What is Standards?

Understanding Standards

Specific mandates explicitly stating expectations of performance or conformance. Standards are detailed specific requirements that must be met to achieve consistent security implementation. They are more prescriptive than policies providing measurable criteria for compliance and serving as the basis for auditing and assessment. Standards supplement policies by defining how policy objectives will be achieved. Standards are integral to frameworks like ISO 27001 NIST SP 800-53 PCI DSS and various regulatory requirements. Organizations implement standards through detailed documentation configuration requirements processes specifications and compliance verification mechanisms. For example an organization might establish a password standard that specifies minimum length 12 characters complexity requirements upper/lower case numbers special characters expiration policy 90 days history restrictions no reuse of last 24 passwords and lockout thresholds 5 failed attempts providing specific measurable criteria for implementing the broader authentication policy. Related terms Policy Guidelines Procedures Compliance Baseline Configuration standards Security requirements Control implementation.