U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

security policy

Definition(s):

  A set of criteria for the provision of security services.
Source(s):
CNSSI 4009-2015 from NIST SP 800-53 Rev. 4
NIST SP 800-53 Rev. 5
NIST SP 800-137 under Security Policy from CNSSI 4009
NIST SP 800-30 Rev. 1 under Security Policy from CNSSI 4009
NIST SP 800-39 under Security Policy from CNSSI 4009
NIST SP 800-57 Part 2 Rev.1 under Security policy
NIST SP 800-37 Rev. 1 [Superseded] under Security Policy from CNSSI 4009
NIST SP 800-53 Rev. 4 [Superseded] under Security Policy from CNSSI 4009

  Security policies define the objectives and constraints for the security program. Policies are created at several levels, ranging from organization or corporate policy to specific operational constraints (e.g., remote access). In general, policies provide answers to the questions “what” and “why” without dealing with “how.” Policies are normally stated in terms that are technology-independent.
Source(s):
NIST SP 800-82 Rev. 2 under Security Policy from ISA99

  A set of rules that governs all aspects of security-relevant system and system element behavior. Note 1: System elements include technology, machine, and human, elements. Note 2: Rules can be stated at very high levels (e.g., an organizational policy defines acceptable behavior of employees in performing their mission/business functions) or at very low levels (e.g., an operating system policy that defines acceptable behavior of executing processes and use of resources by those processes).
Source(s):
NIST SP 800-160 Vol. 1

  The statement of required protection for the information objects.
Source(s):
NIST SP 800-192 under Security Policy
NISTIR 7316 under Security Policy

  A set of rules that governs all aspects of security-relevant system and system element behavior. Note 1:  System elements include technology, machine, and human, elements. Note 2: Rules can be stated at very high levels (e.g., an organizational policy defines acceptable behavior of employees in performing their mission/business functions) or at very low levels (e.g., an operating system policy that defines acceptable behavior of executing processes and use of resources by those processes).
Source(s):
NIST SP 800-160 Vol. 1

  A set of rules that governs all aspects of security-relevant system and system component behavior.
Source(s):
NIST SP 800-53 Rev. 5 from NIST SP 800-160 Vol. 1 - Adapted

  The statement of required protection of the information objects.
Source(s):
NIST SP 800-27 Rev. A [Withdrawn]
NIST SP 800-33 [Withdrawn]

  Defines the threats that a system shall address and provides high-level mechanisms for addressing those threats.
Source(s):
NIST SP 800-57 Part 2 [Superseded] under Security policy