Central Policy Manager

Just because your teams are all over the world doesn’t mean your processes have to be all over the map. Give your disparate teams consistent policies and processes, so everyone’s focused on the same enterprise-wide goals.

The Central Policy Manager enables enterprises to define and enforce uniform security policies across all applications in their portfolios—including third-party software such as outsourced applications and third-party libraries—and across all business units and development teams in their organizations.

You can use one of our pre-defined policies or create your own to enforce the rules of your organization.

Key Capabilities

  • Policy Dashboard: Use the Policy Manager to define and assign security policies to applications as well as measure real-time compliance against them.

  • Business Criticality & Risk: Assign a policy to each application that defines the maximum level of risk permitted for it to be deemed compliant, based on its level of business criticality. There are five levels, from Very High to Very Low (based on the NIST definitions of assurance levels).

  • Granular Rules: The default Veracode policy is based on industry standards including The Open Web Application Security Project (OWASP) Top 10; MITRE’s Common Weakness Enumeration (CWE) for classification of software weaknesses; FIRST’s Common Vulnerability Scoring System (CVSS) for severity and ease of exploitability; and the CWE/SANS Top 25. You can also define granular custom rules such as “the application must be free from all SQL injection and Cross-Site Scripting (XSS) vulnerabilities.”

  • Pre-Defined Compliance Policies: We provide pre-defined policies enabling you to address compliance requirements such as PCI, HIPAA, SOX, GLBA, NIST and MAS.