A set of criteria for the provision of security services.
Sources:
CNSSI 4009-2015
NIST SP 800-137
under Security Policy
from
CNSSI 4009
NIST SP 800-175A
NIST SP 800-30 Rev. 1
under Security Policy
from
CNSSI 4009
NIST SP 800-39
under Security Policy
from
CNSSI 4009
NIST SP 800-53 Rev. 5
NIST SP 800-57 Part 2 Rev.1
under Security policy
The statement of required protection for the information objects.
Sources:
NIST SP 800-192
under Security Policy
NISTIR 7316
under Security Policy
A set of rules that governs all aspects of security-relevant system and system component behavior.
Sources:
NIST SP 800-53 Rev. 5
A set of rules that governs all aspects of security-relevant system and system element behavior.
Sources:
NIST SP 800-160v1r1
Security policies define the objectives and constraints for the security program. Policies are created at several levels, ranging from organization or corporate policy to specific operational constraints (e.g., remote access). In general, policies provide answers to the questions “what” and “why” without dealing with “how.” Policies are normally stated in terms that are technology-independent.
Sources:
NIST SP 800-82r3