Serverless Framework comes pre-loaded with configurable policies out of the box. Use these policies to enforce security requirements (e.g. ensure no wildcard IAM roles are created), operational best practices (e.g. ensure a dead letter queues is attached to each function), and organizational conventions (e.g. required tags, or function naming conventions).
Use these out of the box policies to help enforce NIST, CIS, NSA and ISO 27001 requirements.
Enforce policies without touching any code. In the dashboard you can add and configure policies across your organization without needing to change your service configuration or code. Policies are highly customizable, so you can apply policies to different environments, configuring them uniquely for each environment, and configure their enforcement level.