Procedures

Procedures are step-by-step mandatory guidance that is created in support of the policy. These documents help to ensure that repeatable/consistent processes exist to technically implement policy.

Procedures are designed to answer three questions:

• How should a particular activity be performed?
  • Account creation, password reset, or firewall rule change
• When should that activity be performed?
  • Hourly, daily, weekly, or monthly
• Who should perform the activity?
  • System administrator, network administrator, or incident responder