You can review the Policies with the included Policy Manager tool. This offers several Views for the available checks, including Severity view, threat Classes view, and Attack Groups (the most granular). There is also a Search function with permits you to mine select items within the attack database.
Each Policy is a general template of the available attacks that will be used during your scan. The Standard policy is a good balance between Speed and Thoroughness, attacking both the Platform and the Application. You cold save scan time by using the Application Only or the Platform Only policy. The Criticals and Highs can be thought of as the "upper half" of the Standard policy. Browsing through the other Policies, you can understand how they may be different from these. Each one also offers a Description when you open it in the Policy Manager.
If you just want to know all the checks enabled, there is no direct method. You might open the Securebase file with SQL Studio and query it, or run an interrupted Audit-Only scan using the All Checks policy and then generate an Attack Status report to list everything enabled.
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify