A policy that outlines an organization’s internal and external requirements associated with training personnel, exercising IT plans, and testing IT components and systems.
Sources:
NIST SP 800-84