f169b13dbf
Neue Domaenen hinzugefuegt: - AUTH (20): Authentifizierung, MFA, Privilege Escalation, Cross-Tenant - SESSION (10): Token, Cookies, Fixation, Timeout, SameSite - KEYMGMT (10): Rotation, Provisioning, Revocation, Lifecycle - DEVICE (15): Geraeteidentitaet, Tamper, Provisioning, Safe States - TRANS (10): State Machine, Idempotenz, Race Conditions, Stornierung - DATA (8): Minimierung, Maskierung, Telemetrie, Testdaten Erweitert: CRYPTO +5 (ECB, IV-Reuse, Timing, Fallbacks), ERR +5, REP +5 218 Controls total (war 130) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2694 lines
73 KiB
JSON
2694 lines
73 KiB
JSON
{
|
|
"schema": "payment_controls",
|
|
"version": "1.0",
|
|
"description": "Technische Pruefbibliothek fuer Payment-Terminal-Systeme. Eigene Controls, keine Normkopie.",
|
|
"domains": [
|
|
{
|
|
"id": "PAY",
|
|
"name": "Payment Flow & Transaction Integrity",
|
|
"description": "Zahlungsablauf, Zustandslogik, Idempotenz, Betragsvalidierung"
|
|
},
|
|
{
|
|
"id": "LOG",
|
|
"name": "Logging & Audit",
|
|
"description": "Protokollierung, Audit Trail, Datenmaskierung"
|
|
},
|
|
{
|
|
"id": "CRYPTO",
|
|
"name": "Secrets & Cryptography",
|
|
"description": "Schluesselmanagement, Verschluesselung, Secure Storage"
|
|
},
|
|
{
|
|
"id": "API",
|
|
"name": "API & Backend Security",
|
|
"description": "Authentifizierung, Autorisierung, Input Validation"
|
|
},
|
|
{
|
|
"id": "TERM",
|
|
"name": "Terminal Communication",
|
|
"description": "ZVT/OPI Protokolle, Sequenzen, Fehlercodes"
|
|
},
|
|
{
|
|
"id": "FW",
|
|
"name": "Firmware & Device Integrity",
|
|
"description": "Signierung, Update-Schutz, Manipulationserkennung"
|
|
},
|
|
{
|
|
"id": "REP",
|
|
"name": "Reporting & Reconciliation",
|
|
"description": "Transaktionsberichte, Abgleich, Exportdaten"
|
|
},
|
|
{
|
|
"id": "ACC",
|
|
"name": "Access Control & Administration",
|
|
"description": "Rollenkonzept, Privilegien, Session-Management"
|
|
},
|
|
{
|
|
"id": "ERR",
|
|
"name": "Error Handling & Resilience",
|
|
"description": "Fehlerbehandlung, Recovery, Offline-Szenarien"
|
|
},
|
|
{
|
|
"id": "BLD",
|
|
"name": "Build, Deployment & Supply Chain",
|
|
"description": "CI/CD Sicherheit, Abhaengigkeiten, Release-Integritaet"
|
|
},
|
|
{
|
|
"id": "AUTH",
|
|
"name": "Authentication & Authorization",
|
|
"description": "Authentifizierung, Autorisierung, Rollen, Privilegien"
|
|
},
|
|
{
|
|
"id": "SESSION",
|
|
"name": "Session Management",
|
|
"description": "Sitzungsverwaltung, Token, Cookies, Timeout"
|
|
},
|
|
{
|
|
"id": "KEYMGMT",
|
|
"name": "Key Management",
|
|
"description": "Schluessellebenszyklen, Rotation, Provisioning"
|
|
},
|
|
{
|
|
"id": "DEVICE",
|
|
"name": "Device Identity & Integrity",
|
|
"description": "Geraeteidentitaet, Provisioning, Tamper Detection"
|
|
},
|
|
{
|
|
"id": "TRANS",
|
|
"name": "Transaction Integrity",
|
|
"description": "Transaktionslogik, State Machine, Idempotenz"
|
|
},
|
|
{
|
|
"id": "DATA",
|
|
"name": "Data Minimization & Protection",
|
|
"description": "Datenminimierung, Maskierung, Klassifikation"
|
|
},
|
|
{
|
|
"id": "ERROR",
|
|
"name": "Error Handling & Resilience",
|
|
"description": "Fehlerbehandlung, Retry, Fallback, Monitoring"
|
|
},
|
|
{
|
|
"id": "REPORT",
|
|
"name": "Reporting & Reconciliation",
|
|
"description": "Berichte, Abgleich, Export, Audit Trail"
|
|
}
|
|
],
|
|
"controls": [
|
|
{
|
|
"control_id": "PAY-001",
|
|
"domain": "PAY",
|
|
"title": "Eindeutige Transaktions-ID pro Zahlungsvorgang",
|
|
"objective": "Verhindert Vermischung und Mehrfachverarbeitung",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "PAY-002",
|
|
"domain": "PAY",
|
|
"title": "Idempotente Verarbeitung wiederholter Zahlungsanfragen",
|
|
"objective": "Verhindert doppelte Buchungen bei Retries",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "PAY-003",
|
|
"domain": "PAY",
|
|
"title": "Verhinderung doppelter Verbuchung bei Netzwerk-Retry",
|
|
"objective": "Stellt konsistente Zahlungszustaende sicher",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"integration_test",
|
|
"architecture_doc"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "PAY-004",
|
|
"domain": "PAY",
|
|
"title": "Definierter Initialzustand jeder Transaktion",
|
|
"objective": "Verhindert undefinierte Startbedingungen",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "PAY-005",
|
|
"domain": "PAY",
|
|
"title": "Definierte erlaubte Zustandsuebergaenge in der Transaktionslogik",
|
|
"objective": "Verhindert ungueltige State Transitions",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"unit_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "PAY-006",
|
|
"domain": "PAY",
|
|
"title": "Keine direkte Transition in terminalen Erfolgszustand ohne Autorisierung",
|
|
"objective": "Verhindert vorzeitige Freigabe",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"unit_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "PAY-007",
|
|
"domain": "PAY",
|
|
"title": "Abbruchpfade fuehren in definierten Endzustand",
|
|
"objective": "Sichert sauberes Cancel-Handling",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "PAY-008",
|
|
"domain": "PAY",
|
|
"title": "Timeout fuehrt in nachvollziehbaren und sicheren Zustand",
|
|
"objective": "Verhindert haengende Transaktionen",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "PAY-009",
|
|
"domain": "PAY",
|
|
"title": "Rollback oder Reversal-Handling bei Teilfehlschlag",
|
|
"objective": "Reduziert Inkonsistenzen",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"integration_test",
|
|
"architecture_doc"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "PAY-010",
|
|
"domain": "PAY",
|
|
"title": "Fehlerhafte Antworten werden nicht als Erfolg interpretiert",
|
|
"objective": "Verhindert False Positive bei Zahlungsstatus",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"unit_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "PAY-011",
|
|
"domain": "PAY",
|
|
"title": "Betragsvalidierung bei jeder Zahlungsanfrage",
|
|
"objective": "Verhindert Betragmanipulation und negative Werte",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"unit_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "PAY-012",
|
|
"domain": "PAY",
|
|
"title": "Waehrungsfeld wird validiert und konsistent verarbeitet",
|
|
"objective": "Verhindert Fehlverarbeitung bei Mehrwaehrung",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "PAY-013",
|
|
"domain": "PAY",
|
|
"title": "Betragsrundung erfolgt deterministisch und dokumentiert",
|
|
"objective": "Verhindert Abweichungen Frontend/Terminal/Backend",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"unit_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "PAY-014",
|
|
"domain": "PAY",
|
|
"title": "Keine lokale Manipulation des autorisierten Betrags nach Freigabe",
|
|
"objective": "Schuetzt Integritaet der Zahlung",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"unit_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "PAY-015",
|
|
"domain": "PAY",
|
|
"title": "Transaktionskontext bleibt ueber Retry-Versuche konsistent",
|
|
"objective": "Verhindert Kontextverlust",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "PAY-016",
|
|
"domain": "PAY",
|
|
"title": "Antworten ohne Referenz-ID werden nicht akzeptiert",
|
|
"objective": "Verhindert verwaiste Zuordnungen",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "PAY-017",
|
|
"domain": "PAY",
|
|
"title": "Doppelte Callback-Verarbeitung wird unterdrueckt",
|
|
"objective": "Verhindert doppelte Statusupdates",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "PAY-018",
|
|
"domain": "PAY",
|
|
"title": "Asynchrone Statusmeldungen werden korreliert und sequenziell verarbeitet",
|
|
"objective": "Sichert korrekte Reihenfolge",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "PAY-019",
|
|
"domain": "PAY",
|
|
"title": "Geschaeftsvorfall wird erst nach bestaetigtem Zahlungsstatus finalisiert",
|
|
"objective": "Verhindert Business Success ohne Payment Success",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "PAY-020",
|
|
"domain": "PAY",
|
|
"title": "Offline-Zahlungen werden explizit gekennzeichnet",
|
|
"objective": "Verhindert Verwechslung mit final autorisierten Zahlungen",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"reporting_output"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "LOG-001",
|
|
"domain": "LOG",
|
|
"title": "Keine sensitiven Zahlungsdaten im Anwendungslog",
|
|
"objective": "Verhindert Offenlegung sensitiver Daten",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"log_config"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "LOG-002",
|
|
"domain": "LOG",
|
|
"title": "PAN wird in Logs maskiert",
|
|
"objective": "Reduziert Risiko bei Log-Einsicht",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"log_output_sample"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "LOG-003",
|
|
"domain": "LOG",
|
|
"title": "CVV/CVC wird niemals geloggt",
|
|
"objective": "Verhindert Protokollierung sensitiver Authentifizierungsdaten",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "LOG-004",
|
|
"domain": "LOG",
|
|
"title": "Kryptographische Schluessel werden nicht geloggt",
|
|
"objective": "Verhindert Kompromittierung durch Logging",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"log_output_sample"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "LOG-005",
|
|
"domain": "LOG",
|
|
"title": "Admin-Aktionen werden auditierbar protokolliert",
|
|
"objective": "Ermoeglicht Nachvollziehbarkeit privilegierter Handlungen",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"source_code",
|
|
"audit_log_sample"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "LOG-006",
|
|
"domain": "LOG",
|
|
"title": "Konfigurationsaenderungen werden protokolliert",
|
|
"objective": "Ermoeglicht Nachweis kritischer Aenderungen",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"source_code",
|
|
"audit_log_sample"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "LOG-007",
|
|
"domain": "LOG",
|
|
"title": "Fehlgeschlagene Authentifizierungsversuche werden geloggt",
|
|
"objective": "Unterstuetzt Erkennung von Missbrauch",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"audit_log_sample"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "LOG-008",
|
|
"domain": "LOG",
|
|
"title": "Sicherheitsrelevante Ereignisse erhalten eindeutige Event-Typen",
|
|
"objective": "Erleichtert Korrelation und Monitoring",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"log_schema"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "LOG-009",
|
|
"domain": "LOG",
|
|
"title": "Audit-Events enthalten konsistenten Zeitstempel",
|
|
"objective": "Ermoeglicht zeitliche Rekonstruktion",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"audit_log_sample",
|
|
"config"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "LOG-010",
|
|
"domain": "LOG",
|
|
"title": "Audit-Events enthalten eindeutige Terminalkennung",
|
|
"objective": "Ermoeglicht Zuordnung zur Quelle",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"log_schema",
|
|
"audit_log_sample"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "LOG-011",
|
|
"domain": "LOG",
|
|
"title": "Debug-Logging in Produktion deaktiviert",
|
|
"objective": "Verhindert Leaks in produktiven Systemen",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"deployment_config"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "LOG-012",
|
|
"domain": "LOG",
|
|
"title": "Manipulation von Audit-Logs technisch erschwert",
|
|
"objective": "Schuetzt Integritaet des Audit Trails",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"architecture_doc",
|
|
"storage_config"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "LOG-013",
|
|
"domain": "LOG",
|
|
"title": "Fehlermeldungen enthalten keine Stacktraces mit sensitiven Payloads",
|
|
"objective": "Verhindert indirekten Datenabfluss",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"log_output_sample"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "LOG-014",
|
|
"domain": "LOG",
|
|
"title": "Jede Zahlungsentscheidung erzeugt Audit-Eintrag",
|
|
"objective": "Verbindet Business Outcome mit technischer Evidenz",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"audit_log_sample",
|
|
"integration_test"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "LOG-015",
|
|
"domain": "LOG",
|
|
"title": "Log-Retention konfiguriert und dokumentiert",
|
|
"objective": "Sichert Verfuegbarkeit relevanter Ereignishistorie",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"retention_policy",
|
|
"deployment_config"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-001",
|
|
"domain": "CRYPTO",
|
|
"title": "Keine Secrets im Quellcode",
|
|
"objective": "Verhindert Offenlegung im Repository",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"secret_scan"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-002",
|
|
"domain": "CRYPTO",
|
|
"title": "Keine Secrets in Commit-Historie",
|
|
"objective": "Reduziert Leak-Risiko ueber Entwicklungsartefakte",
|
|
"check_target": "repository",
|
|
"evidence": [
|
|
"secret_scan",
|
|
"build_scripts"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-003",
|
|
"domain": "CRYPTO",
|
|
"title": "Keine Schluessel im Klartext in Konfigurationsdateien",
|
|
"objective": "Schuetzt ruhende Geheimnisse",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"config",
|
|
"secret_scan"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-004",
|
|
"domain": "CRYPTO",
|
|
"title": "Secrets aus sicherem Secret Store bezogen",
|
|
"objective": "Verhindert lokale Persistenz",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"architecture_doc",
|
|
"deployment_config"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-005",
|
|
"domain": "CRYPTO",
|
|
"title": "Zugriff auf Secrets rollen-/servicebezogen eingeschraenkt",
|
|
"objective": "Begrenzt Blast Radius",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"iam_config",
|
|
"architecture_doc"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-006",
|
|
"domain": "CRYPTO",
|
|
"title": "Zentrale und freigegebene Krypto-Bibliotheken verwendet",
|
|
"objective": "Verhindert unsichere Eigenimplementierungen",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"dependency_list"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-007",
|
|
"domain": "CRYPTO",
|
|
"title": "Keine veralteten kryptographischen Primitive (MD5, SHA1, DES)",
|
|
"objective": "Verhindert Einsatz schwacher Verfahren",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"dependency_scan"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-008",
|
|
"domain": "CRYPTO",
|
|
"title": "TLS 1.2+ fuer alle externen Verbindungen",
|
|
"objective": "Schuetzt Daten bei Uebertragung",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"config",
|
|
"network_scan"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-009",
|
|
"domain": "CRYPTO",
|
|
"title": "Schluesselrotation implementiert und dokumentiert",
|
|
"objective": "Reduziert Kompromittierungszeitraum",
|
|
"check_target": "process",
|
|
"evidence": [
|
|
"key_mgmt_doc",
|
|
"config"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-010",
|
|
"domain": "CRYPTO",
|
|
"title": "HSM oder Secure Enclave fuer kryptographische Operationen",
|
|
"objective": "Hardwarebasierter Schluesselschutz",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"architecture_doc"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-011",
|
|
"domain": "CRYPTO",
|
|
"title": "Zertifikats-Pinning fuer kritische Verbindungen",
|
|
"objective": "Schuetzt gegen MITM",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"config"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-012",
|
|
"domain": "CRYPTO",
|
|
"title": "Kryptographische Zufallszahlen aus sicherem Generator",
|
|
"objective": "Verhindert vorhersagbare Tokens/Nonces",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-013",
|
|
"domain": "CRYPTO",
|
|
"title": "PIN-Eingabe nur ueber Secure PIN Entry Device",
|
|
"objective": "Schuetzt PIN vor Abgriff",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"architecture_doc",
|
|
"certification"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-014",
|
|
"domain": "CRYPTO",
|
|
"title": "Kartendaten werden verschluesselt uebertragen (P2PE)",
|
|
"objective": "End-to-End Schutz der Kartendaten",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"architecture_doc",
|
|
"network_config"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-015",
|
|
"domain": "CRYPTO",
|
|
"title": "Keine persistente Speicherung vollstaendiger Kartendaten",
|
|
"objective": "Minimiert Daten bei Kompromittierung",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"db_schema"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "API-001",
|
|
"domain": "API",
|
|
"title": "Authentifizierung fuer alle Admin-Endpunkte",
|
|
"objective": "Verhindert unautorisierten Zugriff",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"api_spec"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "API-002",
|
|
"domain": "API",
|
|
"title": "Rollenbasierte Autorisierung",
|
|
"objective": "Least-Privilege Prinzip",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"rbac_config"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "API-003",
|
|
"domain": "API",
|
|
"title": "Rate Limiting implementiert",
|
|
"objective": "Schuetzt gegen Brute Force und DoS",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"config"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "API-004",
|
|
"domain": "API",
|
|
"title": "Keine sensiblen Daten in Fehlermeldungen",
|
|
"objective": "Verhindert Information Leakage",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"api_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "API-005",
|
|
"domain": "API",
|
|
"title": "Input Validation gegen Injection",
|
|
"objective": "Schuetzt gegen SQL/Command Injection",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"security_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "API-006",
|
|
"domain": "API",
|
|
"title": "CORS korrekt konfiguriert",
|
|
"objective": "Verhindert Cross-Origin Angriffe",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"config",
|
|
"security_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "API-007",
|
|
"domain": "API",
|
|
"title": "Session-Timeout fuer Admin-Sessions",
|
|
"objective": "Reduziert Risiko bei verlassenen Sessions",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"config",
|
|
"source_code"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "API-008",
|
|
"domain": "API",
|
|
"title": "API-Versionierung implementiert",
|
|
"objective": "Ermoeglicht kontrollierte Aenderungen",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"api_spec",
|
|
"source_code"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "API-009",
|
|
"domain": "API",
|
|
"title": "Webhook-Callbacks werden authentifiziert",
|
|
"objective": "Verhindert gefaelschte Callbacks",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "API-010",
|
|
"domain": "API",
|
|
"title": "Idempotenz-Keys fuer kritische POST-Operationen",
|
|
"objective": "Verhindert doppelte Ausfuehrung",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"api_spec"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "API-011",
|
|
"domain": "API",
|
|
"title": "Request-Signierung fuer sicherheitskritische Operationen",
|
|
"objective": "Integritaetsschutz der Anfrage",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"api_spec"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "API-012",
|
|
"domain": "API",
|
|
"title": "Keine sensiblen Daten in URL-Parametern",
|
|
"objective": "Verhindert Leakage ueber Logs und Browser-History",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "API-013",
|
|
"domain": "API",
|
|
"title": "Content-Type Validierung bei allen Endpunkten",
|
|
"objective": "Verhindert Content-Type Confusion",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "API-014",
|
|
"domain": "API",
|
|
"title": "Health- und Status-Endpunkte exponieren keine sensitiven Details",
|
|
"objective": "Verhindert Reconnaissance",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"api_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "API-015",
|
|
"domain": "API",
|
|
"title": "Batch-Operationen sind groessenbeschraenkt",
|
|
"objective": "Verhindert Ressourcenerschoepfung",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TERM-001",
|
|
"domain": "TERM",
|
|
"title": "Korrekte Sequenz von Zahlungsbefehlen",
|
|
"objective": "Protokollkonformitaet",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TERM-002",
|
|
"domain": "TERM",
|
|
"title": "Retry-Mechanismus bei Verbindungsabbruch",
|
|
"objective": "Sichert Transaktionsabschluss",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TERM-003",
|
|
"domain": "TERM",
|
|
"title": "Timeout Handling Terminal-Backend",
|
|
"objective": "Verhindert Blockierung",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"config"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TERM-004",
|
|
"domain": "TERM",
|
|
"title": "Fehlercodes korrekt interpretiert",
|
|
"objective": "Verhindert Fehlinterpretation",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"unit_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TERM-005",
|
|
"domain": "TERM",
|
|
"title": "Status-Synchronisation zwischen Terminal und Backend",
|
|
"objective": "Konsistente Zustaende",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"integration_test",
|
|
"architecture_doc"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "TERM-006",
|
|
"domain": "TERM",
|
|
"title": "Verbindungsaufbau zum Terminal authentifiziert",
|
|
"objective": "Verhindert Rogue-Terminal",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"config"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TERM-007",
|
|
"domain": "TERM",
|
|
"title": "Terminal-Registrierung mit eindeutiger Kennung",
|
|
"objective": "Ermoeglicht Asset-Tracking",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"db_schema",
|
|
"admin_ui"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "TERM-008",
|
|
"domain": "TERM",
|
|
"title": "Heartbeat / Keep-Alive fuer Terminal-Verbindung",
|
|
"objective": "Erkennt Verbindungsabbruch frueh",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TERM-009",
|
|
"domain": "TERM",
|
|
"title": "Protokollversion wird geprueft und erzwungen",
|
|
"objective": "Verhindert Downgrade-Angriffe",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TERM-010",
|
|
"domain": "TERM",
|
|
"title": "Kontaktlos-Transaktionen nur ueber zugelassene Kernel",
|
|
"objective": "Sichert NFC-Konformitaet",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"certification",
|
|
"config"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "TERM-011",
|
|
"domain": "TERM",
|
|
"title": "Terminal meldet Tamper-Events an Backend",
|
|
"objective": "Zentrales Monitoring von Manipulationsversuchen",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"integration_test",
|
|
"architecture_doc"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "TERM-012",
|
|
"domain": "TERM",
|
|
"title": "Offline-Queue bei Verbindungsunterbrechung",
|
|
"objective": "Sichert Transaktionsdaten bei Netzausfall",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TERM-013",
|
|
"domain": "TERM",
|
|
"title": "Maximale Queue-Groesse definiert",
|
|
"objective": "Verhindert unkontrollierten Speicherverbrauch",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"config",
|
|
"source_code"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TERM-014",
|
|
"domain": "TERM",
|
|
"title": "End-of-Day / Settlement-Prozess implementiert",
|
|
"objective": "Sichert taeglichen Transaktionsabschluss",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "TERM-015",
|
|
"domain": "TERM",
|
|
"title": "Terminal-Display zeigt korrekten Zahlungsstatus",
|
|
"objective": "Verhindert Fehlkommunikation an Nutzer",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"integration_test"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "FW-001",
|
|
"domain": "FW",
|
|
"title": "Firmware signiert",
|
|
"objective": "Verhindert Installation manipulierter Firmware",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"build_pipeline",
|
|
"signing_config"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "FW-002",
|
|
"domain": "FW",
|
|
"title": "Signaturpruefung vor Firmware-Update",
|
|
"objective": "Blockiert unsignierte Updates",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"update_process"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "FW-003",
|
|
"domain": "FW",
|
|
"title": "Rollback-Mechanismus vorhanden",
|
|
"objective": "Ermoeglicht Recovery nach fehlerhaftem Update",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"architecture_doc",
|
|
"test_report"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "FW-004",
|
|
"domain": "FW",
|
|
"title": "Debug-Interfaces in Produktion deaktiviert",
|
|
"objective": "Verhindert unautorisierten Zugriff",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"deployment_config",
|
|
"security_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "FW-005",
|
|
"domain": "FW",
|
|
"title": "Manipulationserkennung loest Alarm/Sperre aus",
|
|
"objective": "Reaktion auf physische Angriffe",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"architecture_doc",
|
|
"test_report"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "FW-006",
|
|
"domain": "FW",
|
|
"title": "Secure Boot implementiert",
|
|
"objective": "Verhindert Ausfuehrung manipulierter Boot-Images",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"architecture_doc"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "FW-007",
|
|
"domain": "FW",
|
|
"title": "Firmware-Version ist remote abfragbar",
|
|
"objective": "Ermoeglicht Fleet-Management und Compliance-Nachweis",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"api_spec",
|
|
"admin_ui"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "FW-008",
|
|
"domain": "FW",
|
|
"title": "Automatische Update-Benachrichtigung bei kritischen Patches",
|
|
"objective": "Sichert zeitnahe Reaktion auf Schwachstellen",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"architecture_doc"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "FW-009",
|
|
"domain": "FW",
|
|
"title": "Keine Persistenz von Zahlungsdaten ueber Neustart hinaus",
|
|
"objective": "Schuetzt Daten bei physischem Zugriff",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"architecture_doc"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "FW-010",
|
|
"domain": "FW",
|
|
"title": "Physischer Speicher wird bei Tamper-Detection geloescht",
|
|
"objective": "Zerstoert Schluessel bei Manipulation",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"architecture_doc",
|
|
"certification"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "REP-001",
|
|
"domain": "REP",
|
|
"title": "Transaktionsstatus vollstaendig dokumentiert",
|
|
"objective": "Ermoeglicht Nachvollziehbarkeit jeder Zahlung",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"reporting_output",
|
|
"db_schema"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "REP-002",
|
|
"domain": "REP",
|
|
"title": "Audit-Trail verknuepft mit Transaktionen",
|
|
"objective": "Sichert End-to-End Traceability",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"reporting_output",
|
|
"audit_log_sample"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "REP-003",
|
|
"domain": "REP",
|
|
"title": "Exportdaten plausibel und vollstaendig",
|
|
"objective": "Sichert korrekte Weitergabe",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"export_sample",
|
|
"integration_test"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "REP-004",
|
|
"domain": "REP",
|
|
"title": "Fehlercodes nachvollziehbar dokumentiert",
|
|
"objective": "Ermoeglicht Fehleranalyse",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"documentation"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "REP-005",
|
|
"domain": "REP",
|
|
"title": "Revisionssichere Speicherung von Transaktionsdaten",
|
|
"objective": "GoBD/GDPdU-konforme Aufbewahrung",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"architecture_doc",
|
|
"storage_config"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "REP-006",
|
|
"domain": "REP",
|
|
"title": "Tagesabschluss-Report vollstaendig und konsistent",
|
|
"objective": "Sichert taeglichen Abgleich",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"reporting_output",
|
|
"integration_test"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "REP-007",
|
|
"domain": "REP",
|
|
"title": "Summenabgleich Terminal vs. Backend",
|
|
"objective": "Erkennt Differenzen",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"reconciliation_report",
|
|
"integration_test"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "REP-008",
|
|
"domain": "REP",
|
|
"title": "Stornierte Transaktionen korrekt ausgewiesen",
|
|
"objective": "Sichert korrekte Buchhaltungsgrundlage",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"reporting_output"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "REP-009",
|
|
"domain": "REP",
|
|
"title": "Historische Reports nicht nachtraeglich aenderbar",
|
|
"objective": "Schuetzt Integritaet der Berichterstattung",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"architecture_doc",
|
|
"db_config"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "REP-010",
|
|
"domain": "REP",
|
|
"title": "Abrechnungsdaten enthalten keine vollstaendigen Kartennummern",
|
|
"objective": "Minimiert Datenexposition in Reports",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"export_sample"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "ACC-001",
|
|
"domain": "ACC",
|
|
"title": "Individuelle Benutzerkonten fuer alle Administratoren",
|
|
"objective": "Verhindert geteilte Accounts",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"admin_ui",
|
|
"iam_config"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "ACC-002",
|
|
"domain": "ACC",
|
|
"title": "Standard-Passwoerter werden bei Ersteinrichtung erzwungen zu aendern",
|
|
"objective": "Verhindert Default-Credential-Angriffe",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"deployment_doc"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "ACC-003",
|
|
"domain": "ACC",
|
|
"title": "Multi-Faktor-Authentifizierung fuer Admin-Zugang",
|
|
"objective": "Erhoehter Schutz privilegierter Konten",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"iam_config",
|
|
"admin_ui"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "ACC-004",
|
|
"domain": "ACC",
|
|
"title": "Passwort-Komplexitaetsanforderungen implementiert",
|
|
"objective": "Verhindert schwache Passwoerter",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"config"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "ACC-005",
|
|
"domain": "ACC",
|
|
"title": "Account-Sperrung nach fehlgeschlagenen Anmeldeversuchen",
|
|
"objective": "Schuetzt gegen Brute Force",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"config"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "ACC-006",
|
|
"domain": "ACC",
|
|
"title": "Privilegierte Aktionen erfordern erneute Authentifizierung",
|
|
"objective": "Step-Up Authentication",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "ACC-007",
|
|
"domain": "ACC",
|
|
"title": "Inaktive Sessions werden automatisch beendet",
|
|
"objective": "Reduziert Angriffsflaeche bei verlassenen Sessions",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"config",
|
|
"source_code"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "ACC-008",
|
|
"domain": "ACC",
|
|
"title": "Berechtigungsaenderungen werden auditiert",
|
|
"objective": "Nachvollziehbarkeit von Rechteaenderungen",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"audit_log_sample",
|
|
"source_code"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "ACC-009",
|
|
"domain": "ACC",
|
|
"title": "Least-Privilege Prinzip fuer alle Rollen",
|
|
"objective": "Minimiert Rechte auf das Notwendige",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"rbac_config",
|
|
"architecture_doc"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "ACC-010",
|
|
"domain": "ACC",
|
|
"title": "Service-Accounts haben keine interaktive Login-Moeglichkeit",
|
|
"objective": "Verhindert Missbrauch technischer Konten",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"iam_config"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "ERR-001",
|
|
"domain": "ERR",
|
|
"title": "Definierte Fehlerbehandlung fuer alle externen Aufrufe",
|
|
"objective": "Verhindert unkontrollierte Abbrueche",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "ERR-002",
|
|
"domain": "ERR",
|
|
"title": "Graceful Degradation bei Teilausfall",
|
|
"objective": "Sichert Basisfunktionalitaet",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"architecture_doc",
|
|
"integration_test"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "ERR-003",
|
|
"domain": "ERR",
|
|
"title": "Recovery nach Stromausfall ohne Datenverlust",
|
|
"objective": "Transaktionskonsistenz bei Hardwareausfall",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"integration_test",
|
|
"architecture_doc"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "ERR-004",
|
|
"domain": "ERR",
|
|
"title": "Offline-Modus mit definiertem Funktionsumfang",
|
|
"objective": "Klare Grenzen bei fehlender Konnektivitaet",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"documentation"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "ERR-005",
|
|
"domain": "ERR",
|
|
"title": "Automatische Wiederverbindung nach Netzwerkunterbrechung",
|
|
"objective": "Minimiert manuelle Intervention",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "ERR-006",
|
|
"domain": "ERR",
|
|
"title": "Circuit Breaker bei Backend-Ueberlast",
|
|
"objective": "Verhindert Kaskadenausfall",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"config"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "ERR-007",
|
|
"domain": "ERR",
|
|
"title": "Fehlerhafte Datenpakete werden verworfen, nicht verarbeitet",
|
|
"objective": "Verhindert Fehlverarbeitung korrupter Daten",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"unit_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "ERR-008",
|
|
"domain": "ERR",
|
|
"title": "Health-Check-Endpunkt fuer Terminal-Monitoring",
|
|
"objective": "Ermoeglicht proaktive Fehlererkennung",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"api_spec"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "ERR-009",
|
|
"domain": "ERR",
|
|
"title": "Eskalationsprozess bei kritischen Fehlern definiert",
|
|
"objective": "Sichert schnelle Reaktion bei Systemausfall",
|
|
"check_target": "process",
|
|
"evidence": [
|
|
"documentation",
|
|
"runbook"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "ERR-010",
|
|
"domain": "ERR",
|
|
"title": "Wartungsmodus ohne Transaktionsverlust aktivierbar",
|
|
"objective": "Ermoeglicht geplante Wartung ohne Datenverlust",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"admin_ui",
|
|
"integration_test"
|
|
],
|
|
"automation": "partial"
|
|
},
|
|
{
|
|
"control_id": "BLD-001",
|
|
"domain": "BLD",
|
|
"title": "Build-Pipeline reproduzierbar",
|
|
"objective": "Sichert Nachvollziehbarkeit der Artefakte",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"ci_config",
|
|
"build_log"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "BLD-002",
|
|
"domain": "BLD",
|
|
"title": "Abhaengigkeiten werden auf bekannte Schwachstellen geprueft",
|
|
"objective": "Verhindert vulnerable Dependencies",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"dependency_scan",
|
|
"ci_config"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "BLD-003",
|
|
"domain": "BLD",
|
|
"title": "Release-Artefakte sind signiert",
|
|
"objective": "Integritaetsschutz der Auslieferung",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"signing_config",
|
|
"release_process"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "BLD-004",
|
|
"domain": "BLD",
|
|
"title": "Keine Test-Credentials in Release-Konfiguration",
|
|
"objective": "Verhindert Produktions-Leaks",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"deployment_config",
|
|
"secret_scan"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "BLD-005",
|
|
"domain": "BLD",
|
|
"title": "Container-Images werden auf Schwachstellen gescannt",
|
|
"objective": "Sichert Basis-Image Integritaet",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"container_scan",
|
|
"ci_config"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "BLD-006",
|
|
"domain": "BLD",
|
|
"title": "SBOM (Software Bill of Materials) wird generiert",
|
|
"objective": "Transparenz ueber verwendete Komponenten",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"sbom_output",
|
|
"ci_config"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "BLD-007",
|
|
"domain": "BLD",
|
|
"title": "Deployment nur ueber autorisierte Pipeline",
|
|
"objective": "Verhindert manuelle, unkontrollierte Deployments",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"ci_config",
|
|
"access_control"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "BLD-008",
|
|
"domain": "BLD",
|
|
"title": "Rollback-Prozedur fuer Deployments definiert und getestet",
|
|
"objective": "Ermoeglicht schnelle Recovery",
|
|
"check_target": "process",
|
|
"evidence": [
|
|
"runbook",
|
|
"deployment_doc"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "BLD-009",
|
|
"domain": "BLD",
|
|
"title": "Code-Review vor Merge in Release-Branch",
|
|
"objective": "Vier-Augen-Prinzip",
|
|
"check_target": "process",
|
|
"evidence": [
|
|
"git_config",
|
|
"pr_policy"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "BLD-010",
|
|
"domain": "BLD",
|
|
"title": "Automatisierte Tests vor jedem Release",
|
|
"objective": "Sichert Qualitaet vor Auslieferung",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"ci_config",
|
|
"test_results"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-016",
|
|
"domain": "CRYPTO",
|
|
"title": "Unsichere Betriebsmodi wie ECB werden nicht verwendet",
|
|
"objective": "Verhindert Musterlecks und schwache Verschluesselung",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"crypto_config"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-017",
|
|
"domain": "CRYPTO",
|
|
"title": "Feste IVs oder Nonces werden nicht wiederverwendet",
|
|
"objective": "Verhindert kryptographische Schwaechung",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"unit_tests"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-018",
|
|
"domain": "CRYPTO",
|
|
"title": "Klartextvergleich geheimer Werte ohne Timing-sichere Funktion",
|
|
"objective": "Verhindert Timing-Angriffe",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-019",
|
|
"domain": "CRYPTO",
|
|
"title": "Schluessel im Speicher nur so lange wie erforderlich",
|
|
"objective": "Reduziert Exposition im Prozessspeicher",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"code_review"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "CRYPTO-020",
|
|
"domain": "CRYPTO",
|
|
"title": "Kryptographische Fehler fuehren nicht zu stillen Fallbacks",
|
|
"objective": "Verhindert unbemerkte Deaktivierung von Sicherheit",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"unit_tests"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "AUTH-001",
|
|
"domain": "AUTH",
|
|
"title": "Admin-Schnittstellen erfordern starke Authentifizierung",
|
|
"objective": "Verhindert unbefugten Zugriff",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"route_config"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "AUTH-002",
|
|
"domain": "AUTH",
|
|
"title": "Standardpasswoerter in Produktivpfaden ausgeschlossen",
|
|
"objective": "Verhindert triviale Kompromittierung",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"secret_scan"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "AUTH-003",
|
|
"domain": "AUTH",
|
|
"title": "Fehlgeschlagene Anmeldeversuche begrenzt oder verzoegert",
|
|
"objective": "Erschwert Brute-Force",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "AUTH-004",
|
|
"domain": "AUTH",
|
|
"title": "Rollen explizit modelliert, nicht aus UI abgeleitet",
|
|
"objective": "Verhindert Autorisierungsfehler",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"policy_definitions"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "AUTH-005",
|
|
"domain": "AUTH",
|
|
"title": "Privilegierte Aktionen erfordern serverseitige Pruefung",
|
|
"objective": "Verhindert Umgehung clientseitiger Schutz",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "AUTH-006",
|
|
"domain": "AUTH",
|
|
"title": "Autorisierung zentral implementiert",
|
|
"objective": "Reduziert Inkonsistenzen",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"architecture_doc"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "AUTH-007",
|
|
"domain": "AUTH",
|
|
"title": "Service-zu-Service Auth ohne eingebettete Credentials",
|
|
"objective": "Verhindert Missbrauch statischer Geheimnisse",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"secret_scan"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "AUTH-008",
|
|
"domain": "AUTH",
|
|
"title": "Deaktivierte Nutzer/Geraete koennen nicht mehr authentifizieren",
|
|
"objective": "Wirksame Entzug von Zugriffsrechten",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "AUTH-009",
|
|
"domain": "AUTH",
|
|
"title": "MFA fuer besonders privilegierte Zugaenge",
|
|
"objective": "Erhoehter Schutz Hochrisiko-Funktionen",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"auth_config"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "AUTH-010",
|
|
"domain": "AUTH",
|
|
"title": "Token auf Ablauf und Integritaet geprueft",
|
|
"objective": "Verhindert manipuliertes Auth-Material",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "AUTH-011",
|
|
"domain": "AUTH",
|
|
"title": "Autorisierung basiert auf Serverzustand, nicht Client-Rollen",
|
|
"objective": "Verhindert Privilege Escalation",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "AUTH-012",
|
|
"domain": "AUTH",
|
|
"title": "Admin-Funktionen logisch von Transaktionsfunktionen getrennt",
|
|
"objective": "Reduziert Angriffsflaeche",
|
|
"check_target": "architecture",
|
|
"evidence": [
|
|
"source_code",
|
|
"route_maps"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "AUTH-013",
|
|
"domain": "AUTH",
|
|
"title": "Authentifizierungsereignisse werden protokolliert",
|
|
"objective": "Nachvollziehbarkeit",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"audit_log_sample"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "AUTH-014",
|
|
"domain": "AUTH",
|
|
"title": "Passwort-Reset umgeht keine Autorisierungsschranken",
|
|
"objective": "Verhindert Missbrauch Recovery-Flows",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "AUTH-015",
|
|
"domain": "AUTH",
|
|
"title": "Maschinen- und Personenidentitaeten getrennt verwaltet",
|
|
"objective": "Verhindert Vermischung",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"iam_config",
|
|
"architecture_doc"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "AUTH-016",
|
|
"domain": "AUTH",
|
|
"title": "Cross-Tenant-Zugriffe geschuetzt",
|
|
"objective": "Verhindert Zugriff auf fremde Mandanten",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"tenant_tests"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "AUTH-017",
|
|
"domain": "AUTH",
|
|
"title": "Berechtigungsfehler liefern generische Meldungen",
|
|
"objective": "Reduziert Informationsleckage",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "AUTH-018",
|
|
"domain": "AUTH",
|
|
"title": "Autorisierungsregeln durch Tests abgedeckt",
|
|
"objective": "Beweisbarkeit der Zugriffskontrollen",
|
|
"check_target": "test",
|
|
"evidence": [
|
|
"unit_test",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "AUTH-019",
|
|
"domain": "AUTH",
|
|
"title": "Fallback-Modi umgehen keine Authentifizierung",
|
|
"objective": "Verhindert Sicherheitsverlust in Ausnahmezustaenden",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"error_mode_tests"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "AUTH-020",
|
|
"domain": "AUTH",
|
|
"title": "Temporaere Berechtigungen verfallen automatisch",
|
|
"objective": "Reduziert dauerhafte Ueberprivilegierung",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"policy_definitions"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "SESSION-001",
|
|
"domain": "SESSION",
|
|
"title": "Sitzungstoken werden nicht im Klartext geloggt",
|
|
"objective": "Verhindert Missbrauch gestohlener Sitzungen",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"log_output"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "SESSION-002",
|
|
"domain": "SESSION",
|
|
"title": "Sitzungs-IDs ausreichend zufaellig",
|
|
"objective": "Verhindert Session Guessing",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"auth_config"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "SESSION-003",
|
|
"domain": "SESSION",
|
|
"title": "Sessions verfallen nach Inaktivitaet",
|
|
"objective": "Begrenzt Missbrauch",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"session_config",
|
|
"source_code"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "SESSION-004",
|
|
"domain": "SESSION",
|
|
"title": "Sessions nach Rollenwechsel rotiert",
|
|
"objective": "Verhindert Session Fixation",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "SESSION-005",
|
|
"domain": "SESSION",
|
|
"title": "Logout invalidiert serverseitig alle Token",
|
|
"objective": "Verhindert weitere Nutzung nach Logout",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "SESSION-006",
|
|
"domain": "SESSION",
|
|
"title": "Cookies mit Secure und HttpOnly Attributen",
|
|
"objective": "Reduziert Diebstahl ueber unsichere Kanaele",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"http_config",
|
|
"integration_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "SESSION-007",
|
|
"domain": "SESSION",
|
|
"title": "SameSite-Richtlinien explizit gesetzt",
|
|
"objective": "Reduziert CSRF-Angriffe",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"http_config",
|
|
"integration_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "SESSION-008",
|
|
"domain": "SESSION",
|
|
"title": "Token-Pruefung validiert Audience, Issuer, Gueltigkeit",
|
|
"objective": "Verhindert Akzeptanz fremder Token",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "SESSION-009",
|
|
"domain": "SESSION",
|
|
"title": "Geraete-Sessions eindeutig einer Instanz zugeordnet",
|
|
"objective": "Verhindert Sitzungsuebernahme",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"device_registry"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "SESSION-010",
|
|
"domain": "SESSION",
|
|
"title": "Sitzungsspeicher trennt Mandanten zuverlaessig",
|
|
"objective": "Verhindert Cross-Tenant Missbrauch",
|
|
"check_target": "architecture",
|
|
"evidence": [
|
|
"session_config",
|
|
"architecture_doc"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "KEYMGMT-001",
|
|
"domain": "KEYMGMT",
|
|
"title": "Schluessel ausserhalb des Quellcodes erzeugt und verwaltet",
|
|
"objective": "Verhindert Offenlegung durch Codezugriff",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"secret_scan"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "KEYMGMT-002",
|
|
"domain": "KEYMGMT",
|
|
"title": "Produktions- und Testschluessel strikt getrennt",
|
|
"objective": "Verhindert unsichere Testkonfigurationen in Produktion",
|
|
"check_target": "config",
|
|
"evidence": [
|
|
"config",
|
|
"deployment_config"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "KEYMGMT-003",
|
|
"domain": "KEYMGMT",
|
|
"title": "Schluesselrotation technisch vorgesehen",
|
|
"objective": "Begrenzt Auswirkungen kompromittierter Schluessel",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"key_rotation_jobs",
|
|
"source_code"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "KEYMGMT-004",
|
|
"domain": "KEYMGMT",
|
|
"title": "Abgelaufene Schluessel werden nicht mehr akzeptiert",
|
|
"objective": "Verhindert Nutzung veralteten Materials",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "KEYMGMT-005",
|
|
"domain": "KEYMGMT",
|
|
"title": "Schluesselzugriffe rollenbasiert und protokolliert",
|
|
"objective": "Nachvollziehbarkeit",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"iam_config",
|
|
"audit_log_sample"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "KEYMGMT-006",
|
|
"domain": "KEYMGMT",
|
|
"title": "Schluessel nicht zwischen Komponenten unnoetig repliziert",
|
|
"objective": "Reduziert Verbreitung",
|
|
"check_target": "architecture",
|
|
"evidence": [
|
|
"architecture_doc",
|
|
"source_code"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "KEYMGMT-007",
|
|
"domain": "KEYMGMT",
|
|
"title": "Kompromittierte Schluessel koennen deaktiviert werden",
|
|
"objective": "Wirksame Reaktion auf Vorfaelle",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"key_registry",
|
|
"incident_runbook"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "KEYMGMT-008",
|
|
"domain": "KEYMGMT",
|
|
"title": "Terminal-Geraete nutzen eindeutiges Schluesselmaterial",
|
|
"objective": "Verhindert laterale Ausbreitung",
|
|
"check_target": "architecture",
|
|
"evidence": [
|
|
"provisioning_docs",
|
|
"device_inventory"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "KEYMGMT-009",
|
|
"domain": "KEYMGMT",
|
|
"title": "Schluessel nicht in Client-/Frontend-Artefakte eingebettet",
|
|
"objective": "Verhindert Extraktion",
|
|
"check_target": "build",
|
|
"evidence": [
|
|
"artifact_scan",
|
|
"secret_scan"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "KEYMGMT-010",
|
|
"domain": "KEYMGMT",
|
|
"title": "Schluessellebenszyklen versioniert und dokumentiert",
|
|
"objective": "Belastbare Pruef- und Rotationsnachweise",
|
|
"check_target": "process",
|
|
"evidence": [
|
|
"key_registry",
|
|
"audit_log_sample"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-001",
|
|
"domain": "DEVICE",
|
|
"title": "Geraeteidentitaeten eindeutig und nicht wiederverwendbar",
|
|
"objective": "Klare Zuordnung",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"device_registry",
|
|
"provisioning_logic"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-002",
|
|
"domain": "DEVICE",
|
|
"title": "Unregistrierte Geraete koennen keine Verbindung aufbauen",
|
|
"objective": "Verhindert unautorisierte Hardware",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"device_registry"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-003",
|
|
"domain": "DEVICE",
|
|
"title": "Provisioning prueft Identitaet und Sicherheitszustand",
|
|
"objective": "Verhindert Aufnahme kompromittierter Geraete",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"provisioning_workflows",
|
|
"source_code"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-004",
|
|
"domain": "DEVICE",
|
|
"title": "Geraetekonfigurationen versioniert und geschuetzt",
|
|
"objective": "Integritaet betrieblicher Einstellungen",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"config_registry",
|
|
"audit_log_sample"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-005",
|
|
"domain": "DEVICE",
|
|
"title": "Geraete-IDs serverseitig validiert",
|
|
"objective": "Verhindert Spoofing",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-006",
|
|
"domain": "DEVICE",
|
|
"title": "Tamper-Events systemseitig ausgewertet",
|
|
"objective": "Reaktion auf physische Eingriffe",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"event_handlers",
|
|
"monitoring_rules"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-007",
|
|
"domain": "DEVICE",
|
|
"title": "Geraetewechsel fuehrt zu Neuvalidierung",
|
|
"objective": "Verhindert Uebernahme alter Vertrauensstellungen",
|
|
"check_target": "process",
|
|
"evidence": [
|
|
"provisioning_docs",
|
|
"device_registry"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-008",
|
|
"domain": "DEVICE",
|
|
"title": "Geraete melden Zustandsaenderungen an Backend",
|
|
"objective": "Zentrale Sichtbarkeit",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"source_code",
|
|
"message_schema"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-009",
|
|
"domain": "DEVICE",
|
|
"title": "Nicht vertrauenswuerdiger Zustand blockiert Kommunikation",
|
|
"objective": "Verhindert Betrieb kompromittierter Geraete",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"tamper_tests"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-010",
|
|
"domain": "DEVICE",
|
|
"title": "Zustandsuebergaenge explizit modelliert und getestet",
|
|
"objective": "Verhindert inkonsistente Betriebszustaende",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"state_machine_tests"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-011",
|
|
"domain": "DEVICE",
|
|
"title": "Fehlzustaende fuehren zu definierten Safe States",
|
|
"objective": "Verhindert unsicheren Weiterbetrieb",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"error_mode_tests"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-012",
|
|
"domain": "DEVICE",
|
|
"title": "Diagnose-/Wartungsmodi getrennt und zugriffsbeschraenkt",
|
|
"objective": "Reduziert Missbrauch",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"auth_config"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-013",
|
|
"domain": "DEVICE",
|
|
"title": "Sicherheitsflags nicht unautorisiert ruecksetzbar",
|
|
"objective": "Verhindert Umgehung kritischer Schutzmechanismen",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-014",
|
|
"domain": "DEVICE",
|
|
"title": "Geraete-Registrierung und -Deregistrierung auditierbar",
|
|
"objective": "Nachvollziehbarkeit Geraetebestand",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"audit_log_sample",
|
|
"device_registry"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "DEVICE-015",
|
|
"domain": "DEVICE",
|
|
"title": "Offlinemodus funktional und sicherheitlich klar begrenzt",
|
|
"objective": "Verhindert unkontrollierte Zustaende",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"offline_tests"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "TRANS-001",
|
|
"domain": "TRANS",
|
|
"title": "Transaktionsstatus als explizite Zustandsmaschine modelliert",
|
|
"objective": "Verhindert ungueltige Statusuebergaenge",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"state_machine_tests"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TRANS-002",
|
|
"domain": "TRANS",
|
|
"title": "Nur definierte Statusuebergaenge technisch zulaessig",
|
|
"objective": "Verhindert inkonsistente Verlaeufe",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TRANS-003",
|
|
"domain": "TRANS",
|
|
"title": "Abgebrochene Transaktionen konsistent zurueckgerollt",
|
|
"objective": "Verhindert schwebende Zustaende",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"integration_test",
|
|
"error_mode_tests"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TRANS-004",
|
|
"domain": "TRANS",
|
|
"title": "Asynchrone Rueckmeldungen korrekt zugeordnet",
|
|
"objective": "Verhindert Vermischung paralleler Ablaeufe",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TRANS-005",
|
|
"domain": "TRANS",
|
|
"title": "Doppelte Nachrichten erkannt und sicher behandelt",
|
|
"objective": "Verhindert Mehrfachverarbeitung",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"integration_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TRANS-006",
|
|
"domain": "TRANS",
|
|
"title": "Unvollstaendige Transaktionen periodisch erkannt",
|
|
"objective": "Kontrollierte Bereinigung",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"scheduler_jobs",
|
|
"source_code"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "TRANS-007",
|
|
"domain": "TRANS",
|
|
"title": "Fehlende Antworten erzeugen keinen stillen Erfolg",
|
|
"objective": "Verhindert irreführende Erfolgsmeldungen",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"timeout_tests"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "TRANS-008",
|
|
"domain": "TRANS",
|
|
"title": "Stornierungen an berechtigte Rollen gebunden",
|
|
"objective": "Verhindert unautorisierte Manipulation",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"authorization_tests"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "TRANS-009",
|
|
"domain": "TRANS",
|
|
"title": "Race Conditions durch Sperrmechanismen reduziert",
|
|
"objective": "Verhindert konkurrierende Verarbeitung",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"concurrency_tests"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "TRANS-010",
|
|
"domain": "TRANS",
|
|
"title": "Betragsrelevante Felder gegen Rundungsfehler abgesichert",
|
|
"objective": "Verhindert finanzielle Abweichungen",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"unit_test"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "DATA-001",
|
|
"domain": "DATA",
|
|
"title": "Sensitive Daten nur bei fachlicher Erforderlichkeit verarbeitet",
|
|
"objective": "Reduziert unnoetige Exposition",
|
|
"check_target": "architecture",
|
|
"evidence": [
|
|
"data_flow_docs",
|
|
"source_code"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "DATA-002",
|
|
"domain": "DATA",
|
|
"title": "Felder mit erhoehtem Schutzbedarf im Code identifizierbar",
|
|
"objective": "Erleichtert gezielte Schutzmassnahmen",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"data_catalog"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "DATA-003",
|
|
"domain": "DATA",
|
|
"title": "Persistierte Daten auf notwendige Felder minimiert",
|
|
"objective": "Verhindert unnoetige Speicherung",
|
|
"check_target": "database",
|
|
"evidence": [
|
|
"db_schema",
|
|
"source_code"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "DATA-004",
|
|
"domain": "DATA",
|
|
"title": "Testdaten enthalten keine produktiven Zahlungsdaten",
|
|
"objective": "Verhindert Offenlegung in Testumgebungen",
|
|
"check_target": "process",
|
|
"evidence": [
|
|
"test_fixtures",
|
|
"secret_scan"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "DATA-005",
|
|
"domain": "DATA",
|
|
"title": "Sensitive Daten in Telemetrie/Tracing nicht offengelegt",
|
|
"objective": "Verhindert Abfluss ueber Observability",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"telemetry_config"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "DATA-006",
|
|
"domain": "DATA",
|
|
"title": "Export-/Reporting-Pfade geben Daten nur maskiert aus",
|
|
"objective": "Verhindert Abfluss ueber Nebenausgaben",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"report_samples"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "DATA-007",
|
|
"domain": "DATA",
|
|
"title": "Datentypen fuer zahlungsrelevante Felder begrenzt",
|
|
"objective": "Verhindert fehlerhafte Eingaben",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"db_schema"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "DATA-008",
|
|
"domain": "DATA",
|
|
"title": "Datei-Uploads vor Verarbeitung validiert",
|
|
"objective": "Verhindert Einschleusen manipulierten Inhalts",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"validation_tests"
|
|
],
|
|
"automation": "high"
|
|
},
|
|
{
|
|
"control_id": "ERROR-001",
|
|
"domain": "ERR",
|
|
"title": "Sicherheitsrelevante Fehler nicht stillschweigend unterdrueckt",
|
|
"objective": "Verhindert verdeckte Sicherheitsverluste",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"error_paths"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "ERROR-002",
|
|
"domain": "ERR",
|
|
"title": "Retry unterscheidet transiente von fachlichen Fehlern",
|
|
"objective": "Verhindert falsche Wiederholungen",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"retry_logic"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "ERROR-003",
|
|
"domain": "ERR",
|
|
"title": "Fehlercodes konsistent gemappt und dokumentiert",
|
|
"objective": "Verbessert Diagnose und Audit",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"error_mapping",
|
|
"source_code"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "ERROR-004",
|
|
"domain": "ERR",
|
|
"title": "Fehlerbehandlung durch Negativtests abgedeckt",
|
|
"objective": "Beweisbarkeit robuster Fehlerpfade",
|
|
"check_target": "test",
|
|
"evidence": [
|
|
"negative_tests",
|
|
"coverage_reports"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "ERROR-005",
|
|
"domain": "ERR",
|
|
"title": "Dead-letter-Queues fuer asynchrone Fehlerfaelle",
|
|
"objective": "Verhindert Verlust problematischer Nachrichten",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"queue_config",
|
|
"ops_docs"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "REPORT-001",
|
|
"domain": "REP",
|
|
"title": "Ablehnungen und Fehler nachvollziehbar im Reporting",
|
|
"objective": "Verhindert beschoenigte Sicht",
|
|
"check_target": "system",
|
|
"evidence": [
|
|
"report_samples",
|
|
"error_mapping"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "REPORT-002",
|
|
"domain": "REP",
|
|
"title": "Reportgenerierung veraendert keine Ursprungsdaten",
|
|
"objective": "Schuetzt primaeren Datenbestand",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"db_permissions"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "REPORT-003",
|
|
"domain": "REP",
|
|
"title": "Reports offenbaren nur rollenerforderliche Daten",
|
|
"objective": "Reduziert Datenabfluss",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"authorization_tests",
|
|
"report_samples"
|
|
],
|
|
"automation": "medium"
|
|
},
|
|
{
|
|
"control_id": "REPORT-004",
|
|
"domain": "REP",
|
|
"title": "Reconciliation-Reports determininstisch reproduzierbar",
|
|
"objective": "Belastbare Nachweise bei Abweichungen",
|
|
"check_target": "process",
|
|
"evidence": [
|
|
"reporting_docs",
|
|
"integration_test"
|
|
],
|
|
"automation": "low"
|
|
},
|
|
{
|
|
"control_id": "REPORT-005",
|
|
"domain": "REP",
|
|
"title": "Berichte beruecksichtigen Zeitzonen konsistent",
|
|
"objective": "Verhindert Abstimmungsfehler",
|
|
"check_target": "code",
|
|
"evidence": [
|
|
"source_code",
|
|
"report_samples"
|
|
],
|
|
"automation": "medium"
|
|
}
|
|
]
|
|
} |