Aembit’s Global Policy Compliance is a security enforcement feature that allows administrators to establish organization-wide security standards for Access Policies and Agent Controllers. Global Policy Compliance ensures consistent security practices across your Aembit environment and prevents the creation of policies that might inadvertently expose resources.
What Global Policy Compliance does
Section titled “What Global Policy Compliance does”Global Policy Compliance provides centralized control over the following Aembit administration components:
Access Policies
Section titled “Access Policies”- Trust Provider Requirements: Ensures all Access Policies include proper identity verification
- Access Condition Requirements: Enforces contextual access rules across all policies
Agent Controllers
Section titled “Agent Controllers”- Trust Provider Requirements: Ensures proper identity verification for all Agent Controllers
- TLS Hostname Requirements: Enforces secure communication standards
How Global Policy Compliance works
Section titled “How Global Policy Compliance works”You can configure Global Policy Compliance to either require, recommend, or not enforce that Aembit components such as Access Policies have certain configurations. For example, you can set Global Policy Compliance to enforce that all Access Policies have a Trust Provider configured.
Global Policy Compliance operates on a three-tier enforcement model:
- Required - Strictest setting - prevents creation or modification of non-compliant policies
- Recommended (Default) - Flags non-compliant policies but allows their creation after confirmation
- Optional - No enforcement - allows creation of policies without the specified security elements
Global Policy Compliance status icons
Section titled “Global Policy Compliance status icons”Aembit visually identifies non-compliant Access Policies through color-coded status icons and labels:
- Red indicators for required but missing elements
- Yellow indicators for recommended but missing elements
- Green indicators for compliant Access Policies
- Gray indicators for disabled or not active Access Policies
See the following screenshot as an example:
When editing an Access Policy, Aembit displays the current compliance status and prevents saving non-compliant policies based on your configured enforcement level:
Benefits
Section titled “Benefits”- Ensures consistent security standards across your organization
- Prevents accidental creation of insecure Access Policies
- Provides visibility into policy compliance through visual indicators
- Supports role-based access control for compliance settings management
Use cases
Section titled “Use cases”Aembit’s Global Policy Compliance feature applies to many different use cases, such as the following:
-
Enterprise security compliance - Security administrators in large enterprises can enforce that all Access Policies include proper identity verification through Trust Providers, ensuring consistent security practices across multiple teams and Resource Sets.
-
Regulated industries - Organizations in healthcare, finance, and other regulated industries can use Global Policy Compliance to maintain audit-ready Access Policies that consistently implement required security controls.
-
DevOps security - DevOps teams can implement secure-by-default practices by requiring Access Conditions on all policies, preventing deployment of resources with inadequate access controls.
-
Service providers - Managed Service Providers (MSP) and SaaS providers can enforce strict TLS hostname requirements for Agent Controllers, ensuring secure communication standards across client environments.