Home Page Security Policies NIST SP 800-53 NIST SP 800-34
ENTERPRISE ASSURANCE PORTAL
POLICY and STANDARDS
Every organization must have a clearly defined and centrally managed IT security policy!  Policies address access controls, permissions, accountability, identification, authentication, and assurance from an information technology (IT) security perspective.  Centrally managed policies and standards ensure that mechanisms used to enforce security requirements are cognizant of each other and work well together. If policies and standards are not easily accessed, understood, and maintained, then what good are they?

Security Policy:
  What is and is not  permitted during the operation of a system or application.  Policies are developed to control the actions of subjects and their behavior.

Security Standards:  Where policies focus on what is expected from global perspective, standards, through control objectives, specify how policies will be implemented and/or enforced. 

EAP provides, in content-rich, ready-to-publish web pages, comprehensive security policies and standards that comply with National Institute of Standards and Technology (NIST) Guidelines, ISO 27002 Standards, and Industry Best Practices on-line in easily accessed web pages.