Require emergency drill evidence validation

2026-06-02 00:08:16 +02:00
parent 6bd822ae71
commit cd82285efe
2 changed files with 19 additions and 0 deletions
--- a/workplans/NET-WP-0017-it-security-readiness-for-user-onboarding.md
+++ b/workplans/NET-WP-0017-it-security-readiness-for-user-onboarding.md
@@ -221,6 +221,14 @@ control surface now includes a **Validate restore drill evidence** runbook
 card. T02 should not count the restore gate closed until a real non-secret
 evidence file from the prior or repeated drill passes that validator.

+**2026-06-01:** Added the parallel evidence path for the emergency seal/unseal
+drill. Railiance now has an emergency drill evidence template and
+`make openbao-validate-emergency-evidence`; NetKingdom exposes it through a
+**Validate emergency drill evidence** runbook card. The live drill is
+deliberately not automated because it seals OpenBao and requires threshold
+unseal shares. T02 should count the emergency drill gate closed only after an
+attended drill records non-secret evidence and that evidence validates.
+
 ### T03 - Close Trial Taint And Retire Bootstrap Admin Paths

 ```task