Appearance
Policy Rollback/Identity Tamper Blocks Launch and Egress
Validate that tampered or rolled‑back policy fails authorization and prevents application launch and subsequent network egress.
Objectives
- Enforce policy integrity and identity requirements for launch.
- Prevent egress when launch is denied or when authorization fails post‑load.
Preconditions
- Policy integrity protections enabled (signature/identity checks, anti‑rollback).
- Deny‑by‑default egress configured.
Suite
| ID | Canonical IDs | Flow | Procedure | Expected Outcome |
|---|---|---|---|---|
| INTEG-POLICY-ROLLBACK-01 | HARD-POLICY-02, HARD-POLICY-08, HARD-POLICY-09, HARD-POLICY-10, NET-EGRESS-01 | Policy Rollback/Identity Tamper Blocks Launch and Egress | 1) Present a tampered or rolled‑back policy bundle. 2) Attempt to launch an application and perform network egress. | Launch is denied due to identity/rollback protections; no egress occurs. Audit shows action: "deny", reason indicating identity or rollback failure, and integrity.hash. |
Evidence Requirements
authz/policyevents:action,reason(identity/rollback failure),rule.id,integrity.hash.- Absence of
networkegress events; if any attempted, they are denied perNET-EGRESS-01withaction: "deny".
