From 3eb877175d1f292db49cd6f1fb68c7848a32f3b2 Mon Sep 17 00:00:00 2001
From: vinahradau <64530178+vinahradau@users.noreply.github.com>
Date: Mon, 1 Jun 2020 17:12:23 +0200
Subject: [PATCH] Added BulkCIDAccessUsersList, more FINMA references.

---
 CIDFINMA_spec_Z.zed16 | 47 ++++++++++++++++++++++++++++++++++---------
 1 file changed, 38 insertions(+), 9 deletions(-)

diff --git a/CIDFINMA_spec_Z.zed16 b/CIDFINMA_spec_Z.zed16
index c0ad327..d1a3438 100644
--- a/CIDFINMA_spec_Z.zed16
+++ b/CIDFINMA_spec_Z.zed16
@@ -5,15 +5,37 @@ Specification, further referred to as FINMA:
 https://www.finma.ch/de/~/media/finma/dokumente/rundschreiben-archiv/finma-rs200821---30-06-2017.pdf
 
 Specification requirements:
-// CID data classification (FINMA 10*)
-// CID data owner (FINMA 13*)
-// all nodes with CID data stored should be recorded (FINMA 15*)
-// CID protection risks are country specific (FINMA 20*)
-// no node outside Switzerland should have unprotected CID data stored (FINMA 20*)
-// CID data accessed by users from outside Switzerland has to be protected (FINMA 20*)
-// role and function based authorisation system in place (FINMA 22*)
-// logs for bulk CID access (FINMA 40*)
-// an internal employee has to be responsible for the compliance of outsourced CID activities (FINMA 50*)
+-CID data classification (FINMA 10*)
+	DATACATEGORY
+	CIDCATEGORIES
+	METADATA
+- CID data owner (FINMA 13*)
+	ENTITY
+	DOMAIN
+- all nodes with CID data stored should be recorded (FINMA 15*)
+	CIDSTORINGNODESAUDITLOG
+- CID protection risks are country specific (FINMA 20*)
+	COUNTRY
+- no node outside Switzerland should have unprotected CID data stored (FINMA 20*)
+	CONTENT
+	NODE
+	AddNodeData
+- CID data accessed by users from outside Switzerland has to be protected (FINMA 20*)
+	AccesNodeData
+- role and function based authorisation system in place (FINMA 22*)
+	ROLE
+	USER
+	DOMAIN
+- List of users with bulk CID access (FINMA 34*)
+	BulkCIDAccessUsersList
+- logs for bulk CID access (FINMA 40*)
+	CIDBULKLOG
+- an internal employee has to be responsible for the compliance of outsourced CID activities (FINMA 50*)
+	DOMAIN
+	USER
+	AddUser
+	AddInternalUser
+	AddExternalUser
 ─
   DATACATEGORY ::= DIRECT | INDIRECT | POTENTIALLYDIRECT | PROTECTED | NONCID 
   CIDCATEGORIES == {DIRECT, INDIRECT, POTENTIALLYDIRECT}
@@ -280,3 +302,10 @@ Specification requirements:
   teams′ = teams
   userAccessRigths′ = userAccessRigths
 └
+┌ BulkCIDAccessUsersList
+  ΞDOMAIN
+  ΞNODE
+  BulkCIDAccessUsersList!: ℙ USER
+|
+  BulkCIDAccessUsersList! = dom (userAccessRigths ▷ {ROLEBULKCID})
+└