The default staging period is 7 days. After that period expires, any signatures which were not triggered will be moved to the "Ready to be Enforced" section of the Enforcement Readiness Summary Screen (Application Security: Policy Building: Enforcement Readiness.) If you built your policy using the manual method, you will have to enforce the signatures yourself. "Enforce" means that the signatures will be removed from staging. If you use the automatic method, then ASM will enforce them for you. You can check the staging status of each signature by viewing them in the Attack Signature List.