1. The overall principles, regulations, requirements, and/or procedures which govern security as expressed by a responsible security authority: Examples: National security policy, Departmental security policy. Note: Responsibility for security may be delegated by Departmental Security Officers to System Managers in accordance with a System Security Policy. 2. A set of rules that specify the procedures and mechanisms required to maintain the security of a system, and the security objects and the security subjects under the purview of the policy. 3. A set of rules which define and constrain the types of security- relevant activities of entities. 4. The set of criteria for the provision of security services (see also identity-based and rule-based security policy. ) Note: A complete security policy will necessarily address many concerns which are outside the scope of OSI. 5. See Corporate Security Policy, System Security Policy, Technical Security Policy. 6. The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. 7. The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information.