That means that IT pros can set securityparameters as strict as needed per corporate policies, but users still have the freedom to dilly dally at their time wasting websites of choice.
What they are giving you is generally going to be asset categories, unless they have the specific return-and-risk parameters for every security in the portfolio.