Cyscale
Back to GRC catalog

Policies

Policy templates and operating procedures that can be tied back to technical controls where available.

Connector filter

Showing 31 of 31 entries

Asset Management (Inventory)

## Policy Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft Azure

Covered asset types

BlobContainerBucketCloudSQLInstanceConnectorDiskEBSSettingsLogBucketSQLUser
20 mapped controls23 queries4 procedures

Breach Investigation and Notification

## Policy Statement

Applies to

AWSGoogle Cloud

Covered asset types

BucketConnectorIAMGroupIAMRoleIAMServiceAccountIAMUserRootUserTrailVPC
15 mapped controls17 queries4 procedures

Business Continuity and Disaster Recovery Plan

## Policy Statement

Applies to

General guidance
0 queries3 procedures

Change Management

## Policy Statement

Applies to

General guidance
0 queries5 procedures

Corporate Governance

Policie maintained in the Cyscale GRC catalog

Applies to

General guidance
0 queries

Data Management

## Policy Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft Azure

Covered asset types

BucketEBSSettingsFirewallIAMServiceAccountKeyIAMUserManagedZoneNetworkACLSecurityGroupVPC
13 mapped controls14 queries5 procedures

Data Protection

## Policy Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft Azure

Covered asset types

APIKeyBigQueryTableBlobContainerBucketCloudSQLInstanceClusterConnectorDiskEBSSettingsFirewallIAMGroupIAMRoleIAMServerCertificateIAMServiceAccountIAMServiceAccountKeyIAMUserKMSKeyLoadBalancerManagedZoneNetworkACLRootUserSecurityGroupTrailVMVPC
81 mapped controls84 queries9 procedures

Device Management (MDM)

## Policy Statement

Applies to

General guidance
0 queries4 procedures

Email and External Communications

## Policy Statement

Applies to

General guidance
0 queries4 procedures

Human Resources Security

## Policy Statement

Applies to

General guidance
0 queries7 procedures

Identity and Access Management

## Policy Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra IDOkta

Covered asset types

BucketClusterConnectorFirewallIAMGroupIAMPasswordPolicyIAMRoleIAMServiceAccountIAMServiceAccountKeyIAMUserKMSKeyNetworkACLPasswordPolicyPolicyRootUserSecurityGroupUserVM
43 mapped controls48 queries10 procedures

Incident Reporting and Response

## Policy Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra ID

Covered asset types

ConnectorIAMServiceAccountIAMUserRootUserTrailUserVPC
13 mapped controls17 queries10 procedures

Information Security Program

## Policy Statement

Applies to

General guidance
0 queries4 procedures

Network Security

Policie maintained in the Cyscale GRC catalog

Applies to

General guidance
0 queries

Operations Security

Policie maintained in the Cyscale GRC catalog

Applies to

General guidance
0 queries

Password Management

## Policy Statement

Applies to

AWSGoogle Cloud

Covered asset types

IAMPasswordPolicyIAMServiceAccountKeyIAMUserKMSKey
10 mapped controls10 queries6 procedures

Physical Security

Policie maintained in the Cyscale GRC catalog

Applies to

General guidance
0 queries

Policy Management

## Policy Statement

Applies to

General guidance
0 queries7 procedures

Privacy Policy

Policie maintained in the Cyscale GRC catalog

Applies to

General guidance
0 queries

Remote Working

## Policy Statement

Applies to

General guidance
0 queries3 procedures

Risk Management, Risk Assessment and Risk Analysis

## Policy Statement

Applies to

General guidance
0 queries7 procedures

Roles and Responsibilities

Policie maintained in the Cyscale GRC catalog

Applies to

General guidance
0 queries

Secure Software Development Lifecycle (SDLC)

## Policy Statement

Applies to

General guidance
0 queries8 procedures

Security Architecture and Design

## Policy Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft Azure

Covered asset types

BigQueryTableCloudSQLInstanceClusterConnectorDiskFirewallIAMServiceAccountLoadBalancerManagedZoneNetworkACLSecurityGroupTrailVMVPC
32 mapped controls31 queries5 procedures

Security Training and Awareness

## Policy Statement

Applies to

General guidance
0 queries6 procedures

Software Policy

## Policy Statement

Applies to

General guidance
0 queries5 procedures

Software Release and Deployment Management

## Policy Statement

Applies to

General guidance
0 queries6 procedures

Systems Audit

## Policy Statement

Applies to

AWSGoogle Cloud

Covered asset types

BucketClusterConnectorIAMServiceAccountIAMUserLogBucketProjectSQLUserTrailVPC
42 mapped controls42 queries10 procedures

Third Party Vendors and Due Diligence

## Policy Statement

Applies to

General guidance
0 queries7 procedures

Threat Management Policy

## Policy Statement

Applies to

General guidance
0 queries3 procedures

Vulnerability Management

## Policy Statement

Applies to

General guidance
0 queries6 procedures
Cyscale Logo
Cyscale is an agentless cloud-native application protection platform (CNAPP) that automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

Stay connected

Receive new blog posts and product updates from Cyscale

By clicking Subscribe, I agree to Cyscale’s Privacy Policy

© 2026 Cyscale Limited

© 2026 Cyscale Limited

Terms of useSecurity PolicyPrivacy PolicyStatusSitemap
Terms of useSecurity PolicyPrivacy Policy
StatusSitemap
LinkedIn icon
Twitter icon
Facebook icon
crunch base icon
angel icon