Distinct from other system policies, an audit policy defines a policy violation for a group of users of a specific resource. Audit policies establish one or more rules by which users are evaluated for compliance violations. These rules depend on conditions based on one or more attributes defined by a resource. When the system scans a user, it uses the criteria defined in the audit policies assigned to that user to determine whether compliance violations have occurred.
For more information about audit policies, see About Audit Policies.