IBM Cloud Docs
Managing Posture Policies

Managing Posture Policies

You can use the IBM Cloud® Security and Compliance Center Workload Protection Posture Policies to manage policies in your environment.

For more information about how an instance of IBM Cloud Security and Compliance Center Workload Protection can be integrated with Security and Compliance Center to run scans that validate your level of compliance, check out Connecting Workload Protection.

A control describes a rule, the code that is run to evaluate it, and a remediation playbook to fix the violation that might be detected. There are different types of controls to address business, security, compliance, and operational requirements. For more information, see Posture controls.

A policy is a combination of rules about the activities that the enterprise wants to detect in an environment. These policies can be modified to meet specific needs. A policy includes one or more controls to define a compliance standard, a benchmark, or a business policy.

With Postures Policies you can:

  • Clone an existing policy and edit its metadata.
  • Create, edit, and delete custom policies.
  • Create, edit, and delete requirements in a custom policy.
  • Link and unlink controls to policy requirements.

One way of creating a new policy would be to:

  1. Select an existing policy to use as a template.
  2. Create or edit requirements that are associated with the policy.
  3. Linking or unlinking controls.
  4. Saving the policy with a new name.

You can also create policies without using an existing policy as a template.

Policies are not run in your environment until they are published. Keeping policies in a draft state give you the time to design and configure the policies that you need without affecting your running compliance scans.

Accessing Posture Policies

To access the Posture Policies:

  1. Open the Workload Protection UI.

  2. Hover over the Policies icon Policies icon and click Policies in the Posture section. The configured policies are displayed.

Creating a custom policy

You can create a custom policy by duplicating an existing policy or creating a new policy from the beginning. Choose one of the following options:

Deleting policies

Deleting an active policy deletes the policy and policy's evaluation history.

You can delete only custom policies.

  1. Open your policy by accessing the Posture Policies view and clicking the policy that you want to delete.

  2. Click the Actions icon Actions icon next to the selection to delete.

  3. Click Delete.

  4. Confirm you want to delete the policy.

Editing policies

You can edit custom policies. Default policies cannot be edited.

You can change:

  • The policy name and description

  • The requirement groups and requirement names and descriptions

  • The requirement groups and requirements. You can add or delete groups as required.

  • Whether controls are linked or unlinked

  • Whether a control is activated or deactivated

    Deactivated controls are associated with a requirement, but are not included when the evaluation is run.

To edit a policy:

  1. Open your policy by accessing the Posture Policies view and clicking the policy that you want to update.

  2. Make your changes.

  3. When complete, publish your changes.

Publishing policies

After configuring your policy, you need to publish the policy so that it is used in compliance evaluations.

These steps are only available for policies in draft state. The publish option is not available for policies that are already published.

  1. Open your policy by accessing the Posture Policies view and clicking the policy that you want to publish.

  2. Click Publish and confirm that you want your policy published.

The date published is the date that the policy is activated.

If you change a published policy, the policy is reevaluated in the environment, and new results are displayed in the Compliance view. It can take a few minutes for the reevaluation to run and results to be refreshed.