EUDI Wallet Security Requirements v0.5
85
Total Requirements
19
Compliant
38
Partially Compliant
28
Non-Compliant
0
Not Applicable
Requirements
| Ref | Status | Controls | Owner | Notes |
|---|---|---|---|---|
| GEN-5-01 | ❌ | SID-ORG-03 | operator | No formal ISMS or risk management framework documented. |
| GEN-5-02 | ❌ | SID-ORG-03 | operator | No formal mapping to CIR risk register. Country-specific. |
| GEN-6.1-01 | ❌ | SID-ORG-06 | operator | No formal practice statement published. |
| GEN-6.2-01 | ❌ | SID-ORG-07 | operator | No formal T&C for EUDI wallet use. |
| GEN-6.2-02 | ❌ | SID-ORG-07 | operator | No privacy policy published. |
| GEN-6.3-01 | ❌ | SID-ORG-01 | operator | No formal information security policy. |
| GEN-7.1.1-01 | ❌ | SID-ORG-02 | operator | No formal organizational structure for wallet provider. |
| GEN-7.1.1-02 | ❌ | SID-ORG-03 | operator | No ISMS in place. ISO 27001 certification recommended. |
| GEN-7.3.2-02 | ⚠️ | SID-CRYPTO-02, SID-CRYPTO-03 | shared | Keys classified as sensitive. No formal asset classification document. |
| GEN-7.5-02 | ⚠️ | SID-CRYPTO-01, SID-CRYPTO-04, SID-CRYPTO-05 | platform | Uses ES256, EdDSA, AES-KW, PBKDF2-SHA256. Need explicit ECCG mapping. |
| GEN-7.5-03 | ⚠️ | SID-CRYPTO-01 | shared | PKCS#11 HSM for issuer keys. JWT signing secret must also be HSM-protected in production. |
| GEN-7.9.1-01 | ⚠️ | SID-AUDIT-01, SID-OPS-06 | shared | Structured logging present. No centralized SIEM or audit trail. |
| GEN-7.9.2-01 | ❌ | SID-OPS-01 | operator | No formal incident response plan. |
| GEN-7.9.6-01 | ❌ | SID-OPS-07 | operator | No fraud management process. |
| WPS-8.1.1-Sec-01 | ⚠️ | SID-AUTH-01, SID-AUTH-02, SID-AUTH-03 | platform | JWT-based session tokens issued. WebAuthn binds wallet to device. No formal WUA per EUDI spec. |
| WPS-8.1.1-Sec-02 | ❌ | platform | No wallet instance integrity verification (no app attestation). | |
| WPS-8.1.2-Fun-01 | ⚠️ | SID-CRYPTO-02, SID-KEY-01 | platform | WebAuthn PRF provides hardware-backed key derivation. No formal WSCA provisioning flow. |
| WUG-8.2.1-Fun-01 | ✅ | SID-CRYPTO-03 | platform | Key generation in browser via WebCrypto API. Keys wrapped with AES-KW. |
| WUG-8.2.1-Sec-02 | ⚠️ | SID-CRYPTO-02, SID-CRYPTO-03, SID-KEY-01, SID-KEY-03 | platform | FIDO sign extension (previewSign) planned as WSCD — signing keys in authenticator hardware, never in browser memory. |
| WUM-8.2.2-Fun-01 | ⚠️ | SID-TRANS-02 | platform | Single credential issuance works. Limited batch methods. |
| WUM-8.2.2-Fun-04 | ❌ | platform | No explicit re-issuance UI. | |
| WUM-8.2.2-Fun-06 | ❌ | platform | No attribute comparison on re-issuance. | |
| WUM-8.2.2-Sec-07 | ❌ | platform | No mechanism to prove same wallet unit for re-issuance. | |
| WUM-8.2.2-Fun-09 | ⚠️ | platform | Individual deletion available. No batch deletion of same-type credentials. | |
| WUM-8.2.2-Fun-10 | ✅ | SID-PRIV-01 | platform | Credential deletion is local operation, no outbound calls. Privacy-preserving by design. |
| WUM-8.2.2-Sec-11 | ⚠️ | SID-CRYPTO-03, SID-KEY-03 | platform | FIDO sign extension keys reside in authenticator hardware — secure destruction guaranteed by device lifecycle. |
| WUP-8.2.3-Fun-01 | ✅ | SID-TRUST-01, SID-TRUST-02, SID-TRUST-03 | platform | V2 transport: evaluateVerifierTrust() calls go-trust AuthZEN PDP. RP cert chain validated. |
| WUP-8.2.3-Fun-02 | ✅ | SID-TRUST-03, SID-HARD-01 | platform | V2 transport: ErrCodeUntrustedVerifier returned, frontend displays error. Flow blocked. |
| WUP-8.2.3-Fun-03 | ✅ | SID-TRUST-03 | platform | V2 transport: hard-blocks untrusted RPs. No config bypass. |
| WUP-8.2.3-Fun-04 | ✅ | SID-ACCESS-03 | platform | Presentation consent screen shows RP identity and requested attributes. |
| WUP-8.2.3-Fun-09 | ⚠️ | SID-AUTH-01, SID-KEY-01, SID-KEY-03 | platform | FIDO previewSign requires user gesture per signing operation — satisfies per-transaction WSCA auth. |
| WUP-8.2.3-Fun-11 | ✅ | SID-DATA-01, SID-DATA-02, SID-PRIV-01 | platform | SD-JWT selective disclosure only reveals requested claims. DCQL query specifies exact attributes. |
| WUP-8.2.3-Sec-14 | ✅ | SID-DATA-01, SID-DATA-02, SID-PRIV-02, SID-CRYPTO-04 | platform | Cryptographically enforced integrity. Issuer signature + KB-JWT nonce binding. |
| WUH-8.3.1-Sec-01 | ⚠️ | SID-AUTH-01, SID-KEY-01 | platform | App auth unlocks keystore. PRF keys require authenticator. Need architectural separation. |
| WUH-8.3.1-Sec-02 | ✅ | SID-AUTH-01, SID-AUTH-02, SID-ACCESS-02 | platform | Login required before any operations. JWT on all endpoints. Rate limiting. |
| WUH-8.3.1-Sec-06 | ⚠️ | SID-AUTH-02 | platform | JWT expiry (default 24h). No explicit idle timeout or user-configurable session timeout. |
| WUH-8.3.1-Sec-07 | ⚠️ | SID-AUTH-01, SID-CRYPTO-02 | platform | WebAuthn provides possession+inherence. Password login is single-factor. Must enforce WebAuthn for WSCA. |
| WUH-8.3.1-Sec-08 | ⚠️ | SID-KEY-03 | platform | FIDO sign extension planned as WSCD. Certified security keys (e.g. YubiKey 5 FIPS) can satisfy AVA_VAN.5. |
| WUH-8.3.1-Sec-10 | ⚠️ | SID-KEY-03 | platform | FIDO previewSign requires user gesture per operation — provides per-operation WSCA/WSCD auth. |
| WUH-8.3.2-Sec-01 | ⚠️ | SID-HARD-02, SID-ACCESS-02, SID-TRANS-04 | platform | Input validation in middleware. WebSocket limits. SSRF protection. Need comprehensive audit. |
| WUH-8.3.2-Sec-02 | ⚠️ | SID-HARD-01, SID-HARD-02 | platform | Error handling present but some paths may leak implementation details. |
| WUH-8.3.2-Sec-03 | ✅ | SID-TRUST-03, SID-HARD-02 | platform | RP certificate validated before display. SVG sanitization. |
| WUH-8.3.3-Sec-01 | ⚠️ | SID-TRUST-02, SID-TRUST-04 | platform | Trust lists loaded at startup with refresh. No guaranteed max-24h freshness check. |
| WUH-8.3.3-Sec-02 | ✅ | SID-TRUST-01, SID-TRUST-03 | platform | AuthZEN trust evaluation checks provider before signature verification. |
| WUH-8.3.3-Sec-03 | ✅ | SID-TRUST-01, SID-TRUST-02, SID-KEY-02 | platform | X.509 chain validated against trust anchor from LoTE/TSL. |
| WUH-8.3.3-Sec-04 | ✅ | SID-DATA-04 | platform | Credential parsing and validation after signature verification. Expiry check included. |
| WUH-8.3.3-Sec-05 | ⚠️ | SID-DATA-03 | platform | Status list support implemented. No explicit freshness check on status list. |
| WUH-8.3.3-Sec-06 | ✅ | SID-DATA-03 | platform | Revocation checking via OAuth Status List. |
| WIN-8.4.1-Sec-01 | ⚠️ | SID-CRYPTO-03 | shared | Encrypted keystore. Sensitivity-based storage differentiation limited. |
| WIN-8.4.1-Sec-03 | ⚠️ | SID-HARD-05, SID-HARD-01 | platform | Keys wrapped. CSP headers. Need comprehensive data leakage review. |
| WIN-8.4.1-Sec-04 | ✅ | SID-CRYPTO-05 | platform | WebCrypto API and Go crypto/rand used consistently. |
| WIN-8.4.1-Sec-06 | ⚠️ | SID-TRANS-01, SID-AUTH-04 | shared | TLS between frontend/backend. WebSocket JWT auth. No mutual TLS. |
| WIN-8.4.2-Sec-01 | ✅ | SID-HARD-05 | platform | React SPA with standard browser security mechanisms. |
| WIN-8.4.2-Sec-02 | ⚠️ | SID-HARD-05, SID-TRUST-03 | platform | RP identity from certificate. SVG sanitization. No formal anti-phishing measures. |
| WIN-8.4.3-Sec-01 | ❌ | platform | No platform version check. | |
| WIN-8.4.3-Sec-02 | ❌ | platform | Web app always latest (inherent). Mobile wrapper needs update enforcement. | |
| WIN-8.4.3-Sec-03 | ⚠️ | SID-OPS-04 | shared | npm/go modules dependency management. No automated vuln scanning in CI/CD. |
| WIN-8.4.3-Sec-05 | ❌ | platform | No platform integrity validation. | |
| WIN-8.4.3-Sec-06 | ❌ | SID-HARD-05 | platform | Web: SRI + CSP. No runtime integrity checks. Mobile wrapper needs code signing. |
| WIN-8.4.3-Sec-07 | ❌ | platform | No code obfuscation. Web wallet inherently source-visible. | |
| WIN-8.4.3-Sec-08 | ❌ | platform | No anti-debugging or anti-dynamic-analysis measures. | |
| WIN-8.4.3-Sec-09 | ✅ | SID-HARD-04 | platform | Registration flow starts immediately on first open. |
| WIN-8.4.3-Sec-10 | ✅ | SID-HARD-04, SID-AUTH-01 | platform | Registration via WebAuthn requires backend. Admin token auth. |
| WIN-8.4.4-01 | ⚠️ | SID-HARD-01, SID-HARD-02, SID-HARD-05, SID-AUTH-01, SID-CRYPTO-03 | platform | Many ASVS controls present. No formal ASVS L3 assessment. |
| WIN-8.4.4-02 | ⚠️ | SID-CRYPTO-01, SID-CRYPTO-04, SID-CRYPTO-05 | platform | WebCrypto API algorithms. Need explicit ECCG mapping. |
| WSA-8.5-01 | ⚠️ | SID-KEY-01, SID-KEY-03, SID-AUTH-04 | platform | FIDO authenticator provides formal WSCA trust model — hardware-backed with attestation. |
| WSA-8.5-02 | ⚠️ | SID-KEY-01, SID-KEY-03, SID-AUTH-01 | platform | FIDO authenticator provides separate WSCA-level instance auth via user gesture. |
| WSA-8.5-06 | ⚠️ | SID-AUTH-01, SID-CRYPTO-02, SID-KEY-03 | platform | FIDO sign extension enforces hardware-backed auth per operation — eliminates password-only WSCA bypass. |
| WSA-8.5-07 | ✅ | SID-KEY-01, SID-CRYPTO-03 | platform | Client keystore: key generation, wrapping, signing, public key export. |
| WSA-8.5-08 | ⚠️ | SID-KEY-01, SID-KEY-03, SID-AUTH-01 | platform | FIDO previewSign requires user gesture per signing operation — provides per-operation auth. |
| CS-I.2-ICT | ❌ | SID-OPS-02 | operator | No documented ICT system architecture for production deployment. |
| CS-I.2-Dev | ⚠️ | SID-OPS-08 | shared | Git repos, PR workflow, some testing. No formal SDLC documentation. |
| CS-I.2-Change | ⚠️ | SID-OPS-05 | shared | Git-based change tracking. No formal change management policy. |
| CS-I.2-Vuln | ⚠️ | SID-OPS-04 | shared | SBOM monitoring plan exists. No formal vuln management with SLAs. |
| CS-I.2-Incident | ❌ | SID-OPS-01 | operator | No formal incident management process. |
| CS-I.2-Fraud | ❌ | SID-OPS-07 | operator | No fraud detection or management process. |
| CS-I.3-WI | ❌ | platform | No CC evaluation or FiTCEM PP compliance. Major effort. | |
| CS-I.3-WSCA | ⚠️ | SID-KEY-01, SID-KEY-03 | platform | FIDO authenticator with sign extension serves as WSCA. Certified security keys available; formal WSCA certification p... |
| CS-I.3-WUS | ⚠️ | SID-AUTH-01, SID-AUTH-02, SID-TRANS-02, SID-TRANS-03 | shared | Backend with security controls exists. No formal security evaluation. |
| CS-I.3-Load | ❌ | SID-OPS-05 | operator | No formal loading and update process documented. |
| CS-I.3-Prov | ⚠️ | SID-AUTH-01, SID-HARD-04 | shared | Wallet registration/management APIs exist. Need formal lifecycle documentation. |
| CS-I.5-PID | ❌ | operator | PID provider must be certified separately. Usually national identity authority. | |
| CS-I.6-Valid | ⚠️ | SID-TRUST-01, SID-TRUST-02 | shared | go-trust provides trust evaluation. Must be operated by/for Member State. |
| CS-II.1-Surv | ❌ | operator | No surveillance evaluation process or evidence collection. | |
| CS-III-Public | ❌ | operator | No public security documentation. security.txt exists as starting point. |
Related Audit Findings
| Finding | Severity | Status | Owner | Controls |
|---|---|---|---|---|
| EN-P-1 — Wallet instance integrity verification missing | 🟠 high | open | platform | |
| EN-P-2 — WSCD/WSCA via FIDO sign extension | 🔴 critical | in progress | platform | SID-KEY-01, SID-KEY-03 |
| EN-P-3 — Credential re-issuance functionality missing | 🟡 medium | open | platform | |
| EN-P-4 — Anti-tampering and obfuscation controls missing | 🟢 low | open | platform | |
| EN-S-1 — Partial audit logging and SIEM | 🟡 medium | in progress | platform | SID-AUDIT-01, SID-OPS-06 |
| EN-S-2 — Partial asset classification and cryptographic documentation | 🟡 medium | in progress | platform | SID-CRYPTO-01, SID-CRYPTO-02, SID-CRYPTO-03, SID-CRYPTO-04, SID-CRYPTO-05 |
| EN-S-3 — Partial SDLC, change management and vulnerability scanning | 🟡 medium | in progress | platform | SID-OPS-04, SID-OPS-05, SID-OPS-08 |
| EN-S-4 — Partial wallet unit security and lifecycle | 🟡 medium | in progress | platform | SID-AUTH-01, SID-AUTH-02, SID-TRANS-02, SID-TRANS-03, SID-HARD-04 |
| EN-S-5 — Partial transport and instance protection | 🟡 medium | in progress | platform | SID-TRANS-01, SID-AUTH-04, SID-CRYPTO-03 |
| EN-P-5 — Partial user authentication and session controls | 🟠 high | in progress | platform | SID-AUTH-01, SID-AUTH-02, SID-AUTH-03, SID-KEY-01, SID-KEY-03, SID-CRYPTO-02 |
| EN-P-6 — Partial key management and credential operations | 🟡 medium | in progress | platform | SID-CRYPTO-02, SID-CRYPTO-03, SID-KEY-01, SID-KEY-03 |
| EN-P-7 — Partial hardening and error handling | 🟡 medium | resolved | platform | SID-HARD-01, SID-HARD-02, SID-HARD-05, SID-ACCESS-02, SID-TRANS-04 |
| EN-P-8 — Partial trust list freshness and status checking | 🟡 medium | in progress | platform | SID-TRUST-02, SID-TRUST-04, SID-DATA-03 |