SID-AUDIT-01 — Structured Security Event Logging

Property	Value
Owner	platform
Category	technical
CSF Function	detect
Group	Audit and Monitoring Controls

Description

Production structured JSON logging via zap with named loggers per component. Trust evaluation audit logging: subject_id, resource_type, strategy, timing. AuthZEN proxy user attribution (user_id, tenant_id per evaluation request). Failed admin auth attempts logged at WARN level.

Components

Wallet Backend (Go)
Trust Service (AuthZEN)

Source References

go-wallet-backend/logging/
go-trust/

Framework Requirements

EUDI Security Requirements: GEN-7.9.1-01

FitCEM Wallet Instance: FIT-DS-03

ISO 27001 Annex A: A.5.25, A.5.28, A.8.15, A.8.16, A.8.17

GDPR Checklist: Conduct an information audit, Have a process in place to notify the authorities

OWASP ASVS 4.0.3 Level 3: V1.7, V7.1, V7.2, V7.3

STRIDE Threat Model: WB-R-1, VC-R-1, SP-R-1, CC-R-1

Description​

Components​

Source References​

Framework Requirements​

Description

Components

Source References

Framework Requirements