PolicyType
|
Policy (concept) feature
This page is an introduction to Policy (concept) midPoint feature.
Please see the feature page for more details.
|
PolicyType is a data type in midPoint schema, meant for objects that contain elements of business or governance policy.
Policy objects usually contain policy rules. However, they may also be used to build up policy structures, such as classifications and clearances.
Policy objects are usually used as meta-roles. They contain inducements, usually high-order inducements, which are applied to roles, users, services and other objects using the RBAC mechanisms. Policy objects technically act almost identically to roles. However, they have very different meaning and usage. Therefore, separate data type is created policy objects, to clearly distinguish them from ordinary roles. Such division is very helpful for presentation (user interface), reporting and general understanding of policy structures.
Compliance
This feature is related to the following compliance frameworks:
-
ISO/IEC 27001 5.2: Information security roles and responsibilities
-
ISO/IEC 27001 5.10: Acceptable use of information and other associated assets
-
ISO/IEC 27001 5.19: Information security in supplier relationships
-
ISO/IEC 27001 5.20: Addressing information security within supplier agreements
-
ISO/IEC 27001 5.21: Managing information security in the ICT supply chain
-
ISO/IEC 27001 5.22: Monitoring, review and change management of supplier services
-
ISO/IEC 27001 5.23: Information security for use of cloud services
-
ISO/IEC 27001 5.26: Response to information security incidents
-
ISO/IEC 27001 5.31: Legal, statutory, regulatory and contractual requirements
-
ISO/IEC 27001 5.36: Compliance with policies, rules and standards for information security
-
ISO/IEC 27001 6.3: Information security awareness, education and training
-
ISO/IEC 27001 6.5: Responsibilities after termination or change of employment
-
ISO/IEC 27001 6.6: Confidentiality or non-disclosure agreements
-
ISO/IEC 27001 8.19: Installation of software on operational systems
-
ISO/IEC 27001 8.27: Secure system architecture and engineering principles