Skip to content

feat(C9): add agent persisted state integrity control (9.4.5) #628

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
RicoKomenda wants to merge 1 commit into
base: main
Choose a base branch
from
+2 −0
Open

feat(C9): add agent persisted state integrity control (9.4.5) #628

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions 1.0/en/0x10-C09-Orchestration-and-Agentic-Action.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ Make every action attributable and every mutation detectable.
| **9.4.2** | **Verify that** agent-initiated actions are cryptographically bound to the execution chain (chain ID) and are signed and timestamped for non-repudiation and traceability. | 2 |
| **9.4.3** | **Verify that** audit logs are tamper-evident (via append-only/WORM/immutable log store, cryptographic hash chaining where each record includes the hash of the prior record, or equivalent integrity guarantees that can be independently verified), and include sufficient context to reconstruct who/what acted, initiating user identifier, delegation scope, authorization decision (policy/version), tool parameters, approvals (where applicable), and outcomes. | 2 |
| **9.4.4** | **Verify that** agent identity credentials (keys/certs/tokens) rotate on a defined schedule and on compromise indicators, with rapid revocation and quarantine on suspected compromise or spoofing attempts. | 3 |
| **9.4.5** | **Verify that** agent state persisted between invocations (including memory, task context, goals, and partial results) is integrity-protected (e.g., via cryptographic MACs or signatures), and that the runtime rejects or quarantines state that fails integrity verification before resuming execution. | 2 |

---

Expand Down
1 change: 1 addition & 0 deletions 1.0/en/0x93-Appendix-D_AI_Security_Controls_Inventory.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,7 @@ Verify authenticity and detect tampering of models, artifacts, messages, logs, a
| MCP component signature and checksum verification | 10.1.1 |
| MCP schema integrity signing and tool definition hash tracking | 10.4.2, 10.4.5 |
| DAG cryptographic signatures and tamper-evident storage | 13.7.3 |
| Agent persisted state integrity protection (MAC/signature, rejection on failure) | 9.4.5 |

**Common pitfalls:** using mutable `:latest` tags instead of immutable digests; not re-verifying tool definition hashes between MCP invocations; missing replay protection on agent messages.

Expand Down
Loading