH-2994",
"AUTH-2994-A04",
"AUTH-2996-A03",
"AUTH-3007-A08",
"AUTH-3013-A10",
"AUTH-3014",
"AUTH-3016-A08",
"AUTH-3020-A01",
"AUTH-3023-A05",
"AUTH-3064",
"AUTH-3064-A01",
"AUTH-3074",
"AUTH-3074-A01",
"AUTH-3074-A05",
"AUTH-3258-A09",
"AUTH-3279-A04",
"AUTH-3284-A01",
"AUTH-3284-A05",
"AUTH-3286-A02",
"AUTH-3286-A05",
"AUTH-3457",
"AUTH-3543-A01",
"AUTH-3545-A04",
"AUTH-3562-A01",
"AUTH-3599",
"AUTH-3645",
"AUTH-3646",
"AUTH-3751",
"AUTH-4127",
"AUTH-606",
"AUTH-700",
"AUTH-738",
"AUTH-738-A04",
"AUTH-750",
"AUTH-799-A10",
"AUTH-799-A11",
"AUTH-815",
"AUTH-836-A03",
"AUTH-836-A10",
"AUTH-836-A14",
"AUTH-845-A04",
"AUTH-845-A05",
"AUTH-845-A17",
"AUTH-845-A36",
"AUTH-845-A37",
"AUTH-845-A48",
"AUTH-845-A49",
"AUTH-845-A52",
"AUTH-845-A53",
"AUTH-849-A02",
"AUTH-849-A11",
"AUTH-849-A18",
"AUTH-849-A35",
"AUTH-849-A50",
"AUTH-850-A05",
"AUTH-850-A15",
"AUTH-850-A34",
"AUTH-855-A02",
"AUTH-855-A17",
"AUTH-855-A32",
"AUTH-855-A48",
"AUTH-855-A62",
"AUTH-893-A10",
"AUTH-893-A22",
"AUTH-949-A03",
"AUTH-949-A30",
"AUTH-951",
"AUTH-973-A04",
"AUTH-974-A08",
"AVL-003-A06",
"COMP-1904",
"COMP-1960-A04",
"COMP-3313-A03",
"COMP-3421-A13",
"COMP-3431-A02",
"COMP-3981-A05",
"CRYP-1269",
"CRYP-1269-A01",
"CRYP-1269-A02",
"CRYP-1288-A04",
"CRYP-1394-A03",
"CRYP-1433-A06",
"CRYP-1433-A08",
"CRYP-1533",
"CRYP-1533-A02",
"CRYP-1533-A03",
"CRYP-447-A01",
"CRYP-447-A17",
"CRYP-723-A09",
"CRYP-948-A05",
"DATA-1007-A02",
"DATA-1007-A09",
"DATA-1007-A11",
"DATA-1191-A02",
"DATA-1801",
"DATA-259",
"DATA-3948",
"INC-246",
"INC-246-A01",
"INC-246-A02",
"INC-246-A04",
"NET-1345-A02",
"NET-405-A02",
"NET-405-A07",
"SEC-1223-A05",
"SEC-2809-A08",
"SEC-3683-A05",
"SEC-4021-A03",
"SEC-5610",
"SEC-6775",
"SEC-6778",
"SEC-6846-A03",
"SEC-8815"
],
"member_count": 185,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.83,
"source_meta_cluster": "M25",
"cluster_size": 16,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "reauth_after_inactivity",
"name": "Neuauthentifizierung nach Inaktivitaet/Timeout",
"description": "Nach Inaktivitaetsdauer, Grace-Period oder Netzwerkortwechsel ist eine Neuauthentifizierung zu erzwingen.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "session",
"applicability": "universal",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "SP 800-63B 4.3",
"role": "best_practice"
}
],
"member_review_units": [
"M33",
"M13",
"M158",
"M112"
],
"member_controls": [
"ACC-584-A05",
"AUTH-047-A02",
"AUTH-1093-A03",
"AUTH-1102-A02",
"AUTH-1102-A04",
"AUTH-1135-A03",
"AUTH-1135-A04",
"AUTH-1168-A02",
"AUTH-1168-A03",
"AUTH-1280",
"AUTH-1295-A06",
"AUTH-1299-A05",
"AUTH-1316",
"AUTH-1426-A03",
"AUTH-1522-A04",
"AUTH-1525",
"AUTH-1529-A03",
"AUTH-1529-A07",
"AUTH-1640-A01",
"AUTH-1649-A04",
"AUTH-1677-A03",
"AUTH-1682-A02",
"AUTH-1806",
"AUTH-1810-A04",
"AUTH-1896-A04",
"AUTH-2338-A04",
"AUTH-2368-A05",
"AUTH-2411",
"AUTH-2413",
"AUTH-2413-A01",
"AUTH-2419-A04",
"AUTH-2419-A05",
"AUTH-2421-A03",
"AUTH-2444-A08",
"AUTH-2660-A02",
"AUTH-2866-A02",
"AUTH-2875-A01",
"AUTH-2877",
"AUTH-2877-A02",
"AUTH-2943-A01",
"AUTH-2946-A02",
"AUTH-2963-A05",
"AUTH-2987",
"AUTH-2987-A08",
"AUTH-2993-A04",
"AUTH-2996-A07",
"AUTH-3002-A06",
"AUTH-3007-A03",
"AUTH-3011",
"AUTH-3011-A06",
"AUTH-3016",
"AUTH-3018",
"AUTH-3064-A03",
"AUTH-3155-A05",
"AUTH-3334",
"AUTH-3334-A05",
"AUTH-3454-A01",
"AUTH-3454-A05",
"AUTH-3454-A06",
"AUTH-3454-A07",
"AUTH-3545",
"AUTH-3955-A02",
"AUTH-3955-A03",
"AUTH-3984-A06",
"AUTH-3988-A04",
"AUTH-3999-A04",
"AUTH-4028-A05",
"AUTH-4130-A02",
"AUTH-532-A02",
"AUTH-559-A17",
"AUTH-586-A03",
"AUTH-586-A04",
"AUTH-616-A04",
"AUTH-616-A14",
"AUTH-680-A04",
"AUTH-754-A05",
"AUTH-754-A07",
"AUTH-754-A12",
"AUTH-766-A06",
"AUTH-769-A07",
"AUTH-782-A06",
"AUTH-795-A02",
"AUTH-831-A03",
"AUTH-831-A05",
"AUTH-845-A06",
"AUTH-845-A18",
"AUTH-845-A38",
"AUTH-845-A50",
"AUTH-845-A54",
"AUTH-850-A19",
"AUTH-850-A29",
"AUTH-850-A38",
"AUTH-850-A46",
"AUTH-851-A16",
"AUTH-867-A20",
"AUTH-989-A22",
"AUTH-995-A05",
"AUTH-995-A85",
"AUTH-996-A04",
"AUTH-996-A17",
"BND-002-A02",
"BND-002-A04",
"BND-002-A06",
"BND-002-A08",
"COMP-1948",
"COMP-1948-A02",
"CRYP-1141-A09",
"CRYP-191",
"CRYP-2287",
"CRYP-2301-A06",
"CRYP-447-A20",
"CRYP-626-A05",
"CRYP-671-A01",
"CRYP-671-A02",
"CRYP-876-A06",
"DATA-2662-A05",
"DATA-598-A05",
"DATA-598-A06",
"NET-1619-A02",
"NET-1633-A02",
"NET-806-A02",
"NET-901-A04",
"NET-920-A02",
"NET-965",
"SEC-2445-A01",
"SEC-2841-A03",
"SEC-3406",
"SEC-3842-A02",
"SEC-4028-A03",
"SEC-4076-A02",
"SEC-4509",
"SEC-7963-A03",
"SEC-7963-A04",
"SEC-8334-A06",
"SEC-8825-A05"
],
"member_count": 135,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.82,
"source_meta_cluster": "M33",
"cluster_size": 66,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "token_validation_lifecycle",
"name": "Authentifizierungs-Token Validierung und Gueltigkeit",
"description": "Authentifizierungstoken muessen validiert werden, eine begrenzte Gueltigkeitsdauer haben und abgelaufene/nicht konforme Token abgelehnt werden.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "token",
"applicability": "universal",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "OWASP",
"anchor": "ASVS V3.5",
"role": "best_practice"
}
],
"member_review_units": [
"M124",
"M127",
"M67",
"M90",
"M64"
],
"member_controls": [
"AUTH-1663-A07",
"AUTH-1672-A04",
"AUTH-1678-A05",
"AUTH-1679-A05",
"AUTH-1682-A04",
"AUTH-1691-A04",
"AUTH-1700-A05",
"AUTH-1713-A01",
"AUTH-1790-A05",
"AUTH-1814",
"AUTH-1814-A03",
"AUTH-1820-A01",
"AUTH-1836-A01",
"AUTH-1840",
"AUTH-1840-A01",
"AUTH-1840-A02",
"AUTH-1912-A03",
"AUTH-1940-A01",
"AUTH-2466-A07",
"AUTH-2850-A01",
"AUTH-3450-A01",
"AUTH-3450-A06",
"AUTH-3968-A06",
"AUTH-3999",
"AUTH-742-A08",
"AUTH-762-A06",
"AUTH-783-A03",
"AUTH-783-A04",
"AUTH-783-A07",
"AUTH-783-A08",
"AUTH-783-A12",
"AUTH-804",
"AUTH-816",
"AUTH-818-A19",
"AUTH-849-A14",
"AUTH-849-A15",
"AUTH-849-A21",
"AUTH-849-A22",
"AUTH-849-A38",
"AUTH-849-A39",
"AUTH-849-A53",
"AUTH-849-A54",
"AUTH-849-A68",
"AUTH-855-A04",
"AUTH-855-A19",
"AUTH-855-A34",
"AUTH-855-A50",
"AUTH-855-A64",
"AUTH-961-A15",
"BND-001-A02",
"BND-001-A07",
"CRYP-1288-A10",
"CRYP-1321-A03",
"CRYP-1433-A02",
"CRYP-1467-A03",
"CRYP-1467-A08",
"CRYP-1521-A03",
"CRYP-1525-A08",
"CRYP-2148-A01",
"CRYP-2150-A02",
"NET-467-A03",
"NET-467-A11",
"NET-909-A03",
"SEC-1215-A01",
"SEC-2899-A07",
"SEC-305-A02",
"SEC-305-A03",
"SEC-305-A09",
"SEC-305-A10",
"SEC-8241-A01",
"SEC-8244-A10"
],
"member_count": 71,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.8,
"source_meta_cluster": "M124",
"cluster_size": 19,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "mutual_authentication",
"name": "Gegenseitige (mutual) Authentifizierung",
"description": "Bei Kommunikationsverbindungen ist gegenseitige Authentifizierung von Client und Server/Service umzusetzen, inkl. MITM-Schutz.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "token",
"applicability": "conditional:network_communication",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "IA-03",
"role": "best_practice"
}
],
"member_review_units": [
"M24",
"M96",
"M84",
"M135",
"M153"
],
"member_controls": [
"AUT-003",
"AUT-004",
"AUT-006",
"AUTH-047-A04",
"AUTH-1049-A17",
"AUTH-1049-A41",
"AUTH-1083",
"AUTH-1083-A02",
"AUTH-1306-A02",
"AUTH-1306-A03",
"AUTH-1439-A09",
"AUTH-1445",
"AUTH-1445-A01",
"AUTH-1448",
"AUTH-1463",
"AUTH-1582",
"AUTH-1582-A02",
"AUTH-1696-A02",
"AUTH-1861-A08",
"AUTH-1865",
"AUTH-1865-A01",
"AUTH-1865-A08",
"AUTH-1940-A08",
"AUTH-1959-A07",
"AUTH-1959-A10",
"AUTH-2337-A07",
"AUTH-2553",
"AUTH-2553-A02",
"AUTH-2635-A01",
"AUTH-2635-A02",
"AUTH-2635-A03",
"AUTH-3542-A09",
"AUTH-3647-A01",
"AUTH-3647-A02",
"AUTH-3648-A10",
"AUTH-3672-A01",
"AUTH-3963-A03",
"AUTH-4125-A02",
"AUTH-4127-A04",
"AUTH-505",
"AUTH-505-A02",
"AUTH-532-A03",
"AUTH-550",
"AUTH-550-A01",
"AUTH-550-A06",
"AUTH-586",
"AUTH-625",
"AUTH-625-A01",
"AUTH-806",
"AUTH-806-A01",
"AUTH-850-A04",
"AUTH-850-A24",
"AUTH-850-A33",
"AUTH-850-A41",
"COM-004",
"COMP-074-A02",
"COMP-074-A09",
"COMP-1055",
"COMP-1960-A05",
"COMP-2129-A03",
"COMP-2129-A09",
"CRYP-1024-A03",
"CRYP-1028-A03",
"CRYP-1124-A04",
"CRYP-1227",
"CRYP-1227-A02",
"CRYP-1227-A08",
"CRYP-1250-A10",
"CRYP-1305-A06",
"CRYP-1323-A02",
"CRYP-1421-A07",
"CRYP-1431-A08",
"CRYP-1433-A01",
"CRYP-1433-A05",
"CRYP-1458-A06",
"CRYP-1466",
"CRYP-1466-A01",
"CRYP-1466-A02",
"CRYP-1469-A01",
"CRYP-1519-A06",
"CRYP-1530-A02",
"CRYP-1541-A06",
"CRYP-1722-A02",
"CRYP-1722-A07",
"CRYP-1791-A02",
"CRYP-193-A03",
"CRYP-1993-A03",
"CRYP-2188-A08",
"CRYP-721-A02",
"CRYP-780-A02",
"CRYP-886-A01",
"GOV-1403-A12",
"GOV-500-A02",
"GOV-500-A07",
"GOV-500-A12",
"GOV-500-A17",
"HLT-122-A04",
"IDA-002",
"INC-978",
"INC-978-A07",
"NET-1233-A07",
"NET-1471-A05",
"NET-656-A06",
"NET-656-A14",
"NET-656-A22",
"NET-656-A30",
"NET-656-A38",
"NET-656-A46",
"NET-857-A03",
"NET-857-A11",
"NET-879-A03",
"NET-931-A02",
"NET-938-A06",
"SEC-1223",
"SEC-2788-A02",
"SEC-2788-A08",
"SEC-2809-A01",
"SEC-2818-A01",
"SEC-3383-A02",
"SEC-3383-A07",
"SEC-4292",
"SEC-4292-A01",
"SEC-4292-A02",
"SEC-4292-A09",
"SEC-4292-A10",
"SEC-4733-A02",
"SEC-5811-A01",
"SEC-5811-A02",
"SEC-6382-A03",
"SEC-6925-A09"
],
"member_count": 130,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.83,
"source_meta_cluster": "M24",
"cluster_size": 101,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "revocation_check",
"name": "Widerrufs-/Sperrlistenpruefung bei Authentifizierung",
"description": "Vor erfolgreicher Authentifizierung sind Zertifikats-Widerruf bzw. Sperrlisten zu pruefen.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "credential",
"applicability": "conditional:certificate_based",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "IA-05(2)",
"role": "best_practice"
}
],
"member_review_units": [
"M24",
"M50",
"M52"
],
"member_controls": [
"AUT-003",
"AUT-004",
"AUT-006",
"AUTH-047-A04",
"AUTH-1049-A17",
"AUTH-1049-A41",
"AUTH-1083",
"AUTH-1083-A02",
"AUTH-1306-A02",
"AUTH-1306-A03",
"AUTH-1439-A09",
"AUTH-1445",
"AUTH-1445-A01",
"AUTH-1448",
"AUTH-1463",
"AUTH-1582",
"AUTH-1582-A02",
"AUTH-1583-A05",
"AUTH-1628",
"AUTH-1628-A02",
"AUTH-1696-A02",
"AUTH-1861-A08",
"AUTH-1940-A08",
"AUTH-1959-A07",
"AUTH-1959-A10",
"AUTH-2337-A07",
"AUTH-2635-A01",
"AUTH-2635-A02",
"AUTH-2635-A03",
"AUTH-3542-A09",
"AUTH-3647-A01",
"AUTH-3647-A02",
"AUTH-3648-A10",
"AUTH-3672-A01",
"AUTH-4125-A02",
"AUTH-4127-A04",
"AUTH-532-A03",
"AUTH-806",
"AUTH-806-A01",
"AUTH-850-A04",
"AUTH-850-A24",
"AUTH-850-A33",
"AUTH-850-A41",
"COM-004",
"COMP-074-A02",
"COMP-074-A09",
"COMP-1960-A05",
"COMP-2129-A03",
"COMP-2129-A09",
"CRYP-1028-A03",
"CRYP-1227",
"CRYP-1227-A02",
"CRYP-1227-A08",
"CRYP-1250-A10",
"CRYP-1305-A06",
"CRYP-1323-A02",
"CRYP-1431-A08",
"CRYP-1433-A01",
"CRYP-1433-A05",
"CRYP-1466",
"CRYP-1466-A01",
"CRYP-1466-A02",
"CRYP-1469-A01",
"CRYP-1519-A06",
"CRYP-1530-A02",
"CRYP-1722-A02",
"CRYP-1722-A07",
"CRYP-1791-A02",
"CRYP-721-A02",
"CRYP-886-A01",
"GOV-1403-A12",
"GOV-500-A02",
"GOV-500-A07",
"GOV-500-A12",
"GOV-500-A17",
"HLT-122-A04",
"IDA-002",
"NET-1471-A05",
"NET-656-A06",
"NET-656-A14",
"NET-656-A22",
"NET-656-A30",
"NET-656-A38",
"NET-656-A46",
"NET-857-A03",
"NET-857-A11",
"NET-931-A02",
"NET-938-A06",
"SEC-1223",
"SEC-2788-A02",
"SEC-2788-A08",
"SEC-2809-A01",
"SEC-2818-A01",
"SEC-3383-A02",
"SEC-3383-A07",
"SEC-4292",
"SEC-4292-A01",
"SEC-4292-A02",
"SEC-4292-A10",
"SEC-4733-A02",
"SEC-5811-A01",
"SEC-5811-A02",
"SEC-6382-A03",
"SEC-6925-A09"
],
"member_count": 104,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.78,
"source_meta_cluster": "M24",
"cluster_size": 101,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "encrypted_auth_channel",
"name": "Verschluesselte Authentifizierungskanaele",
"description": "Authentifizierung muss ueber verschluesselte Kanaele erfolgen; unverschluesselte Authentifizierungskanaele sind zu deaktivieren.",
"tier": "LEGAL_MINIMUM",
"family": "authentication",
"subdomain": "credential",
"applicability": "universal",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": true
},
"source_role": "LEGAL_BASIS",
"legal_basis": [
{
"source": "CRA",
"regulation_code": "eu_2024_2847",
"anchor": "Annex I (2)(e)",
"citation": "protect the confidentiality of... transmitted... data... incl. encryption in transit"
}
],
"guidance_basis": [
{
"source": "BSI",
"anchor": "TR-02102-2",
"role": "best_practice"
}
],
"member_review_units": [
"M37",
"M117",
"M167"
],
"member_controls": [
"AUTH-1300-A02",
"AUTH-1437-A03",
"AUTH-1441-A07",
"AUTH-1441-A08",
"AUTH-1468-A02",
"AUTH-148-A11",
"AUTH-1747",
"AUTH-1817",
"AUTH-2419-A06",
"AUTH-2425",
"AUTH-2466-A08",
"AUTH-2553-A12",
"AUTH-2933-A04",
"AUTH-2935",
"AUTH-2935-A08",
"AUTH-2937-A05",
"AUTH-2996-A05",
"AUTH-3255",
"AUTH-3430-A02",
"AUTH-3652",
"AUTH-3652-A01",
"AUTH-3652-A02",
"AUTH-3652-A03",
"AUTH-3652-A04",
"AUTH-3652-A09",
"AUTH-3908-A04",
"AUTH-4027",
"AUTH-577-A06",
"AUTH-592-A04",
"AUTH-710-A02",
"AUTH-748",
"AUTH-748-A02",
"AUTH-784-A04",
"AUTH-784-A05",
"AUTH-784-A06",
"AUTH-789",
"AUTH-789-A01",
"AUTH-925-A02",
"AUTH-925-A09",
"AUTH-925-A17",
"COMP-1735-A09",
"COMP-1791-A03",
"CRYP-1255",
"CRYP-1271",
"CRYP-1431-A01",
"CRYP-1525",
"CRYP-1525-A01",
"CRYP-1702-A03",
"CRYP-1749",
"CRYP-191-A02",
"CRYP-224-A08",
"CRYP-873",
"NET-1291-A16",
"NET-1471-A01",
"SEC-2853-A04",
"SEC-5595",
"SEC-6107-A02"
],
"member_count": 57,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.8,
"source_meta_cluster": "M37",
"cluster_size": 50,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "tls_certificate_auth",
"name": "TLS-/Zertifikat-basierte Authentifizierung",
"description": "Zertifikatsbasierte Authentifizierung von Geraeten/Diensten ueber TLS mit Vertrauensanker-Validierung und bidirektionaler Authentifizierung.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "token",
"applicability": "conditional:certificate_based",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "IA-05(2)",
"role": "best_practice"
}
],
"member_review_units": [
"M45",
"M7",
"M20",
"M47",
"M135",
"M141"
],
"member_controls": [
"ACC-495",
"ACC-495-A01",
"ACC-495-A02",
"AI-994-A04",
"AI-994-A05",
"AUTH-047-A07",
"AUTH-1300-A01",
"AUTH-1513-A04",
"AUTH-1514",
"AUTH-1517",
"AUTH-1517-A01",
"AUTH-1517-A02",
"AUTH-1517-A05",
"AUTH-1518",
"AUTH-1518-A01",
"AUTH-1518-A02",
"AUTH-1518-A05",
"AUTH-1522",
"AUTH-1526-A03",
"AUTH-1526-A04",
"AUTH-1527-A03",
"AUTH-1527-A08",
"AUTH-1530-A01",
"AUTH-1541",
"AUTH-1541-A01",
"AUTH-1580-A05",
"AUTH-1580-A11",
"AUTH-1583",
"AUTH-1583-A02",
"AUTH-1682-A07",
"AUTH-1698-A03",
"AUTH-1709-A11",
"AUTH-1759",
"AUTH-1778",
"AUTH-1784",
"AUTH-1808-A05",
"AUTH-1808-A06",
"AUTH-1820-A02",
"AUTH-1821-A01",
"AUTH-1836-A03",
"AUTH-1842",
"AUTH-1842-A01",
"AUTH-1842-A02",
"AUTH-1842-A06",
"AUTH-1860-A03",
"AUTH-2337-A03",
"AUTH-2478-A04",
"AUTH-2550-A11",
"AUTH-2986",
"AUTH-3550-A04",
"AUTH-3670-A03",
"AUTH-4098-A02",
"AUTH-4098-A03",
"AUTH-509-A04",
"AUTH-694-A04",
"AUTH-833",
"AUTH-833-A06",
"AUTH-833-A10",
"AUTH-911-A12",
"AUTH-952",
"AUTH-952-A01",
"COMP-1729-A03",
"COMP-1729-A04",
"COMP-2057-A04",
"COMP-2057-A09",
"COMP-2099-A04",
"CRYP-1024-A03",
"CRYP-1029-A03",
"CRYP-1036-A03",
"CRYP-1141-A03",
"CRYP-1239-A02",
"CRYP-1250-A03",
"CRYP-1292",
"CRYP-1292-A03",
"CRYP-1292-A08",
"CRYP-1458-A01",
"CRYP-1521-A04",
"CRYP-1533-A01",
"CRYP-1541-A06",
"CRYP-1688-A04",
"CRYP-1724-A03",
"CRYP-2019-A07",
"CRYP-2188-A08",
"CRYP-616-A02",
"CRYP-738-A04",
"CRYP-796-A04",
"CRYP-802-A01",
"CRYP-803-A02",
"CRYP-849",
"CRYP-860",
"CRYP-879-A02",
"CRYP-879-A08",
"CRYP-880-A08",
"CRYP-886",
"CRYP-894-A03",
"CRYP-947-A05",
"INC-980-A05",
"LOG-1704-A02",
"LOG-1704-A08",
"NET-1293-A09",
"NET-928-A06",
"NET-965-A07",
"SEC-2721-A02",
"SEC-2871-A05",
"SEC-3156-A02",
"SEC-3182",
"SEC-3199",
"SEC-3209",
"SEC-3220",
"SEC-3853-A03",
"SEC-3922-A01",
"SEC-4028-A08",
"SEC-4248-A02",
"SEC-4248-A03",
"SEC-4513-A03",
"SEC-5585-A06",
"SEC-5873-A03",
"SEC-8162-A01",
"SEC-8162-A04",
"SEC-8226-A04"
],
"member_count": 120,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.82,
"source_meta_cluster": "M45",
"cluster_size": 53,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "service_to_service_auth",
"name": "Service-zu-Service- und API-Authentifizierung",
"description": "Alle API-Zugriffe und Service-zu-Service-Kommunikationen muessen authentisiert werden (mTLS, API-Keys, Tokens).",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "token",
"applicability": "conditional:api_or_service",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "OWASP",
"anchor": "API Security Top 10",
"role": "best_practice"
},
{
"source": "NIST",
"anchor": "IA-03",
"role": "best_practice"
}
],
"member_review_units": [
"M21",
"M24",
"M39",
"M125",
"M30"
],
"member_controls": [
"ACC-513",
"ACC-630-A05",
"ACC-637-A01",
"ACC-653-A01",
"ACC-657-A02",
"AI-814",
"AI-814-A02",
"AI-814-A06",
"AI-814-A07",
"AI-814-A11",
"AI-814-A12",
"AI-814-A16",
"AI-814-A17",
"AI-814-A21",
"AI-814-A22",
"AI-814-A26",
"AI-814-A27",
"API-001",
"ARC-007-A06",
"AUT-003",
"AUT-004",
"AUT-006",
"AUTH-047-A04",
"AUTH-1049-A17",
"AUTH-1049-A35",
"AUTH-1049-A41",
"AUTH-1049-A50",
"AUTH-1083",
"AUTH-1083-A02",
"AUTH-1092",
"AUTH-1099-A04",
"AUTH-1110",
"AUTH-1303-A06",
"AUTH-1306-A02",
"AUTH-1306-A03",
"AUTH-1439-A09",
"AUTH-1445",
"AUTH-1445-A01",
"AUTH-1446",
"AUTH-1446-A02",
"AUTH-1448",
"AUTH-1463",
"AUTH-1463-A07",
"AUTH-1468",
"AUTH-1468-A03",
"AUTH-1468-A04",
"AUTH-1468-A07",
"AUTH-1472-A01",
"AUTH-1525-A03",
"AUTH-1539-A03",
"AUTH-1582",
"AUTH-1582-A02",
"AUTH-1583-A06",
"AUTH-1635-A12",
"AUTH-1637",
"AUTH-1637-A01",
"AUTH-1658-A05",
"AUTH-1696-A02",
"AUTH-1696-A03",
"AUTH-1700-A04",
"AUTH-1713",
"AUTH-1716",
"AUTH-1725",
"AUTH-1753-A04",
"AUTH-1809-A01",
"AUTH-1809-A03",
"AUTH-1809-A04",
"AUTH-1826-A10",
"AUTH-1861-A08",
"AUTH-1877",
"AUTH-1877-A01",
"AUTH-1877-A02",
"AUTH-1909",
"AUTH-1909-A01",
"AUTH-1909-A05",
"AUTH-1938",
"AUTH-1940-A08",
"AUTH-1943",
"AUTH-1943-A02",
"AUTH-1946-A03",
"AUTH-1959-A07",
"AUTH-1959-A10",
"AUTH-2289",
"AUTH-2320",
"AUTH-2337-A07",
"AUTH-2417",
"AUTH-2424-A01",
"AUTH-2464",
"AUTH-2553",
"AUTH-2553-A02",
"AUTH-2630",
"AUTH-2630-A02",
"AUTH-2635-A01",
"AUTH-2635-A02",
"AUTH-2635-A03",
"AUTH-2817-A03",
"AUTH-2817-A04",
"AUTH-2817-A05",
"AUTH-2935-A02",
"AUTH-3038",
"AUTH-3069",
"AUTH-3077",
"AUTH-3078",
"AUTH-3108-A05",
"AUTH-3112-A14",
"AUTH-3151-A08",
"AUTH-3161",
"AUTH-3258",
"AUTH-3258-A01",
"AUTH-3258-A04",
"AUTH-3258-A07",
"AUTH-3258-A10",
"AUTH-3450",
"AUTH-3458-A01",
"AUTH-3542-A09",
"AUTH-3562",
"AUTH-3594-A05",
"AUTH-3645-A05",
"AUTH-3645-A06",
"AUTH-3647-A01",
"AUTH-3647-A02",
"AUTH-3648-A06",
"AUTH-3648-A10",
"AUTH-3672-A01",
"AUTH-384",
"AUTH-3906",
"AUTH-3963-A03",
"AUTH-4006-A14",
"AUTH-4027-A03",
"AUTH-4125-A02",
"AUTH-4127-A04",
"AUTH-4130",
"AUTH-4130-A01",
"AUTH-4133-A01",
"AUTH-4135-A01",
"AUTH-505",
"AUTH-505-A02",
"AUTH-532-A03",
"AUTH-550",
"AUTH-550-A01",
"AUTH-550-A06",
"AUTH-586",
"AUTH-670-A06",
"AUTH-756-A03",
"AUTH-756-A04",
"AUTH-762",
"AUTH-762-A01",
"AUTH-803-A03",
"AUTH-806",
"AUTH-806-A01",
"AUTH-825-A01",
"AUTH-827-A04",
"AUTH-827-A05",
"AUTH-827-A06",
"AUTH-827-A09",
"AUTH-827-A13",
"AUTH-827-A14",
"AUTH-837-A06",
"AUTH-837-A13",
"AUTH-838",
"AUTH-838-A04",
"AUTH-838-A06",
"AUTH-838-A08",
"AUTH-838-A24",
"AUTH-838-A34",
"AUTH-846",
"AUTH-846-A01",
"AUTH-846-A02",
"AUTH-846-A07",
"AUTH-846-A10",
"AUTH-846-A11",
"AUTH-846-A16",
"AUTH-846-A17",
"AUTH-846-A20",
"AUTH-846-A21",
"AUTH-846-A26",
"AUTH-846-A27",
"AUTH-846-A30",
"AUTH-846-A31",
"AUTH-846-A36",
"AUTH-846-A39",
"AUTH-846-A40",
"AUTH-846-A45",
"AUTH-846-A46",
"AUTH-849",
"AUTH-849-A10",
"AUTH-849-A17",
"AUTH-849-A28",
"AUTH-849-A33",
"AUTH-849-A34",
"AUTH-849-A45",
"AUTH-849-A48",
"AUTH-849-A49",
"AUTH-849-A60",
"AUTH-850-A04",
"AUTH-850-A24",
"AUTH-850-A33",
"AUTH-850-A41",
"AUTH-909",
"AUTH-914",
"AUTH-915",
"AUTH-915-A07",
"AUTH-915-A13",
"AUTH-915-A14",
"AUTH-919-A01",
"AUTH-919-A07",
"AUTH-949-A18",
"COM-004",
"COMP-001-A41",
"COMP-001-A83",
"COMP-074-A02",
"COMP-074-A09",
"COMP-1055",
"COMP-1079-A02",
"COMP-1079-A10",
"COMP-1812-A02",
"COMP-1817",
"COMP-1904-A01",
"COMP-1960-A05",
"COMP-2012-A02",
"COMP-2129-A03",
"COMP-2129-A09",
"COMP-2182-A02",
"COMP-3983-A09",
"COMP-3983-A10",
"COMP-3983-A14",
"CRYP-1017-A01",
"CRYP-1028-A03",
"CRYP-1103-A11",
"CRYP-1227",
"CRYP-1227-A02",
"CRYP-1227-A08",
"CRYP-1250-A10",
"CRYP-1255-A01",
"CRYP-1305-A03",
"CRYP-1305-A06",
"CRYP-1323-A02",
"CRYP-1421-A07",
"CRYP-1431-A08",
"CRYP-1433-A01",
"CRYP-1433-A05",
"CRYP-1466",
"CRYP-1466-A01",
"CRYP-1466-A02",
"CRYP-1469-A01",
"CRYP-1519-A06",
"CRYP-1530-A02",
"CRYP-1722-A02",
"CRYP-1722-A07",
"CRYP-1791-A02",
"CRYP-1884-A04",
"CRYP-193-A03",
"CRYP-1993-A03",
"CRYP-2094-A03",
"CRYP-721-A02",
"CRYP-868-A02",
"CRYP-886-A01",
"DATA-014-A01",
"DATA-2668-A01",
"DATA-4666-A04",
"FIN-852",
"FIN-891-A08",
"GOV-1403-A12",
"GOV-1605-A01",
"GOV-1648-A01",
"GOV-1648-A02",
"GOV-3072-A05",
"GOV-3871",
"GOV-3909-A01",
"GOV-3909-A02",
"GOV-500-A02",
"GOV-500-A07",
"GOV-500-A12",
"GOV-500-A17",
"HLT-122-A04",
"IDA-002",
"IDA-005",
"LAB-246-A08",
"LOG-1859",
"LOG-712-A04",
"NET-1233-A07",
"NET-1293-A04",
"NET-1466-A09",
"NET-1471",
"NET-1471-A05",
"NET-1633-A01",
"NET-1669-A02",
"NET-1683-A06",
"NET-351-A09",
"NET-380",
"NET-656-A06",
"NET-656-A14",
"NET-656-A22",
"NET-656-A30",
"NET-656-A38",
"NET-656-A46",
"NET-825-A03",
"NET-857-A02",
"NET-857-A03",
"NET-857-A11",
"NET-859",
"NET-859-A01",
"NET-859-A02",
"NET-859-A03",
"NET-859-A04",
"NET-860-A01",
"NET-867-A07",
"NET-879-A03",
"NET-903-A09",
"NET-931-A02",
"NET-938-A06",
"NET-965-A03",
"SEC-1013-A03",
"SEC-1013-A05",
"SEC-1013-A07",
"SEC-1153-A03",
"SEC-1153-A23",
"SEC-1153-A29",
"SEC-1153-A47",
"SEC-1153-A79",
"SEC-1223",
"SEC-2698-A01",
"SEC-2788-A02",
"SEC-2788-A08",
"SEC-2809-A01",
"SEC-2818-A01",
"SEC-2818-A02",
"SEC-2899",
"SEC-2899-A02",
"SEC-2927-A04",
"SEC-3159-A05",
"SEC-3217-A03",
"SEC-3383-A02",
"SEC-3383-A07",
"SEC-3431-A05",
"SEC-3633-A11",
"SEC-3709-A10",
"SEC-4292",
"SEC-4292-A01",
"SEC-4292-A02",
"SEC-4292-A10",
"SEC-4513",
"SEC-4513-A02",
"SEC-4561-A01",
"SEC-4561-A03",
"SEC-4733-A02",
"SEC-5615",
"SEC-5792-A02",
"SEC-5811-A01",
"SEC-5811-A02",
"SEC-6170-A02",
"SEC-6296",
"SEC-6382-A03",
"SEC-6784-A05",
"SEC-6846-A05",
"SEC-6925-A09",
"SEC-7343-A03",
"SEC-7963-A02",
"SEC-8016",
"SEC-8041-A07",
"SEC-9014-A16",
"SEC-9175"
],
"member_count": 362,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.82,
"source_meta_cluster": "M21",
"cluster_size": 39,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"merged_from": [
"npe_device_authentication"
]
},
{
"id": "auth_key_management",
"name": "Verwaltung von Authentifizierungsschluesseln",
"description": "Symmetrische und asymmetrische Authentifizierungsschluessel sind sicher zu erzeugen, zu speichern (HSM/zertifizierte Module) und zu verwalten.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "credential",
"applicability": "conditional:crypto_auth",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "BSI",
"anchor": "TR-02102",
"role": "best_practice"
}
],
"member_review_units": [
"M74",
"M84",
"M66",
"M143",
"M60",
"M164"
],
"member_controls": [
"AUTH-1650",
"AUTH-1653-A06",
"AUTH-1667-A01",
"AUTH-1675",
"AUTH-1675-A02",
"AUTH-1681",
"AUTH-1681-A01",
"AUTH-1688-A05",
"AUTH-1692-A05",
"AUTH-1709-A07",
"AUTH-1751",
"AUTH-1751-A01",
"AUTH-1751-A02",
"AUTH-1819-A01",
"AUTH-1828",
"AUTH-1828-A01",
"AUTH-1845-A04",
"AUTH-1860-A04",
"AUTH-1861",
"AUTH-1861-A01",
"AUTH-1862",
"AUTH-1862-A01",
"AUTH-1865",
"AUTH-1865-A01",
"AUTH-1865-A08",
"AUTH-1910",
"AUTH-1948",
"AUTH-1949",
"AUTH-1949-A07",
"AUTH-1949-A09",
"AUTH-625",
"AUTH-625-A01",
"COMP-1960",
"COMP-1960-A02",
"COMP-1960-A03",
"CRYP-1044-A01",
"CRYP-1089-A01",
"CRYP-1124-A04",
"CRYP-1158-A06",
"CRYP-1162-A04",
"CRYP-1201-A01",
"CRYP-1217-A02",
"CRYP-1433-A03",
"CRYP-1439",
"CRYP-1439-A01",
"CRYP-1439-A08",
"CRYP-1458-A06",
"CRYP-1458-A09",
"CRYP-1473",
"CRYP-1535",
"CRYP-1535-A04",
"CRYP-1535-A05",
"CRYP-1535-A11",
"CRYP-1872-A02",
"CRYP-780-A02",
"CRYP-952-A01",
"CRYP-973",
"SEC-3683-A04",
"SEC-3735-A02"
],
"member_count": 59,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.82,
"source_meta_cluster": "M74",
"cluster_size": 18,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "biometric_authentication",
"name": "Biometrische Authentifizierung",
"description": "Biometrische Authentifizierung ist mit definierten Fehlerquoten, Deaktivierbarkeit und sicherer Verarbeitung umzusetzen.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "biometrics",
"applicability": "conditional:biometric",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "SP 800-63B 5.2.3",
"role": "best_practice"
}
],
"member_review_units": [
"M101",
"M51",
"M38",
"M115",
"M100",
"M30"
],
"member_controls": [
"AUTH-1049-A35",
"AUTH-1049-A50",
"AUTH-1303-A05",
"AUTH-1624",
"AUTH-1637",
"AUTH-1637-A01",
"AUTH-1725",
"AUTH-1790-A04",
"AUTH-1901-A05",
"AUTH-2452-A07",
"AUTH-2464",
"AUTH-2689-A04",
"AUTH-2873-A04",
"AUTH-2883-A03",
"AUTH-2883-A05",
"AUTH-2894-A07",
"AUTH-2898-A02",
"AUTH-2945-A11",
"AUTH-3161",
"AUTH-3166-A07",
"AUTH-3595-A02",
"AUTH-3652-A11",
"AUTH-3677-A04",
"AUTH-3921",
"AUTH-3947",
"AUTH-4006-A14",
"AUTH-4135-A01",
"AUTH-577-A04",
"AUTH-637-A31",
"AUTH-661-A09",
"AUTH-661-A22",
"AUTH-827-A04",
"AUTH-827-A13",
"AUTH-895-A07",
"AUTH-895-A17",
"AUTH-895-A27",
"CRYP-1064-A10",
"CRYP-1684-A07",
"CRYP-1927-A13",
"DATA-1810-A02",
"DATA-4666-A04",
"SEC-019-A02",
"SEC-019-A14",
"SEC-019-A29",
"SEC-3383",
"SEC-3383-A01",
"SEC-4028-A04",
"SEC-6846-A05",
"SEC-7793-A09",
"SEC-8996-A06"
],
"member_count": 50,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.82,
"source_meta_cluster": "M101",
"cluster_size": 7,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "federated_auth_assertions",
"name": "Foederierte Authentifizierung und Assertions",
"description": "Bei foederierter Authentifizierung (SAML/OIDC) sind Assertions einmalig zu verwenden, IdP-Namespaces zu trennen und FAL-Anforderungen einzuhalten.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "token",
"applicability": "conditional:federation",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "SP 800-63C",
"role": "best_practice"
}
],
"member_review_units": [
"M23",
"M49",
"M124",
"M125",
"M127",
"M129",
"M28"
],
"member_controls": [
"AUT-002",
"AUTH-088-A06",
"AUTH-1005-A01",
"AUTH-1052-A13",
"AUTH-1052-A22",
"AUTH-1052-A36",
"AUTH-1059",
"AUTH-1312-A01",
"AUTH-1468-A09",
"AUTH-1574-A02",
"AUTH-1658",
"AUTH-1658-A01",
"AUTH-1658-A06",
"AUTH-1658-A07",
"AUTH-1663-A06",
"AUTH-1785-A07",
"AUTH-1859-A01",
"AUTH-2417-A02",
"AUTH-2573-A02",
"AUTH-2793-A04",
"AUTH-3286-A07",
"AUTH-3545-A01",
"AUTH-3634",
"AUTH-3642-A04",
"AUTH-3981-A06",
"AUTH-4000-A01",
"AUTH-515",
"AUTH-515-A02",
"AUTH-515-A03",
"AUTH-515-A04",
"AUTH-515-A07",
"AUTH-524-A02",
"AUTH-524-A06",
"AUTH-524-A09",
"AUTH-586-A01",
"AUTH-700-A01",
"AUTH-742-A08",
"AUTH-756-A03",
"AUTH-756-A04",
"AUTH-762",
"AUTH-762-A01",
"AUTH-762-A06",
"AUTH-816",
"AUTH-820",
"AUTH-820-A01",
"AUTH-825-A01",
"AUTH-838",
"AUTH-838-A04",
"AUTH-838-A06",
"AUTH-838-A08",
"AUTH-838-A24",
"AUTH-838-A34",
"AUTH-849-A14",
"AUTH-849-A15",
"AUTH-849-A21",
"AUTH-849-A22",
"AUTH-849-A38",
"AUTH-849-A39",
"AUTH-849-A53",
"AUTH-849-A54",
"AUTH-849-A68",
"AUTH-855-A04",
"AUTH-855-A19",
"AUTH-855-A34",
"AUTH-855-A50",
"AUTH-855-A64",
"AUTH-898",
"AUTH-898-A09",
"AUTH-898-A17",
"AUTH-906-A04",
"AUTH-906-A09",
"AUTH-906-A14",
"AUTH-906-A18",
"AUTH-906-A24",
"AUTH-941-A03",
"AUTH-941-A09",
"AUTH-941-A16",
"AUTH-961-A15",
"BND-001-A02",
"BND-001-A07",
"CRYP-1172-A02",
"CRYP-1257",
"CRYP-1389-A07",
"CRYP-436",
"CRYP-873-A07",
"IDF-004",
"IDF-004-A01",
"IDF-006",
"INC-978-A11",
"LOG-712-A04",
"NET-1683-A02",
"SEC-1153-A03",
"SEC-1153-A23",
"SEC-1153-A29",
"SEC-1153-A47",
"SEC-1153-A79",
"SEC-2809-A03",
"SEC-8104",
"SEC-8104-A04",
"SEC-8244-A10"
],
"member_count": 100,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.8,
"source_meta_cluster": "M49",
"cluster_size": 3,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "separate_authn_authz",
"name": "Trennung von Authentifizierung und Autorisierung",
"description": "Authentifizierungsschritt ist von Autorisierung/Anwendung zu trennen; minimal notwendige Daten verwenden.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "credential",
"applicability": "universal",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": false
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AC-03",
"role": "best_practice"
}
],
"member_review_units": [
"M37",
"M129",
"M130",
"M40"
],
"member_controls": [
"AUTH-1300-A02",
"AUTH-1437-A02",
"AUTH-1437-A03",
"AUTH-1441-A07",
"AUTH-1441-A08",
"AUTH-1468-A02",
"AUTH-148-A11",
"AUTH-1678-A07",
"AUTH-1747",
"AUTH-1753-A05",
"AUTH-1817",
"AUTH-1835-A08",
"AUTH-1839-A05",
"AUTH-1843-A07",
"AUTH-1843-A09",
"AUTH-1913",
"AUTH-1947-A07",
"AUTH-1959-A04",
"AUTH-1959-A06",
"AUTH-1959-A08",
"AUTH-2419-A06",
"AUTH-2425",
"AUTH-2466-A08",
"AUTH-2553-A12",
"AUTH-2906-A01",
"AUTH-2906-A08",
"AUTH-2933-A04",
"AUTH-2935",
"AUTH-2935-A08",
"AUTH-2937-A05",
"AUTH-2943-A08",
"AUTH-2987-A06",
"AUTH-2996-A05",
"AUTH-3255",
"AUTH-3430-A02",
"AUTH-3652",
"AUTH-3652-A01",
"AUTH-3652-A02",
"AUTH-3652-A03",
"AUTH-3652-A04",
"AUTH-3652-A09",
"AUTH-3908-A04",
"AUTH-4007-A06",
"AUTH-4031-A07",
"AUTH-4043",
"AUTH-4043-A06",
"AUTH-4135-A03",
"AUTH-577-A06",
"AUTH-592-A04",
"AUTH-710-A02",
"AUTH-745-A05",
"AUTH-748",
"AUTH-748-A02",
"AUTH-784-A04",
"AUTH-784-A05",
"AUTH-784-A06",
"AUTH-789",
"AUTH-789-A01",
"AUTH-906-A04",
"AUTH-906-A09",
"AUTH-906-A14",
"AUTH-906-A18",
"AUTH-906-A24",
"AUTH-925-A02",
"AUTH-925-A09",
"AUTH-925-A17",
"AUTH-933",
"AUTH-941-A03",
"AUTH-941-A09",
"AUTH-941-A16",
"AUTH-942",
"COMP-1735-A09",
"COMP-3983-A12",
"CRYP-1255",
"CRYP-1271",
"CRYP-1702-A03",
"CRYP-191-A02",
"CRYP-224-A08",
"CRYP-873",
"DATA-2663-A04",
"NET-1014-A04",
"NET-1291-A16",
"NET-1471-A01",
"SEC-1085",
"SEC-2853-A04",
"SEC-5792-A04",
"SEC-6107-A02",
"SEC-8104"
],
"member_count": 88,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.75,
"source_meta_cluster": "M129",
"cluster_size": 9,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "remote_access_authentication",
"name": "Starke Authentifizierung fuer Remote-/Wartungszugriffe",
"description": "Remote-, WLAN- und Wartungszugriffe muessen ueber Authentifizierungs-Gateways mit starker Authentifizierung abgesichert werden.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "credential",
"applicability": "conditional:remote_access",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "NIST",
"anchor": "AC-17",
"role": "best_practice"
}
],
"member_review_units": [
"M1",
"M13",
"M96",
"M144",
"M46"
],
"member_controls": [
"ACC-001-A14",
"ACC-001-A17",
"ACC-001-A29",
"ACC-0410-A03",
"ACC-082-A08",
"ACC-082-A09",
"ACC-082-A17",
"ACC-082-A18",
"ACC-320-A16",
"ACC-320-A18",
"ACC-320-A24",
"ACC-320-A34",
"ACC-320-A40",
"ACC-320-A48",
"ACC-478-A08",
"ACC-499-A07",
"ACC-508-A06",
"ACC-559-A04",
"ACC-578-A07",
"ACC-584-A05",
"ACC-607",
"AI-052-A28",
"AI-052-A29",
"AI-797-A09",
"AI-797-A18",
"AI-797-A36",
"AI-797-A45",
"AI-924-A13",
"AI-924-A14",
"AUTH-008-A25",
"AUTH-047-A02",
"AUTH-1049-A56",
"AUTH-1050-A13",
"AUTH-1061-A75",
"AUTH-1084",
"AUTH-1093-A03",
"AUTH-1095-A02",
"AUTH-1096",
"AUTH-1096-A01",
"AUTH-1102-A14",
"AUTH-112-A04",
"AUTH-112-A17",
"AUTH-1135-A03",
"AUTH-1135-A04",
"AUTH-1168-A02",
"AUTH-1168-A03",
"AUTH-1288",
"AUTH-1299-A05",
"AUTH-1300-A05",
"AUTH-1313-A04",
"AUTH-1314-A03",
"AUTH-1445-A02",
"AUTH-1463-A04",
"AUTH-1463-A09",
"AUTH-1466-A09",
"AUTH-1468-A01",
"AUTH-1468-A06",
"AUTH-1522-A04",
"AUTH-1522-A05",
"AUTH-1524-A04",
"AUTH-1529-A04",
"AUTH-1634-A04",
"AUTH-1640-A01",
"AUTH-1645",
"AUTH-1645-A02",
"AUTH-1669-A05",
"AUTH-1669-A06",
"AUTH-1679",
"AUTH-1679-A02",
"AUTH-1711-A06",
"AUTH-1742-A01",
"AUTH-1742-A07",
"AUTH-1748-A04",
"AUTH-1748-A06",
"AUTH-1759-A05",
"AUTH-1790",
"AUTH-1806",
"AUTH-1818-A11",
"AUTH-1860-A05",
"AUTH-1860-A08",
"AUTH-1860-A09",
"AUTH-1862-A09",
"AUTH-1865-A12",
"AUTH-187-A11",
"AUTH-1910-A05",
"AUTH-1912-A07",
"AUTH-1940-A04",
"AUTH-2121-A04",
"AUTH-2315-A04",
"AUTH-2338-A04",
"AUTH-2338-A09",
"AUTH-2399-A07",
"AUTH-2405-A06",
"AUTH-2411",
"AUTH-2413",
"AUTH-2413-A01",
"AUTH-2421-A03",
"AUTH-2444-A08",
"AUTH-2553",
"AUTH-2553-A02",
"AUTH-2660-A02",
"AUTH-2793",
"AUTH-2793-A02",
"AUTH-2805-A06",
"AUTH-2805-A11",
"AUTH-2850",
"AUTH-2851-A10",
"AUTH-2875-A01",
"AUTH-2879",
"AUTH-2879-A02",
"AUTH-2943-A01",
"AUTH-2974-A04",
"AUTH-2979-A07",
"AUTH-3004",
"AUTH-3007-A03",
"AUTH-3011-A06",
"AUTH-3016",
"AUTH-3045-A04",
"AUTH-3068-A06",
"AUTH-3082-A10",
"AUTH-3266-A07",
"AUTH-3399-A06",
"AUTH-3460-A04",
"AUTH-3461-A03",
"AUTH-3461-A05",
"AUTH-3486-A05",
"AUTH-3486-A10",
"AUTH-3541-A06",
"AUTH-3542-A06",
"AUTH-3545",
"AUTH-3554-A02",
"AUTH-3595",
"AUTH-3595-A06",
"AUTH-3595-A08",
"AUTH-3596",
"AUTH-3596-A04",
"AUTH-3597-A06",
"AUTH-3599-A04",
"AUTH-3638",
"AUTH-3643-A06",
"AUTH-3647",
"AUTH-3751-A08",
"AUTH-3948-A04",
"AUTH-3958-A02",
"AUTH-3963-A03",
"AUTH-3964-A07",
"AUTH-3993",
"AUTH-3993-A02",
"AUTH-4027-A02",
"AUTH-4028-A05",
"AUTH-4030-A03",
"AUTH-4031-A08",
"AUTH-4032-A02",
"AUTH-4036-A04",
"AUTH-4085",
"AUTH-4085-A01",
"AUTH-4095-A17",
"AUTH-494-A02",
"AUTH-505",
"AUTH-505-A02",
"AUTH-505-A06",
"AUTH-532-A02",
"AUTH-550",
"AUTH-550-A01",
"AUTH-550-A06",
"AUTH-559-A04",
"AUTH-559-A13",
"AUTH-584-A06",
"AUTH-586",
"AUTH-586-A03",
"AUTH-586-A04",
"AUTH-615-A06",
"AUTH-623-A07",
"AUTH-623-A08",
"AUTH-710-A06",
"AUTH-732-A01",
"AUTH-743-A04",
"AUTH-743-A10",
"AUTH-751-A05",
"AUTH-751-A06",
"AUTH-751-A07",
"AUTH-751-A08",
"AUTH-762-A11",
"AUTH-774-A01",
"AUTH-782-A06",
"AUTH-784-A08",
"AUTH-784-A09",
"AUTH-795-A02",
"AUTH-804-A05",
"AUTH-822-A06",
"AUTH-822-A08",
"AUTH-824-A15",
"AUTH-836",
"AUTH-836-A01",
"AUTH-836-A02",
"AUTH-836-A06",
"AUTH-836-A08",
"AUTH-836-A09",
"AUTH-836-A12",
"AUTH-836-A17",
"AUTH-836-A18",
"AUTH-837-A07",
"AUTH-845-A06",
"AUTH-845-A07",
"AUTH-845-A18",
"AUTH-845-A19",
"AUTH-845-A29",
"AUTH-845-A38",
"AUTH-845-A39",
"AUTH-845-A50",
"AUTH-845-A54",
"AUTH-845-A55",
"AUTH-846-A09",
"AUTH-846-A19",
"AUTH-846-A29",
"AUTH-846-A38",
"AUTH-846-A48",
"AUTH-849-A03",
"AUTH-849-A12",
"AUTH-849-A19",
"AUTH-849-A26",
"AUTH-849-A27",
"AUTH-849-A31",
"AUTH-849-A32",
"AUTH-849-A36",
"AUTH-849-A43",
"AUTH-849-A44",
"AUTH-849-A46",
"AUTH-849-A47",
"AUTH-849-A51",
"AUTH-849-A58",
"AUTH-849-A59",
"AUTH-850-A19",
"AUTH-850-A29",
"AUTH-850-A38",
"AUTH-850-A46",
"AUTH-925-A05",
"AUTH-925-A06",
"AUTH-925-A12",
"AUTH-986-A08",
"AUTH-986-A09",
"AUTH-995-A05",
"AUTH-995-A85",
"AUTH-996-A04",
"AUTH-996-A17",
"COMP-1055",
"COMP-1264-A04",
"COMP-1904-A06",
"COMP-1904-A07",
"COMP-1948",
"COMP-1948-A02",
"COMP-2129-A04",
"CRYP-1013-A01",
"CRYP-1141-A09",
"CRYP-1210-A09",
"CRYP-1299-A09",
"CRYP-1372-A05",
"CRYP-1421-A07",
"CRYP-1433-A07",
"CRYP-1725-A02",
"CRYP-1750-A09",
"CRYP-1755-A04",
"CRYP-1864-A05",
"CRYP-191",
"CRYP-193-A03",
"CRYP-1993-A03",
"CRYP-2142-A06",
"CRYP-2148-A06",
"CRYP-2179-A09",
"CRYP-2334",
"CRYP-289",
"CRYP-303",
"CRYP-447-A20",
"CRYP-637-A10",
"CRYP-671-A01",
"CRYP-671-A02",
"CRYP-713-A07",
"CRYP-738-A06",
"CRYP-790",
"CRYP-876-A07",
"CRYP-877-A06",
"CRYP-900-A04",
"CRYP-914-A06",
"DATA-2493-A12",
"DATA-2510-A07",
"DATA-3376-A06",
"DATA-4225-A04",
"DATA-4317-A05",
"DATA-598-A05",
"DATA-598-A06",
"GOV-180-A06",
"GOV-180-A12",
"GOV-2076-A13",
"GOV-3110-A02",
"LOG-107-A02",
"LOG-1861-A06",
"NET-1233-A07",
"NET-1293-A02",
"NET-334-A04",
"NET-334-A10",
"NET-806-A02",
"NET-857-A06",
"NET-857-A12",
"NET-860-A09",
"NET-879-A03",
"NET-901-A04",
"NET-920-A02",
"NET-965",
"SEC-052-A06",
"SEC-093-A05",
"SEC-093-A06",
"SEC-2643-A15",
"SEC-2738-A06",
"SEC-2809",
"SEC-2809-A02",
"SEC-2809-A05",
"SEC-2809-A09",
"SEC-2841-A03",
"SEC-2853-A01",
"SEC-3383-A03",
"SEC-3406",
"SEC-3740-A03",
"SEC-3842-A02",
"SEC-3965-A02",
"SEC-4028-A03",
"SEC-4076-A02",
"SEC-4292-A12",
"SEC-4295",
"SEC-4295-A04",
"SEC-4509",
"SEC-4513-A07",
"SEC-4560-A03",
"SEC-5435-A03",
"SEC-5505-A05",
"SEC-5767-A01",
"SEC-6784-A08",
"SEC-6804-A01",
"SEC-6804-A02",
"SEC-6833-A07",
"SEC-7963-A03",
"SEC-7963-A04",
"SEC-7984-A07",
"SEC-8334-A06"
],
"member_count": 343,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.8,
"source_meta_cluster": "M13",
"cluster_size": 65,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "supplier_access_auth",
"name": "Starke Authentifizierung fuer Lieferanten-/Vendor-Zugriffe",
"description": "Externe Lieferanten- und Vendor-Zugriffe erfordern starke (Multi-Faktor-)Authentifizierung.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "mfa",
"applicability": "conditional:third_party_access",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": true
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "ISO",
"anchor": "ISO 27001 A.5.19",
"role": "best_practice"
}
],
"member_review_units": [
"M94",
"M29"
],
"member_controls": [
"AUTH-088-A07",
"AUTH-1011-A11",
"AUTH-1011-A13",
"AUTH-2473-A01",
"AUTH-2473-A02",
"AUTH-2484-A01",
"AUTH-2552-A03",
"AUTH-2689-A02",
"AUTH-2968",
"AUTH-2996",
"AUTH-3021-A07",
"AUTH-3165-A02",
"AUTH-3333-A06",
"AUTH-3469-A03",
"AUTH-3547",
"AUTH-3659-A01",
"AUTH-3705-A02",
"AUTH-3825-A08",
"AUTH-3887-A01",
"AUTH-3908-A05",
"AUTH-3915",
"AUTH-3915-A01",
"AUTH-3929-A01",
"AUTH-3958-A03",
"AUTH-3968-A09",
"AUTH-3977-A02",
"AUTH-4083-A05",
"AUTH-538-A04",
"AUTH-648-A02",
"AUTH-745-A04",
"AUTH-785-A02",
"AUTH-803",
"AUTH-824-A09",
"AUTH-824-A16",
"AUTH-845-A02",
"AUTH-845-A14",
"AUTH-845-A25",
"AUTH-845-A28",
"AUTH-845-A46",
"AUTH-902",
"AUTH-903-A21",
"AUTH-903-A22",
"COMP-3978-A02",
"CRYP-1751",
"CRYP-1751-A01",
"GIA-002",
"LOG-1506-A03",
"LOG-967-A06",
"NET-040-A03",
"NET-040-A12",
"NET-1166-A05",
"NET-1787-A12",
"SEC-171-A47",
"SEC-2781-A01",
"SEC-387-A10",
"SEC-387-A24",
"SEC-3870",
"SEC-418-A15",
"SEC-5767",
"SEC-5915-A06",
"SEC-7686-A05",
"SEC-8847-A02"
],
"member_count": 62,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.72,
"source_meta_cluster": "M94",
"cluster_size": 55,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
},
{
"id": "personal_admin_accounts",
"name": "Persoenliche Authentifizierung fuer Administratoren",
"description": "Administratoren muessen persoenliche, eindeutige Authentifizierungsmittel verwenden; keine Gruppen-/geteilten Konten ohne Rollentrennung.",
"tier": "BEST_PRACTICE",
"family": "authentication",
"subdomain": "credential",
"applicability": "conditional:admin_access",
"evidence_facets": {
"governance": true,
"capability": true,
"evidence": false
},
"source_role": "GUIDANCE",
"legal_basis": [],
"guidance_basis": [
{
"source": "ISO",
"anchor": "ISO 27001 A.8.2",
"role": "best_practice"
},
{
"source": "NIST",
"anchor": "IA-04",
"role": "best_practice"
}
],
"member_review_units": [
"M35",
"M53"
],
"member_controls": [
"AUTH-1283-A03",
"AUTH-1295-A02",
"AUTH-1313-A02",
"AUTH-1524-A03",
"AUTH-1627",
"AUTH-1631-A01",
"AUTH-1634",
"AUTH-1634-A01",
"AUTH-1646",
"AUTH-1661-A10",
"AUTH-1669-A01",
"AUTH-1693",
"AUTH-1693-A01",
"AUTH-1721-A01",
"AUTH-1734-A02",
"AUTH-1811-A08",
"AUTH-1858",
"AUTH-1915",
"AUTH-1915-A01",
"AUTH-2317-A02",
"AUTH-2375-A05",
"AUTH-2416",
"AUTH-2416-A05",
"AUTH-2416-A08",
"AUTH-2423",
"AUTH-2423-A04",
"AUTH-2430-A01",
"AUTH-2793-A01",
"AUTH-2850-A03",
"AUTH-2850-A04",
"AUTH-2875-A02",
"AUTH-2921",
"AUTH-2945",
"AUTH-2956",
"AUTH-2975",
"AUTH-2995",
"AUTH-3016-A14",
"AUTH-3017-A07",
"AUTH-3018-A05",
"AUTH-3255-A02",
"AUTH-3258-A02",
"AUTH-3305",
"AUTH-3425-A03",
"AUTH-3430-A01",
"AUTH-3550-A02",
"AUTH-3597-A01",
"AUTH-3751-A04",
"AUTH-3865-A07",
"AUTH-3948-A02",
"AUTH-3955-A07",
"AUTH-3958-A01",
"AUTH-3958-A06",
"AUTH-3987",
"AUTH-3987-A02",
"AUTH-4050",
"AUTH-4121-A02",
"AUTH-670",
"AUTH-718",
"AUTH-818-A08",
"AUTH-818-A14",
"AUTH-850",
"AUTH-919",
"AUTH-987",
"AUTH-987-A01",
"AUTH-987-A23",
"AUTH-987-A24",
"COMP-1264",
"COMP-1745-A03",
"COMP-1886-A08",
"COMP-262-A01",
"COMP-2876-A05",
"COMP-3983",
"COMP-3983-A13",
"CRYP-1134-A05",
"CRYP-1159-A02",
"CRYP-1712-A01",
"CRYP-1732-A01",
"CRYP-1942-A10",
"CRYP-2101-A02",
"CRYP-2173-A01",
"CRYP-2363-A05",
"CRYP-880-A04",
"DATA-4027-A02",
"NET-004-A05",
"NET-004-A09",
"NET-004-A19",
"NET-104-A02",
"NET-104-A10",
"NET-1293-A07",
"NET-1309-A01",
"NET-1343-A05",
"NET-149-A01",
"NET-149-A11",
"NET-1856-A05",
"SEC-171-A16",
"SEC-171-A34",
"SEC-2035-A04",
"SEC-2153-A03",
"SEC-2809-A04",
"SEC-3223",
"SEC-3643-A08",
"SEC-3728-A08",
"SEC-4561-A04",
"SEC-5610-A02",
"SEC-5780",
"SEC-8325"
],
"member_count": 106,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.74,
"source_meta_cluster": "M35",
"cluster_size": 99,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
},
"merged_from": [
"distinct_credentials_per_role"
]
},
{
"id": "firmware_software_authentication",
"name": "Authentifizierung von Software-/Firmware-Komponenten",
"description": "Software- und Firmware-Komponenten sowie Updates sind kryptografisch zu authentisieren und zu signieren.",
"tier": "LEGAL_MINIMUM",
"family": "authentication",
"subdomain": "credential",
"applicability": "universal",
"evidence_facets": {
"governance": false,
"capability": true,
"evidence": true
},
"source_role": "LEGAL_BASIS",
"legal_basis": [
{
"source": "CRA",
"regulation_code": "eu_2024_2847",
"anchor": "Annex I (2)(c)",
"citation": "ensure that vulnerabilities can be addressed through security updates... ensuring integrity"
}
],
"guidance_basis": [
{
"source": "NIST",
"anchor": "SI-07",
"role": "best_practice"
}
],
"member_review_units": [
"M79",
"M44",
"M118",
"M168",
"M167"
],
"member_controls": [
"AUTH-1480",
"AUTH-1480-A01",
"AUTH-1677-A02",
"AUTH-1677-A08",
"AUTH-1746",
"AUTH-1746-A01",
"AUTH-1825",
"AUTH-2371-A05",
"AUTH-2416-A07",
"AUTH-2438",
"AUTH-2817-A01",
"AUTH-3068",
"AUTH-3068-A01",
"AUTH-3068-A03",
"AUTH-3068-A05",
"AUTH-3073-A01",
"AUTH-3554-A01",
"AUTH-3554-A05",
"AUTH-3712",
"AUTH-4048",
"AUTH-4053",
"AUTH-4130-A03",
"CRYP-1089-A02",
"CRYP-1214-A04",
"CRYP-1751-A10",
"CRYP-1751-A11",
"DATA-1240-A08",
"DATA-2572",
"DATA-3649-A14",
"INC-946-A11",
"NET-981-A10",
"SEC-1085-A09",
"SEC-3991",
"SEC-5595",
"SEC-6377",
"SEC-6784-A01",
"SEC-6784-A02"
],
"member_count": 37,
"relationships": [],
"citation_anchor_ids": [],
"citation_status": "pending_span_anchor",
"review_status": "draft",
"provenance": {
"discovery_confidence": 0.78,
"source_meta_cluster": "M79",
"cluster_size": 4,
"llm_model": "claude-opus-4-8",
"synthesis_version": "v1"
}
}
],
"relationships": [
{
"type": "depends_on",
"from": "mfa_privileged_access",
"to": "mfa_required",
"note": "MFA fuer Privilegierte konkretisiert allgemeine MFA-Pflicht"
},
{
"type": "depends_on",
"from": "step_up_authentication",
"to": "user_authentication_required",
"note": "Step-up setzt etablierte Basisauthentifizierung voraus"
},
{
"type": "depends_on",
"from": "password_policy",
"to": "user_authentication_required",
"note": "Passwortregeln gelten innerhalb der Authentifizierungspflicht"
},
{
"type": "supports",
"from": "credential_confidentiality_protection",
"to": "credential_storage_hashing",
"note": "sichere Speicherung dient Vertraulichkeit"
},
{
"type": "supports",
"from": "account_lockout_failed_attempts",
"to": "user_authentication_required",
"note": "Lockout schuetzt Authentifizierung gegen Brute-Force"
},
{
"type": "produces_evidence_for",
"from": "auth_failure_logging",
"to": "user_authentication_required",
"note": "Protokolle belegen Authentifizierungsdurchsetzung"
},
{
"type": "produces_evidence_for",
"from": "auth_testing",
"to": "user_authentication_required",
"note": "Testnachweise belegen Wirksamkeit"
},
{
"type": "produces_evidence_for",
"from": "auth_inventory",
"to": "auth_suitability_assessment",
"note": "Inventar ist Grundlage der Eignungsbewertung"
},
{
"type": "supports",
"from": "auth_anomaly_detection",
"to": "user_authentication_required",
"note": "Anomalieerkennung staerkt Authentifizierungssicherheit"
},
{
"type": "implements",
"from": "mutual_authentication",
"to": "encrypted_auth_channel",
"note": "mTLS realisiert verschluesselten gegenseitig authentisierten Kanal"
},
{
"type": "implements",
"from": "tls_certificate_auth",
"to": "mutual_authentication",
"note": "Zertifikatsauth implementiert gegenseitige Authentifizierung"
},
{
"type": "supports",
"from": "replay_protection_nonce",
"to": "mutual_authentication",
"note": "Nonces verhindern Replay in Auth-Protokollen"
},
{
"type": "derived_from",
"from": "pki_pace_chip_authentication",
"to": "strong_crypto_authentication",
"note": "PACE/Chip-Auth ist konkrete Umsetzung kryptographischer Authentifizierung"
},
{
"type": "supports",
"from": "auth_key_management",
"to": "strong_crypto_authentication",
"note": "Schluesselverwaltung untermauert kryptographische Authentifizierung"
},
{
"type": "depends_on",
"from": "risk_based_authentication",
"to": "auth_risk_assessment",
"note": "AAL-Wahl basiert auf Risikobewertung"
},
{
"type": "depends_on",
"from": "reauth_after_inactivity",
"to": "session_binding_management",
"note": "Reauth ist Teil des Session-Managements"
},
{
"type": "out_of_scope",
"obligation": "pki_pace_chip_authentication",
"review_units": [
"M54",
"M58",
"M61",
"M65",
"M77",
"M137",
"M142",
"M148",
"M166",
"M153",
"M85",
"M86",
"M76",
"M81",
"M133",
"M55",
"M75",
"M78",
"M89",
"M91",
"M56",
"M63",
"M69",
"M80",
"M82",
"M88",
"M22",
"M16",
"M59",
"M60",
"M64",
"M66",
"M70",
"M71",
"M67",
"M68",
"M73",
"M74",
"M83",
"M84",
"M117",
"M143"
],
"note": "domänenfremd (eID/Chip bzw. PSD2-SCA) — nicht CRA-Authentisierung"
},
{
"type": "out_of_scope",
"obligation": "strong_customer_authentication",
"review_units": [
"M92",
"M67",
"M93",
"M11",
"M115"
],
"note": "domänenfremd (eID/Chip bzw. PSD2-SCA) — nicht CRA-Authentisierung"
}
],
"curation": {
"version": "v1",
"method": "human_reasoned_rules",
"rules": [
"crypto_micro→guidance",
"test_evidence→evidence_facet",
"mechanism_families_kept",
"foreign_domain→out_of_scope"
],
"from_obligations": 54,
"to_obligations": 29
}
}
Reference in New Issue View Git Blame Copy Permalink