Given the critical decisions that must be made in an environment of evolving cyber threats, cybersecurity standards are the crucial means by which an enterprise ensures its security strategy and policies are implemented in a consistent and measurable manner.

In this paper, we describe the role of cybersecurity standards in the larger IT context, and offer best practices for establishing a cybersecurity standards framework and managing compliance. While this paper focuses on standards related to IT security and privacy, physical security standards also play an important parallel role. In many cases, the basic principles outlined in this paper can be applied to physical security as well.