Manage Your Policies

How do I create a new policy?

Tell me about deleting policies

When are policies evaluated?

What happend when a new version of policy is available in the Policy library?

Can I export my policies?

Identify active and inactive policies

Tell me about locked policies

How do I deactivate a policy?

Want to lock your own policy?

What happens once I deactivate a policy?

How do I see the policies that are locked at import?

How do I activate a policy?

Can I search for policies that were locked during import?

What happens when a policy is re-activated?


How do I create a new policy?

Go to PC > Policies > New > Policy. Then choose one of these options: 1) start with an empty policy and build it from scratch, 2) create a policy based on scan data from an existing host, 3) import a policy from our Library or 4) import a policy from an XML file. We'll walk you through the steps.

By default your new policy will be active, which means it is available for scanning and reporting from the time it is created. To create an inactive policy, simply clear the "Activate this policy" check box and the new policy will be saved as inactive. It’s easy to activate it at a later time.

Want help configuring your policy? See Using the Policy Editor

When are policies evaluated?

Policies are always evaluated when new scan results are processed for hosts in your policy. You can also start policy evaluation when saving changes to a policy by clicking Evaluate Now before clicking Save. You can also evaluate policies anytime by clicking Evaluate from the policies list. You can see the date and time of the last policy evaluation in the preview pane of the policies list.

It is recommended to click Evaluate Now while saving a policy after making any changes that impact the posture, such as:

- Adding or removing controls
- Adding or removing a technology at the policy or the control level
- Adding or removing an asset group
- Updating an expected value

Failing to click Evaluate Now might result in inconsistent posture data. This is because the posture data for assets associated with removed controls, technologies, or asset groups may not be deleted immediately. The data is deleted when the policy evaluation takes place during the next scan or policy processing triggered by a change in the asset group or UDC.

Can I export my policies?

Yes, by exporting a compliance policy to XML or CSV, you can easily share the policy with other users. Users can import policies that are in XML format into their subscription. Learn more

Tell me about locked policies in the library

Our library includes locked policies for testing compliance against specific CIS benchmarks. These policies have been reviewed and certified by CIS (the Center for Internet Security). When a policy is locked, you can add hosts to the policy but you can't make any other edits. (Tip - During the import you'll have the option to import the locked policy as unlocked. This lets you remove the editing restrictions.)

Want to lock your own policy?

This prevents others from editing it. Policies locked by a user can be easily identified by this icon Locked Policy Icon  Learn MoreLearn More

- Locked policies cannot be edited, however they are still available for reporting. Policies must be unlocked to enable editing.  

- Only Managers and Unit Managers have permission to lock a policy.  

- Managers can unlock any policy, but Unit Managers can unlock only the polices locked by them.  

- Policies that are locked while importing and SCAP policies cannot be locked or unlocked.

Tell me the steps. Go to your policies list and choose the action you want to take from the Quick Actions menu - Lock or Unlock. Use the Actions menu to take action on multiple policies in one go. Tip - You can also do this from within the Policy Editor.

How do I see the policies that are locked at import?

Policies that are locked at import can be identified using the icon .

To view only the policies that are locked at import, on the Policies page, click Filters > Locked at Import.

Only the policies that were locked during import are displayed.

Can I search for policies that were locked during import?

To view only the policies that are locked at import, on the Policies page, click Search > select the Locked at Import checkbox > Search.

All the policies that are locked at import are displayed.

Tell me about deleting policies

When you delete a policy, the policy will no longer be available for scanning and reporting. For compliance policies, any exceptions created for the policies will also be deleted. For SCAP policies, results for scans run with the policies will be deleted. Once a policy is deleted it is not recoverable. You may consider deactivating a policy instead of deleting it. 

To proceed with deleting a policy, go to PC > Policies and select the policy you want to delete. Then choose Delete from the Actions menu above the list. When the confirmation window appears, choose Delete again to proceed.

When are stale PC technologies/instances deleted?

Stales PC technologies/instances are deleted in any of the following three cases:

What happens when a new version of a policy is available in the Policy Library?

The older version will be removed from the Policy Library and the newer version will be available for import to your subscription. Note that any policies already imported to your subscription will remain in your subscription unless removed by a user. To view and select policies from our Library, go to PC > Policies > New > Policy > Import from Library.

Identify active and inactive policies

You can easily identify the policy status by the following icons: Active Policy Icon means Active Policy and Inactive Policy Icon means Inactive Policy.

Icons indicating active and deactivated policies.

How do I deactivate a policy?

Go to PC > Policies and identify the policy you want to deactivate. Then select Deactivate from the Quick Actions menu.

Deactivate policies option under Quick Actions dropdown menu.

You can also activate a policy by first selecting the policy to be activated and then, under the Actions dropdown, select Deactivate.

Deactivate option selected under the Actions Dropdown menu.

Note: Users with SCA accounts can activate or deactivate Policies.

What happens once I deactivate a policy?

Posture evaluation will not take place for the policy. The policy will be hidden from your dashboard, reports and exceptions. The policy will be removed from compliance scorecard reports and from option profiles (with the Scan by Policy option enabled). Any policy report schedules for the policy will also be deactivated.

How do I activate a policy?

Go to PC > Policies and identify the policy you want to activate. Then select Activate from the Quick Actions menu.

Activate policies option under Quick Actions dropdown menu.

You can also activate a policy, by first selecting the policy to be activated and then under Actions dropdown, select Activate.

Activate option selected under the Actions Dropdown menu.

Note: Users with SCA accounts can activate or deactivate Policies.

What happens when a policy is re-activated?

Posture evaluation will resume and the policy will be available again for scanning and reporting. You’ll need to manually re-activate the report schedules however the policy will be pre-selected for you. You need to also add the policy back to your scorecard reports and option profiles, manually.