Rack of Ethernet switches.

Other Organizations' Infosec Policies

Cybersecurity Policies

Government agencies and corporations generally consider their policies as sensitive information, and so they do not let outsiders see them. It makes sense at that least some of an organization's policy would be sensitive, and so if the only choices of disclosure are "all" and "none", choosing "none" errs on the side of caution. About the only policies you can see are guidance from various security organizations (both guidance and enforcement) and possibly partial policies from some universities:

Purdue's CERIAS archive has various documents, ranging from copies of policies now or previously in effect at various universities, to NIST security documents, to U.S. Federal Criterea for Information Technology Security, to some more narrative papers:
Purdue CERIAS archive

NIST's document:
Building Effective, Tailored Information Security Policy

NIST's Special Publication 800-41:
Guidelines on Firewalls and Firewall Policy

NIST Special Publication 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems

SANS has:
SANS Information Security Policy Templates

BS 7799 — British code of practice for information security management. You have to search for standard 7799 at:

Back to the main Security Page