Posture Policies

Overview

Posture Policies allow you to:

  • Search for the policies that match your organizations’ needs
  • Configure what is being evaluated by the Compliance feature in the context of compliance standards (CIS, NIST, etc.)
  • Create your own custom policies, configure controls that are linked to each requirement
  • Review the policy structure and the controls connected to it
  • Enable/disable controls on all policies
  • Filter controls by enablement status, violation severity, name, and control type

Prerequisites

This feature requires the new Compliance component.

See also:

  1. Select Policies > Posture | Policies.

  2. Review the Policy list. The included policies are listed alphabetically.

    • Policy Name/Description: The full policy name and description, in accordance with naming used by, e.g., the Center for Internet Security (CIS). Click the arrow to link directly to the relevant standards website.

    • Zones: Zones where this policy has been applied. Apply a policy to a zone to show compliance results against the policy in the compliance page.

    • Version: This column lists the version of the standard published. Not to be confused with the version, e.g., of Kubernetes, listed in the policy name.

    • Date Published: Date the policy was published. Until officially published, a policy under development is in Draft state.

    • Author: Sysdig for default policies; creator name for custom policies

  3. Click a row to open the individual policy page.

Create a Custom Policy

  1. Select New Policy on the top right, or

    Select an existing policy to duplicate

  2. Add/edit the Name and Description and click Save.

  3. Edit the requirement groups and the requirements of your policy.

  4. To edit the controls to each leaf requirement: Select the Link Controls button, filter for the controls you want in the right-most Not Linked column, and select Link on them.

    Changes are automatically saved.

Select a policy from the Policies list to review requirements and controls, enable/disable controls, and filter/search.

  • Requirement Groups and Requirements: Open the rows in the left pane to view requirement groups and the nested requirements to which the controls are linked.

    Hover to get the full description text.

  • Enable/Disable: Toggle to enable/disable an individual control within a policy. The control will be enabled/disabled for ONLY the targeted policy.

  • Filter: See below.

Filter

  • Use the Select drop-down to narrow the view into a requirement group or requirement.

  • Use the Filter features to perform actions such as:

    • Find a requirement group, requirement, or control by Name

    • Find all Enabled controls within a policy

    • Find controls in a policy by Control Type (Host/Identity/Resource)

    • Filter by control Severity

Filter Details

Note that any filters can be combined. For example, you could filter to find:

How many high-severity disabled controls are linked to the policies I care about?

Enabled/Disabled

  • Click in the Filter box and select Enabled = [True | False]

  • Optional: Add more filters, such as Severity = High.

Name

  • Click in the Filter box and select Name =

  • Type a keyword and select from the drop-down options.

Severity

  • Click in the Filter box and select Severity in [High | Medium | Low].

Type

  • Click in the Filter box and select Type in [Host | Identity | Resource]

    Posture Control Types:

    • Host: Linux, Docker, Kubernetes Cluster
    • Resource: Kubernetes / Cloud Resource (i.e. bucket, compute, AWS resource…)
    • Identity: Kubernetes / Cloud Identity (e.g.,. IAM)