npm - @ansvar/eu-regulations-mcp - Versions diffs - 0.1.0 → 0.2.0 - Mend

@ansvar/eu-regulations-mcp 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (156) hide show

package/LICENSE +190 -21
package/README.md +125 -26
package/data/seed/aifmd.json +432 -0
package/data/seed/applicability/ai-act.json +87 -0
package/data/seed/applicability/aifmd.json +74 -0
package/data/seed/applicability/cbam.json +74 -0
package/data/seed/applicability/cer.json +74 -0
package/data/seed/applicability/cra.json +77 -0
package/data/seed/applicability/csddd.json +74 -0
package/data/seed/applicability/csrd.json +74 -0
package/data/seed/applicability/cyber_solidarity.json +74 -0
package/data/seed/applicability/cybersecurity-act.json +69 -0
package/data/seed/applicability/data-act.json +71 -0
package/data/seed/applicability/dga.json +74 -0
package/data/seed/applicability/dma.json +77 -0
package/data/seed/applicability/dsa.json +71 -0
package/data/seed/applicability/eecc.json +74 -0
package/data/seed/applicability/ehds.json +74 -0
package/data/seed/applicability/eidas2.json +86 -0
package/data/seed/applicability/eprivacy.json +74 -0
package/data/seed/applicability/eu_taxonomy.json +74 -0
package/data/seed/applicability/eucc.json +74 -0
package/data/seed/applicability/eudr.json +74 -0
package/data/seed/applicability/gpsr.json +74 -0
package/data/seed/applicability/ivdr.json +74 -0
package/data/seed/applicability/led.json +74 -0
package/data/seed/applicability/machinery.json +74 -0
package/data/seed/applicability/mdr.json +74 -0
package/data/seed/applicability/mica.json +74 -0
package/data/seed/applicability/mifid2.json +74 -0
package/data/seed/applicability/mifir.json +74 -0
package/data/seed/applicability/pld.json +74 -0
package/data/seed/applicability/psd2.json +74 -0
package/data/seed/applicability/red.json +74 -0
package/data/seed/applicability/sfdr.json +74 -0
package/data/seed/applicability/un-r155.json +68 -0
package/data/seed/applicability/un-r156.json +68 -0
package/data/seed/cbam.json +397 -0
package/data/seed/cer.json +233 -0
package/data/seed/csddd.json +205 -0
package/data/seed/csrd.json +50 -0
package/data/seed/cyber_solidarity.json +252 -0
package/data/seed/data-act.json +517 -0
package/data/seed/dga.json +342 -0
package/data/seed/dma.json +499 -0
package/data/seed/dsa.json +686 -0
package/data/seed/eecc.json +981 -0
package/data/seed/ehds.json +638 -0
package/data/seed/eidas2.json +590 -0
package/data/seed/eprivacy.json +115 -0
package/data/seed/eu_taxonomy.json +285 -0
package/data/seed/eucc.json +386 -0
package/data/seed/eudr.json +401 -0
package/data/seed/gpsr.json +462 -0
package/data/seed/ivdr.json +1036 -0
package/data/seed/led.json +480 -0
package/data/seed/machinery.json +513 -0
package/data/seed/mappings/iso27001-ai-act.json +114 -0
package/data/seed/mappings/iso27001-aifmd.json +50 -0
package/data/seed/mappings/iso27001-cbam.json +26 -0
package/data/seed/mappings/iso27001-cer.json +74 -0
package/data/seed/mappings/iso27001-cra.json +130 -0
package/data/seed/mappings/iso27001-csddd.json +50 -0
package/data/seed/mappings/iso27001-csrd.json +26 -0
package/data/seed/mappings/iso27001-cyber_solidarity.json +82 -0
package/data/seed/mappings/iso27001-cybersecurity-act.json +90 -0
package/data/seed/mappings/iso27001-data-act.json +66 -0
package/data/seed/mappings/iso27001-dga.json +50 -0
package/data/seed/mappings/iso27001-dma.json +50 -0
package/data/seed/mappings/iso27001-dsa.json +58 -0
package/data/seed/mappings/iso27001-eecc.json +74 -0
package/data/seed/mappings/iso27001-ehds.json +90 -0
package/data/seed/mappings/iso27001-eidas2.json +106 -0
package/data/seed/mappings/iso27001-eprivacy.json +66 -0
package/data/seed/mappings/iso27001-eu_taxonomy.json +34 -0
package/data/seed/mappings/iso27001-eucc.json +66 -0
package/data/seed/mappings/iso27001-eudr.json +34 -0
package/data/seed/mappings/iso27001-gpsr.json +42 -0
package/data/seed/mappings/iso27001-ivdr.json +66 -0
package/data/seed/mappings/iso27001-led.json +74 -0
package/data/seed/mappings/iso27001-machinery.json +50 -0
package/data/seed/mappings/iso27001-mdr.json +82 -0
package/data/seed/mappings/iso27001-mica.json +66 -0
package/data/seed/mappings/iso27001-mifid2.json +66 -0
package/data/seed/mappings/iso27001-mifir.json +42 -0
package/data/seed/mappings/iso27001-pld.json +26 -0
package/data/seed/mappings/iso27001-psd2.json +82 -0
package/data/seed/mappings/iso27001-red.json +42 -0
package/data/seed/mappings/iso27001-sfdr.json +50 -0
package/data/seed/mappings/iso27001-un-r155.json +130 -0
package/data/seed/mappings/iso27001-un-r156.json +106 -0
package/data/seed/mappings/nist-csf-ai-act.json +138 -0
package/data/seed/mappings/nist-csf-aifmd.json +58 -0
package/data/seed/mappings/nist-csf-cbam.json +42 -0
package/data/seed/mappings/nist-csf-cer.json +90 -0
package/data/seed/mappings/nist-csf-cra.json +130 -0
package/data/seed/mappings/nist-csf-csddd.json +50 -0
package/data/seed/mappings/nist-csf-csrd.json +34 -0
package/data/seed/mappings/nist-csf-cyber_solidarity.json +90 -0
package/data/seed/mappings/nist-csf-cybersecurity-act.json +90 -0
package/data/seed/mappings/nist-csf-data-act.json +50 -0
package/data/seed/mappings/nist-csf-dga.json +58 -0
package/data/seed/mappings/nist-csf-dma.json +42 -0
package/data/seed/mappings/nist-csf-dora.json +210 -0
package/data/seed/mappings/nist-csf-dsa.json +82 -0
package/data/seed/mappings/nist-csf-eecc.json +90 -0
package/data/seed/mappings/nist-csf-ehds.json +98 -0
package/data/seed/mappings/nist-csf-eidas2.json +114 -0
package/data/seed/mappings/nist-csf-eprivacy.json +58 -0
package/data/seed/mappings/nist-csf-eu_taxonomy.json +34 -0
package/data/seed/mappings/nist-csf-eucc.json +66 -0
package/data/seed/mappings/nist-csf-eudr.json +58 -0
package/data/seed/mappings/nist-csf-gdpr.json +178 -0
package/data/seed/mappings/nist-csf-gpsr.json +58 -0
package/data/seed/mappings/nist-csf-ivdr.json +66 -0
package/data/seed/mappings/nist-csf-led.json +74 -0
package/data/seed/mappings/nist-csf-machinery.json +58 -0
package/data/seed/mappings/nist-csf-mdr.json +66 -0
package/data/seed/mappings/nist-csf-mica.json +98 -0
package/data/seed/mappings/nist-csf-mifid2.json +74 -0
package/data/seed/mappings/nist-csf-mifir.json +50 -0
package/data/seed/mappings/nist-csf-nis2.json +194 -0
package/data/seed/mappings/nist-csf-pld.json +34 -0
package/data/seed/mappings/nist-csf-psd2.json +98 -0
package/data/seed/mappings/nist-csf-red.json +58 -0
package/data/seed/mappings/nist-csf-sfdr.json +42 -0
package/data/seed/mappings/nist-csf-un-r155.json +130 -0
package/data/seed/mappings/nist-csf-un-r156.json +98 -0
package/data/seed/mdr.json +1066 -0
package/data/seed/mica.json +1003 -0
package/data/seed/mifid2.json +906 -0
package/data/seed/mifir.json +512 -0
package/data/seed/pld.json +244 -0
package/data/seed/psd2.json +827 -0
package/data/seed/red.json +452 -0
package/data/seed/sfdr.json +228 -0
package/data/seed/un-r155.json +166 -0
package/data/seed/un-r156.json +150 -0
package/dist/http-server.d.ts +9 -0
package/dist/http-server.d.ts.map +1 -0
package/dist/http-server.js +342 -0
package/dist/http-server.js.map +1 -0
package/dist/index.js +4 -4
package/dist/index.js.map +1 -1
package/dist/tools/map.d.ts +1 -1
package/dist/tools/map.d.ts.map +1 -1
package/dist/tools/map.js +3 -3
package/dist/tools/map.js.map +1 -1
package/package.json +6 -2
package/scripts/build-db.ts +20 -8
package/scripts/check-updates.ts +141 -39
package/scripts/ingest-eurlex.ts +9 -1
package/scripts/ingest-unece.ts +368 -0
package/src/http-server.ts +380 -0
package/src/index.ts +4 -4
package/src/tools/map.ts +4 -4

package/data/seed/mappings/nist-csf-un-r155.json ADDED Viewed

@@ -0,0 +1,130 @@
+[
+  {
+    "control_id": "GV.OC-01",
+    "control_name": "Organizational context",
+    "regulation": "UN_R155",
+    "articles": ["1"],
+    "coverage": "full",
+    "notes": "Section 1 scope for vehicle cybersecurity type approval"
+  },
+  {
+    "control_id": "GV.RM-01",
+    "control_name": "Risk management objectives",
+    "regulation": "UN_R155",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7 CSMS requires documented risk management"
+  },
+  {
+    "control_id": "GV.RR-01",
+    "control_name": "Organizational roles and responsibilities",
+    "regulation": "UN_R155",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7.2.2.2 organizational roles for cybersecurity"
+  },
+  {
+    "control_id": "GV.PO-01",
+    "control_name": "Cybersecurity policy",
+    "regulation": "UN_R155",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7 requires CSMS policies and procedures"
+  },
+  {
+    "control_id": "GV.SC-01",
+    "control_name": "Supply chain risk management program",
+    "regulation": "UN_R155",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7.2.2.3 supplier and service provider risk management"
+  },
+  {
+    "control_id": "ID.AM-01",
+    "control_name": "Inventories of assets",
+    "regulation": "UN_R155",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7 CSMS requires vehicle system inventory"
+  },
+  {
+    "control_id": "ID.RA-01",
+    "control_name": "Vulnerabilities in assets are identified",
+    "regulation": "UN_R155",
+    "articles": ["7", "Annex 5"],
+    "coverage": "full",
+    "notes": "Section 7.2.2.5 vulnerability identification, Annex 5 threat/vulnerability list"
+  },
+  {
+    "control_id": "ID.RA-03",
+    "control_name": "Internal and external threats are identified",
+    "regulation": "UN_R155",
+    "articles": ["7", "Annex 5"],
+    "coverage": "full",
+    "notes": "Section 7 threat assessment, Annex 5 comprehensive threat catalogue"
+  },
+  {
+    "control_id": "ID.RA-05",
+    "control_name": "Risk responses are identified",
+    "regulation": "UN_R155",
+    "articles": ["7", "Annex 5"],
+    "coverage": "full",
+    "notes": "Section 7 risk mitigation, Annex 5 mitigations for each threat"
+  },
+  {
+    "control_id": "PR.DS-01",
+    "control_name": "Data-at-rest is protected",
+    "regulation": "UN_R155",
+    "articles": ["7", "Annex 5"],
+    "coverage": "full",
+    "notes": "Annex 5 Part A.3.1 data protection mitigations"
+  },
+  {
+    "control_id": "PR.DS-02",
+    "control_name": "Data-in-transit is protected",
+    "regulation": "UN_R155",
+    "articles": ["7", "Annex 5"],
+    "coverage": "full",
+    "notes": "Annex 5 communication security mitigations"
+  },
+  {
+    "control_id": "PR.PS-01",
+    "control_name": "Configuration management practices established",
+    "regulation": "UN_R155",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7 CSMS includes secure configuration"
+  },
+  {
+    "control_id": "DE.CM-01",
+    "control_name": "Networks and network services are monitored",
+    "regulation": "UN_R155",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7.2.2.4 monitoring and threat detection"
+  },
+  {
+    "control_id": "DE.AE-02",
+    "control_name": "Potentially adverse events are analyzed",
+    "regulation": "UN_R155",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7.2.2.4 analysis of detected threats"
+  },
+  {
+    "control_id": "RS.MA-01",
+    "control_name": "Incident response plan is executed",
+    "regulation": "UN_R155",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7.2.2.4 response to cyber attacks"
+  },
+  {
+    "control_id": "RC.RP-01",
+    "control_name": "Recovery plan is executed",
+    "regulation": "UN_R155",
+    "articles": ["7"],
+    "coverage": "partial",
+    "notes": "Section 7 CSMS includes recovery procedures"
+  }
+]

package/data/seed/mappings/nist-csf-un-r156.json ADDED Viewed

@@ -0,0 +1,98 @@
+[
+  {
+    "control_id": "GV.OC-01",
+    "control_name": "Organizational context",
+    "regulation": "UN_R156",
+    "articles": ["1"],
+    "coverage": "full",
+    "notes": "Section 1 scope for software update type approval"
+  },
+  {
+    "control_id": "GV.RM-01",
+    "control_name": "Risk management objectives",
+    "regulation": "UN_R156",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7 SUMS requires documented processes"
+  },
+  {
+    "control_id": "GV.RR-01",
+    "control_name": "Organizational roles and responsibilities",
+    "regulation": "UN_R156",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7.1.2 organizational processes for SUMS"
+  },
+  {
+    "control_id": "GV.PO-01",
+    "control_name": "Cybersecurity policy",
+    "regulation": "UN_R156",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7 requires SUMS policies for secure updates"
+  },
+  {
+    "control_id": "ID.AM-02",
+    "control_name": "Software platforms and applications inventories",
+    "regulation": "UN_R156",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7.1.2 RXSWIN for software version tracking"
+  },
+  {
+    "control_id": "ID.RA-01",
+    "control_name": "Vulnerabilities in assets are identified",
+    "regulation": "UN_R156",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7 security-relevant software update management"
+  },
+  {
+    "control_id": "PR.DS-02",
+    "control_name": "Data-in-transit is protected",
+    "regulation": "UN_R156",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7.2 secure OTA update transmission"
+  },
+  {
+    "control_id": "PR.PS-01",
+    "control_name": "Configuration management practices established",
+    "regulation": "UN_R156",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7.1.2 RXSWIN configuration management"
+  },
+  {
+    "control_id": "PR.PS-02",
+    "control_name": "Software is maintained and updated",
+    "regulation": "UN_R156",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7 entire regulation focused on software updates"
+  },
+  {
+    "control_id": "DE.AE-02",
+    "control_name": "Potentially adverse events are analyzed",
+    "regulation": "UN_R156",
+    "articles": ["7"],
+    "coverage": "partial",
+    "notes": "Section 7.1.3 documentation of update issues"
+  },
+  {
+    "control_id": "RS.MA-01",
+    "control_name": "Incident response plan is executed",
+    "regulation": "UN_R156",
+    "articles": ["7"],
+    "coverage": "partial",
+    "notes": "Section 7 update rollback and failure handling"
+  },
+  {
+    "control_id": "RC.RP-01",
+    "control_name": "Recovery plan is executed",
+    "regulation": "UN_R156",
+    "articles": ["7"],
+    "coverage": "full",
+    "notes": "Section 7.2 safe update failure recovery"
+  }
+]