> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cysmiq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Policies

> Govern vulnerability, package, manifest, secret, and code risk with reusable policy rules.

## Overview

Policies define rules that Cysmiq evaluates against security data in a workspace. They help teams track remediation deadlines, warn on risky changes, block releases, and manage package or manifest allow and deny decisions.

<Info>Availability depends on your Cysmiq plan.</Info>

## Policy lifecycle

| Setting             | Values                                  | What it controls                                             |
| ------------------- | --------------------------------------- | ------------------------------------------------------------ |
| Status              | `Active`, `Disabled`                    | Whether the policy is evaluated                              |
| Enforcement         | `Monitor`, `Warn`, `Block`              | How strongly matching violations affect workflows            |
| Default application | Applies by default or explicit bindings | Whether the policy applies broadly or only where it is bound |

## Enforcement modes

| Mode      | Behavior                                                           |
| --------- | ------------------------------------------------------------------ |
| `Monitor` | Records matching policy violations for review                      |
| `Warn`    | Records violations and marks them as warning-level enforcement     |
| `Block`   | Records violations as blocking enforcement for connected workflows |

The effective enforcement mode can come from the policy, a policy binding, or an override.

## Policy types

| Policy type         | Purpose                                                          |
| ------------------- | ---------------------------------------------------------------- |
| Vulnerability SLA   | Track remediation windows for vulnerabilities                    |
| Package allow/deny  | Govern package use with package rules and package decisions      |
| Manifest allow/deny | Govern manifest files and dependency file types                  |
| Custom              | Evaluate custom condition logic against supported policy targets |

See [Package and manifest policies](/policies/package-and-manifest-rules) for allow and deny rules. See [Custom policies](/policies/custom-policies) for condition-based policies.

## Templates

Policy templates provide starting points for common controls. Templates can be adopted into workspace policies, reviewed, adjusted, and activated.

Template groups can apply multiple related templates together. Adopted templates become normal policies that can be edited, disabled, cloned, or deleted.

## Bindings and overrides

Bindings control where a policy applies and how it behaves at a scope. Supported binding modes are:

| Binding mode        | Meaning                                                                  |
| ------------------- | ------------------------------------------------------------------------ |
| Use policy defaults | Apply the policy's configured behavior                                   |
| Customize settings  | Override enforcement or supported policy-specific settings for the scope |
| Disable policy      | Disable the policy for the scope                                         |

Policy evaluation resolves workspace, organization, repository, application, asset, manifest, reference, and environment scopes. More specific scopes are evaluated before broader scopes.

Policy rule forms and global opt-outs currently expose workspace, organization, repository, and application scopes.

Global opt-outs can disable policies for selected workspace, organization, repository, or application scopes.

## Related docs

* [Policy violations](/policies/violations)
* [Package and manifest policies](/policies/package-and-manifest-rules)
* [Custom policies](/policies/custom-policies)
* [Policy condition fields](/reference/policy-condition-fields)
