The high-level policy for the security services that are to be supported by a computer for protecting its applications, stored data, and communications, and the rules to be followed in verifying user identities and authorizing their requests before they are granted.
Sources:
NIST SP 800-152
under Computer Security Policy