How policies work

Policies allow administrators to define global configuration parameters for encryption resources associated with that policy. For example, within a policy, you can define certificate settings that you want to standardize in your organization such as the certificate Contact, Subject DN, management type (Monitoring, Enrollment, Provisioning, or Unassigned), CA Template, and key strength.

In the Trust Protection Platform Administration Console, policies can contain one or more system objects, including Devices, Certificates, Application Workflows, CA Templates, Applications or even other policies.

NOTE Application objects cannot be created directly under policies; they can be created only under Devices.

When a system object is defined in a policy in the Trust Protection Platform Administration Console, the object and its corresponding resource are associated with the policy and are subject to the policy's settings. For example, if you configured certificate settings on a policy, Trust Protection Platform would read those values for the policy’s subordinate certificates. Thus, policies can be used to standardize object configuration parameters and enforce security requirements.

To understand how this works, it is helpful to first discuss how Trust Protection Platform applies policies to resources in your encryption environment, then discuss how individual policy values are implemented. The following sections review how policy settings are defined within a policy, and then how those policy settings apply in your encryption environment.