Still can't find what you're looking for?
Policies are an excellent resource in Guardian that allow you to define a desired configuration state at the node or node group level. For example, you could create a policy to ensure that a set of roles and features are installed on a node, or that certain environment variables are set. The policy checks are then run each time the node is scanned, with the results indicating whether the checks passed or failed. A node group can contain multiple policies that are applied to the same or a different set of nodes. The following topic provides a curated list of policies and micro-policies in Guardian. For more information on how to import a policy into Guardian, see Import a Policy.
Tip: Additionally, you can access our public repository of policies.
AWS IAM Password and Permissions
Node Type: AWS IAM Account
Download Link: AWS IAM Best Practice
Description: This policy confirms the following:
-
Certain recommended password policy settings.
-
No issued user access keys have been left unused for more than six months.
-
Users have Multi-Factor Authentication (MFA) enabled.
-
Users only have one MFA device configured.
-
Users have no inline or managed policies assigned to them, as per RBAC's recommendation.
BlueKeep (CVE-2019-0708) Check
Node Type: Windows
Download Link: BlueKeep Check
Description: This policy checks that the node is not vulnerable to the BlueKeep vuln.
GitHub User Identity Check
Node Type: GitHub Organization
Download Link: GitHub User Identity Check
Description: This policy confirms that all users in your GitHub account have the full name attribute set in their user profiles so you can audit who did what when relative to a real person's identity.
GitHub Users MFA Check
Node Type: GitHub Organization
Download Link: GitHub Users MFA Check
Description: This policy confirms that all users in your GitHub account have MFA enabled.
GitHub Repository is not Forked
Node Type: GitHub Organization
Download Link: GitHub Repo is not Forked
Description: This policy checks that your GitHub Repo has not been forked and is not a fork itself.
GitHub Repository is Private
Node Type: GitHub Organization
Download Link: GitHub Repo Private
Description: This policy checks that your GitHub Repo is private and not public.
PCI Section 3.2 – Windows Audit Check
Node Type: Windows
Download Link: PCI Section 3.2 – Audit Check Windows
Description: This policy checks to validate password complexity and server hardening requirements for PCI compliance.
PCI Section 3.2 – MS-SQL Windows
Node Type: MS-SQL
Download Link: PCI Section 3.2 – MS-SQL Windows
Description: This policy checks to validate password complexity and server hardening requirements for PCI compliance.
PCI Section 3.2 – Password Complexity RHEL7
Node Type: RHEL7
Download Link: PCI Section 3.2 – Password Check RHEL7
Description: This policy checks to validate password complexity and server hardening requirements for PCI compliance.
PCI Section 3.2 – Password Complexity Windows
Node Type: Windows
Download Link: PCI Section 3.2 – Password Check Windows
Description: This policy checks to validate password complexity and server hardening requirements for PCI compliance.
PCI Section 3.2 – Server Hardening Windows
Node Type: Windows
Download Link: PCI Section 3.2 – Server Hardening Windows
Description: This policy checks to validate password complexity and server hardening requirements for PCI compliance.
Website CyberRisk Checks
Node Type: Windows
Download Link: CyberRisk
Description: This policy provides a basic set of checks your internal and external websites should adhere to and is inspired by the checks used in UpGuard CyberRisk.