name = "test-workstation-policy"
description = "Test workstation compliance for ${org_name}"
version = "1.0.0"
framework = "test-framework"
framework_controls = ["TC-001", "TC-002"]

[[conditions]]
id = "disk-encryption"
kind = "DiskEncryption"
description = "Full disk encryption required"
framework_ref = "TC-001"
severity = "critical"

[conditions.linux]
script = "scripts/linux/check-encryption.sh"
expect = "encrypted"

[conditions.windows]
intune_field = "isEncrypted"
expect = true

[[conditions]]
id = "antivirus-active"
kind = "AntivirusActive"
description = "Antivirus must be running"
severity = "high"

[conditions.windows]
intune_field = "antiVirusStatus"
expect = "active"

[breach_response]
critical = "suspend_access"
high = "alert_msp"

[schedule]
interval_seconds = 300