Manage Posture Policies

With Posture policies, you can:

  • Clone an existing policy and edit its metadata
  • Create, edit, and delete a custom policy
  • Create, edit, and delete requirements in a custom policy
  • Link and unlink available controls to policy requirements

If necessary, review the basics of Posture Policies to begin.

In most cases, users will want to:

  • Start from an existing policy
  • Create or edit some requirements
  • Link or unlink some controls, and
  • Save under a new name.

The process of policy creation is separate from activation, so you can take time to design your policy as needed.

It’s also possible to create a policy entirely from scratch.

Select a policy from the Policies list to review requirements and controls, enable/disable controls, and filter/search.

  • Requirement Groups and Requirements: Open the rows in the left pane to view requirement groups and the nested requirements to which the controls are linked.

    Hover to get the full description text.

  • Enable/Disable: Toggle to enable/disable an individual control within a policy. The control will be enabled/disabled for ONLY the targeted policy.

Create a Custom Policy

Create a Policy from a Duplicate

  1. Select Policies > Posture|Policies and either:

    • Click the New Policy button at the top of the page and select an existing policy name from the resulting drop-down menu, OR
    • From the three-dot menu next to a listed policy, select Duplicate.
  2. Edit the Name and Description and click Save.

    The duplicated policy draft is displayed, with the inherited requirements and controls listed.

  3. From here you can add, delete, or edit requirement groups and requirements, link or unlink existing controls, choose a zone, and publish, as described in the following sections.

Create Requirement Groups and Requirements

In a custom policy, requirement groups and requirements can be removed or edited and new ones can be created and added. Requirements and groups are not shared between policies; to reuse a requirement from another policy, you must create a new group and requirement and then link the controls desired.

  1. On the policy page, click +New Group.

  2. Enter the requirement group name and description and click Save. The group name is displayed in the left panel.

  3. Optional: Add a subgroup.

    Select a requirement group, click the 3-dot menu, and select +New Subgroup.

    Enter the Subgroup name and description and click Save.

  4. Add a requirement:

    Select a group or subgroup, click the 3-dot menu, and select +New Requirement.

    Enter the Requirement name and description and click Save.

You can now link controls to your requirements.

Once you have a requirement group and requirement, the Link Controls button is active.

  1. Select a requirement within a requirement group in your policy.

  2. Click Link Controls in the right panel. All available controls are displayed, with the top 20 listed first.

  3. Filter for the desired controls by Name, Severity, and/or Type.

  4. Select the desired control and click Link. Repeat as needed.

  5. Optional: Unlink a control.

    From the list of linked controls, hover over a control to reveal the Unlink option.

    Click Unlink.

    If the policy has already been published, confirm that you want this control to no longer be evaluated by clicking Yes, Unlink. This action will trigger a policy re-evaluation.

Publish the Policy

When your custom policy is complete, click the blue Publish button at the top of the policy draft page and confirm. The Date Published will be displayed from the moment of activation.

After publication, any policy edit (e.g. name change, controls linked or unlinked, etc.) will trigger a re-evaluation and fresh results will be listed in the Compliance Views after a couple of minutes.

After publication, a new policy will appear listed with a “Missing Zone.”

To apply the policy to a zone:

  1. Select Policies > Posture|Zones.

  2. If the zone already exists, select the zone and link the policy, as described.

    Otherwise, create the zone and its scope first, then link the policy.

Option: Create a Policy from Scratch

When creating a policy from scratch, you must create all the requirement groups and requirements you want to use and manually link controls to them.

Filter Linked Controls

Linked controls are filtered the same way on the Policy page as on the Controls page.

Edit

For custom policies, you can edit:

  • Policy name and description
  • Requirement group and requirement names, descriptions
  • Add/remove requirement groups and/or requirements
  • Link/unlink controls
  • Activated/deactivated status

All such changes trigger a policy re-evaluation if the policy is active.

Delete

Delete Requirements

Deleting a requirement group or requirement from a policy will delete all associations with linked controls as well.

  1. Select a requirement group, subgroup, or requirement in a custom policy.
  2. From the three-dot menu, choose the Delete option and confirm Yes, Delete after warning.

A policy re-evaluation is triggered if the policy is active. Refresh Compliance Views to see the results.

Delete Custom Policies

Deleting an active policy will delete its history of policy evaluations as well.

  1. Select a custom policy.
  2. Click Delete Policy from the top-right button.
  3. Confirm and click Yes, Delete after the warning.

A re-evaluation is triggered if the policy is active. Refresh Compliance Views to see the results.