Manage Policies
Mondoo comes stocked with a constantly growing collection of policies, which are codified benchmarks used to assess your infrastructure. Policies control what misconfigurations and security issues Mondoo checks for when it evaluates your digital business assets. Mondoo's built-in policies are production ready, simple to deploy and customize in any environment, and actionable.
Mondoo continuously assesses your systems according to the policies you enable. In Mondoo, you enable and disable policies separately for each space in your organization. When you create a new space, it contains a default set of policies.
Managing policies involves:
-
Enabling a policy to use it as a basis for scanning assets in the space
-
Disabling a policy to stop using it in the space
-
Previewing a policy to use it as a basis for scanning but exclude it from scoring
Any policies you enable, disable, preview in a space affect only that space.
To learn more about Mondoo policies, read Policy as Code.
Manage policies for a space
-
In the Mondoo Console, navigate to the space.
-
In the side navigation bar, under Security, select Policies.
The Policies page shows all the policies enabled for the space.
You can also see enabled policies from the cnspec command line. To learn more, read cnspec policy list.
Disable policies
Disable a policy to stop using that policy as a basis for assessing the security of assets in the space.
Only team members with Editor or Owner access can perform this task.
Disabling a policy deletes any existing reports from that policy in the space.
-
Access the Policies page for the space as instructed above.
-
Locate the policy you want to disable by scrolling through the list of available policies or using the Filter search box.
-
Check the box next to the policy (or policies) you want to delete and then select the DELETE POLICY button.
Changes take effect immediately. The next time Mondoo scans applicable assets in the space, it does not include this policy.
You can also disable a policy from the cnspec command line. To learn more, read cnspec policy disable.
Change policies from enabled to preview
Preview a policy to use the policy as a basis for evaluating assets in the space but not score the policy. When Mondoo calculates an asset's overall score, it doesn't factor in how the asset performs in the scan based on this policy. When Mondoo calculates a space's or an organization's overall score, it doesn't factor in how any assets perform in a scan based on this policy.
Only team members with Editor or Owner access can perform this task.
-
Access the security policies list for the space as instructed above.
-
Locate the policy you want to preview by scrolling through the list of available policies or using the Filter search box.
-
Check the box next to the policy (or policies) you want to delete and then select the PREVIEW POLICY button.
Changes take effect immediately. The next time Mondoo scans applicable assets in the space, it includes this policy's results but not its scores.
Enable or preview new policies in a space
Enable a policy to use that policy as a basis for evaluating assets in the space.
Only team members with Editor or Owner access can perform this task.
-
Access the Policies page for the space as instructed above.
-
In the top-right corner of the Policies page, select the plus symbol (+).
-
Locate the policy you want to enable by scrolling through the list of available policies or using the Filter search box.
-
Enable or preview the policy:
-
To enable a policy, select the ADD TO SPACE button to the right of the policy.
-
To use the policy as a basis for evaluating assets in the space but not score the policy, select the three horizontal dots to the right of the policy and then select PREVIEW.
-
Changes take effect immediately. The next time Mondoo scans applicable assets in the space, it includes this policy.
You can also enable a policy from the cnspec command line. To learn more, read cnspec policy enable.