Managing requirements and requirement groups

When you work with the IBM Cloud® Security and Compliance Center Workload Protection service, requirements and requirement groups can be created, edited, and removed in a custom policy.

Requirements and requirement groups are not shared between policies.

To reuse a requirement from another policy, you must create a new requirement group and requirement, and then link the wanted controls.

Open your policy by accessing the Posture Policies view and clicking the policy that you want to update.
Click New Group.
Enter the requirement group name and description.
Click Save. The new group is displayed.
You can optionally create subgroups.
1. Click the Actions icon next to the requirements group where you want to create a subgroup.
2. Click New Subgroup.
3. Enter the subgroup name and description.
4. Click Save.
Add a requirement.
1. Click the Actions icon next to the requirements group or requirements subgroup where you want to add a requirement.
2. Click New Requirement.
3. Enter the requirement name and description.
4. Click Save.

Linking and unlinking controls

After you define your requirement groups and requirements, link controls to the policy.

Open your policy by accessing the Posture Policies view and clicking the policy to update.
Click the requirement within a requirements group in your policy.
Click Link Controls. All available controls are displayed with the top-20 listed first.

You can filter the list by:

Severity

The severity that is assigned to the control: high (H), medium (M), or low (L).

Type

The infrastructure type. For example, cluster, host, identity, or resource.

Target

The specfic platforms or distributions that a control evaluates resources against.

You can also search on any word, or part of a word, in the control name.

Multiple filters can be specified to create more specific filter expressions.
Click Link for the control to link to the policy.
Repeat these steps to link more controls as needed.

If you need to unlink a control, hover over the linked control and click Unlink.

Deleting requirements

You can delete a requirement group or individual requirement. When you delete a group or requirement, all linked controls are deleted from the policy as well.

You can delete requirements and requirement groups only from custom policies.

To delete requirements:

Open your policy by accessing the Posture Policies view and clicking the policy that you want to update.
Select a requirement group, subgroup, or individual requirement.
Click the Actions icon next to the selection to delete.
Click Delete.
Confirm you want to delete the item.