9f96061631
Each of the four oversized files (training/store.go 1569 LOC, ucca/rules.go 1231 LOC, ucca_handlers.go 1135 LOC, document_export.go 1101 LOC) is split by logical group into same-package files, all under the 500-line hard cap. Zero behavior changes, no renamed exported symbols. Also fixed pre-existing hazard_library split (missing functions and duplicate UUID keys from a prior session). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
129 lines
4.0 KiB
Go
129 lines
4.0 KiB
Go
package ucca
|
|
|
|
// ============================================================================
|
|
// Control Definitions
|
|
// ============================================================================
|
|
|
|
var ControlLibrary = map[string]RequiredControl{
|
|
"C-CONSENT": {
|
|
ID: "C-CONSENT",
|
|
Title: "Einwilligungsmanagement",
|
|
Description: "Implementieren Sie ein System zur Einholung und Verwaltung von Einwilligungen.",
|
|
Severity: SeverityWARN,
|
|
Category: "organizational",
|
|
GDPRRef: "Art. 7 DSGVO",
|
|
},
|
|
"C-PII-DETECT": {
|
|
ID: "C-PII-DETECT",
|
|
Title: "PII-Erkennung",
|
|
Description: "Implementieren Sie automatische Erkennung personenbezogener Daten.",
|
|
Severity: SeverityWARN,
|
|
Category: "technical",
|
|
GDPRRef: "Art. 32 DSGVO",
|
|
},
|
|
"C-ANONYMIZE": {
|
|
ID: "C-ANONYMIZE",
|
|
Title: "Anonymisierung/Pseudonymisierung",
|
|
Description: "Implementieren Sie Anonymisierung oder Pseudonymisierung vor der Verarbeitung.",
|
|
Severity: SeverityWARN,
|
|
Category: "technical",
|
|
GDPRRef: "Art. 32 DSGVO",
|
|
},
|
|
"C-ACCESS-CONTROL": {
|
|
ID: "C-ACCESS-CONTROL",
|
|
Title: "Zugriffskontrollen",
|
|
Description: "Implementieren Sie rollenbasierte Zugriffskontrollen.",
|
|
Severity: SeverityWARN,
|
|
Category: "technical",
|
|
GDPRRef: "Art. 32 DSGVO",
|
|
},
|
|
"C-AUDIT-LOG": {
|
|
ID: "C-AUDIT-LOG",
|
|
Title: "Audit-Logging",
|
|
Description: "Protokollieren Sie alle Zugriffe und Verarbeitungen.",
|
|
Severity: SeverityINFO,
|
|
Category: "technical",
|
|
GDPRRef: "Art. 5(2) DSGVO",
|
|
},
|
|
"C-RETENTION": {
|
|
ID: "C-RETENTION",
|
|
Title: "Aufbewahrungsfristen",
|
|
Description: "Definieren und implementieren Sie automatische Löschfristen.",
|
|
Severity: SeverityWARN,
|
|
Category: "organizational",
|
|
GDPRRef: "Art. 5(1)(e) DSGVO",
|
|
},
|
|
"C-HITL": {
|
|
ID: "C-HITL",
|
|
Title: "Human-in-the-Loop",
|
|
Description: "Implementieren Sie menschliche Überprüfung für KI-Entscheidungen.",
|
|
Severity: SeverityBLOCK,
|
|
Category: "organizational",
|
|
GDPRRef: "Art. 22 DSGVO",
|
|
},
|
|
"C-TRANSPARENCY": {
|
|
ID: "C-TRANSPARENCY",
|
|
Title: "Transparenz",
|
|
Description: "Informieren Sie Betroffene über KI-Verarbeitung.",
|
|
Severity: SeverityWARN,
|
|
Category: "organizational",
|
|
GDPRRef: "Art. 13/14 DSGVO",
|
|
},
|
|
"C-DSR-PROCESS": {
|
|
ID: "C-DSR-PROCESS",
|
|
Title: "Betroffenenrechte-Prozess",
|
|
Description: "Implementieren Sie Prozesse für Auskunft, Löschung, Berichtigung.",
|
|
Severity: SeverityWARN,
|
|
Category: "organizational",
|
|
GDPRRef: "Art. 15-22 DSGVO",
|
|
},
|
|
"C-DSFA": {
|
|
ID: "C-DSFA",
|
|
Title: "DSFA durchführen",
|
|
Description: "Führen Sie eine Datenschutz-Folgenabschätzung durch.",
|
|
Severity: SeverityWARN,
|
|
Category: "organizational",
|
|
GDPRRef: "Art. 35 DSGVO",
|
|
},
|
|
"C-SCC": {
|
|
ID: "C-SCC",
|
|
Title: "Standardvertragsklauseln",
|
|
Description: "Schließen Sie EU-Standardvertragsklauseln für Drittlandtransfers ab.",
|
|
Severity: SeverityBLOCK,
|
|
Category: "legal",
|
|
GDPRRef: "Art. 46 DSGVO",
|
|
},
|
|
"C-ENCRYPTION": {
|
|
ID: "C-ENCRYPTION",
|
|
Title: "Verschlüsselung",
|
|
Description: "Verschlüsseln Sie Daten in Übertragung und Speicherung.",
|
|
Severity: SeverityWARN,
|
|
Category: "technical",
|
|
GDPRRef: "Art. 32 DSGVO",
|
|
},
|
|
"C-MINOR-CONSENT": {
|
|
ID: "C-MINOR-CONSENT",
|
|
Title: "Elterneinwilligung",
|
|
Description: "Holen Sie Einwilligung der Erziehungsberechtigten ein.",
|
|
Severity: SeverityBLOCK,
|
|
Category: "organizational",
|
|
GDPRRef: "Art. 8 DSGVO",
|
|
},
|
|
"C-ART9-BASIS": {
|
|
ID: "C-ART9-BASIS",
|
|
Title: "Art. 9 Rechtsgrundlage",
|
|
Description: "Dokumentieren Sie die Rechtsgrundlage für besondere Datenkategorien.",
|
|
Severity: SeverityBLOCK,
|
|
Category: "legal",
|
|
GDPRRef: "Art. 9 DSGVO",
|
|
},
|
|
}
|
|
|
|
// GetControlByID returns a control by its ID
|
|
func GetControlByID(id string) *RequiredControl {
|
|
if ctrl, exists := ControlLibrary[id]; exists {
|
|
return &ctrl
|
|
}
|
|
return nil
|
|
}
|