No, it is not a legal requirement to have a cookie policy. However, if your site uses cookies and is subject to comply with the GDPR or CCPA, you need to explain your use of cookies in your privacy policy.
You’re subject to comply with the CCPA if you have consumers in California, and you’re subject to comply with the GDPR if you have users in Europe. Both laws require you to explain how you use cookies and what cookies you use.