Last Updated: 10/7/2024
Frameworks, standards, policies, and regulations are all used to describe rules and requirements that organizations or individuals must follow:
Frameworks
Provide a structured approach to address objectives, and may include standards, guidelines, and tools. Frameworks are flexible and can be customized to achieve specific goals.
Standards
Provide specifications or characteristics that can be used consistently to ensure products, processes, and services are fit for their purpose. Standards are generally voluntary and can be adapted to an organization’s unique circumstances.
Policies
Establish the basis of behavior in an organization, such as data privacy and security. Policies are statements from responsible decision-makers about how to protect an organization’s data assets.
Regulations
Provide detailed guidance and requirements for compliance, with limited flexibility in interpretation or implementation. Regulations often include language about penalties.
Compliance is the act of following the rules or requirements set forth by standards, frameworks, laws, regulations, or other authorities.
NIST
• 800-115 – Technical Guide to Information Security Testing and Assessment
