# Standards Management [[Standards Management]] is a [[Control Development]] capability. Standards Management is the process of establishing, implementing, and maintaining a set of guidelines and best practices within an organization to ensure consistency, quality, and adversary advantage across various operations and processes. Developing standards that are secured and hardened as part of an effort to drive more adversary resilience has an advantage against adversaries. Standards may also be enacted through code and potentially through a gold mastering process. ## Map ``` mermaid <!-- element style="width:90%; height:auto" --> graph TD Top[[Cybersecurity]] --- B[[Control Development]] B --- B.1[[Defense Modeling]] B --- B.2[[Standards Management]] B --- B.3[[Policy Management]] B --- B.4[[Test Plan Management]] B --- B.5[[Threshold Management]] %% Class Definitions %% ===================== class Top,A,A.1,A.2,A.3,A.4,A.5,A.6,B,B.1,B.2,B.3,B.4,B.5,C,C.1,C.2,C.3,C.4,D,D.1,D.2,D.3,D.4,D.5,E,E.1,E.2,E.3,E.4,E.5,E.6 internal-link,font-color:white; class Top cssClassL0; classDef cssClassL0 fill:black,stroke:black,stroke-width:4px,font-size:15px,font-color:white; class A,B,C,D,E cssClassL1; classDef cssClassL1 fill:darkblue,stroke:darkblue,stroke-width:4px,font-size:15px,font-color:white; class A.1,A.2,A.3,A.4,A.5,A.6,B.1,B.2,B.3,B.4,B.5,C.1,C.2,C.3,C.4,D.1,D.2,D.3,D.4,D.5,E.1,E.2,E.3,E.4,E.5,E.6 cssClassL2; classDef cssClassL2 fill:blue,stroke:blue,stroke-width:4px,font-size:15px,font-color:white; class B.2 cssClassCurrent; classDef cssClassCurrent fill:#2f9503,stroke:#2f9503,stroke-width:4px,font-size:15px,font-color:white; ``` ## Definition >[!cm-definition] Definition Standards Management encompasses creating and maintaining security requirements to protect systems from adversaries. Standards operationalize policy objectives by defining specific actions and the level of compliance required to achieve them effectively. ## Goals >[!cm-goal] Goal 1 > Maintain consistent procedures and practices throughout the organization that reduce security risk. >[!cm-goal] Goal 2 Improve the organization's resilience against adversarial attacks. >[!cm-goal] Goal 3 Ensure compliance with regulations and industry standards. >[!cm-goal] Goal 4 Continuously update standards to address evolving security challenges. ## Scope ## Process **Gather Requirements** ·         Policy Objectives ·         Regulatory Obligations ·         Adversary Intelligence ·         Incident Intelligence **Standard Development:** Develop baselines based on the identified requirements Create guidelines Define thresholds **Approval and Implementation:** Review and validation from stakeholders.   **Monitoring and Improvement:** ·         Monitor adherence to standards ·         Evaluate establish metrics ·         Assess effectiveness of standards ·         Address deviations and deficiencies ·         Incorporate lessons learned and adversary evolution intelligence ## Metrics >[!cm-metric] Metric: [[% Adherence to Established Thresholds]] >[!cm-metric] Metric: [[% of Standards with Exceptions]] >[!cm-metric] Metric: [[Exploit Reduction Rate]] >[!cm-metric] Metric: [[Securabilty Score by Standard]] >[!cm-metric] Metric: [[Compliance Adherence Score]] >[!cm-metric] Metric: [[Rate of Innovation]] ## Inspiration & Resources ## [Cyber City Map](https://cybercitymap.com/) © 2023-2024 by [ThirdScore, Inc.](https://thirdscore.com/) All Rights Reserved.