Skip to main content

Policy Authoring Guide | Break up a Policy into Groups / Chapters

A group is a collection of related checks and queries in a policy. Groups are a way of breaking up a policy into more manageable sections.

A common way to use groups is to match the chapters in a written benchmark, policy, or other compliance document. For each chapter in the document, you can create a group in the policy.

Here's another simple example of a policy bundle containing one policy:

policies:
- uid: example-with-chapters
name: Simple example with chapters
version: "1.0.0"
scoring_system: highest impact
authors:
- name: Lunalectric
email: security@lunalectric.com
groups:
- title: SSH
checks:
- uid: sshd-01
title: Ensure the port is set to 22
mql: sshd.config.params["Port"] == 22
impact: 30

- uid: sshd-02
title: Prevent weaker CBC ciphers from being used
mql: sshd.config.ciphers.none( /cbc/ )
impact: 60
queries:
- uid: sshd-d-1
title: Gather SSH config params
mql: sshd.config.params

- title: Packages
checks:
- uid: pkg-01
title: Ensure AIDE is installed
mql: package("aide").installed
impact: 70

- uid: pkg-02
title: Ensure prelink is disabled
mql: package("prelink").installed == false
impact: 70

The policy contains two groups:

  • The SSH group begins on line 10. It has two checks and one query, all concerning SSH parameters.

  • The Packages group begins on line 26. It has two checks, both of which concern installed packages.

A policy can have as many groups as you need.

tip

To check for errors in the policy bundles you write, run cnspec bundle lint BUNDLE-NAME.mql.yaml. For BUNDLE-NAME, substitute the name of your file.

Next steps