I don’t know, but if you can add/remove security groups to a record via a Workflow, you could make it like this:
when status changes to “new” add security group X
when status changes to different from “new” remove security group X
configure roles so that edits are only allowed on X records
I didn’t try any of this, I’m just thinking as I write.
If this turns out to be impossible, you’ll have to write some code. I would look for the Security Suite code that does the “edit” check, and try to add that condition there.