Policies
You can apply the pre-defined policies - as well as your own custom policies - to show only data for the issues that are relevant for you.
Predefined policies
Currently there are six pre-defined policies and eight pre-defined functions. All pre-defined policies are available through the user interface as well as through the API.
- CANADA Freedom of Information and Protection of Privacy Act (FIPPA)
- CWE/SANS Top 25 Most Dangerous Errors
- EU General Data Protection Regulation (GDPR)
- International Standard - ISO 27001
- International Standard - ISO 27002
- NIST Special Publication 800-53
- OWASP Top 10 2017
- OWASP Top 10 Mobile 2016
- Payment Application Data Security Standard
- PCI Compliance
- US DISA's Application Security and Development STIG. V4R10
- US Electronics Funds and Transfer Act (EFTA)
- US Federal Information Security Mgmt. Act (FISMA)
- US Health Insurance Portability and Accountability Act (HIPAA)
- US Sarbanes-Oxley Act (SOX)
- WASC Threat Classification 2.0
Baseline policy
Baseline policy calculates compliance based on issues found in the application for the first time after a set date. Unlike the predefined policies, a baseline policy is specific to a single application.
Baseline policy does npt count as one of the five policies that can be associated with an application. You can have five associated policies and also a baseline policy.
- On the Applications page, click an application name to open the application's page.
- At the upper right corner of the page, click
> Manage policies.
- Click Add baseline policy (or, if one already exists, Update baseline policy).
- Adjust date and time as needed, then click Set baseline.
Custom policies
You can create your own custom policies. For details, see Creating custom policies.