Skip to main content

Policy Authoring Guide

Policies are the specifications that cnspec uses when it scans an asset. cnspec compares your asset's configuration against the standards set in policies, and calculates a score based on the comparison. Scores tell you how secure your different assets are and allow you to see your progress as you improve your security posture.

Mondoo provides dozens of free policy bundles (collections of policies) that cover the most common types of assets—and Mondoo Platform has over 200! If your organization has unique needs that these policy bundles don't meet, you can create custom policy bundles.

Read these topics to learn how to build your own policies:

  1. Write Custom Policies

  2. Score Policies

  3. Reuse Queries and Checks

  4. Break up a Policy into Groups / Chapters

  5. Limit Target Assets with Filters

  6. Define Properties

  7. Make Policies Flexible with Variants

The queries and checks that policies use to retrieve information from your infrastructure are written in Mondoo's GraphQL-based query language, MQL.