The policy check is mostly effective for checking global configuration items ... simple snippets of code that appear once, anywhere. Regular Expressions are OK for simple substitution, but really cumbersome beyond.
So, are there plans for the ability to do greater levels of conditional checks against the configs, or more intelligence to allow interface-level parsing. This would allow for easy policy verification of things like configuration of BPDU Guard on all access ports, etc.