What is Policy Enforcement and why do I need it?

A cybersecurity policy is a rule you make to protect your business infrastructure. You may want passwords changed every 90 days for security reasons. Telling your employees to change passwords every 90 days is not really enforceable.

If a policy is not enforceable it will not be followed correctly. Automating the best practices through the use of administrative controls is recommended. For example, using Windows operating system user account controls to have the default setting for password time to live at 90 days. This will force all users to recreate a strong password every 90 days.

References:

Bosworth, S., Kabay, M., & Whyne, E. (2014). Computer Security Handbook (6th ed., Vol 2). Hoboken: John Wiley & Sons.