Manage Posture Policies
With Posture policies, you can:
- Clone an existing policy and edit its metadata
- Create, edit, and delete a custom policy
- Create, edit, and delete requirements in a custom policy
- Link and unlink available controls to policy requirements
If necessary, review the basics of Posture Policies to begin.
In most cases, users will want to:
- Start from an existing policy
- Create or edit some requirements
- Link or unlink some controls, and
- Save under a new name.
The process of policy creation is separate from activation, so you can take time to design your policy as needed.
It’s also possible to create a policy entirely from scratch.
Create a Custom Policy
Create a Policy from a Duplicate
Select
Policies > Posture|Policies
and either:- Click the
New Policy
button at the top of the page andselect an existing policy name
from the resulting drop-down menu, OR - From the three-dot menu next to a listed policy, select
Duplicate
.
- Click the
Edit the
Name
andDescription
and clickSave
.The duplicated policy draft is displayed, with the inherited requirements and controls listed.
From here you can add, delete, or edit requirement groups and requirements, link or unlink existing controls, choose a zone, and publish, as described in the following sections.
Create Requirement Groups and Requirements
In a custom policy, requirement groups and requirements can be removed or edited and new ones can be created and added. Requirements and groups are not shared between policies; to reuse a requirement from another policy, you must create a new group and requirement and then link the controls desired.
On the policy page, click
+New Group
.Enter the requirement group name and description and click
Save
. The group name is displayed in the left panel.Optional: Add a subgroup.
Select a requirement group, click the 3-dot menu, and select
+New Subgroup
.Enter the Subgroup name and description and click
Save
.Add a requirement:
Select a group or subgroup, click the 3-dot menu, and select
+New Requirement
.Enter the Requirement name and description and click
Save
.
You can now link controls to your requirements.
Link and Unlink Controls
Once you have a requirement group and requirement, the Link Controls
button is active.
Select a requirement within a requirement group in your policy.
Click
Link Controls
in the right panel. All available controls are displayed, with the top 20 listed first.Filter for the desired controls by
Name
,Severity
, and/orType
.Select the desired control and click
Link
. Repeat as needed.Optional: Unlink a control.
From the list of linked controls, hover over a control to reveal the
Unlink
option.Click
Unlink
.If the policy has already been published, confirm that you want this control to no longer be evaluated by clicking
Yes, Unlink
. This action will trigger a policy re-evaluation.
Publish the Policy
When your custom policy is complete, click the blue Publish
button at the top of the policy draft page and confirm. The Date Published
will be displayed from the moment of activation.
After publication, any policy edit (e.g. name change, controls linked or unlinked, etc.) will trigger a re-evaluation and fresh results will be listed in the Compliance Views after a couple of minutes.
Link the Policy to a Zone
After publication, a new policy will appear listed with a “Missing Zone.”
To apply the policy to a zone:
Select
Policies > Posture|Zones
.If the zone already exists, select the zone and link the policy, as described.
Otherwise, create the zone and its scope first, then link the policy.
Option: Create a Policy from Scratch
When creating a policy from scratch, you must create all the requirement groups and requirements you want to use and manually link controls to them.
Edit
For custom policies, you can edit:
- Policy name and description
- Requirement group and requirement names, descriptions
- Add/remove requirement groups and/or requirements
- Link/unlink controls
- Activated/deactivated status
All such changes trigger a policy re-evaluation if the policy is active.
Delete
Delete Requirements
Deleting a requirement group or requirement from a policy will delete all associations with linked controls as well.
- Select a requirement group, subgroup, or requirement in a custom policy.
- From the three-dot menu, choose the
Delete
option and confirmYes, Delete
after warning.
A policy re-evaluation is triggered if the policy is active. Refresh Compliance Views to see the results.
Delete Custom Policies
Deleting an active policy will delete its history of policy evaluations as well.
- Select a custom policy.
- Click
Delete Policy
from the top-right button. - Confirm and click
Yes, Delete
after the warning.
A re-evaluation is triggered if the policy is active. Refresh Compliance Views to see the results.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.