CC-R-1 — No platform-wide audit trail for security-relevant events
Component: Cross-Cutting. Mitigations: Component-level logs exist; no centralised SIEM. Action: Address via AV-P-4 (centralised logging)
| Property | Value |
|---|---|
| Section | Repudiation |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUDIT-01 | Structured Security Event Logging |
| SID-AUDIT-02 | Privacy-Preserving Audit Event Taxonomy |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md