<aside> <img src="/icons/drafts_gray.svg" alt="/icons/drafts_gray.svg" width="40px" /> Standards provide a framework for implementing security measures, ensuring that all aspects of an organization’s security posture are addressed

</aside>

Password Standards

• Define password complexity and management
• Include length, character types, regular changes, and password reuse rules
• Emphasize password hashing and salting for security

Access Control Standards

• Determine who has access to resources within an organization
• Include access control models like
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Role-Based Access Control (RBAC)
• Enforce principles of least privilege and separation of duties

Physical Security Standards

• Cover physical measures to protect assets and information
• Includes controls like perimeter security, surveillance systems, and access control mechanisms
• Address environment controls and secure areas for sensitive information

Encryption Standards

• Ensure data remains secure and unreadable even if accessed without authorization
• Include encryption algorithms like AES, RSA, and SHA-2
• Depends on the use case and balance between security and performance