Each one of the 30 built-in rules can be switched "ON" or "OFF" according to your needs. Once a rule is disabled or enabled, it will automatically propagate to all CLI invocations that are connected to that policy (via account token) and executed. This way, the policy owner doesn't need to manually update all the devices connected to this policy.
To help the policy owner to educate the policy consumers (e.g. developers, teammates, etc.), why and how they should fix their misconfigurations, the text that is shown in the CLI, when a rule is failing, is editable.