VC-I-1 — PID or biometric data exposed in vc issuer logs
Component: vc Platform. Mitigations: Credential claims passed in-process; log level controls. Action: Audit log output of issuer and registry for PII; enforce structured logging with field redaction
| Property | Value |
|---|---|
| Section | Information Disclosure |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUDIT-02 | Privacy-Preserving Audit Event Taxonomy |
| SID-DATA-01 | SD-JWT Selective Disclosure |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md