Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
Managing Policies and Procedures on JupiterOne - AskJ1 Community
<main> <article class="userContent"> <p>J1 Policies enables you to generate and manage corporate security policies and procedures. It has the following capabilities:</p> <ul><li>Generating policies and procedures from templates</li> <li>Managing policies and procedures online</li> <li>Mapping controls/procedures to compliance requirements</li> <li>Using the Policy Builder CLI</li> </ul><h2 data-id="generating-policies-and-procedures-from-templates">Generating Policies and Procedures from Templates</h2> <p>J1 Policies provides a set of over 120 policy and procedure templates to help your organization build your security program and operations from zero. These templates are derived from the J1 internal policies and procedures, and have been through several iterations of compliance assessments.</p> <p>To create a policy from a template:</p> <ol><li><p>Click <strong>Policies</strong> at the top of the J1 navigation bar.</p></li> <li><p>Select in the left column the policy template you want to use and customize.</p></li> <li><p>From the three-dot menu in the upper-corner of a policy, click <strong>Edit Policy</strong>. You can also edit controls and procedures by selecting the edit option for the respective menu.</p> <p>You must have Administrator access to your JupiterOne account to edit or export policies.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/E3CSUBPBNKT6/policies-edit.png" alt="" class="embedImage-img importedEmbed-img"></img></p></li> </ol><p>It may take a few minutes for the policy and procedure documents to be generated for the first time. After you create documents, members of your team must review and accept them. Reviewers must have the Person entity class with an associated email address. If the reviewer does not that the Person entity, <a rel="nofollow" href="https://jupiterone.vanillacommunities.com/kb/articles/1034-creating-team-entities-and-mapping-team-members">you can add it from J1 Assets</a>.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/X10VW9L3Y7JC/policies-accept.png" alt="" class="embedImage-img importedEmbed-img"></img></p> <h2 data-id="managing-policies-and-procedures">Managing Policies and Procedures</h2> <p>Similar to the concept of micro-services, the policies and procedures are written as micro-docs. Each policy and procedure document is written in its own individual file, in Markdown format, and linked together via a configuration.</p> <p>The templates are open source and you can <a rel="nofollow" href="https://github.com/JupiterOne/security-policy-templates">see more details here</a>.</p> <h3 data-id="variables">Variables</h3> <p>The Markdown text contains both global and local variables -- in this format: <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">{{variableName}}</code>. Do not edit the variables in the templates since they would be auto-replaced by the relevant text.</p> <p>A <strong>Procedure</strong> document may contain an optional local <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">{{provider}}</code> variable. This allows you to configure the control provider that implements or has been designated the responsibility to fulfill that procedure. For example, the provider for "Single Sign On" could be "Okta", "OneLogin", "JumpCloud", "Google", etc. This <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">provider</code> value can be entered near the top of the document editor when it is open, right below the Document Title.</p> <p>The procedure editor also presents you a short summary guidance description. Additionally, you may toggle the "Adopted" flag on or off depending on your readiness to adopt a particular procedure.</p> <h3 data-id="versioning">Versioning</h3> <p>Edits to policies and procedure documents are automatically versioned upon save. The <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">{{defaultRevision}}</code> variable is populated with the date the document was last edited.</p> <p>Currently the web app does not have a UI to view previous versions of documents.</p> <h3 data-id="download-export-policy-and-procedure-documents">Download/Export Policy and Procedure Documents</h3> <p>The Export / Download Zip button at the upper right corner of the screen will generate a zip file containing the following three sets of files:</p> <ul><li>templates in Markdown format</li> <li>final policies and procedures in Markdown format</li> <li>final policies and procedures in HTML format</li> </ul><h2 data-id="policy-builder-cli">Policy Builder CLI</h2> <p>JupiterOne provides an offline CLI that enables you to manage your policies and procedures offline (for example, as code in a Git repo), and publish to your JupiterOne account, as needed.</p> <p>Detailed usage can be found in the <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">jupiter-policy-builder</code> repo and README: <a rel="nofollow" href="https://github.com/JupiterOne/jupiter-policy-builder">https://github.com/JupiterOne/jupiter-policy-builder</a>.</p> <h3 data-id="using-your-own-existing-policies">Using Your Own Existing Policies</h3> <p>J1 Policies is an optional component of the J1 platform. It is not a prerequisite for the rest of the platform. J1 Compliance is the only app that depends on J1 Policies for appropriate mappings to compliance framework requirements and controls.</p> <p>You are not required to use the J1-provided policy/procedure templates. If your organization already has written documents for security policies and procedures, and you would like to take advantage of J1 Compliance and its mapping capabilities, you can transform your existing policies and publish them to JupiterOne.</p> <p>The structure is defined here: <a rel="nofollow" href="https://github.com/JupiterOne/security-policy-templates">https://github.com/JupiterOne/security-policy-templates</a></p> </article> </main>