In the table below is an overview of all criteria for the base profile and whether it is already implemented or not.
| TrueConnector | No. | Title | Note |
|---|---|---|---|
| x | COM 01 | Protected connection | |
| x | COM 02 | Mutual authentication | |
| x | COM 03 | State of the art cryptography | |
| x | USC 01 | Definition of usage policies | |
| - | USC 02 | Sending of usage policies | |
| x | USC 03 | Usage policy enforcement | |
| x | INF 01 | Self-Description (at Connector) | |
| x | INF 02 | Self-Description (at Broker) | |
| - | INF 03 | Self-Description content | |
| x | INF 04 | Self-Description evaluation | |
| x | INF 05 | Dynamic attribute tokens | |
| x | IAM 01 | Connector identifier | |
| - | IAM 02 | Time Service | |
| - | IAM 03 | Online certificate status check | |
| - | IAM 04 | Attestation of dynamic attributes | |
| x | BRK 01 | Broker service inquiries | |
| x | BRK 02 | Broker registration | |
| x | BRK 03 | Broker registration update | |
| x | OS 01 | Container support | |
| - | APS 01 | App signature | |
| - | APS 02 | App signature verification | |
| - | APS 05 | App installation | |
| - | APS 06 | App Store | |
| - | AUD 01 | Access control logging | |
| - | AUD 02 | Data access logging | |
| - | AUD 03 | Configuration changes logging | |
| x | CR 1.1 | Human user identification and authentication | |
| - | CR 1.1 (1) | Unique identification and authentication | |
| - | CR 1.2 | Software process and device identification and authentication | |
| - | CR 1.2 (1) | Unique identification and authentication | |
| - | CR 1.3 | Account management | |
| - | CR 1.4 | Identifier management | |
| - | CR 1.5 | Authenticator management | |
| - | CR 1.7 | Strength of password-based authentication | |
| x | CR 1.8 | Public key infrastructure certificates | |
| - | CR 1.9 | Strength of public key-based authentication | |
| x | CR 1.10 | Authenticator feedback | |
| x | CR 1.11 | Unsuccessful login attempts | |
| - | CR 1.12 | System use notification | |
| NA | CR 1.14 | Strength of symmetric key-based authentication | Using asymetric key pair |
| x? | CR 2.1 | Authorization enforcement | |
| NA | CR 2.2 | Wireless use control | We do not have wireless control |
| NA | CR 2.5 | Session lock | We do not have sessions |
| x | CR 2.8 | Auditable events | |
| x? | CR 2.9 | Audit storage capacity | |
| x | CR 2.10 | Response to audit processing failures | |
| x | CR 2.11 | Timestamps | |
| x? | CR 2.12 | Non-repudiation | |
| x | CR 3.1 | Communication integrity | |
| x? | CR 3.1 (1) | Communication authentication | |
| - | CR 3.3 | Security functionality verification | |
| - | CR 3.4 | Software and information integrity | |
| x? | CR 3.5 | Input validation | |
| - | CR 3.6 | Deterministic output | |
| x | CR 3.7 | Error handling | |
| NA | CR 3.8 | Session integrity | We do not have sessions |
| x? | CR 4.1 | Information confidentiality | |
| - | CR 4.2 (1) | Erase of shared memory resources | |
| x? | CR 4.3 | Use of cryptography | |
| x? | CR 5.1 | Network segmentation | |
| x? | CR 6.1 | Audit log accessibility | |
| - | CR 7.1 | Denial of service protection | |
| - | CR 7.2 | Resource management | |
| - | CR 7.3 | Control system backup | |
| - | CR 7.4 | Control system recovery and reconstitution | |
| - | CR 7.6 | Network and security configuration settings | |
| - | CR 7.7 | Least functionality | |
| - | SAR 2.4 | Mobile code | |
| - | SAR 2.4 (1) | Mobile code integrity check | |
| - | SAR 2.4 (1) | Protection from malicious code | |
| - | NDR 1.6 | Wireless Access Management | |
| - | NDR 1.13 | Access via untrusted networks | |
| - | NDR 2.4 | Mobile code | |
| - | NDR 3.2 | Protection from malicious code | |
| - | NDR 3.10 | Support for updates | |
| - | NDR 3.14 | Integrity of the boot process | |
| - | NDR 5.2 | Zone boundary protection | |
| - | NDR 5.3 | General purpose, person-to-person communication restrictions | |
| x | D_AD.1 | Secure initialisation | |
| - | D_AD.2 | Tamper protection | |
| - | D_AD.3 | Security-enforcing mechanisms | |
| x | D_IS.1 | Interface purpose and usage | |
| - | D_IS.2 | Interface parameters | |
| x? | D_DD.1 | Subsystem structure | |
| x? | G_AP.1 | Acceptance procedures | |
| x? | G_AP.2 | Installation procedures | |
| x? | G_OG.1 | Interface usage for each user role | |
| - | G_OG.2 | Possible modes of operation | |
| x | S_CM.1 | Unique component reference | |
| x | S_CM.2 | Consistent usage of component reference | |
| - | S_CM.6 (1) | Configuration list content (1) | |
| - | S_CM.7 | Unique identification based on configuration list | |
| - | S_CM.8 | Developer Information | |
| - | S_DL.1 | Secure delivery | |
| x? | S_FR.1 | Tracking of reported security flaws | |
| x? | S_FR.2 | Security flaw description | |
| - | S_FR.3 | Status of corrective measures | |
| - | T_CA.1 | Test coverage analysis | |
| - | T_CA.2 | Test procedures for subsystems | |
| - | T_TD.1 | Test documentation | |
| - | T_TD.2 | Test configuration | |
| - | T_TD.3 | Ordering Dependencies |