Verified Controls
Controls that are fully implemented in the current platform release. These have been verified through code review and/or testing.
36 controls with this tag.
| ID | Title | Status | Owner | CSF Function |
|---|---|---|---|---|
| SID-ACCESS-01 | Multi-Tenant Isolation | verified | platform | protect |
| SID-ACCESS-02 | Rate Limiting and Brute-Force Protection | verified | platform | protect |
| SID-ACCESS-03 | User Consent Before Credential Disclosure | verified | platform | protect |
| SID-ACCESS-04 | SPOCP Policy-Based Query Authorization | verified | platform | protect |
| SID-AUDIT-01 | Structured Security Event Logging | verified | platform | detect |
| SID-AUTH-01 | FIDO2/WebAuthn Passwordless Authentication | verified | platform | protect |
| SID-AUTH-02 | JWT Bearer Token Session Management | verified | platform | protect |
| SID-AUTH-03 | OIDC Gate for External Identity Providers | verified | platform | protect |
| SID-AUTH-04 | WebSocket JWT Handshake Authentication | verified | platform | protect |
| SID-CRYPTO-01 | PKCS#11 HSM Key Protection | verified | platform | protect |
| SID-CRYPTO-02 | PRF Extension Key Derivation | verified | platform | protect |
| SID-CRYPTO-03 | AES-256-GCM Encrypted Keystore | verified | platform | protect |
| SID-CRYPTO-04 | COSE Sign1 and mDOC Cryptography | verified | platform | protect |
| SID-CRYPTO-05 | Secure Random Number Generation | verified | platform | protect |
| SID-DATA-01 | SD-JWT Selective Disclosure | verified | platform | protect |
| SID-DATA-02 | mDOC Element-Level Selective Disclosure | verified | platform | protect |
| SID-DATA-03 | Credential Revocation via Token Status List | verified | platform | protect |
| SID-DATA-04 | VCTM Schema Validation | verified | platform | protect |
| SID-DATA-05 | Gate/Remove Dead VC/VP Storage Paths | verified | platform | protect |
| SID-HARD-01 | Error Message Sanitization | verified | platform | protect |
| SID-HARD-02 | Input Validation and Injection Prevention | verified | platform | protect |
| SID-HARD-03 | Network Segmentation (Separate Server Ports) | verified | platform | protect |
| SID-HARD-04 | Secure Registration Enforcement | verified | platform | protect |
| SID-HARD-05 | Browser Security Controls | verified | platform | protect |
| SID-KEY-01 | WSCA WebSocket Key Signing Delegation | verified | platform | protect |
| SID-KEY-02 | IACA Certificate Management | verified | platform | protect |
| SID-PRIV-01 | Minimal Disclosure Enforcement | verified | platform | protect |
| SID-PRIV-02 | VP Nonce Binding (Anti-Replay) | verified | platform | protect |
| SID-TRANS-01 | TLS 1.2+ Minimum with Configurable Version | verified | platform | protect |
| SID-TRANS-02 | OpenID4VCI Credential Issuance Protocol | verified | platform | protect |
| SID-TRANS-03 | OpenID4VP Credential Presentation Protocol | verified | platform | protect |
| SID-TRANS-04 | SSRF-Protected HTTP Client | verified | platform | protect |
| SID-TRUST-01 | AuthZEN PDP Trust Evaluation Service | verified | platform | identify |
| SID-TRUST-02 | Multi-Registry Trust Framework Support | verified | platform | identify |
| SID-TRUST-03 | Issuer and Verifier Trust Gating | verified | platform | protect |
| SID-TRUST-04 | Trust Decision Caching with Circuit Breaker | verified | platform | protect |