Added BulkCIDAccessUsersList, more FINMA references.

vinahradau · Jun 1, 2020 · 3eb8771 · 3eb8771
1 parent e6ef773
commit 3eb8771
Showing 1 changed file with 38 additions and 9 deletions.
diff --git a/CIDFINMA_spec_Z.zed16 b/CIDFINMA_spec_Z.zed16
@@ -5,15 +5,37 @@ Specification, further referred to as FINMA:
 https://www.finma.ch/de/~/media/finma/dokumente/rundschreiben-archiv/finma-rs200821---30-06-2017.pdf
 
 Specification requirements:
-// CID data classification (FINMA 10*)
-// CID data owner (FINMA 13*)
-// all nodes with CID data stored should be recorded (FINMA 15*)
-// CID protection risks are country specific (FINMA 20*)
-// no node outside Switzerland should have unprotected CID data stored (FINMA 20*)
-// CID data accessed by users from outside Switzerland has to be protected (FINMA 20*)
-// role and function based authorisation system in place (FINMA 22*)
-// logs for bulk CID access (FINMA 40*)
-// an internal employee has to be responsible for the compliance of outsourced CID activities (FINMA 50*)
+-CID data classification (FINMA 10*)
+	DATACATEGORY
+	CIDCATEGORIES
+	METADATA
+- CID data owner (FINMA 13*)
+	ENTITY
+	DOMAIN
+- all nodes with CID data stored should be recorded (FINMA 15*)
+	CIDSTORINGNODESAUDITLOG
+- CID protection risks are country specific (FINMA 20*)
+	COUNTRY
+- no node outside Switzerland should have unprotected CID data stored (FINMA 20*)
+	CONTENT
+	NODE
+	AddNodeData
+- CID data accessed by users from outside Switzerland has to be protected (FINMA 20*)
+	AccesNodeData
+- role and function based authorisation system in place (FINMA 22*)
+	ROLE
+	USER
+	DOMAIN
+- List of users with bulk CID access (FINMA 34*)
+	BulkCIDAccessUsersList
+- logs for bulk CID access (FINMA 40*)
+	CIDBULKLOG
+- an internal employee has to be responsible for the compliance of outsourced CID activities (FINMA 50*)
+	DOMAIN
+	USER
+	AddUser
+	AddInternalUser
+	AddExternalUser
 ─
   DATACATEGORY ::= DIRECT | INDIRECT | POTENTIALLYDIRECT | PROTECTED | NONCID 
   CIDCATEGORIES == {DIRECT, INDIRECT, POTENTIALLYDIRECT}
@@ -280,3 +302,10 @@ Specification requirements:
   teams′ = teams
   userAccessRigths′ = userAccessRigths
 └
+┌ BulkCIDAccessUsersList
+  ΞDOMAIN
+  ΞNODE
+  BulkCIDAccessUsersList!: ℙ USER
+|
+  BulkCIDAccessUsersList! = dom (userAccessRigths ▷ {ROLEBULKCID})
+└