b3a8fe4496
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- Config, docs, scripts, and backup manifests - Submodule refs unchanged (m = modified content in submodules) Made-with: Cursor
2.7 KiB
2.7 KiB
DBIS Rail — Control Mapping v1
Network: DBIS Mainnet (ChainID 138)
Document type: Mapping of controls to checklist, Spec, Rulebook, and Threat Model
Companion: Audit Readiness Checklist v1, Audit Readiness Results v1
Purpose: Lightweight control mapping for internal audit and future SOC 2 / ISO 27001 alignment. Each control is traceable to a checklist section and to the governing document(s).
Control summary
| ID | Control | Checklist | Spec | Rulebook | Threat Model |
|---|---|---|---|---|---|
| C1 | Mint path restricted to SettlementRouter | 1 | 6.5, 2.2 | 4, 5 | 3.D |
| C2 | Owner / direct mint revoked for GRU/c* | 1 | 6.5, 11 | 4 | 3.D |
| C3 | EIP-712 domain separation (chainId, verifyingContract) | 2 | 4.2, 7 | - | 3.A |
| C4 | messageId replay protection (one-time use) | 2 | 6.4 | 9 | 3.A |
| C5 | Time window (notBefore, expiresAt) enforced | 2 | 4.2, 6.4 | 4.6 | 3.A |
| C6 | Quorum and category (3-of-5, COMPLIANCE) enforced | 2, 3 | 6.3, 6.4 | 4.5, 6 | 3.A, 3.F |
| C7 | Signer allowlist and revocation | 3 | 6.3 | 6 | 3.A, 3.F |
| C8 | Deterministic accountingRef | 4 | - | 3.2 | 3.B |
| C9 | Evidence bundle hashed (isoHash) | 4 | 4.2, 5 | 4.4 | 3.B |
| C10 | One-to-one messageId / accountingRef / mint | 4 | 6.4 | 3.3, 8 | 3.B |
| C11 | ReentrancyGuard and CEI on Router | 5 | 6.4 | - | 3.C |
| C12 | Caps enforced before mint | 5 | 6.4 | - | 3.C |
| C13 | Router and Mint Controller pause | 5, 7 | 6.4, 6.5, 8 | 7 | 3.C, 3.D |
| C14 | Corridor limits enforced | 5, 7 | 6.4 | - | 3.C |
| C15 | Participant suspension (no mint to suspended) | 7 | 6.2, 6.4 | 7 | 3.F |
| C16 | Validator segregation and monitoring | 6 | 3 | - | 3.E |
| C17 | Good funds and finality (Rulebook) | 4 | 1, 4 | 2, 4 | 3.B, 5 |
| C18 | Documentation versioning and review | 8 | - | 9 | 6 |
Section numbers refer to the respective document sections (e.g. Spec 6.5 = DBIS_GRU_MintController, Rulebook 3.2 = deterministic accountingRef).
References
- Spec: DBIS_RAIL_TECHNICAL_SPEC_V1.md
- Rulebook: DBIS_RAIL_RULEBOOK_V1.md
- Threat Model: DBIS_RAIL_SECURITY_THREAT_MODEL_V1.md
- Checklist: DBIS_RAIL_AUDIT_READINESS_CHECKLIST_V1.md
- Results: DBIS_RAIL_AUDIT_READINESS_RESULTS_V1.md
Document control
| Field | Value |
|---|---|
| Title | DBIS Rail — Control Mapping v1 |
| Network | DBIS Mainnet (ChainID 138) |
| Version | 1 |
| Status | Active |