An operational or configuration compliance policy with technical specifications / rules that governs (i.e. enforces, evaluates, or monitors) a security control or IT system.

Includes properties from:

category (string) - Optional

The category of control policy.


  • compliance
  • config
  • password
  • other

rules (array of string) - Optional

Rules of this policy. Each rule is written ‘as-code’ that can be operationalized with a control provider or within JupiterOne’s rules engine.

content (string) - Optional

Content of an AccessPolicy or ControlPolicy contains the raw policy rules, if applicable. For example, the JSON text of an AWS IAM Policy.