Skip to main content

Custom Compliance Controls in Swif

Updated this week

Swif’s Compliance Repository now lets you create, tailor, and version your own controls instead of relying only on the system-supplied SW-1 … SW-11 checklist.
Use this when you need a control that:

  • Combines multiple OSs in one rule (e.g., “macOS 14.5 or Windows 11”)

  • References a setting inside any Swif policy (e.g., FileVault2 must be enabled)

  • Demands a specific piece of software, a minimum device spec, or both


Where to start

Settings › Compliance
Click Create Compliance Control (green button above the General Compliance Requirements list).


Wizard overview

Step

What you do

Key options

1 Basic Information

Name & (optional) description

2 Control Config

Add one Spec card per condition you want to check

Specification type:
- Policy – pick any Swif policy (e.g., “Password Policy”)

- Application – require or forbid a specific app
- Operating System – minimum OS version per platform

3 Requirements (optional)

For Policy specs, refine the exact Requirement inside that policy, and the value that is considered “compliant.”

Example: Password PolicyRequire Passcode on DeviceTrue

You can mix as many spec cards as you need—the control passes only when all cards match the device.

How Control Config evaluates multiple conditions

When you add more than one Policy or Application spec for the same OS inside Control Config, Swif applies an AND operator:

  • All Policy specs for that OS must be satisfied

  • All Application specs for that OS must be satisfied

Only when every condition for the operating system evaluates to true does the device pass the custom control.

Example
If you add two macOS Policy specs—“FileVault = Enabled” and “Screensaver Lock = On”—a Mac is considered compliant only when both settings are met.

Next, Click Create Control to save.


What happens next

  • The new control appears in the Compliance Repository list (labelled Custom).
    Toggle Add to Device Compliance Criteria if you want it counted in every device’s “Compliant / Incomplete” score.

  • Each requirement’s Current Setting column shows the real-time value reported from the device fleet.

  • Need to revert? Click Reset Default Settings to hide all customizations and restore the out-of-box SW-n list.


Examples you can build

Goal

Spec cards to add

Block guest accounts anywhere

Policy → Password PolicyRequire Passcode on DeviceTrue

Ensure laptops are on at least macOS 15.1 or Windows 11

Operating System (macOS 15.1) + Operating System (Windows 11)

Require FileVault and BitLocker

PolicyFileVault2Enabled ; PolicyBitLocker Auto PolicyOn

Flag devices missing Microsoft Excel

Application → “Microsoft Excel” on both macOS & Windows


Set control as Device Compliance Requirement

  • Device Compliance Requirement Toggle: When creating or editing a control, you can now choose whether it counts toward device compliance. By default, new controls are included, but you can uncheck this option to have the control appear in the Compliance Center without affecting device compliance status.

  • Unified Compliance List: Both system default and custom controls now appear together in compliance lists, with clear indicators of their type. System default controls are always included in device compliance, while custom controls can be toggled.

  • Dynamic Compliance Items: If all requirements for a policy or control are removed (for example, deleting all configurations for a software update policy), the related compliance item is automatically removed from device compliance lists. This ensures only relevant controls are shown for each device and operating system.

  • OS-Specific Controls: Custom controls with requirements for specific operating systems will only appear in compliance results for those OSes.


Tips & FAQs

  • Does a custom control affect existing benchmarks (SOC 2, ISO 27001, …)?
    Not automatically. Custom controls are internal checks; map them to frameworks in your audit narrative if required.

  • Excluding devices – use the Exclusion Rule dropdown under the repository list (e.g., “Include only production devices”).

  • Versioning – each edit increments the control’s version; history is visible in the API and audit exports.


Custom controls let you express your security policy in Swif’s language—try them to close gaps the default SW-rules don’t cover.

Did this answer your question?