A security architect is developing documentation for a new cloud environment. The architect needs to create a document that specifies the exact encryption algorithms and key lengths that are mandatory for all data stored in the company's object storage. How should this document be classified within the organization's security governance framework?
A standard is a mandatory directive that defines specific technical requirements, such as required encryption algorithms and key lengths. In the security documentation hierarchy, policies set the high-level goal (e.g., "all data at rest must be encrypted"), while standards provide the enforceable, specific rules to meet that policy. Guidelines are non-mandatory recommendations, and procedures are step-by-step instructions for a task. Because the document specifies mandatory technical controls, it is classified as a standard.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between a policy and a standard?
Open an interactive chat with Bash
Why are encryption algorithms and key lengths important in a standard?
Open an interactive chat with Bash
How are standards enforced within an organization's security governance framework?