SID-AUDIT-01 — Structured Security Event Logging
Description
Production structured JSON logging via zap with named loggers per
component. Trust evaluation audit logging: subject_id, resource_type,
strategy, timing. AuthZEN proxy user attribution (user_id, tenant_id
per evaluation request). Failed admin auth attempts logged at WARN level.
Components
- Wallet Backend (Go)
- Trust Service (AuthZEN)
Source References
Audit Findings
| Finding | Severity | Status |
|---|
| EN-S-1 — Partial audit logging and SIEM | medium | in progress |
| ISO-O-13 — Partial incident assessment and evidence handling | medium | open |
| ISO-P-2 — Partial security event reporting | low | open |
| ISO-T-7 — Partial logging and monitoring | medium | open |