Platform Controls
Controls implemented by the Siros Foundation in the SirosID platform code. These are built into the wallet backend, frontend, VC libraries, and trust services. Deployment operators inherit these controls automatically.
42 controls with this tag.
| ID | Title | Status | Owner | CSF Function |
|---|---|---|---|---|
| SID-ACCESS-01 | Multi-Tenant Isolation | verified | platform | protect |
| SID-ACCESS-02 | Rate Limiting and Brute-Force Protection | verified | platform | protect |
| SID-ACCESS-03 | User Consent Before Credential Disclosure | verified | platform | protect |
| SID-ACCESS-04 | SPOCP Policy-Based Query Authorization | verified | platform | protect |
| SID-AUDIT-01 | Structured Security Event Logging | verified | platform | detect |
| SID-AUTH-01 | FIDO2/WebAuthn Passwordless Authentication | verified | platform | protect |
| SID-AUTH-02 | JWT Bearer Token Session Management | verified | platform | protect |
| SID-AUTH-03 | OIDC Gate for External Identity Providers | verified | platform | protect |
| SID-AUTH-04 | WebSocket JWT Handshake Authentication | verified | platform | protect |
| SID-CRYPTO-01 | PKCS#11 HSM Key Protection | verified | platform | protect |
| SID-CRYPTO-02 | PRF Extension Key Derivation | verified | platform | protect |
| SID-CRYPTO-03 | AES-256-GCM Encrypted Keystore | verified | platform | protect |
| SID-CRYPTO-04 | COSE Sign1 and mDOC Cryptography | verified | platform | protect |
| SID-CRYPTO-05 | Secure Random Number Generation | verified | platform | protect |
| SID-DATA-01 | SD-JWT Selective Disclosure | verified | platform | protect |
| SID-DATA-02 | mDOC Element-Level Selective Disclosure | verified | platform | protect |
| SID-DATA-03 | Credential Revocation via Token Status List | verified | platform | protect |
| SID-DATA-04 | VCTM Schema Validation | verified | platform | protect |
| SID-DATA-05 | Gate/Remove Dead VC/VP Storage Paths | verified | platform | protect |
| SID-DATA-06 | PII Field Encryption for User Records | to_do | platform | protect |
| SID-HARD-01 | Error Message Sanitization | verified | platform | protect |
| SID-HARD-02 | Input Validation and Injection Prevention | verified | platform | protect |
| SID-HARD-03 | Network Segmentation (Separate Server Ports) | verified | platform | protect |
| SID-HARD-04 | Secure Registration Enforcement | verified | platform | protect |
| SID-HARD-05 | Browser Security Controls | verified | platform | protect |
| SID-KEY-01 | WSCA WebSocket Key Signing Delegation | verified | platform | protect |
| SID-KEY-02 | IACA Certificate Management | verified | platform | protect |
| SID-KEY-03 | FIDO WSCD via Sign Extension (previewSign) | to_do | platform | protect |
| SID-OPS-04 | Vulnerability Management | to_do | platform | detect |
| SID-OPS-05 | Change Management | to_do | platform | govern |
| SID-OPS-08 | Secure Development Lifecycle | to_do | platform | protect |
| SID-PRIV-01 | Minimal Disclosure Enforcement | verified | platform | protect |
| SID-PRIV-02 | VP Nonce Binding (Anti-Replay) | verified | platform | protect |
| SID-PRIV-03 | Right-to-Erasure Bulk Deletion API | to_do | platform | protect |
| SID-TRANS-01 | TLS 1.2+ Minimum with Configurable Version | verified | platform | protect |
| SID-TRANS-02 | OpenID4VCI Credential Issuance Protocol | verified | platform | protect |
| SID-TRANS-03 | OpenID4VP Credential Presentation Protocol | verified | platform | protect |
| SID-TRANS-04 | SSRF-Protected HTTP Client | verified | platform | protect |
| SID-TRUST-01 | AuthZEN PDP Trust Evaluation Service | verified | platform | identify |
| SID-TRUST-02 | Multi-Registry Trust Framework Support | verified | platform | identify |
| SID-TRUST-03 | Issuer and Verifier Trust Gating | verified | platform | protect |
| SID-TRUST-04 | Trust Decision Caching with Circuit Breaker | verified | platform | protect |