Swif’s Compliance Repository now lets you create, tailor, and version your own controls instead of relying only on the system-supplied SW-1 … SW-11 checklist.
Use this when you need a control that:
Combines multiple OSs in one rule (e.g., “macOS 14.5 or Windows 11”)
References a setting inside any Swif policy (e.g., FileVault2 must be enabled)
Demands a specific piece of software, a minimum device spec, or both
Where to start
Settings › Compliance
Click Create Compliance Control (green button above the General Compliance Requirements list).
Wizard overview
Step | What you do | Key options |
1 Basic Information | Name & (optional) description | — |
2 Control Config | Add one Spec card per condition you want to check | Specification type: - Application – require or forbid a specific app |
3 Requirements (optional) | For Policy specs, refine the exact Requirement inside that policy, and the value that is considered “compliant.” | Example: |
You can mix as many spec cards as you need—the control passes only when all cards match the device.
How Control Config evaluates multiple conditions
When you add more than one Policy or Application spec for the same OS inside Control Config, Swif applies an AND operator:
All Policy specs for that OS must be satisfied
All Application specs for that OS must be satisfied
Only when every condition for the operating system evaluates to true does the device pass the custom control.
Example
If you add two macOS Policy specs—“FileVault = Enabled” and “Screensaver Lock = On”—a Mac is considered compliant only when both settings are met.
Next, Click Create Control to save.
What happens next
The new control appears in the Compliance Repository list (labelled Custom).
Toggle Add to Device Compliance Criteria if you want it counted in every device’s “Compliant / Incomplete” score.Each requirement’s Current Setting column shows the real-time value reported from the device fleet.
Need to revert? Click Reset Default Settings to hide all customizations and restore the out-of-box SW-n list.
Examples you can build
Goal | Spec cards to add |
Block guest accounts anywhere | Policy → Password Policy → Require Passcode on Device → True  |
Ensure laptops are on at least macOS 15.1 or Windows 11 | Operating System (macOS 15.1) + Operating System (Windows 11)  |
Require FileVault and BitLocker | Policy → FileVault2 → Enabled ; Policy → BitLocker Auto Policy → On |
Flag devices missing Microsoft Excel | Application → “Microsoft Excel” on both macOS & Windows  |
Set control as Device Compliance Requirement
Device Compliance Requirement Toggle: When creating or editing a control, you can now choose whether it counts toward device compliance. By default, new controls are included, but you can uncheck this option to have the control appear in the Compliance Center without affecting device compliance status.
Unified Compliance List: Both system default and custom controls now appear together in compliance lists, with clear indicators of their type. System default controls are always included in device compliance, while custom controls can be toggled.
Dynamic Compliance Items: If all requirements for a policy or control are removed (for example, deleting all configurations for a software update policy), the related compliance item is automatically removed from device compliance lists. This ensures only relevant controls are shown for each device and operating system.
OS-Specific Controls: Custom controls with requirements for specific operating systems will only appear in compliance results for those OSes.
Tips & FAQs
Does a custom control affect existing benchmarks (SOC 2, ISO 27001, …)?
Not automatically. Custom controls are internal checks; map them to frameworks in your audit narrative if required.Excluding devices – use the Exclusion Rule dropdown under the repository list (e.g., “Include only production devices”).
Versioning – each edit increments the control’s version; history is visible in the API and audit exports.
Custom controls let you express your security policy in Swif’s language—try them to close gaps the default SW-rules don’t cover.