Manage Posture Policies
With Posture policies, you can:
- Clone an existing policy and edit its metadata
- Create, edit, and delete a custom policy
- Create, edit, and delete requirements in a custom policy
- Link and unlink available controls to policy requirements
If necessary, review the basics of Posture Policies to begin.
In most cases, users will want to:
- Start from an existing policy
- Create or edit some requirements
- Link or unlink some controls, and
- Save under a new name.
The process of policy creation is separate from activation, so you can take time to design your policy as needed.
It’s also possible to create a policy entirely from scratch.
Create a Custom Policy
Create a Policy from a Duplicate
Policies > Posture|Policiesand either:
- Click the
New Policybutton at the top of the page and
select an existing policy namefrom the resulting drop-down menu, OR
- From the three-dot menu next to a listed policy, select
- Click the
The duplicated policy draft is displayed, with the inherited requirements and controls listed.
From here you can add, delete, or edit requirement groups and requirements, link or unlink existing controls, choose a zone, and publish, as described in the following sections.
Create Requirement Groups and Requirements
In a custom policy, requirement groups and requirements can be removed or edited and new ones can be created and added. Requirements and groups are not shared between policies; to reuse a requirement from another policy, you must create a new group and requirement and then link the controls desired.
On the policy page, click
Enter the requirement group name and description and click
Save. The group name is displayed in the left panel.
Optional: Add a subgroup.
Select a requirement group, click the 3-dot menu, and select
Enter the Subgroup name and description and click
Add a requirement:
Select a group or subgroup, click the 3-dot menu, and select
Enter the Requirement name and description and click
You can now link controls to your requirements.
Link and Unlink Controls
Once you have a requirement group and requirement, the
Link Controls button is active.
Select a requirement within a requirement group in your policy.
Link Controlsin the right panel. All available controls are displayed, with the top 20 listed first.
Filter for the desired controls by
Select the desired control and click
Link. Repeat as needed.
Optional: Unlink a control.
From the list of linked controls, hover over a control to reveal the
If the policy has already been published, confirm that you want this control to no longer be evaluated by clicking
Yes, Unlink. This action will trigger a policy re-evaluation.
Publish the Policy
When your custom policy is complete, click the blue
Publish button at the top of the policy draft page and confirm. The
Date Published will be displayed from the moment of activation.
After publication, any policy edit (e.g. name change, controls linked or unlinked, etc.) will trigger a re-evaluation and fresh results will be listed in the Compliance Views after a couple of minutes.
Link the Policy to a Zone
After publication, a new policy will appear listed with a “Missing Zone.”
To apply the policy to a zone:
Policies > Posture|Zones.
If the zone already exists, select the zone and link the policy, as described.
Otherwise, create the zone and its scope first, then link the policy.
Option: Create a Policy from Scratch
When creating a policy from scratch, you must create all the requirement groups and requirements you want to use and manually link controls to them.
For custom policies, you can edit:
- Policy name and description
- Requirement group and requirement names, descriptions
- Add/remove requirement groups and/or requirements
- Link/unlink controls
- Activated/deactivated status
All such changes trigger a policy re-evaluation if the policy is active.
Deleting a requirement group or requirement from a policy will delete all associations with linked controls as well.
- Select a requirement group, subgroup, or requirement in a custom policy.
- From the three-dot menu, choose the
Deleteoption and confirm
Yes, Deleteafter warning.
A policy re-evaluation is triggered if the policy is active. Refresh Compliance Views to see the results.
Delete Custom Policies
Deleting an active policy will delete its history of policy evaluations as well.
- Select a custom policy.
Delete Policyfrom the top-right button.
- Confirm and click
Yes, Deleteafter the warning.
A re-evaluation is triggered if the policy is active. Refresh Compliance Views to see the results.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.