diff --git a/src/Api/Controllers/PoliciesController.cs b/src/Api/Controllers/PoliciesController.cs
new file mode 100644
index 0000000000..7719bfd2af
--- /dev/null
+++ b/src/Api/Controllers/PoliciesController.cs
@@ -0,0 +1,96 @@
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc;
+using Bit.Core.Repositories;
+using Microsoft.AspNetCore.Authorization;
+using Bit.Core.Models.Api;
+using Bit.Core.Exceptions;
+using Bit.Core.Services;
+using Bit.Core;
+
+namespace Bit.Api.Controllers
+{
+    [Route("organizations/{orgId}/policies")]
+    [Authorize("Application")]
+    public class PoliciesController : Controller
+    {
+        private readonly IPolicyRepository _policyRepository;
+        private readonly CurrentContext _currentContext;
+
+        public PoliciesController(
+            IPolicyRepository policyRepository,
+            CurrentContext currentContext)
+        {
+            _policyRepository = policyRepository;
+            _currentContext = currentContext;
+        }
+
+        [HttpGet("{id}")]
+        public async Task<PolicyResponseModel> Get(string orgId, string id)
+        {
+            var policy = await _policyRepository.GetByIdAsync(new Guid(id));
+            if(policy == null || !_currentContext.OrganizationAdmin(policy.OrganizationId))
+            {
+                throw new NotFoundException();
+            }
+
+            return new PolicyResponseModel(policy);
+        }
+
+        [HttpGet("")]
+        public async Task<ListResponseModel<PolicyResponseModel>> Get(string orgId)
+        {
+            var orgIdGuid = new Guid(orgId);
+            if(!_currentContext.OrganizationManager(orgIdGuid))
+            {
+                throw new NotFoundException();
+            }
+
+            var policies = await _policyRepository.GetManyByOrganizationIdAsync(orgIdGuid);
+            var responses = policies.Select(p => new PolicyResponseModel(p));
+            return new ListResponseModel<PolicyResponseModel>(responses);
+        }
+
+        [HttpPost("")]
+        public async Task<PolicyResponseModel> Post(string orgId, [FromBody]PolicyRequestModel model)
+        {
+            var orgIdGuid = new Guid(orgId);
+            if(!_currentContext.OrganizationAdmin(orgIdGuid))
+            {
+                throw new NotFoundException();
+            }
+
+            var policy = model.ToPolicy(orgIdGuid);
+            //await _groupService.SaveAsync(group, model.Collections?.Select(c => c.ToSelectionReadOnly()));
+            return new PolicyResponseModel(policy);
+        }
+
+        [HttpPut("{id}")]
+        [HttpPost("{id}")]
+        public async Task<PolicyResponseModel> Put(string orgId, string id, [FromBody]PolicyRequestModel model)
+        {
+            var policy = await _policyRepository.GetByIdAsync(new Guid(id));
+            if(policy == null || !_currentContext.OrganizationAdmin(policy.OrganizationId))
+            {
+                throw new NotFoundException();
+            }
+
+            //await _groupService.SaveAsync(model.ToPolicy(policy));
+            return new PolicyResponseModel(policy);
+        }
+
+        [HttpDelete("{id}")]
+        [HttpPost("{id}/delete")]
+        public async Task Delete(string orgId, string id)
+        {
+            var policy = await _policyRepository.GetByIdAsync(new Guid(id));
+            if(policy == null || !_currentContext.OrganizationAdmin(policy.OrganizationId))
+            {
+                throw new NotFoundException();
+            }
+
+            //await _groupService.DeleteAsync(policy);
+        }
+    }
+}
diff --git a/src/Core/Models/Api/Request/PolicyRequestModel.cs b/src/Core/Models/Api/Request/PolicyRequestModel.cs
new file mode 100644
index 0000000000..3bbdc9539a
--- /dev/null
+++ b/src/Core/Models/Api/Request/PolicyRequestModel.cs
@@ -0,0 +1,33 @@
+using System;
+using System.ComponentModel.DataAnnotations;
+using Bit.Core.Models.Table;
+using Newtonsoft.Json;
+using System.Collections.Generic;
+
+namespace Bit.Core.Models.Api
+{
+    public class PolicyRequestModel
+    {
+        [Required]
+        public Enums.PolicyType? Type { get; set; }
+        [Required]
+        public bool? Enabled { get; set; }
+        public Dictionary<string, object> Data { get; set; }
+
+        public Policy ToPolicy(Guid orgId)
+        {
+            return ToPolicy(new Policy
+            {
+                Type = Type.Value,
+                OrganizationId = orgId
+            });
+        }
+
+        public Policy ToPolicy(Policy existingPolicy)
+        {
+            existingPolicy.Enabled = Enabled.GetValueOrDefault();
+            existingPolicy.Data = Data != null ? JsonConvert.SerializeObject(Data) : null;
+            return existingPolicy;
+        }
+    }
+}
diff --git a/src/Core/Models/Api/Response/PolicyResponseModel.cs b/src/Core/Models/Api/Response/PolicyResponseModel.cs
new file mode 100644
index 0000000000..b1021f8bfc
--- /dev/null
+++ b/src/Core/Models/Api/Response/PolicyResponseModel.cs
@@ -0,0 +1,35 @@
+using System;
+using System.Collections.Generic;
+using Bit.Core.Enums;
+using Bit.Core.Models.Table;
+using Newtonsoft.Json;
+
+namespace Bit.Core.Models.Api
+{
+    public class PolicyResponseModel : ResponseModel
+    {
+        public PolicyResponseModel(Policy policy, string obj = "policy")
+            : base(obj)
+        {
+            if(policy == null)
+            {
+                throw new ArgumentNullException(nameof(policy));
+            }
+
+            Id = policy.Id.ToString();
+            OrganizationId = policy.OrganizationId.ToString();
+            Type = policy.Type;
+            Enabled = policy.Enabled;
+            if(!string.IsNullOrWhiteSpace(policy.Data))
+            {
+                Data = JsonConvert.DeserializeObject<Dictionary<string, object>>(policy.Data);
+            }
+        }
+
+        public string Id { get; set; }
+        public string OrganizationId { get; set; }
+        public PolicyType Type { get; set; }
+        public Dictionary<string, object> Data { get; set; }
+        public bool Enabled { get; set; }
+    }
+}