Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

security policy

Definitions:

  A set of criteria for the provision of security services.
Sources:
CNSSI 4009-2015
NIST SP 800-137 under Security Policy from CNSSI 4009
NIST SP 800-30 Rev. 1 under Security Policy from CNSSI 4009
NIST SP 800-39 under Security Policy from CNSSI 4009
NIST SP 800-53 Rev. 5
NIST SP 800-57 Part 2 Rev.1 under Security policy

  The statement of required protection for the information objects.
Sources:
NIST SP 800-192 under Security Policy
NISTIR 7316 under Security Policy

  A set of rules that governs all aspects of security-relevant system and system component behavior.
Sources:
NIST SP 800-53 Rev. 5

  A set of rules that governs all aspects of security-relevant system and system element behavior.
Sources:
NIST SP 800-160v1r1

  Security policies define the objectives and constraints for the security program. Policies are created at several levels, ranging from organization or corporate policy to specific operational constraints (e.g., remote access). In general, policies provide answers to the questions “what” and “why” without dealing with “how.” Policies are normally stated in terms that are technology-independent.
Sources:
NIST SP 800-82r3