Create a Custom Policy

You can create a custom policy for any resource type if the built-in policies do not meet your requirements. Tenable Cloud Security allows you to test the policy on a project before you add the custom policy.

To add or create a custom policy in Tenable Cloud Security:

  1. Access Tenable Cloud Security.
  2. On the left navigation bar, click the button.

  3. Click Custom policy.

  4. Click Add policy.
    The Create Policy page opens.

  5. In the Choose Resource section, do one of the following:

    • Type a resource in the search box to bring up its name.

    • Select a resource from the list of available resources.

    Note: You can create policies for any cloud resource or schema supported by the IaC providers.

  6. Click Continue.

  7. In the Policy Condition section, use the query builder to select the conditions that the policy must meet. Click the arrow on the drop-down list to select a parameter, operator, value, and an AND/OR operator.

    Note: The inputs to the query builder are dynamic and based on the resource’s schema.
  8. Click Continue.

  9. In the Test Policy section, click the arrow on the drop-down list to select the project name.

  10. Click Test to verify that the policy condition runs successfully. You can test policies for the projects for which you have access.

  11. Click Continue.

  12. In the Remediation Details section, select the parameter, type, and the required value to create the remediation for the policy.

  13. (Optional) Click + to add more remediation details.

  14. Click Continue.

  15. In the Policy Details section, provide the following:

    • Type the policy name.

    • Select the policy category.

    • Select the severity of the policy.

    • Select the applicable benchmark for the policy.

      Note: You can create a user-defined compliance benchmark and add the required policy to the created benchmark.

    • Select the required custom policy group.

    • Type the remediation description details.

  16. Click Create.
    Tenable Cloud Security creates a custom policy.