Aggregate of directives, regulations, rules, and practices that prescribes how an organization manages, protects, and distributes information.

Source: NIST SP 800-12 Rev. 1 | Category: