[CF1] IA revamp: Decouple Policies (#25975)

Author: maxvp

.github/CODEOWNERS

@@ -58,13 +58,13 @@
 /src/content/docs/cloudflare-one/ @ranbel @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/applications/ @kennyj42 @ranbel @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/identity/ @kennyj42 @ranbel @cloudflare/pcx-technical-writing
-/src/content/docs/cloudflare-one/policies/access/ @kennyj42 @ranbel @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-one/access-controls/ @kennyj42 @ranbel @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/team-and-resources/devices/ @ranbel @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/ @nikitacano @ranbel @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/applications/casb/ @maxvp @cloudflare/pcx-technical-writing
-/src/content/docs/cloudflare-one/policies/gateway/ @maxvp @cloudflare/pcx-technical-writing
-/src/content/docs/cloudflare-one/policies/browser-isolation/ @maxvp @ranbel @cloudflare/pcx-technical-writing
-/src/content/docs/cloudflare-one/policies/data-loss-prevention/ @maxvp @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-one/traffic-policies/ @maxvp @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-one/remote-browser-isolation/ @deadlypants1973 @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-one/data-loss-prevention/ @maxvp @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/insights/dex/ @deadlypants1973 @cloudflare/pcx-technical-writing
 /src/content/docs/email-security/ @Maddy-Cloudflare @cloudflare/pcx-technical-writing
 

public/__redirects

@@ -2352,8 +2352,6 @@
 /logs/get-started/enable-destinations/* /logs/logpush/logpush-job/enable-destinations/:splat 301
 /logs/reference/log-fields/* /logs/logpush/logpush-job/datasets/:splat 301
 /speed/optimization/other/* /speed/optimization/ 301
-/cloudflare-one/connections/connect-devices/* /cloudflare-one/team-and-resources/devices/:splat 301
-/cloudflare-one/connections/connect-networks/* /cloudflare-one/networks/connectors/cloudflare-tunnel/:splat 301
 
 # AI Crawl Control
 /ai-audit/* /ai-crawl-control/:splat 301
@@ -2362,7 +2360,6 @@
 /autorag/* /ai-search/:splat 301
 
 # Cloudflare One / Zero Trust
-/cloudflare-one/connections/ /cloudflare-one/ 301
 /cloudflare-one/applications/configure-apps/dash-sso-apps/ /fundamentals/account/account-security/dashboard-sso/ 301
 /cloudflare-one/connections/connect-networks/install-and-setup/tunnel-guide/local/as-a-service/* /cloudflare-one/connections/connect-networks/configure-tunnels/local-management/as-a-service/:splat 301
 /cloudflare-one/connections/connect-apps/install-and-setup/deployment-guides/* /cloudflare-one/connections/connect-networks/deployment-guides/:splat 301
@@ -2384,6 +2381,13 @@
 /cloudflare-one/policies/data-loss-prevention/datasets/* /cloudflare-one/policies/data-loss-prevention/detection-entries/:splat 301
 
 # Cloudflare One nav revamp
+/cloudflare-one/connections/ /cloudflare-one/ 301
+/cloudflare-one/connections/connect-devices/* /cloudflare-one/team-and-resources/devices/:splat 301
+/cloudflare-one/connections/connect-networks/* /cloudflare-one/networks/connectors/cloudflare-tunnel/:splat 301
+/cloudflare-one/policies/gateway/* /cloudflare-one/traffic-policies/:splat 301
+/cloudflare-one/policies/browser-isolation/* /cloudflare-one/remote-browser-isolation/:splat 301
+/cloudflare-one/policies/data-loss-prevention/* /cloudflare-one/data-loss-prevention/:splat 301
+/cloudflare-one/policies/access/* /cloudflare-one/access-controls/policies/:splat 301
 /cloudflare-one/identity/one-time-pin/ /cloudflare-one/integrations/identity-providers/one-time-pin/ 301
 /cloudflare-one/identity/idp-integration/* /cloudflare-one/integrations/identity-providers/:splat 301
 

src/content/changelog/access/2025-04-21-Access-Bulk-Policy-Tester.mdx

@@ -6,6 +6,6 @@ products:
   - access
 ---
 
-The [Access bulk policy tester](/cloudflare-one/policies/access/policy-management/#test-all-policies-in-an-application) is now available in the Cloudflare Zero Trust dashboard. The bulk policy tester allows you to simulate Access policies against your entire user base before and after deploying any changes. The policy tester will simulate the configured policy against each user's last seen identity and device posture (if applicable).
+The [Access bulk policy tester](/cloudflare-one/access-controls/policies/policy-management/#test-all-policies-in-an-application) is now available in the Cloudflare Zero Trust dashboard. The bulk policy tester allows you to simulate Access policies against your entire user base before and after deploying any changes. The policy tester will simulate the configured policy against each user's last seen identity and device posture (if applicable).
 
 ![Example policy tester](~/assets/images/changelog/access/example-policy-tester.png)

src/content/changelog/access/2025-07-01-browser-based-rdp-open-beta.mdx

@@ -6,7 +6,7 @@ products:
   - access
 ---
 
-[Browser-based RDP](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/) with [Cloudflare Access](/cloudflare-one/policies/access/) is now available in open beta for all Cloudflare customers. It enables secure, remote Windows server access without VPNs or RDP clients.
+[Browser-based RDP](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/) with [Cloudflare Access](/cloudflare-one/access-controls/policies/) is now available in open beta for all Cloudflare customers. It enables secure, remote Windows server access without VPNs or RDP clients.
 
 With browser-based RDP, you can:
 

src/content/changelog/access/2025-08-26-access-mcp-oauth.mdx

@@ -6,7 +6,7 @@ products:
   - access
 ---
 
-You can now control who within your organization has access to internal MCP servers, by putting internal MCP servers behind [Cloudflare Access](/cloudflare-one/policies/access/).
+You can now control who within your organization has access to internal MCP servers, by putting internal MCP servers behind [Cloudflare Access](/cloudflare-one/access-controls/policies/).
 
 [Self-hosted applications](/cloudflare-one/applications/configure-apps/mcp-servers/linked-apps/) in Cloudflare Access now support OAuth for MCP server authentication. This allows Cloudflare to delegate access from any self-hosted application to an MCP server via OAuth. The OAuth access token authorizes the MCP server to make requests to your self-hosted applications on behalf of the authorized user, using that user's specific permissions and scopes.
 

src/content/changelog/access/2025-09-22-browser-based-rdp-ga.mdx

@@ -6,9 +6,10 @@ products:
   - access
 ---
 
-[Browser-based RDP](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/) with [Cloudflare Access](/cloudflare-one/policies/access/) is now generally available for all Cloudflare customers. It enables secure, remote Windows server access without VPNs or RDP clients.
+[Browser-based RDP](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/) with [Cloudflare Access](/cloudflare-one/access-controls/policies/) is now generally available for all Cloudflare customers. It enables secure, remote Windows server access without VPNs or RDP clients.
 
 Since we announced our [open beta](/changelog/access/#2025-06-30), we've made a few improvements:
+
 - Support for targets with IPv6.
 - Support for [Magic WAN](/magic-wan/) and [WARP Connector](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/) as on-ramps.
 - More robust error messaging on the login page to help you if you encounter an issue.

src/content/changelog/browser-isolation/2025-03-03-user-action-logging.mdx

@@ -4,7 +4,7 @@ description: User action logs for Remote Browser Isolation
 date: 2025-03-04
 ---
 
-We're excited to announce that new logging capabilities for [Remote Browser Isolation (RBI)](/cloudflare-one/policies/browser-isolation/) through [Logpush](/logs/logpush/logpush-job/datasets/account/) are available in Beta starting today!
+We're excited to announce that new logging capabilities for [Remote Browser Isolation (RBI)](/cloudflare-one/remote-browser-isolation/) through [Logpush](/logs/logpush/logpush-job/datasets/account/) are available in Beta starting today!
 
 With these enhanced logs, administrators can gain visibility into end user behavior in the remote browser and track blocked data extraction attempts, along with the websites that triggered them, in an isolated session.
 

src/content/changelog/browser-isolation/2025-05-01-browser-isolation-overview-page.mdx

@@ -4,11 +4,11 @@ description: A new home page experience for deploying and managing browser isola
 date: 2025-05-01
 ---
 
-A new **Browser Isolation Overview** page is now available in the Cloudflare Zero Trust dashboard. This centralized view simplifies the management of [Remote Browser Isolation (RBI)](/cloudflare-one/policies/browser-isolation/) deployments, providing:
+A new **Browser Isolation Overview** page is now available in the Cloudflare Zero Trust dashboard. This centralized view simplifies the management of [Remote Browser Isolation (RBI)](/cloudflare-one/remote-browser-isolation/) deployments, providing:
 
 - **Streamlined Onboarding:** Easily set up and manage isolation policies from one location.
-- **Quick Testing:** Validate [clientless web application isolation](/cloudflare-one/policies/browser-isolation/setup/clientless-browser-isolation/) with ease.
-- **Simplified Configuration:** Configure [isolated access applications](/cloudflare-one/policies/access/isolate-application/) and policies efficiently.
+- **Quick Testing:** Validate [clientless web application isolation](/cloudflare-one/remote-browser-isolation/setup/clientless-browser-isolation/) with ease.
+- **Simplified Configuration:** Configure [isolated access applications](/cloudflare-one/access-controls/policies/isolate-application/) and policies efficiently.
 - **Centralized Monitoring:** Track aggregate usage and blocked actions.
 
 This update consolidates previously disparate settings, accelerating deployment, improving visibility into isolation activity, and making it easier to ensure your protections are working effectively.

src/content/changelog/browser-isolation/2025-05-13-rbi-saml-post-support.mdx

@@ -6,4 +6,4 @@ date: 2025-05-13
 
 Remote Browser Isolation (RBI) now supports SAML HTTP-POST bindings, enabling seamless authentication for SSO-enabled applications that rely on POST-based SAML responses from Identity Providers (IdPs) within a Remote Browser Isolation session. This update resolves a previous limitation that caused `405` errors during login and improves compatibility with multi-factor authentication (MFA) flows.
 
-With expanded support for major IdPs like Okta and Azure AD, this enhancement delivers a more consistent and user-friendly experience across authentication workflows. Learn how to [set up Remote Browser Isolation](/cloudflare-one/policies/browser-isolation/setup/).
+With expanded support for major IdPs like Okta and Azure AD, this enhancement delivers a more consistent and user-friendly experience across authentication workflows. Learn how to [set up Remote Browser Isolation](/cloudflare-one/remote-browser-isolation/setup/).

src/content/changelog/casb/2024-11-22-cloud-data-extraction-aws.mdx

@@ -6,7 +6,7 @@ date: 2024-11-22
 
 import { Render } from "~/components";
 
-You can now use CASB to find security misconfigurations in your AWS cloud environment using [Data Loss Prevention](/cloudflare-one/policies/data-loss-prevention/).
+You can now use CASB to find security misconfigurations in your AWS cloud environment using [Data Loss Prevention](/cloudflare-one/data-loss-prevention/).
 
 You can also [connect your AWS compute account](/cloudflare-one/applications/casb/casb-integrations/aws-s3/#compute-account) to extract and scan your S3 buckets for sensitive data while avoiding egress fees. CASB will scan any objects that exist in the bucket at the time of configuration.