Connect--But, be very careful

There is a Difference…


POLICY: Broad and informative high-level description of principles focused on a particular topic area.

For example, Cybersecurity Policy: “All Federal Agencies will comply with NIST 800-53 revision 4 No Later Than 1 January 20XX.”


PROCEDURE: A description of steps required to follow, execute, and complete a specified process.

For example, Risk Assessment Procedure. (See below)