diff --git a/src/main/java/org/dependencytrack/resources/v1/PolicyResource.java b/src/main/java/org/dependencytrack/resources/v1/PolicyResource.java
index 4a47d08578..d098366bc5 100644
--- a/src/main/java/org/dependencytrack/resources/v1/PolicyResource.java
+++ b/src/main/java/org/dependencytrack/resources/v1/PolicyResource.java
@@ -124,9 +124,17 @@ public Response createPolicy(Policy jsonPolicy) {
         try (QueryManager qm = new QueryManager()) {
             Policy policy = qm.getPolicy(StringUtils.trimToNull(jsonPolicy.getName()));
             if (policy == null) {
+                Policy.Operator operator = jsonPolicy.getOperator();
+                if (operator == null) {
+                    operator = Policy.Operator.ANY;
+                }
+                Policy.ViolationState violationState = jsonPolicy.getViolationState();
+                if (violationState == null) {
+                    violationState = Policy.ViolationState.INFO;
+                }
                 policy = qm.createPolicy(
                         StringUtils.trimToNull(jsonPolicy.getName()),
-                        Policy.Operator.ANY, Policy.ViolationState.INFO);
+                        operator, violationState);
                 return Response.status(Response.Status.CREATED).entity(policy).build();
             } else {
                 return Response.status(Response.Status.CONFLICT).entity("A policy with the specified name already exists.").build();
diff --git a/src/test/java/org/dependencytrack/resources/v1/PolicyResourceTest.java b/src/test/java/org/dependencytrack/resources/v1/PolicyResourceTest.java
index 80ce7cdb5e..0fac91a447 100644
--- a/src/test/java/org/dependencytrack/resources/v1/PolicyResourceTest.java
+++ b/src/test/java/org/dependencytrack/resources/v1/PolicyResourceTest.java
@@ -116,6 +116,50 @@ public void createPolicyTest() {
         assertThat(json.getBoolean("includeChildren")).isEqualTo(false);
     }
 
+    @Test
+    public void createPolicySpecifyOperatorAndViolationStateTest() {
+        final Policy policy = new Policy();
+        policy.setName("policy");
+        policy.setOperator(Policy.Operator.ALL);
+        policy.setViolationState(Policy.ViolationState.FAIL);
+
+        final Response response = target(V1_POLICY)
+                .request()
+                .header(X_API_KEY, apiKey)
+                .put(Entity.entity(policy, MediaType.APPLICATION_JSON));
+
+        assertThat(response.getStatus()).isEqualTo(201);
+
+        final JsonObject json = parseJsonObject(response);
+        assertThat(json).isNotNull();
+        assertThat(json.getString("name")).isEqualTo("policy");
+        assertThat(json.getString("operator")).isEqualTo("ALL");
+        assertThat(json.getString("violationState")).isEqualTo("FAIL");
+        assertThat(UuidUtil.isValidUUID(json.getString("uuid")));
+        assertThat(json.getBoolean("includeChildren")).isEqualTo(false);
+    }
+
+    @Test
+    public void createPolicyUseDefaultValueTest() {
+        final Policy policy = new Policy();
+        policy.setName("policy");
+
+        final Response response = target(V1_POLICY)
+                .request()
+                .header(X_API_KEY, apiKey)
+                .put(Entity.entity(policy, MediaType.APPLICATION_JSON));
+
+        assertThat(response.getStatus()).isEqualTo(201);
+
+        final JsonObject json = parseJsonObject(response);
+        assertThat(json).isNotNull();
+        assertThat(json.getString("name")).isEqualTo("policy");
+        assertThat(json.getString("operator")).isEqualTo("ANY");
+        assertThat(json.getString("violationState")).isEqualTo("INFO");
+        assertThat(UuidUtil.isValidUUID(json.getString("uuid")));
+        assertThat(json.getBoolean("includeChildren")).isEqualTo(false);
+    }
+
     @Test
     public void updatePolicyTest() {
         final Policy policy = qm.createPolicy("policy", Policy.Operator.ANY, Policy.ViolationState.INFO);