Identify the Best Framework for Your Security Policies

Leverage policies based on NIST, ISO, or other procedural-based documents.

View Storyboard

Your Challenge

Leverage Info-Tech’s Develop and Deploy Security Policies blueprint to build a comprehensive policy program, from acquiring buy-in to policy development to communication and maintenance of the program.
Use this storyboard and associated templates to develop policies for the framework that fits your needs.

Our Advice

Critical Insight

Policies don’t make your organization compliant. However, aligning the policy development with a relevant framework and implementing the controls and requirements that have been documented are critical steps in achieving compliance.

Impact and Result

Understand your policy framework and develop the security policies that align with compliance and regulatory requirements.
Save time by customizing our policy templates to ensure comprehensive coverage.

1. Identify the best framework for your security policies

Understand the benefits of various frameworks to develop your security policy suite.

Identify the Best Framework for Your Security Policies Storyboard

2. Develop security policies aligned with the NIST SP 800-171 framework

If the NIST framework fits your needs, customize the templates for a comprehensive policy suite.

Access Control Policy – NIST

Security Awareness Training Policy – NIST

Audit and Accountability Policy – NIST

System Configuration Management Policy – NIST

Identification and Authentication Policy – NIST

Incident Response Policy – NIST

System Maintenance Policy – NIST

Media Protection Policy – NIST

Personnel Security Policy – NIST

Physical Protection Policy – NIST

Risk Assessment Policy – NIST

Security Assessment Policy – NIST

System and Communications Security Policy – NIST

System and Information Integrity Policy – NIST

3. Develop security policies aligned with the ISO 27001 framework

If the ISO framework fits your needs, customize the templates for a comprehensive policy suite.

Human Resources Security Policy – ISO

Asset Management Policy – ISO

Access Control Policy – ISO

Cryptography Policy – ISO

Physical and Environmental Policy – ISO

Operations Security Policy – ISO

Communications Security Policy – ISO

System Acquisition, Development, and Maintenance Security Policy – ISO

Security in Supplier Relationships Policy – ISO

Security Incident Management Policy

Information Security Aspects of Business Continuity Management Policy – ISO

Compliance Policy – ISO

4. Develop other procedural-based security policies

Leverage lower-level policy templates to develop procedures for specific security topics.

Security Awareness Training Procedural Policy

Identity and Access Management Procedural Policy

Data Protection Procedural Policy

Media Protection Procedural Policy

Password Procedural Policy

Account Management Procedural Policy

System Configuration Procedural Policy

Systems Maintenance Procedural Policy

System Change Control Procedural Policy

Systems Monitoring and Auditing Procedural Policy

Application Security Procedural Policy

Incident Response Procedural Policy

Contingency Planning Procedural Policy

Security Assessment Procedural Policy

Risk Assessment Procedural Policy

Talk to an Analyst

Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.

Book an Analyst Call on this topic.

You can start as early as tomorrow morning. Our analysts will explain the process in your first call.

Get advice from a subject matter expert.

Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and setting the direction for your next project step.