audit notes work completed, test fixes work (95% done), new sprints, new data sources setup and configuration
This commit is contained in:
master
@@ -30,8 +30,9 @@ Refer to `docs/modules/export-center/architecture.md` (Sprint 35 task) for compo
|
||||
## Security and compliance guardrails
|
||||
- **AOC alignment.** Exports bundle raw evidence and optional policy evaluations without mutating source content. Policy overlays remain attributed to Policy Engine and are clearly partitioned.
|
||||
- **Tenant isolation.** All queries, manifests, and bundle paths carry tenant identifiers. Cross-tenant exports require explicit signed approval and ship with provenance trails.
|
||||
- **Signing and encryption.** Manifests and payloads are signed using the platform KMS. Mirror profiles support optional in-bundle encryption (age/AES-GCM) with key wrapping.
|
||||
- **Determinism.** Identical inputs yield identical bundles. Timestamps serialize in UTC ISO-8601; manifests include content hashes for audit replay.
|
||||
- **Signing and encryption.** Manifests and payloads are signed using the platform KMS. Mirror profiles support optional in-bundle encryption (age/AES-GCM) with key wrapping.
|
||||
- **Determinism.** Identical inputs yield identical bundles. Timestamps serialize in UTC ISO-8601; manifests include content hashes for audit replay.
|
||||
- **Audit bundles.** Audit packs use `docs/modules/evidence-locker/schemas/audit-bundle-index.schema.json` and list transparency and timestamp references when available.
|
||||
|
||||
See `docs/security/policy-governance.md` and `docs/modules/concelier/guides/aggregation-only-contract.md` for broader guardrail context.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user