In the context of security program management, what type of document typically specifies the minimum technical requirements for user password complexity within an organization?
Standards are documents that define the technical requirements and are designed to be used consistently as rules. Policies provide high-level overall plans that embrace the general goals and directives of an organization, but they do not delve into specifics. Guidelines suggest a course of action for meeting policies and standards but are not mandatory. Procedures are detailed instructions on how to perform a particular task.