Skip to main content

Security Requirements

IDRequirementPriorityStatus
NFR-SEC-001The system shall enforce authentication for protected resources.HighConfirmed
NFR-SEC-002The system shall enforce RBAC on backend APIs.HighConfirmed
NFR-SEC-003The system shall prevent cross-scope/account data access across schools, suppliers, operators, parents, and students.HighConfirmed by technical team; Evidence Pending Attachment
NFR-SEC-004The system shall restrict financial and credential actions with stricter authorization.HighConfirmed
NFR-SEC-005The system shall not rely on frontend-only authorization.HighConfirmed
NFR-SEC-006Sensitive logs, secrets, and tokens shall not be exposed in documentation.HighConfirmed