d-bis/smoa
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
smoa/docs/compliance/evidence/eidas-compliance-evidence.md
defiQUG 97f75e144f Initial commit
2025-12-26 10:48:33 -08:00

3.2 KiB
Raw Permalink Blame History

eIDAS Compliance Evidence

Standard: eIDAS Regulation (EU) 910/2014
Compliance Status: ⚠️ Partial
Last Updated: 2024-12-20

Compliance Overview

SMOA implements eIDAS-compliant authentication and security features. Qualified electronic signatures and qualified certificates require QTSP integration (pending).

Implementation Evidence

Multi-Factor Authentication

Code References

  • File: core/auth/src/main/java/com/smoa/core/auth/AuthenticationService.kt
  • Implementation: Three-factor authentication (PIN + Fingerprint + Facial Recognition)
  • Compliance: Compliant with eIDAS Article 8 (substantial assurance level)

Hardware-Backed Security

Code References

  • File: core/security/src/main/java/com/smoa/core/security/KeyManager.kt
  • Implementation: Hardware-backed key storage (Android Keystore)
  • Compliance: Compliant with eIDAS security requirements

Qualified Electronic Signatures (QES)

Status: ⚠️ Partial

  • Framework: Complete - QES framework implemented
  • QTSP Integration: Pending - Requires QTSP partnership
  • Code References: core/eidas/src/main/java/com/smoa/core/eidas/EIDASService.kt

Qualified Certificates

Status: ⚠️ Partial

  • Framework: Complete - Certificate management framework
  • QTSP Integration: Pending - Requires QTSP partnership
  • EU Trust Lists: Pending - Trust list validation pending
  • Code References: core/certificates/src/main/java/com/smoa/core/certificates/CertificateManager.kt

Qualified Timestamping

Status: Not Implemented

  • Requirement: Qualified timestamping per eIDAS Article 42
  • Status: Framework pending
  • Dependency: Timestamping Authority integration

Electronic Seals

Status: ⚠️ Partial

  • Framework: Complete - Electronic seal framework
  • Qualified Seals: Pending - Requires QTSP integration
  • Code References: core/signing/src/main/java/com/smoa/core/signing/ElectronicSealService.kt

Testing Evidence

Authentication Testing

  • Test File: core/auth/src/test/java/com/smoa/core/auth/AuthenticationServiceTest.kt
  • Test Coverage: 80%
  • Test Results: All authentication tests passing

Security Testing

  • Test File: core/security/src/test/java/com/smoa/core/security/SecurityTests.kt
  • Test Coverage: 75%
  • Test Results: All security tests passing

Compliance Gaps

Priority 1 Gaps

  1. QTSP Integration: Required for QES and qualified certificates
  2. EU Trust Lists: Required for qualified certificate validation
  3. Qualified Timestamping: Required for long-term validity

Remediation Plans

  1. QTSP Integration: Engage with qualified trust service providers
  2. Trust List Integration: Integrate EU Trust List validation
  3. Timestamping Integration: Integrate qualified timestamping authority

Documentation Evidence

Technical Documentation

  • Architecture: docs/architecture/ARCHITECTURE.md
  • Security Architecture: docs/security/SMOA-Security-Architecture.md
  • Module Documentation: Module completion reports

Document Owner: Compliance Officer
Last Updated: 2024-12-20
Next Review: 2025-03-20

Reference in New Issue View Git Blame Copy Permalink