# Policy

Creating a set of cybersecurity policies can be a daunting task. Policies help set a baseline, provide technical and behavioral guidance, and define technical measures. They may also be dependent on different laws, regulations, or compliance frameworks. 

Where do you even begin? The resources below are great starting points, but not an end-all. Remember that cybersecurity policies must be specifically tailored to the organization.

* [SANS](https://www.sans.org/information-security-policy/)
* [CIS Center for Internet Security](https://www.cisecurity.org/-/jssmedia/Project/cisecurity/cisecurity/data/media/files/uploads/2021/11/NIST-Cybersecurity-Framework-Policy-Template-Guide-v2111Online.pdf)
* [PurpleSec](https://purplesec.us/resources/cyber-security-policy-templates/#Acceptable)
* [Virginia IT Agency](https://www.vita.virginia.gov/policy--governance/policies-standards--guidelines/it-security-policy--procedure-templates/)
* [Schneider Downs](https://www.schneiderdowns.com/cybersecurity/infosec-policy-templates)
* [FRSecure](https://frsecure.com/acceptable-use-policy-template/)
* <https://cyberpolicies.io/>