Alejandro,
Please refer to CA API Developer Portal v3.0 Setup and Integration Guide, Appendix K: Policy Templates and Encapsulated Assertions (or here: https://wiki.ca.com/display/APIDP/Policy+Templates+and+Encapsulated+Assertions
Basically, the idea is that you can allow your API Owners to publish their APIs using standard, approved security policy (for example), but still add in their API-specific information at publication time. For example, you might create a Policy Template that specifies the API will use OAuth2; implicit grant type, but allows the API Owner to specify whether the API requires HTTPs or not.
To create a Policy Template on the Portal, you have to first create an Encapsulate Assertion on the Gateway, and then add the "Set as Portal Publishable Fragment" assertion to it. It will then show up in the Policy Template dropdown on the Portal. For more information on how to create an encapsulated assertion, refer to https://wiki.ca.com/display/GATEWAY83/Encapsulated+Assertions