Compliance Evaluation: Template
Content
Tool Description
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
Evaluation Status
Status | Insert Jira Link |
---|---|
Date | 2023-01-01 |
Reviewer | Person how conducted the evaluation |
Software Version |
|
Specification Version |
|
Compliance Level | Declined Pending Level 1 Level 2 |
Software Attributes
Logo |
|
---|---|
Name |
|
Website |
|
Documentation |
|
BBs used for Evaluation |
Evaluation Summary
| Criterion | Fulfillment |
---|---|---|
Deployment | Deployability via container |
|
Interface | Fulfillment of Service API requirements | Insert number or “all” |
Fulfillment of REQUIRED API related requirements in the Architecture BB specifications (ch. 5.1, 5.3, 5.4, 5.6, 5.13) | Insert number or “all” | |
Requirement Specification | Fulfillment of REQUIRED Key Digital Functionalities stated in the respective BB specifications | Insert number or “all” |
Fulfillment of REQUIRED cross-cutting and functional requirements stated in the respective BB specifications | Insert number or “all” | |
Fulfillment of REQUIRED cross-cutting requirements stated in the Architecture BB specifications | Insert number or “all” |
Deployment Compliance
Requirement | Fulfillment | Comment |
---|---|---|
Must be deployable via container |
|
|
|
|
|
Interface Compliance
Test Harness Result
Insert Link or Screenshot?
@Dominika Bieńkowska (Deactivated) What prove coming from the API Testing - from the Testing Webapp - can be inserted here?
API Requirements from Architecture Specifications
See requirements (5.1, 5.3, 5.4, 5.6, 5.13) below under “Architectural Cross-Cutting Requirements”
Requirement Specification Compliance
Please copy and paste all REQUIRED requirements from the respective BB specification Gitbook repository into this list. All RECOMMENDED requirements are optional. We are working on a automated procedure.
Key Digital Functionalities
Requirement | Fulfillment | Comment |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
BB Cross Cutting Functionalities
Requirement | Fulfillment | Comment |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
BB Functional Requirements
Requirement | Fulfillment | Comment |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Architectural Cross-Cutting Requirements
Requirement (source: v1.0 of https://govstack.gitbook.io/specification/architecture-and-nonfunctional-requirements/5-cross-cutting-requirements ) | Fulfillment | Comment |
---|---|---|
5.1 Follow TM Forum Specification REST API Design Guidelines Part 1 (REQUIRED) |
|
|
5.2 Follow TM Forum Specification REST API Design Guidelines Parts 2-7 (RECOMMENDED) |
|
|
5.3 Communicate with other BBs only via API (REQUIRED) |
|
|
5.4 APIs must be Versioned (REQUIRED) |
|
|
5.5 Documentation must be Provided (REQUIRED) |
|
|
5.6 Provide an OpenAPI specification (REQUIRED) |
|
|
5.7 Building blocks must be deployable as a container (REQUIRED) |
|
|
5.8 Include all deployment scripts (RECOMMENDED) |
|
|
5.9 Comply with GDPR Principles (REQUIRED) |
|
|
5.10 Include Support for Capturing Logging information (REQUIRED) |
|
|
5.11 Use Web Hooks for Callbacks (REQUIRED) |
|
|
5.12 Enforce Transport Security (REQUIRED) |
|
|
5.13 GET and PUT APIs must be Idempotent (REQUIRED) |
|
|
5.14 Use Stateless APIs wherever Possible to Enhance Scalability (RECOMMENDED) |
|
|
5.15 Include Transaction/Trace/Correlation IDs (RECOMMENDED) |
|
|
5.16 Include Clearly-Defined Key Rotation Policies (RECOMMENDED) |
|
|
5.17 Databases should not Include Business Logic (RECOMMENDED) |
|
|
5.18 Use only Unicode for Text (REQUIRED) |
|
|
5.19 Use ISO8601/UTC for Timestamps (REQUIRED) |
|
|
5.20 Building Blocks must be Autonomous (REQUIRED) |
|
|
5.21 Use Secure Configuration (REQUIRED) |
|
|
5.22 Design for Asynchronous First (RECOMMENDED) |
|
|
5.23 Use Standardized Data Formats for Interchange (REQUIRED) |
|
|
5.24 Use Existing Standards for Data Interchange, Where Available (RECOMMENDED) |
|
|
5.25 Use I/O Sanitization (RECOMMENDED) |
|
|
5.26 Provide a Compliance Test Mock/Example Implementation (OPTIONAL) |
|
|
5.27 Building blocks should be Localizable (RECOMMENDED) |
|
|
5.28 Use NTP Synchronization (RECOMMENDED) |
|
|