Skip to main content

SIROS ID Compliance Dashboard

Security controls and compliance framework mappings.

  • Controls — 82 security controls
  • Frameworks — Mappings against EUDI Security Requirements, FitCEM Wallet Instance, ISO 27001 Annex A, GDPR Checklist, OWASP ASVS 4.0.3 Level 3, STRIDE Threat Model
  • CSF Functions — NIST Cybersecurity Framework function overview

How It Fits Together

Compliance frameworks define requirements that are mapped to platform controls. Each control is categorised under a NIST CSF 2.0 function so that coverage can be reviewed at every level of abstraction.

Frameworks Controls CSF 2.0 Functions EUDI Security Requirements FitCEM Wallet Instance ISO 27001 Annex A GDPR Checklist OWASP ASVS 4.0.3 Level 3 STRIDE Threat Model 55 Technical 27 Organizational 82 Controls Govern (GV) · 8 Identify (ID) · 8 Protect (PR) · 57 Detect (DE) · 6 Respond (RS) · 1 Recover (RC) · 2 requirements categorised

Platform vs Operator

Each control is labelled platform or operator:

  • Platform controls apply to the open-source SIROS ID codebase itself — they are satisfied by the software and verified through code, tests, and audits.
  • Operator controls apply to the organisation running the platform — policies, processes, and infrastructure that each deployment must provide independently.

This separation reflects the fact that SIROS ID is designed to be operated not only by the SIROS Foundation but by any organisation independently.