1. Home
  2. CMP Docs
  3. Policy Generator

Policy Generator

Need a Policy? Use One of These.

The Policy Generator is a quick way to create customized policies for your organization. Many of the controls can be fully or partially satisfied by providing evidence of company-specific policies.

Why Use the Policy Generator?

Let’s use Control 3.3.5 as an example. The control requirement states: “Correlate audit review, analysis, and reporting processes for investigation and response to indications of inappropriate, suspicious, or unusual activity”.

ComplyUp Nist 800-171 Compliance Control 3.3.5

The ComplyUp Comments give us a bit more information on how to respond.

ComplyUp Nist 800-171 Compliance Comments

Wouldn’t it be nice to have a Security Response Plan that outlines exactly how your organization investigates and responds to indications of inappropriate, suspicious, or unusual activity? Maybe a document describing your logging processes would be helpful as well.

ComplyUp Nist 800-171 Compliance Evidence Recommendations

Let’s look at the Evidence Recommendations.

It looks like two Policy Templates are available that would work quite well with this control. Let’s head over to the Policy Generator.

Policy Generator Usage

The Policy Generator lists a series of templates available for customization.

ComplyUp Nist 800-171 Compliance Policy Templates

Click on a policy to load it in the Policy Editor.

ComplyUp Nist 800-171 Compliance Information Logging

The policy editor pre-populates the template with your Organization’s Name. Use the editor to make changes to the policy so it aligns with your organization’s guidelines.

Many of the policies can be associated with more than one control. The Security Response Plan mentioned earlier is appropriate evidence for several controls: 3.3.5, 3.6.1, 3.6.2, 3.6.3, 3.13.14. Decide if you’d like to auto-associate this template to all recommended controls, then click Save in the Save Policy section. The template will be saved as a PDF and added to the Evidence View.

ComplyUp Nist 800-171 Compliance Save Policy
ComplyUp Nist 800-171 Compliance Evidence List

If the new policy was auto-associated to all recommended controls, it will be visible in the Evidence section of the associated control in the Control View.

ComplyUp Nist 800-171 Compliance Evidence