tactical documentsthat define steps or methods to accomplish the goals and overall direction defined by the security policies.
- They define compulsory requirements for homogeneous use of software hardware and security controls.
- Provides for a uniform implementation throughout an organization.
Defines a minimum level of security that every system within the organization should meet.
- Establishes a common foundational secure state on which additional measures can be built.
- Additional layers are more stringent and as per the organization needs.
- Often are system specific and pertinent to an industry or government standard.
Recommends how standards and baselines should be implemented to serve as an operational guide for both security professionals and end users.
- They are flexible
- Stares security mechanisms rather than specific products and settings.
- Not compulsory
- Outline methodologies
The purpose of procedure is to ensure integrity of business process. It helps in standardization of security across systems in an organization.