Import Compliance Policy from Library

The service maintains a Compliance Policy Library with several sample compliance policies that you can import directly to your account and use for compliance reporting. These policies are based on popular compliance frameworks, including SOX, HIPAA, CoBIT and more. Import policies and then assign relevant assets to them.

A gold lock (ico_gold_lock.jpg) next to a policy in the library indicates that the policy is locked. Locked policies may be imported for certification purposes. For example, the service provides locked policies for testing compliance against specific CIS benchmarks. These policies have been reviewed and certified by CIS (the Center for Internet Security). You can import a CIS-certified policy from the library into your account, assign relevant assets to the policy and then use the policy to certify that you are meeting all requirements outlined in the CIS benchmark.

Note that you can also import a compliance policy from an XML file.

 

To import a policy from the Library:

1.    Select Policies from the left menu, under Tools.

2.    Go to New > Import Compliance Policy > Import from Library.

The Compliance Policy Library appears.

3.    Identify the sample policy you're interested in and click the Import button.

4.    Click one of these buttons to assign asset groups:

      Add Now. Click to assign asset groups to the compliance policy now. When the Assign Assets window appears move one or more asset groups from the Available list to the Assigned list. Then click OK to close the window. When the confirmation message appears, click OK again.

      Add Later. Click to save the compliance policy without assigning asset groups. Before launching a compliance scan you must edit the policy and assign asset groups to it.

After importing a policy, you can edit the policy to change the assigned asset groups. If the policy is not locked, then you can also change other policy settings like the policy title, technologies and controls. If the policy is locked, then no other changes to the policy are allowed. You can, however, save a copy of any locked policy with a new name and the copy will not be locked, so you can make changes to it. See Managing Compliance Policies to learn more.