Policy Standards and Guidelines

A policy is typically a document that outlines specific requirements or rules that must be met. In the information/network security realm, policies are usually point-specific, covering a single area. For example, an "Acceptable Use" policy would cover the rules and regulations for appropriate use of the computing facilities.

A standard is typically collections of system-specific or procedural-specific requirements that must be met by everyone.

A guideline is typically a collection of system-specific or procedural-specific suggestions for best practice. They are not requirements to be met, but are strongly recommended. The university's security policies make frequent references to standards and guidelines that exist within an organization.