CISSP Study Guide: Security Policy Implementation

Standards, guidelines, and procedures comprise three elements of policy implementation. They present the specifics of the policy, how they should be applied, and what standards and procedures should be practiced.

Standards are itemized procedures applied in order to satisfy a policy requirement but do not define the method of implementation.

Guidelines are instructions or suggestions of how policies or procedures should be implemented. They usually allow some flexibility for situations that require adjustments within policy boundaries.

Procedures are the most definitive security documents. They outline specific step-by-step applications of secure configurations to meet policy requirements. These documents incorporate certain technologies and devices used and the wording may change in tandem with equipment upgrades or changes.