A security architect is developing documentation for a new cloud environment. The architect needs to create a document that specifies the exact encryption algorithms and key lengths that are mandatory for all data stored in the company's object storage. How should this document be classified within the organization's security governance framework?
A standard is a mandatory directive that defines specific technical requirements, such as required encryption algorithms and key lengths. In the security documentation hierarchy, policies set the high-level goal (e.g., "all data at rest must be encrypted"), while standards provide the enforceable, specific rules to meet that policy. Guidelines are non-mandatory recommendations, and procedures are step-by-step instructions for a task. Because the document specifies mandatory technical controls, it is classified as a standard.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is FIPS 140-3 and why is it important for encryption?
Open an interactive chat with Bash
What is NIST SP 800-53 and how does it relate to encryption?
Open an interactive chat with Bash
What are the consequences of not adhering to encryption standards like FIPS 140-3 or NIST SP 800-53?