Given the critical decisions?that must be made in an?environment of evolving cyber?threats, cybersecurity standards?are the crucial means by which?an enterprise ensures its?security strategy and policies?are implemented in a consistent?and measurable manner.

In this?paper, we describe the role?of cybersecurity standards in?the larger IT context, and offer?best practices for establishing?a cybersecurity standards?framework and managing?compliance. While this paper?focuses on standards related to?IT security and privacy, physical?security standards also play an?important parallel role. In many?cases, the basic principles?outlined in this paper can be?applied to physical security as?well.