Set compliance policy

You can define compliance policies for application compliance within your organization. If any designated applications violate this policy, Contrast marks them so you can quickly find them and fix them. (Administrators are also notified of violations by email.)

To set compliance policy:

  1. Under policy management, select Compliance policy.

  2. You will see a list of existing compliance policies if there are any. You can enable or disable policies using the toggles, or delete them with the Delete icon.

  3. Select the name of any policy to edit, or select Add policy at the top of the grid to create a new compliance policy.

  4. In the panel that opens enter:

    • Name: Choose a name for the policy.

    • Policy criteria: The default is All rules, or you can type ahead and select vulnerabilities by severity level(s), security standards or Assess rules.

    • Applications: The default is All applications or you can type ahead and select applications by level(s) of importance and/or individual name.

  5. Select Add or Save.

Note

For default policies, the Name and Policy criteria fields are locked, and you cannot delete them. However, you can modify application selections for default policies.

Tip

Enabled policies can be used to filter applications by compliance policy. To do this select Applications. In the Applications page, click the Advanced link to filter application by Compliance Policy.

Note

If an applicable vulnerability isn't remediated, or applicable Security Standards and Assess Rules are being violated, Contrast flags the corresponding applications in the Applications page. Hover over the warning icon in the Applications grid or go to the application's details page for a link to the violated policy.