d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
3f76bc950779f8c1a4403abddb952cdbce5fa420
proxmox/docs/dbis-rail/DBIS_RAIL_CONTROL_MAPPING_V1.md
defiQUG b3a8fe4496
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
chore: sync all changes to Gitea 
- Config, docs, scripts, and backup manifests
- Submodule refs unchanged (m = modified content in submodules)

Made-with: Cursor
2026-03-02 11:37:34 -08:00

56 lines
2.7 KiB
Markdown
Raw Blame History

# DBIS Rail — Control Mapping v1
**Network:** DBIS Mainnet (ChainID 138)
**Document type:** Mapping of controls to checklist, Spec, Rulebook, and Threat Model
**Companion:** [Audit Readiness Checklist v1](DBIS_RAIL_AUDIT_READINESS_CHECKLIST_V1.md), [Audit Readiness Results v1](DBIS_RAIL_AUDIT_READINESS_RESULTS_V1.md)
**Purpose:** Lightweight control mapping for internal audit and future SOC 2 / ISO 27001 alignment. Each control is traceable to a checklist section and to the governing document(s).
---
## Control summary
| ID | Control | Checklist | Spec | Rulebook | Threat Model |
|----|---------|-----------|------|----------|--------------|
| C1 | Mint path restricted to SettlementRouter | 1 | 6.5, 2.2 | 4, 5 | 3.D |
| C2 | Owner / direct mint revoked for GRU/c* | 1 | 6.5, 11 | 4 | 3.D |
| C3 | EIP-712 domain separation (chainId, verifyingContract) | 2 | 4.2, 7 | - | 3.A |
| C4 | messageId replay protection (one-time use) | 2 | 6.4 | 9 | 3.A |
| C5 | Time window (notBefore, expiresAt) enforced | 2 | 4.2, 6.4 | 4.6 | 3.A |
| C6 | Quorum and category (3-of-5, COMPLIANCE) enforced | 2, 3 | 6.3, 6.4 | 4.5, 6 | 3.A, 3.F |
| C7 | Signer allowlist and revocation | 3 | 6.3 | 6 | 3.A, 3.F |
| C8 | Deterministic accountingRef | 4 | - | 3.2 | 3.B |
| C9 | Evidence bundle hashed (isoHash) | 4 | 4.2, 5 | 4.4 | 3.B |
| C10 | One-to-one messageId / accountingRef / mint | 4 | 6.4 | 3.3, 8 | 3.B |
| C11 | ReentrancyGuard and CEI on Router | 5 | 6.4 | - | 3.C |
| C12 | Caps enforced before mint | 5 | 6.4 | - | 3.C |
| C13 | Router and Mint Controller pause | 5, 7 | 6.4, 6.5, 8 | 7 | 3.C, 3.D |
| C14 | Corridor limits enforced | 5, 7 | 6.4 | - | 3.C |
| C15 | Participant suspension (no mint to suspended) | 7 | 6.2, 6.4 | 7 | 3.F |
| C16 | Validator segregation and monitoring | 6 | 3 | - | 3.E |
| C17 | Good funds and finality (Rulebook) | 4 | 1, 4 | 2, 4 | 3.B, 5 |
| C18 | Documentation versioning and review | 8 | - | 9 | 6 |
Section numbers refer to the respective document sections (e.g. Spec 6.5 = DBIS_GRU_MintController, Rulebook 3.2 = deterministic accountingRef).
---
## References
- **Spec:** [DBIS_RAIL_TECHNICAL_SPEC_V1.md](DBIS_RAIL_TECHNICAL_SPEC_V1.md)
- **Rulebook:** [DBIS_RAIL_RULEBOOK_V1.md](DBIS_RAIL_RULEBOOK_V1.md)
- **Threat Model:** [DBIS_RAIL_SECURITY_THREAT_MODEL_V1.md](DBIS_RAIL_SECURITY_THREAT_MODEL_V1.md)
- **Checklist:** [DBIS_RAIL_AUDIT_READINESS_CHECKLIST_V1.md](DBIS_RAIL_AUDIT_READINESS_CHECKLIST_V1.md)
- **Results:** [DBIS_RAIL_AUDIT_READINESS_RESULTS_V1.md](DBIS_RAIL_AUDIT_READINESS_RESULTS_V1.md)
---
## Document control
| Field | Value |
|-------|--------|
| Title | DBIS Rail — Control Mapping v1 |
| Network | DBIS Mainnet (ChainID 138) |
| Version | 1 |
| Status | Active |
Reference in New Issue View Git Blame Copy Permalink