Update the Pulumi Policies blog (#16511)

* Update the Pulumi Policies blog

Updating the Pulumi Policies blog to provide more guided action

* Update content/blog/policy-next-gen/index.md

* Update content/blog/policy-next-gen/index.md

* Update the Audit Policies

* Argh consistency! consistency

* update policy findings

* Apply suggestions from code review

* improve pre-built compliances blog

* meta description

* Making it more evergreen but still sounding NEW

* Update content/blog/policy-packs-cis-nist-pci/index.md

* More evergreen but still keeping the NEW feel

* The usual fix

Those spaces, why can't it ignore that 1 space?!

Author: SaraDPH

content/blog/policy-audit-scans-for-stacks/index.md

@@ -1,22 +1,22 @@
 ---
-title: "Introducing Audit Policy Scans for Pulumi Stacks"
+title: "New Audit Policy Scans for Pulumi Stacks"
 date: 2025-11-05T00:04:00
 authors:
   - levi-blackstone
   - arun-loganathan
-meta_desc: "Continuous policy evaluation for IaC stacks based on their last successful deployment state, enabling frictionless adoption and faster CI/CD."
+meta_desc: "Continuous policy evaluation for IaC stacks using their last successful deployment state, providing frictionless compliance checks and faster CI/CD workflows."
 allow_long_title: true
 meta_image: "meta.png"
 tags:
   - pulumi-service
   - policy-as-code
   - crossguard
-  - features
+  - audit-policies
   - compliance
   - governance
 ---
 
-Today, as part of the next generation of Pulumi Policies, we're introducing **Audit Policy Scans for Pulumi Stacks**. This capability uses policies to run compliance checks against the last successful deployment state of your stacks, providing continuous compliance monitoring without impacting your existing CI/CD workflows.
+**Audit Policy Scans for Pulumi Stacks** is part of the next generation of Pulumi Policies. This capability uses policies to run compliance checks against the last successful deployment state of your stacks, providing continuous compliance monitoring without impacting your existing CI/CD workflows.
 
 Until now, Pulumi’s preventative policies have served as a critical "shift-left" gate, blocking non-compliant changes during `pulumi up`. While essential, this created challenges for organizations wanting to roll out new governance across thousands of existing stacks. This new evaluation mode solves that problem, giving you a complete and continuous view of your IaC compliance posture without the friction.
 
@@ -28,9 +28,9 @@ Pulumi's audit philosophy is to provide complete visibility across your entire c
 
 1. **Audit Scans for Cloud Accounts (Existing):** This capability scans your live cloud environments (like an AWS account or Azure subscription). Its primary purpose is to give you a holistic view of your security posture by discovering *all* resources, including those not managed by Pulumi, and detecting configuration drift. This is how you find unmanaged, legacy, or manually-created resources that violate your policies.
 
-2. **Audit Scans for Pulumi Stacks (New):** The feature we're launching today extends this audit power to the source of truth for your managed infrastructure: your Pulumi stacks. It evaluates the *last successfully deployed state* of your IaC. This allows you to get an instant compliance baseline of all your managed infrastructure without having to redeploy anything, making it perfect for frictionless policy rollouts at scale.
+2. **Audit Scans for Pulumi Stacks (New):** The feature extends this audit power to the source of truth for your managed infrastructure: your Pulumi stacks. It evaluates the *last successfully deployed state* of your IaC. This allows you to get an instant compliance baseline of all your managed infrastructure without having to redeploy anything, making it perfect for frictionless policy rollouts at scale.
 
-Together, these two audit modes give you a comprehensive picture of your entire cloud estate, all feeding into one unified **Policy Findings hub**.
+Together, these two audit modes give you a comprehensive picture of your entire cloud estate, all feeding into one unified **[Policy Findings hub](https://www.pulumi.com/blog/policy-issue-management/)**.
 
 ## Key Scenarios for Audit Scans for Stacks
 
@@ -49,7 +49,7 @@ This new mechanism runs against the last known successfully deployed state of yo
 
 ## How to Get Started
 
-You can enable audit scans for your IaC stacks by adding them to an **Audit Policy Group**.
+You can enable audit scans for your IaC stacks by adding them to an **[Audit Policy Group](https://www.pulumi.com/docs/insights/policy/policy-groups/#audit-policy-groups)**.
 
 1. Navigate to the **Policies** tab in the left navigation bar of the Pulumi Cloud console.
 2. Create a new **Audit Policy Group** or select an existing one.
@@ -69,4 +69,12 @@ Audit policy scans consume workflow minutes from your Pulumi Cloud plan. Each sc
 
 With the addition of post-deployment evaluation for IaC stacks, you now have a complete, 360-degree view of your cloud environment. You can use audit scans for cloud accounts to get a handle on your entire live footprint, and use audit scans for stacks to easily assess your IaC-managed footprint without adding friction to your development process.
 
-Try it out in the Pulumi Cloud today and check out the documentation to learn more!
+## Try Pulumi Policies
+
+**Ready to try these features?**
+
+* [Sign up for Pulumi Cloud](https://app.pulumi.com/signup) and start a Neo task  
+* [Read the Get Started guide](/docs/insights/policy/get-started/) to continuously scan resources and identify violations
+* [Join the Community Slack](https://slack.pulumi.com/) to share feedback on the new features
+
+For complete documentation, visit our [Policies documentation](https://www.pulumi.com/docs/insights/policy/).

content/blog/policy-issue-management/index.md

@@ -1,25 +1,25 @@
 ---
-title: "Introducing the New Policy Findings Hub"
+title: "Policy Findings Hub: Move From Alert Fatigue to Action"
 date: 2025-11-05T00:03:00
 authors:
   - alejandro-cotroneo
   - arun-loganathan
-meta_desc: "Move from alert fatigue to action. Announcing Pulumi's new Policy Findings hub, a collaborative workspace for triaging, managing, and fixing compliance issues."
+meta_desc: "Pulumi’s Policy Findings hub helps teams move from alert fatigue to action with a collaborative workspace for triaging, managing, and fixing compliance issues."
 allow_long_title: true
 meta_image: "meta.png"
 tags:
   - pulumi-service
   - policy-as-code
-  - features
+  - audit-policies
   - compliance
   - governance
   - pulumi-neo
-  - ai
+  - infosec
 ---
 
 For platform and security teams, enabling robust cloud scanning often creates a new problem: an unmanageable firehose of policy alerts. Identifying a violation is only the first step. Without a system to manage the lifecycle of these findings, teams are quickly overwhelmed, leading to prioritization paralysis and a perpetually growing backlog.
 
-Today, we're introducing the solution to this alert fatigue. The new **Policy Findings** hub is a purpose-built, collaborative workspace that transforms a noisy list of violations into an organized and actionable set of tasks. It guides your team from initial discovery all the way to a verified fix.
+The **[Policy Findings](https://www.pulumi.com/docs/insights/policy/policy-findings/)** hub in Pulumi Cloud is the solution to this alert fatigue. It's a purpose-built, collaborative workspace that turns a noisy list of violations into organized, actionable tasks. The hub brings clarity and structure to the compliance process, guiding teams from initial discovery to a verified fix.
 
 <!--more-->
 
@@ -41,24 +41,36 @@ This view helps leadership track progress and make data-driven decisions about w
 
 For the infosec members and auditors, context is everything. Simply listing thousands of violations is not helpful. The Compliance tab provides a policy-centric view, grouping all findings by the specific control they violated (e.g., a specific rule within CIS or NIST).
 
-This is crucial when preparing for an audit or assessing adherence to a specific security framework, as it allows you to see exactly where you are compliant and where you have gaps, control by control.
+This is crucial when preparing for an audit or assessing adherence to a specific security framework, as it allows you to [see exactly where you are compliant and where you have gaps](https://www.pulumi.com/blog/policy-packs-cis-nist-pci/#more-than-just-detection-the-complete-governance-lifecycle), control by control.
 
 ### 3. The Issues Tab: The Team's Daily Workspace
 
-This is space where insight is turned into action. The Issues tab is a collaborative triage board designed for the day-to-day workflow of platform and development teams. It provides the full toolset needed to manage the lifecycle of an issue from start to finish:
+This is the space where insight is turned into action. The Issues tab is a collaborative triage board designed for the day-to-day workflow of platform and development teams. It provides the full toolset needed to manage the lifecycle of an issue from start to finish:
 
 * **Triage and Prioritize:** Filter issues by severity, resource type, or policy to focus on what matters most. Set a priority level from P0 (critical) to P4 (low).
 * **Assign Ownership:** Assign issues to specific team members to ensure clear ownership and accountability.
 * **Manage Lifecycle:** Mark an issue as "Ignored" with a justification. This is a critical workflow for acknowledging intentional exceptions, which cleans up your dashboard and allows the team to focus on legitimate issues.
 
-And for the most critical part of the workflow—the fix itself—we've integrated our AI agent, **Pulumi Neo**, directly into this view.
+And for the most critical part of the workflow — the fix itself — we've integrated our AI agent, **[Pulumi Neo](https://www.pulumi.com/product/neo/#video)**, directly into this view.
 
 After selecting one or more issues, your team can assign the task to Neo. It will analyze the violations and automatically generate a pull request with the necessary code changes. For unmanaged resources, Neo will even generate the code to import them into Pulumi and apply the fix. This turns a complex manual task into a simple review-and-merge process, allowing your team to finally burn down the backlog.
 
 {{< video title="Managing policy findings in Pulumi Cloud" src="findingsclipblog.mp4" autoplay="false" controls="true" loop="true" >}}
 
-## Conclusion
+## Turning Alerts into Action
 
-Effective governance requires more than just detection; it requires a robust system for managing, prioritizing, and resolving issues at scale. The new Policy Findings hub provides that end-to-end experience. It's a collaborative environment that brings clarity to your compliance posture and provides the tools—including AI-powered assistance—to take decisive action.
+Effective governance goes beyond identifying violations. It requires a structured system that turns every finding into a clear and trackable path to resolution. The new Policy Findings hub provides that end-to-end workflow, from visibility to accountability to automated remediation.
 
-This powerful new experience is available today. Navigate to the **Policies > Findings** tab in the Pulumi Cloud to explore your new compliance dashboard and transform alert fatigue into action.
+By organizing policy data into meaningful views and integrating Pulumi Neo directly into the issue management process, teams can move past alert fatigue and focus on what matters most: fixing problems quickly and maintaining continuous compliance.
+
+This new experience is now available. Navigate to the **Policies > Findings** tab in the Pulumi Cloud to explore your new compliance dashboard and start turning alerts into action.
+
+## Try Pulumi Policies
+
+**Ready to try these features?**
+
+* [Sign up for Pulumi Cloud](https://app.pulumi.com/signup) and start a Neo task  
+* [Read the Get Started guide](/docs/insights/policy/get-started/) to manage compliance across your cloud infrastructure
+* [Join the Community Slack](https://slack.pulumi.com/) to share feedback on the new features
+
+For complete documentation, visit our [Policies documentation](https://www.pulumi.com/docs/insights/policy/).

content/blog/policy-next-gen/index.md

@@ -91,4 +91,12 @@ The age of AI-driven development demands AI-powered governance. With this new ge
 
 This powerful new experience is available today. Navigate to the **Policies** and **Policy Findings** tab in Pulumi Cloud to explore your new governance capabilities and meet the future of platform engineering.
 
-For complete documentation, visit our [Policy documentation](https://www.pulumi.com/docs/insights/policy/).
+## Try Pulumi Policies
+
+**Ready to try these features?**
+
+* [Sign up for Pulumi Cloud](https://app.pulumi.com/signup) and start a Neo task  
+* [Read the Get Started guide](/docs/insights/policy/get-started/) to set up and apply a policy group to stacks and clouds.
+* [Join the Community Slack](https://slack.pulumi.com/) to share feedback on the new features
+
+For complete documentation, visit our [Policies documentation](https://www.pulumi.com/docs/insights/policy/).

content/blog/policy-packs-cis-nist-pci/index.md

@@ -1,10 +1,10 @@
 ---
-title: "Announcing New Compliance Packs for CIS, NIST, and PCI DSS"
+title: "New Compliance Packs for CIS, NIST, and PCI DSS"
 date: 2025-11-05T00:02:00
 authors:
   - luke-ward
   - dan-biwer
-meta_desc: "Launching new, pre-built compliance policy packs for CIS, NIST, and PCI DSS to help organizations accelerate their journey to a secure and compliant cloud."
+meta_desc: "Pulumi pre-built policy packs for CIS v8.1, NIST 800-53 Rev. 5, and PCI DSS v4.0 help teams achieve and maintain cloud compliance in minutes, not months."
 allow_long_title: true
 meta_image: "meta.png"
 tags:
@@ -17,9 +17,11 @@ tags:
   - security
 ---
 
-Achieving compliance with industry standards like CIS, NIST, or PCI DSS is a foundational step for any organization, but it's often a manual, months-long process of interpreting controls and writing policies from scratch. This is a major roadblock to getting your cloud environment into a known, secure state.
+Achieving compliance with industry standards such as **CIS, NIST**, or **PCI DSS** is a foundational step for every organization. Yet for many teams, it's often a manual, months-long process that involves interpreting controls, authoring custom policies, and validating configurations across multiple clouds. These challenges often slow progress toward a known and secure cloud state.
 
-Today, we're changing that. We're excited to launch a new suite of pre-built compliance policy packs for **CIS Controls v8.1**, **NIST SP 800-53 Rev. 5**, and **PCI DSS v4.0**. These packs are your accelerator for the "Get Clean" journey, allowing you to enforce critical security and compliance baselines across your cloud infrastructure in minutes, not months.
+We're changing that. To simplify this journey, Pulumi launched a new suite of **pre-built compliance policy packs** for [CIS Controls v8.1, NIST SP 800-53 Rev. 5, and PCI DSS v4.0](https://www.pulumi.com/docs/insights/policy/policy-packs/pre-built-packs/#available-policy-packs).
+
+These packs are your accelerator for the "**Get Clean**" journey, allowing you to enforce critical security and compliance baselines across your cloud infrastructure **in minutes, not months**.
 
 <!--more-->
 
@@ -28,7 +30,7 @@ Today, we're changing that. We're excited to launch a new suite of pre-built com
 Traditional security tools are reactive, scanning for problems *after* resources have been deployed. With Pulumi, these new compliance packs are the engine for an end-to-end governance lifecycle that integrates directly into your cloud operations.
 
 1. **Audit for Full Coverage:** Run these packs in audit mode to scan your entire cloud estate, including resources managed by Pulumi and those created through other means. This gives you an instant, comprehensive view of your current compliance posture.
-2. **Triage and Remediate:** When a pack finds a violation, the finding appears in the new **Policy Findings hub**. From there, your team can triage, assign, and track the issue through its entire lifecycle. And with our new AI-powered capabilities, you can assign the issue to **Pulumi Neo** to automatically generate a pull request with the fix.
+2. **Triage and Remediate:** When a pack finds a violation, the finding appears in the new **[Policy Findings hub](https://www.pulumi.com/blog/policy-issue-management/)**. From there, your team can triage, assign, and track the issue through its entire lifecycle. And with our new AI-powered capabilities, you can assign the issue to **Pulumi Neo** to automatically generate a pull request with the fix.
 3. **Prevent Non-Compliance:** Once your environment is clean, you use these same packs as preventative guardrails. By running them during `pulumi up`, you block non-compliant resources *before they are ever created*, ensuring you "Stay Clean."
 
 This tri-modal capability—Audit, Remediate, and Prevent—is uniquely powerful, allowing you to fix existing issues while stopping new ones from being introduced.
@@ -56,6 +58,16 @@ Our new policy packs provide extensive, out-of-the-box coverage for some of the
 
 These policy packs are available now and are the perfect way to begin your governance journey with Pulumi.
 
-To get started, head to the **Policies** page in your Pulumi Cloud organization and click on the **All** tab to find these new packs. Add them to an Audit Policy Group and run a scan. Within minutes, you'll see a complete picture of your compliance posture in the **Policy Findings hub**, ready for triage and remediation.
+To get started, head to the **Policies** page in your Pulumi Cloud organization and click on the **All** tab to find these new packs. Add them to an **Audit Policy Group** and run a scan. Within minutes, you'll see a complete picture of your compliance posture in the **Policy Findings hub**, ready for triage and remediation.
+
+Need a compliance pack for a standard that isn't listed here? Please let us know by raising a request on our [GitHub repository](https://github.com/pulumi/pulumi-cloud-requests).
+
+## Try Pulumi Policies
+
+**New to Pulumi? Start your governance journey today.**
+
+* [Sign up for Pulumi Cloud](https://app.pulumi.com/signup) and start compliance task with Neo  
+* [Read the Get Started guide](/docs/insights/policy/get-started/) to apply and manage policies across your cloud infrastructure
+* [Join the Community Slack](https://slack.pulumi.com/) to share feedback on the new features
 
-Need a compliance pack for a standard that isn't listed here? Please let us know by raising a request on our [github repository](https://github.com/pulumi/pulumi-cloud-requests).
+For complete documentation, visit our [Policies documentation](https://www.pulumi.com/docs/insights/policy/).