Governance and Policy
MediumFind each governance or policy concept hidden in the grid.
12 terms · Choose how you want to study
New to the CompTIA Security+ exam? Read our how-to-pass guide →
Study modes
- Word Search Hunt hidden terms in a grid, then unlock each definition.
- Flashcards Spaced-repetition recall — graded cards that resurface right before you forget.
- Quiz Multiple-choice practice in real exam format, with instant feedback.
Terms in this set
- Policy High-level management directives that set security expectations and requirements.
- Procedure Step-by-step instructions for performing a specific task in a repeatable way.
- Standard Mandatory rules that implement a policy — e.g., minimum password length, approved cipher suites.
- Guideline Recommended, non-mandatory practices that help implement policy.
- Framework A structured set of controls and processes used to organize a security program.
- NIST The U.S. National Institute of Standards and Technology — publishes widely used security frameworks.
- ISO The International Organization for Standardization — publishes ISO/IEC 27001, the global ISMS standard.
- PCI PCI DSS — security requirements for organizations that store, process, or transmit cardholder data.
- GDPR EU General Data Protection Regulation — privacy rights for EU data subjects with global reach.
- HIPAA U.S. law requiring privacy and security safeguards for protected health information.
- SOX Sarbanes-Oxley Act — U.S. law requiring internal controls over financial reporting for public companies.
- Audit Independent review of controls against a standard or framework to assess effectiveness.