Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Managing Policies and Procedures on JupiterOne - AskJ1 Community
<main> <article class="userContent"> <p>JupiterOne provides a <strong>Policies</strong> app that allows users to generate and manage corporate security policies and procedures. It has the following capabilities:</p> <ul><li>Generating policies and procedures from templates</li> <li>Managing policies and procedures online via the webapp</li> <li>Mapping controls/procedures to compliance requirements</li> <li>Policy Builder CLI</li> </ul><h2 data-id="generating-policies-and-procedures-from-templates">Generating Policies and Procedures from Templates</h2> <p>JupiterOne's Policies app provides a set of over 120 policy and procedure templates to help your organization build your security program and operations from scratch. These templates are derived from our own internal policies and procedures, and have been through several rounds of compliance assessments.</p> <p>To get started, simply navigate to the <strong>Policies</strong> app, fill in the following three sections of information in the web form:</p> <ul><li>Company information</li> <li>Key personnel information (such as your Security and Privacy Officer)</li> <li>Security and DevOps tooling information</li> </ul><p>It may take a few minutes for the policy and procedure documents to be generated for the first time.</p> <h2 data-id="managing-policies-and-procedures-online-via-the-web-app">Managing Policies and Procedures Online via the Web App</h2> <p>Similar to the concept of "micro-services", the policies and procedures are written as "micro-docs". Each policy and procedure document is written in its own individual file, in Markdown format, and linked together via configuration.</p> <p>The templates are open source and you can check out more details in this repo:<br><a rel="nofollow" href="https://github.com/JupiterOne/security-policy-templates">https://github.com/JupiterOne/security-policy-templates</a></p> <p>The web app allows you to edit a policy or procedure directly online. Simply click <strong>Edit</strong> button in the upper corner of a policy or procedure document to bring up the Markdown editor.</p> <p>You need to have Administrator access to your JupiterOne account to edit or export policies.</p> <h3 data-id="variables">Variables</h3> <p>The Markdown text contains both global and local variables -- in this format: <code class="code codeInline" spellcheck="false" tabindex="0">{{variableName}}</code>. Do not edit the variables in the templates since they would be auto-replaced by the relevant text.</p> <p>A <strong>Procedure</strong> document may contain an optional local <code class="code codeInline" spellcheck="false" tabindex="0">{{provider}}</code> variable. This allows you to configure the control provider that implements or has been designated the responsibility to fulfill that procedure. For example, the provider for "Single Sign On" could be "Okta", "OneLogin", "JumpCloud", "Google", etc. This <code class="code codeInline" spellcheck="false" tabindex="0">provider</code> value can be entered near the top of the document editor when it is open, right below the Document Title.</p> <p>The procedure editor also presents you a short summary guidance description. Additionally, you may toggle the "Adopted" flag on or off depending on your readiness to adopt a particular procedure.</p> <h3 data-id="versioning">Versioning</h3> <p>Edits to policies and procedure documents are automatically versioned upon save. The <code class="code codeInline" spellcheck="false" tabindex="0">{{defaultRevision}}</code> variable will be populated with the date the document was last edited.</p> <p>Currently the web app does not have a UI to view previous versions of documents.</p> <h3 data-id="download-export-policy-and-procedure-documents">Download / export policy and procedure documents</h3> <p>The "Export / Download Zip" button at the upper right corner of the screen will generate a zip file containing the following three sets of files:</p> <ul><li>templates in Markdown format</li> <li>final policies and procedures in Markdown format</li> <li>final policies and procedures in HTML format</li> </ul><h2 data-id="policy-builder-cli">Policy Builder CLI</h2> <p>JupiterOne provides an offline CLI that allows you to manage your policies and procedures offline (for example, as code in a git repo), and publish to your JupiterOne account as needed.</p> <p>Detailed usage can be found in the <code class="code codeInline" spellcheck="false" tabindex="0">jupiter-policy-builder</code> repo and README: <a rel="nofollow" href="https://github.com/JupiterOne/jupiter-policy-builder">https://github.com/JupiterOne/jupiter-policy-builder</a></p> <h3 data-id="using-your-own-existing-policies">Using Your Own Existing Policies</h3> <p>The J1 Policies app is an optional component of the platform. It is not a prerequisite for the rest of the platform. The JupiterOne Compliance app is the only app that depends on it for proper mapping to compliance framework requirements and controls.</p> <p>You are not required to use JupiterOne provided policy/procedure templates. If your organization already has written documents for security policies and procedures, and you would like to take advantage of JupiterOne Compliance app and its mapping capabilities, you can transform your existing policies and<br> publish them to JupiterOne.</p> <p>The structure is defined here: <a rel="nofollow" href="https://github.com/JupiterOne/security-policy-templates">https://github.com/JupiterOne/security-policy-templates</a></p> </article> </main>