Add a New Policy Rule for Security Controls

To add a new policy rule for security controls:
  1. Add a new rule.
    1. Select PolicySecurity Controls RulesAdd a Security Controls Rule.
  2. Define the basic settings.
    1. Enter a Name for the rule.
    2. (Optional) Enter a Description that includes the purpose of the rule.
    3. Specify a Incident Score for the rule. Incident scores range from 1 to 5, with 5 representing the highest risk.
    4. Specify the rule status as Enabled or Disabled.
    5. Select a Setting Type and Setting Options from one of the following:
    Setting Options with Exclude are (Optional).
    Setting Type
    Setting Options
    Administrative Access of End Users Inbox
    Enter the Admin Emails to Exclude, and End User Emails to Exclude.
    Email Forwarding Rule
    List the Risky Domain, Email Addresses of Users to Exclude, and Rule Names to Exclude.
    Email Public Folder
    Enter the Folder Names and Email Addresses of the Folder Owners to Exclude.
    Email Retention
    Enter the Email Addresses of the Users to Exclude.
    Inbound Accessible Services
    Enter the Source IP Address, Service to Exclude, Security Groups to Exclude, VPCs to Exclude and ELBs to Exclude.
    Key Rotation
    Select a time frame in Keys not rotated within, list the Keys to Exclude from Key Rotation Check, and Roles to Exclude from Key Rotation Check.
    Multi-Factor Authentication (MFA)
    List the Exclude MFA Check User, and Exclude MFA Check for User with Role.
    Non-Standard Amazon Web Services EC2 Appliance (AMI)
    List the Exclude AMIs.
    Outbound Accessible Services
    List the Destination IP Address, Service to Exclude, Security Groups to Exclude, Virtual Private Cloud (VPC) to Exclude and Elastic Load Balancing (ELB) to Exclude.
    Password Policy
    Flag if password does not follow password policy rules.
    Unencrypted Storage
    List the Exclude Volumes, Exclude Volumes attached to EC2, and Exclude Volumes in VPC.
    Actions
    Allows you to specify whether the Aperture service should trigger one of the following actions to automatically remediate incidents or log the event as a risk.
    • Send Admin Alert
    • Log Only
  3. Verify that the policy rule is enabled.
    In Basics, verify that the Status is Enabled. A rule can be in the enabled or disabled state. After you add a new rule, you must enable the rule.
  4. Save your new policy rule.
    Save your changes.
    The Aperture service starts scanning files against the policy rule as soon as you save the changes. After the scan starts, you can start to View Policy Violations for Security Controls.

Related Documentation