Fandom

The IT Law Wiki

Program policy

32,195pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definition Edit

Security Edit

A program policy is

a high-level policy that sets the overall tone of an organization's security approach.[1]
what management uses to create an organization's security program. It is high-level, comprehensive, and unlikely to need frequent updating.[2]

Overview Edit

U.S. government Edit

In a Federal agency, the formulation of program policy must proceed within the framework of existing laws, regulations, and Executive Branch policies, including the Computer Security Act of 1987; OMB Circular A-130, Management of Federal Resources, particularly OMB Circular A-130, Appendix III, Security of Federal Automated Information Resources; and PDD-63, Protecting America's Critical Infrastructures. It must also be guided by the agency's mission statement and organizational structure.

Program policy development and promulgation is the responsibility of senior management and should take place under the direction of the agency head or senior administration official responsible for the agency. The components of an adequate program policy include the following:

References Edit

  1. SANS Glossary of Security Terms.
  2. NIST Special Publication 800-18, at 33-34.

Source Edit

Also on Fandom

Random Wiki