Manage Posture Policies

With Posture policies, you can:

• Clone an existing policy and edit its metadata
• Create, edit, and delete a custom policy
• Create, edit, and delete requirements in a custom policy
• Link and unlink available controls to policy requirements

If necessary, review the basics of Posture Policies to begin.

In most cases, users want to:

• Start from an existing policy
• Create or edit some requirements
• Link or unlink some controls
• Optionally create and link custom controls
• Save under a new name
• Connect the policy to a zone

The process of policy creation is separate from activation, so you can take time to design your policy as needed.

It’s also possible to create a policy entirely from scratch.

Navigate a Policy Page

Select a policy from the Policies list to review requirements and controls, enable/disable controls, and filter/search.

• Requirement Groups and Requirements: Open the rows in the left pane to view requirement groups and the nested requirements to which the controls are linked.

  Hover to get the full description text.

• Enable/Disable: Toggle to enable/disable an individual control within a policy. The control will be enabled/disabled for ONLY the targeted policy.

Create a Custom Policy

Create a Policy from a Duplicate

1. Select Policies > Posture|Policies and either:

   • Click the New Policy button at the top of the page and select an existing policy name from the resulting drop-down, OR
   • Select Duplicate from the three-dot menu next to a listed policy.

2. Edit the Name and Description and click Save.

   The duplicate policy draft and the inherited requirements and controls are listed.

   

3. As described in the following sections, you can add, delete, or edit requirement groups and requirements, link or unlink existing controls, publish, and choose a zone.

Create Requirement Groups and Requirements

In a custom policy, requirement groups and requirements can be removed or edited and new ones can be created and added. Requirements and groups are not shared between policies; to reuse a requirement from another policy, you must create a new group and requirement and then link the controls desired.

1. On the policy page, click +New Group.

2. Enter the requirement group name and description and click Save. The group name appears in the left panel.

3. Optional: Add a subgroup. Select a requirement group, click the 3-dot menu, and select +New Subgroup. Enter the Subgroup name and description and click Save.

   

4. Add a requirement: Select a group or subgroup, click the 3-dot menu, and select +New Requirement.

   Enter the Requirement name and description and click Save.

You can now link controls to your requirements.

Link and Unlink Controls

Once you have a requirement group and requirement, the Link Controls button is active.

1. Select a requirement within a requirement group in your policy.

2. Click Link Controls in the right panel. All available controls are displayed, with the top 20 listed first.

3. Filter for the desired controls by Name, Severity, and/or Type.

   

4. Select the desired control and click Link. Repeat as needed.

5. To unlink: From the list of linked controls, hover over a control to reveal the Unlink option and click it.

   

   If the policy has already been published, confirm that you want this control to no longer be evaluated by clicking Yes, Unlink. This action triggers a policy re-evaluation.

Publish the Policy

When your custom policy is complete, click the Publish button at the top of the policy draft page and confirm. The Date Published is displayed from the moment of activation.

After publication, any policy edit triggers a re-evaluation and fresh results are listed in the Compliance Views after a few minutes.

Link the Policy to a Zone

After publication, a new policy is listed with a “Missing Zone.”

To apply the policy to a zone:

1. Select Policies > Posture|Zones.

2. If the zone already exists, select the zone and link the policy.

   Otherwise, create the zone and its scope first, then link the policy. See also: Zones.

   

Option: Create a Policy from Scratch

When creating a policy from scratch, you must create all the requirement groups and requirements you want to use and manually link controls to them.

Filter Linked Controls

Linked controls are filtered the same way on the Policy page as on the Controls page.

See also: Filter the list.

Edit

For custom policies, you can edit:

• Policy name and description
• Requirement group and requirement names, descriptions
• Add/remove requirement groups and/or requirements
• Link/unlink controls
• Activated/deactivated status

All such changes trigger a policy re-evaluation if the policy is active.

Delete

Delete Requirements

Deleting a requirement group or requirement from a policy also deletes all associations with linked controls.

1. Select a requirement group, subgroup, or requirement in a custom policy.
2. From the three-dot menu, choose the Delete option and confirm Yes, Delete after the warning.

A policy re-evaluation is triggered if the policy is active. Refresh Compliance Views to see the results.

Delete Custom Policies

Deleting an active policy deletes its history of policy evaluations as well.

1. Select a custom policy.
2. Click Delete Policy from the top-right button, then confirm and click Yes, Delete after the warning.

A re-evaluation is triggered if the policy is active. Refresh Compliance Views to see the results.