Can we create single security policy in ASM for multiple applications?

In addition to what the others said, my answer would be yes but with some caveats. I have a single security policy in front of hundreds of VS's / applications, however, each application is simply a unique installation of our custom SIS application for varying customers. Code base is the same, signature requirements are identical, and any variations in parameters, etc learned from a connection to Customer A's instance may also be application to Customer B, and so on. Even if they are not there is not enough variation to justify the added work of maintaining unique policies for each customer VS. My plan is that should something pop up necessitating a unique configuration for a specific customer, then I'll move to a unique policy for that customer only. There are probably several ways to go about this but what I'm doing works well for us.