About frameworks

Frameworks are published best practices such as COBIT, COSO, and the ISO series. These frameworks describe implementation details. An example of such details is that the password policy should contain entries for length, complexity, and rotation.

The following are some of the frameworks for which predefined policies exist:

COBIT	Control Objectives for Information and related Technology
NIST	National Institute of Standards and Technology
ISO	International Standards Organization
COSO	Committee of Sponsoring Organizations of the Treadway Commission
ISO/IEC	International Organization for Standardization/International Electrotechnical Commission