Security Architecture
This section provides consolidated architecture documentation for SIROS ID, formalizing the security properties described in individual controls into cross-cutting architecture views.
Each document addresses one or more compliance findings and maps implemented mechanisms to specific framework requirements (EUDI ECCG Security Requirements, ISO 27001 Annex A).
Documents
| Document | Framework | Summary |
|---|---|---|
| Cryptographic Asset Inventory | GEN-7.3.2-02, GEN-7.5-02/03, WIN-8.4.4-02 | All cryptographic keys, algorithms, and protection levels |
| Wallet Lifecycle Security | CS-I.3-WUS, CS-I.3-Prov, CS-I.6-Valid | Wallet unit activation, management, and deactivation |
| Transport Security Model | WIN-8.4.1-Sec-01/06 | TLS, JWT auth, WebSocket security, storage protection |
| Access Control Architecture | A.8.1, A.8.2, A.8.18 | Endpoint protection, admin access, device policies |
| Network Architecture | A.8.20–A.8.23 | Port separation, TLS boundaries, network segmentation |
| STRIDE Threat Model | V1.1, A.8.25, A.8.27 | Formal STRIDE threat model across all SIROS ID components |
Relationship to Controls
These documents consolidate the evidence from individual technical controls into architecture-level views. Each document references the specific controls it draws from:
- Cryptography: SID-CRYPTO-01 through SID-CRYPTO-05
- Authentication: SID-AUTH-01 through SID-AUTH-04
- Transport: SID-TRANS-01 through SID-TRANS-04
- Hardening: SID-HARD-03, SID-HARD-04, SID-HARD-05
- Trust: SID-TRUST-01 through SID-TRUST-04