Audit-Ready Evidence (Policies as Code)

---
doc-classify:
  role: evidence
  framework: CMMC
  control: AC.L1-3.1.1
  status: pending
---

# Test Case TC-001: Access Control Verification

## Objective

Verify that system access is limited to authorized users.

## Prerequisites

- Access to the production system
- Admin credentials (stored in vault)

## Test Steps

```bash tc001-check-access --descr "Verify access controls are in place"
#!/usr/bin/env -S bash
set -e

# Check that only authorized users have access
authorized_users=$(cat /etc/security/authorized_users)
current_users=$(who | awk '{print $1}' | sort -u)

for user in $current_users; do
  if ! echo "$authorized_users" | grep -q "^$user$"; then
    echo "FAIL: Unauthorized user detected: $user"
    exit 1
  fi
done

echo "PASS: All current users are authorized"

#!/usr/bin/env -S bash
cat << EOF
{
  "testCase": "TC-001",
  "executedAt": "$(date -Iseconds)",
  "result": "PASS",
  "authorizedUserCount": $(wc -l < /etc/security/authorized_users),
  "currentUserCount": $(who | wc -l)
}
EOF

<Callout>
**Frontmatter Classification**

The `doc-classify` frontmatter enables filtering and reporting across multiple test cases, making it easy to generate compliance reports.
</Callout>
</Step>

<Step>
## Execute the Test Case

Run the test and capture evidence automatically:

```bash
# Run the test case
spry rb run test-case-TC001.md

# View the captured evidence
cat ./evidence/tc001-results.json

{
  "testCase": "TC-001",
  "executedAt": "2025-01-15T10:30:00-05:00",
  "result": "PASS",
  "authorizedUserCount": 12,
  "currentUserCount": 3
}

---
doc-classify:
  role: evidence
  framework: CMMC
  control: AC.L1-3.1.1
  status: passed
  last-executed: 2025-01-15T10:30:00Z
---