Compliance Evaluation: Template

Owned by Nico Lueck
Jul 03, 2023
3 min read

Content

Tool Description

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.

Evaluation Status

Status

Insert Jira Link

Date

2023-01-01

Reviewer

Person how conducted the evaluation

Software Version

 

Specification Version

 

Compliance Level

Declined Pending Level 1 Level 2

Software Attributes

Logo

 

Name

 

Website

 

Documentation

 

BBs used for Evaluation

https://govstack.gitbook.io/specification/

 

Evaluation Summary

 

Criterion

Fulfillment

 

Criterion

Fulfillment

Deployment

Deployability via container

Interface

Fulfillment of Service API requirements

Insert number or “all”

Fulfillment of REQUIRED API related requirements in the Architecture BB specifications (ch. 5.1, 5.3, 5.4, 5.6, 5.13)

Insert number or “all”

Requirement Specification

Fulfillment of REQUIRED Key Digital Functionalities stated in the respective BB specifications

Insert number or “all”

Fulfillment of REQUIRED cross-cutting and functional requirements stated in the respective BB specifications

Insert number or “all”

Fulfillment of REQUIRED cross-cutting requirements stated in the Architecture BB specifications

Insert number or “all”

Deployment Compliance

Requirement

Fulfillment

Comment

Requirement

Fulfillment

Comment

Must be deployable via container

 

 

 

 

Interface Compliance

Test Harness Result

Insert Link or Screenshot?

@Dominika Bieńkowska (Deactivated) What prove coming from the API Testing - from the Testing Webapp - can be inserted here?

API Requirements from Architecture Specifications

See requirements (5.1, 5.3, 5.4, 5.6, 5.13) below under “Architectural Cross-Cutting Requirements”

Requirement Specification Compliance

Please copy and paste all REQUIRED requirements from the respective BB specification Gitbook repository into this list. All RECOMMENDED requirements are optional. We are working on a automated procedure.

Key Digital Functionalities

Requirement

Fulfillment

Comment

Requirement

Fulfillment

Comment

 

 

 

 

 

 

 

 

BB Cross Cutting Functionalities

Requirement

Fulfillment

Comment

Requirement

Fulfillment

Comment

 

 

 

 

 

 

 

 

 

 

BB Functional Requirements

Requirement

Fulfillment

Comment

Requirement

Fulfillment

Comment

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Architectural Cross-Cutting Requirements

Requirement (source: v1.0 of https://govstack.gitbook.io/specification/architecture-and-nonfunctional-requirements/5-cross-cutting-requirements )

Fulfillment

Comment

Requirement (source: v1.0 of https://govstack.gitbook.io/specification/architecture-and-nonfunctional-requirements/5-cross-cutting-requirements )

Fulfillment

Comment

5.1 Follow TM Forum Specification REST API Design Guidelines Part 1 (REQUIRED)

 

5.2 Follow TM Forum Specification REST API Design Guidelines Parts 2-7 (RECOMMENDED)

 

5.3 Communicate with other BBs only via API (REQUIRED)

 

5.4 APIs must be Versioned (REQUIRED)

 

5.5 Documentation must be Provided (REQUIRED)

 

5.6 Provide an OpenAPI specification (REQUIRED)

 

5.7 Building blocks must be deployable as a container (REQUIRED)

 

5.8 Include all deployment scripts (RECOMMENDED)

 

5.9 Comply with GDPR Principles (REQUIRED)

 

5.10 Include Support for Capturing Logging information (REQUIRED)

 

5.11 Use Web Hooks for Callbacks (REQUIRED)

 

5.12 Enforce Transport Security (REQUIRED)

 

5.13 GET and PUT APIs must be Idempotent (REQUIRED)

 

5.14 Use Stateless APIs wherever Possible to Enhance Scalability (RECOMMENDED)

 

5.15 Include Transaction/Trace/Correlation IDs (RECOMMENDED)

 

5.16 Include Clearly-Defined Key Rotation Policies (RECOMMENDED)

 

5.17 Databases should not Include Business Logic (RECOMMENDED)

 

5.18 Use only Unicode for Text (REQUIRED)

 

5.19 Use ISO8601/UTC for Timestamps (REQUIRED)

 

5.20 Building Blocks must be Autonomous (REQUIRED)

 

5.21 Use Secure Configuration (REQUIRED)

 

5.22 Design for Asynchronous First (RECOMMENDED)

 

5.23 Use Standardized Data Formats for Interchange (REQUIRED)

 

5.24 Use Existing Standards for Data Interchange, Where Available (RECOMMENDED)

 

5.25 Use I/O Sanitization (RECOMMENDED)

 

5.26 Provide a Compliance Test Mock/Example Implementation (OPTIONAL)

 

5.27 Building blocks should be Localizable (RECOMMENDED)

 

5.28 Use NTP Synchronization (RECOMMENDED)