I've just recently begun messing around with remediation policy rule sets. Currently I only have 3:
ignore sev 1's and 2's
assign patchable server vulns to server team
assign patchable client vulns to end user services.
I know that each policy is going to be unique to your organization, however, I am currently in that situation where I don't know what I don't know and looking for some ideas that might be applicable to my organization.
Remediation Policies are an excellent tool for answering the following question: "Are my patch teams deploying patches in a timely fashion?"
Obviously different vulnerabilities should have different patching deadlines (e.g., fix all Heartbleed vulnerabilities immediately, but fix other high severity vulnerabilities in 5 days or less).
The idea is to create custom Search Lists that target different groups of vulnerabilities, and then take advantage of the deadline feature in a Remediation Policy to see if the patches are applied according to your service level agreements.
Example: Severity 5 vulns (5days), Severity 4 vulns (7days), Severity 3 vulns (10 days), etc...
You can create a policy for any list of vulnerabilities (Search List) and assign appropriate deadlines for evaluation.
-phil