A policy is
[t]he principles and values that guide the performance of a duty. A policy is not a statement of what must be done in a particular situation. Rather, it is a statement of guiding principles that should be followed in activities that are directed toward the attainment of goals.
a high level, strategic statement, authorized by the executive management that dictates what type of position the organization has taken on specific issues.
[g]uidance that is directive or instructive, stating what is to be accomplished. It reflects a conscious choice to pursue certain avenues, and not others. Policies may change due to changes in national leadership, political considerations, or for fiscal reasons.
[s]tatements, rules or assertions that specify the correct or expected behavior of an entity. For example, an authorization policy might specify the correct access control rules for a software component.
- NIST Special Publication 800-18, at 33.
- Information Technology Security Handbook, Annex 1, Glossary.
- Information Security Guide 2 - Glossary.
- U.S. Department of Justice, Minimum Criminal Intelligence Training Standards for Law Enforcement and Other Criminal Justice Agencies in the United States 43 (Ver. 2) (Oct. 2007) (full-text).
- Newfoundland-Labrador, Office of the Chief Information Officer, Information Management and Information Protection Glossary of Terms (full-text).
- NSTAC Report to the President on Cloud Computing, at C-4.
- Air Force Supplement to the Department of Defense Dictionary of Military and Associated Terms, at 51.
- NISTIR 7621 Rev. 1, at A-3.
- Acceptable Use Policy
- Capstone Policies
- Competition policy
- Cybersecurity policy
- Dig once policy
- Foreign policy
- Industrial policy
- Information policy
- Issue-specific policy
- Policies and procedures
- Program policy
- Public policy
- Security policy
- Spectrum policy
- System-specific policy
- Technology policy
- Telecommunications policy