ffbedfa0dc
Wake-up #2 (Domaene 2): Zitierfaehigkeit ohne char-Level-Spans via logischem norm_id-Join auf KB-v2-Units (bp_compliance_kb_2026_1_build). Konvention (Board Compliance/KB-v2 2026-07-01): EU-<ACT>-Anhang<ROM> (Annex-Ebene, confirmed) / EU-<ACT>-Art<N> + EU-<ACT>-Kapitel<ROM> (verify_pending). Namensvariante EU-MaschVO-* (NICHT MaschinenVO). KEINE neue Klasse — norm_ids ist ein Attribut auf legal_basis (freeze-safe). - 65/65 legal_basis gejoint (CRA 40 + MaschVO 25), 0 unparsed; 64 Obligations citation_status -> norm_id_linked (BP/guidance-anchored bleiben ohne norm_id). - 53 annex_confirmed, 12 verify_pending; distinkt 5 Annex-IDs + 19 Art/Kapitel. - norm_id_manifest.json = KB-v2-Handoff (verify_pending Art-/Kapitel-IDs pruefen). - Granularitaet annex-grob (Part/Punkt = KB-Enhancement TBD); Artikel-norm_ids in KB-v2 noch zu verifizieren. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
97 lines
3.2 KiB
JSON
97 lines
3.2 KiB
JSON
{
|
|
"schema_version": "obligation_registry_v1",
|
|
"regulation": "CRA",
|
|
"regulation_code": "CRA",
|
|
"family": "core",
|
|
"theme": "CORE Security Objectives (CRA Annex I als regulierungs-agnostische Sicherheitsziele)",
|
|
"generated_by": "materialize_capabilities.py (#5b, Modell C)",
|
|
"note": "CORE Legal Obligations = Sicherheitsziele (Modell C: KEINE eigene SecurityObjective-Klasse). DOMAIN-Obligations specializes-en hierauf. objective_tags = Vorwaerts-Kompat zu Modell B.",
|
|
"citation_status": "pending_span_anchor",
|
|
"obligations": [
|
|
{
|
|
"id": "attack_surface_minimization",
|
|
"name": "Minimierung der Angriffsflaeche",
|
|
"family": "core",
|
|
"description": "Das Produkt minimiert seine Angriffsflaeche: unnoetige Funktionen/Ports/Dienste/Schnittstellen sind deaktiviert (Least Functionality).",
|
|
"tier": "LEGAL_MINIMUM",
|
|
"source_role": "LEGAL_BASIS",
|
|
"applicability": "universal",
|
|
"objective_tags": [
|
|
"attack_surface"
|
|
],
|
|
"legal_basis": [
|
|
{
|
|
"source": "CRA",
|
|
"anchor": "Annex I Part I (2)(j)",
|
|
"citation": "limit attack surfaces, including external interfaces",
|
|
"norm_ids": [
|
|
"EU-CRA-AnhangI"
|
|
],
|
|
"norm_id_status": "annex_confirmed"
|
|
}
|
|
],
|
|
"guidance_basis": [
|
|
{
|
|
"source": "NIST",
|
|
"anchor": "CM-7 Least Functionality",
|
|
"role": "best_practice"
|
|
}
|
|
],
|
|
"specialized_by": [
|
|
"remote_access_attack_surface_min",
|
|
"component_remote_interface_security"
|
|
],
|
|
"primary_implementation": "NIST CM-7",
|
|
"citation_status": "norm_id_linked",
|
|
"review_status": "core_from_5b"
|
|
},
|
|
{
|
|
"id": "software_integrity_protection",
|
|
"name": "Schutz der Software-/Firmware-Integritaet",
|
|
"family": "core",
|
|
"description": "Das Produkt schuetzt Integritaet und Authentizitaet von Software/Firmware (Manipulationserkennung, Secure Boot, Signaturpruefung, Runtime-Integritaet).",
|
|
"tier": "LEGAL_MINIMUM",
|
|
"source_role": "LEGAL_BASIS",
|
|
"applicability": "universal",
|
|
"objective_tags": [
|
|
"integrity"
|
|
],
|
|
"legal_basis": [
|
|
{
|
|
"source": "CRA",
|
|
"anchor": "Annex I Part I (2)(f)",
|
|
"citation": "protect the integrity of stored, transmitted or processed data, software and configuration",
|
|
"norm_ids": [
|
|
"EU-CRA-AnhangI"
|
|
],
|
|
"norm_id_status": "annex_confirmed"
|
|
}
|
|
],
|
|
"guidance_basis": [
|
|
{
|
|
"source": "NIST",
|
|
"anchor": "SI-7 Software, Firmware, and Information Integrity",
|
|
"role": "best_practice"
|
|
}
|
|
],
|
|
"specialized_by": [
|
|
"signed_update_integrity",
|
|
"firmware_software_authentication"
|
|
],
|
|
"realized_by_capabilities": [
|
|
"code_signing"
|
|
],
|
|
"primary_implementation": "NIST SI-7",
|
|
"citation_status": "norm_id_linked",
|
|
"review_status": "core_from_5b"
|
|
}
|
|
],
|
|
"relationships": [],
|
|
"norm_id_contract": {
|
|
"convention": "EU-<ACT>-Anhang<ROM> (Annex-Ebene) / EU-<ACT>-Art<N> (verify) — KB-v2 bp_compliance_kb_2026_1_build",
|
|
"act_naming": "EU-MaschVO-* (NICHT MaschinenVO)",
|
|
"granularity": "annex-grob — 'Annex I Part II (1)' -> EU-CRA-AnhangI; Part/Punkt = KB-Enhancement TBD",
|
|
"article_status": "EU-<ACT>-Art<N> in KB-v2 noch zu verifizieren; Annex-IDs confirmed",
|
|
"source": "Board Compliance/KB-v2 2026-07-01"
|
|
}
|
|
} |