Status: IN
Security enforcement shapes the entire progressive update path: install-time locks (FIPS, CPU partitioning) persist immutably through all updates, TLS profiles must be maintained during rolling upgrades across heterogeneous node fleets, and API stability tiers gate which deprecations can occur at each version boundary.
Connects security enforcement (depth-4) with update strategy (depth-4) — updates cannot weaken security invariants
Depends on (SL): unified-security-from-install-through-api-governance, progressive-update-across-heterogeneous-fleet