SANS Sample Security Policies
Policy templates for twenty-four important security requirements.
Server Security Policy
Defines standards for minimal security configuration for servers inside the organization's production network, or used in a production capacity.
Third Party Connection Agreement
Sample agreement for establishing a connection to an external party.
University of Colorado Email Policy
This administrative policy statement sets forth the University's policy with regard to use of, access to, and disclosure of electronic mail to assist in ensuring that the University's resources serve those purposes.
Virtual Private Network Policy
Defines the requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization's network.
Wireless Communication Policy
Sample policy controlling the use of unsecured wireless communications technology.
Acceptable Encryption Policy
Defines requirements for encryption algorithms used within the organization. [PDF]
Acceptable Use Policy
Defines acceptable use of equipment and computing services, and the appropriate employee security measures to protect the organization's corporate resources and proprietary information. [PDF]
Acceptable Use Policy Report
This is a report on the Acceptable Usage Policy: what corporations expect of it, an instance of a commercially used policy, and a framework for creating your own policy.
Acquisition Assessment Policy
Defines responsibilities regarding corporate acquisitions, and defines the minimum requirements of an acquisition assessment to be completed by the information security group. [PDF]
Analog/ISDN Line Policy
Defines standards for use of analog/ISDN lines for Fax sending and receiving, and for connection to computers. [PDF]
Anti-Virus Guidelines
Defines guidelines for effectively reducing the threat of computer viruses on the organization's network.
Application Service Provider Policy
Defines minimum security criteria that an ASP must execute in order to be considered for use on a project by the organization.
Application Service Provider Standards
Sample set of minimum security standards that an application service provider must meet to be considered for use by a corporation.
Audit Policy
Defines the requirements and provides the authority for the information security team to conduct audits and risk assessments to ensure integrity of information/resources, to investigate incidents, to ensure conformance to security policies, or to monitor user/system activity where appropriate.
Automatically Forwarded Email Policy
Documents the requirement that no email will be automatically forwarded to an external destination without prior approval from the appropriate manager or director.
Company Email Policy
Every company needs to establish a policy regarding use of and access to company email systems -- and then tell all employees what its policy is.
Computing Policies
The electronic resource usage and security policy for the University of Pennsylvania.
Database Password Policy
Defines requirements for securely storing and retrieving database usernames and passwords.
Dial-in Access Policy
Sample policy controlling the use of dial-in connection to corporate networks.
Results: Previous 1 2 3 4 5 6 Next