P05 audit append-before-publish and M17 redaction gates are active.
D10 Watcher / Security
Security dashboard
Live posture for runtime access, evidence integrity, AVSEC redaction, and policy drift.
No critical AVSEC, identity, or audit-chain exception is waiting on triage.
Newest security signal is inside the watcher freshness SLA.
Runtime contracts reject unsigned policy and schema changes.
Control families
Enforcement matrix
| Control | Runtime check | Status |
|---|---|---|
| Identity boundary | Service accounts scoped by tenant, role, and workflow action. | Pass |
| Audit durability | Security mutations must anchor to immutable P05 evidence before publish. | Pass |
| Payload redaction | Classified AVSEC and SMS identity fields are stripped at projection time. | Pass |
| Runtime policy | Cedar-style authorization checks are required on dispatch and safety actions. | Pass |
| Operator access | Privileged console paths require dual authorization and recent session proof. | Watch |
Recent watcher signals
Security event stream
| Time | Signal | Finding | Outcome |
|---|---|---|---|
| 10:42 UTC | avsec.redaction.probe | Synthetic classified field removed before dashboard projection. | Cleared |
| 10:39 UTC | identity.session.review | Two elevated sessions expired without renewal. | Cleared |
| 10:35 UTC | audit.anchor.verify | P05 hash chain matched all watched security events. | Cleared |
| 10:28 UTC | policy.bundle.diff | Unsigned local policy bundle rejected by watcher validation. | Blocked |
